From bugzilla at redhat.com Mon Mar 1 19:25:51 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Mar 2010 14:25:51 -0500 Subject: [RHSA-2010:0124-01] Important: systemtap security update Message-ID: <201003011925.o21JPp9W007519@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: systemtap security update Advisory ID: RHSA-2010:0124-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0124.html Issue date: 2010-03-01 CVE Names: CVE-2009-4273 CVE-2010-0411 ===================================================================== 1. Summary: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 550172 - CVE-2009-4273 systemtap: remote code execution via stap-server 559719 - CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-0.9.7-5.el5_4.3.src.rpm i386: systemtap-0.9.7-5.el5_4.3.i386.rpm systemtap-client-0.9.7-5.el5_4.3.i386.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.i386.rpm systemtap-initscript-0.9.7-5.el5_4.3.i386.rpm systemtap-runtime-0.9.7-5.el5_4.3.i386.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpm systemtap-server-0.9.7-5.el5_4.3.i386.rpm systemtap-testsuite-0.9.7-5.el5_4.3.i386.rpm x86_64: systemtap-0.9.7-5.el5_4.3.x86_64.rpm systemtap-client-0.9.7-5.el5_4.3.x86_64.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.i386.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.x86_64.rpm systemtap-initscript-0.9.7-5.el5_4.3.x86_64.rpm systemtap-runtime-0.9.7-5.el5_4.3.x86_64.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.x86_64.rpm systemtap-server-0.9.7-5.el5_4.3.x86_64.rpm systemtap-testsuite-0.9.7-5.el5_4.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-0.9.7-5.el5_4.3.src.rpm i386: systemtap-0.9.7-5.el5_4.3.i386.rpm systemtap-client-0.9.7-5.el5_4.3.i386.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.i386.rpm systemtap-initscript-0.9.7-5.el5_4.3.i386.rpm systemtap-runtime-0.9.7-5.el5_4.3.i386.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpm systemtap-server-0.9.7-5.el5_4.3.i386.rpm systemtap-testsuite-0.9.7-5.el5_4.3.i386.rpm ia64: systemtap-0.9.7-5.el5_4.3.ia64.rpm systemtap-client-0.9.7-5.el5_4.3.ia64.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.ia64.rpm systemtap-initscript-0.9.7-5.el5_4.3.ia64.rpm systemtap-runtime-0.9.7-5.el5_4.3.ia64.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.ia64.rpm systemtap-server-0.9.7-5.el5_4.3.ia64.rpm systemtap-testsuite-0.9.7-5.el5_4.3.ia64.rpm ppc: systemtap-0.9.7-5.el5_4.3.ppc64.rpm systemtap-client-0.9.7-5.el5_4.3.ppc64.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.ppc64.rpm systemtap-initscript-0.9.7-5.el5_4.3.ppc64.rpm systemtap-runtime-0.9.7-5.el5_4.3.ppc64.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.ppc64.rpm systemtap-server-0.9.7-5.el5_4.3.ppc64.rpm systemtap-testsuite-0.9.7-5.el5_4.3.ppc64.rpm s390x: systemtap-0.9.7-5.el5_4.3.s390x.rpm systemtap-client-0.9.7-5.el5_4.3.s390x.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.s390.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.s390x.rpm systemtap-initscript-0.9.7-5.el5_4.3.s390x.rpm systemtap-runtime-0.9.7-5.el5_4.3.s390x.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.s390.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.s390x.rpm systemtap-server-0.9.7-5.el5_4.3.s390x.rpm systemtap-testsuite-0.9.7-5.el5_4.3.s390x.rpm x86_64: systemtap-0.9.7-5.el5_4.3.x86_64.rpm systemtap-client-0.9.7-5.el5_4.3.x86_64.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.i386.rpm systemtap-debuginfo-0.9.7-5.el5_4.3.x86_64.rpm systemtap-initscript-0.9.7-5.el5_4.3.x86_64.rpm systemtap-runtime-0.9.7-5.el5_4.3.x86_64.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.i386.rpm systemtap-sdt-devel-0.9.7-5.el5_4.3.x86_64.rpm systemtap-server-0.9.7-5.el5_4.3.x86_64.rpm systemtap-testsuite-0.9.7-5.el5_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4273.html https://www.redhat.com/security/data/cve/CVE-2010-0411.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLjBSyXlSAg2UNWIIRAiiRAJ4hghHhyCjzqz29tYpqgjkapkoLQwCfao4T 15iSFtYEdGxmIYYeJCoKGD0= =u3Es -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 1 19:26:14 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Mar 2010 14:26:14 -0500 Subject: [RHSA-2010:0125-01] Moderate: systemtap security update Message-ID: <201003011926.o21JQEDF000493@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2010:0125-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0125.html Issue date: 2010-03-01 CVE Names: CVE-2010-0411 ===================================================================== 1. Summary: Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 559719 - CVE-2010-0411 systemtap: Crash with systemtap script using __get_argv() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/systemtap-0.6.2-2.el4_8.1.src.rpm i386: systemtap-0.6.2-2.el4_8.1.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.i386.rpm systemtap-runtime-0.6.2-2.el4_8.1.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.1.i386.rpm ia64: systemtap-0.6.2-2.el4_8.1.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.1.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.ia64.rpm ppc: systemtap-0.6.2-2.el4_8.1.ppc64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.ppc64.rpm systemtap-runtime-0.6.2-2.el4_8.1.ppc64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.ppc64.rpm x86_64: systemtap-0.6.2-2.el4_8.1.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.1.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/systemtap-0.6.2-2.el4_8.1.src.rpm i386: systemtap-0.6.2-2.el4_8.1.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.i386.rpm systemtap-runtime-0.6.2-2.el4_8.1.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.1.i386.rpm x86_64: systemtap-0.6.2-2.el4_8.1.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.1.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/systemtap-0.6.2-2.el4_8.1.src.rpm i386: systemtap-0.6.2-2.el4_8.1.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.i386.rpm systemtap-runtime-0.6.2-2.el4_8.1.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.1.i386.rpm ia64: systemtap-0.6.2-2.el4_8.1.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.1.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.ia64.rpm x86_64: systemtap-0.6.2-2.el4_8.1.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.1.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/systemtap-0.6.2-2.el4_8.1.src.rpm i386: systemtap-0.6.2-2.el4_8.1.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.i386.rpm systemtap-runtime-0.6.2-2.el4_8.1.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.1.i386.rpm ia64: systemtap-0.6.2-2.el4_8.1.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.1.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.ia64.rpm x86_64: systemtap-0.6.2-2.el4_8.1.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.1.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.1.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0411.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLjBTEXlSAg2UNWIIRArj2AKCTErZp52ErBKl5ktnV27pZPQiabwCaA5jI GMj6xpcZVqcoi6Rd5XbQgqE= =OLkA -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 1 19:26:41 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Mar 2010 14:26:41 -0500 Subject: [RHSA-2010:0126-01] Important: kvm security and bug fix update Message-ID: <201003011926.o21JQf0e013991@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security and bug fix update Advisory ID: RHSA-2010:0126-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0126.html Issue date: 2010-03-01 CVE Names: CVE-2009-3722 CVE-2010-0419 ===================================================================== 1. Summary: Updated kvm packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the x86 emulator loaded segment selectors (used for memory segmentation and protection) into segment registers. In some guest system configurations, an unprivileged guest user could leverage this flaw to crash the guest or possibly escalate their privileges within the guest. (CVE-2010-0419) The x86 emulator implementation was missing a check for the Current Privilege Level (CPL) while accessing debug registers. An unprivileged user in a guest could leverage this flaw to crash the guest. (CVE-2009-3722) This update also fixes the following bugs: With Red Hat Enterprise Virtualization, the virtio_blk_dma_restart_bh() function was previously used to handle write errors; however, a bug fix provided by the RHSA-2009:1659 update meant that read errors would also have to be handled by this function. The function was not updated for this, causing read errors to be resubmitted as writes. This caused guest image corruption in some cases. Additionally, the return values of the bdrv_aio_write() and bdrv_aio_read() functions were ignored. If an immediate failure occurred in one of these functions, errors would be missed and the guest could hang or read corrupted data. (BZ#562776) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 531660 - CVE-2009-3722 KVM: Check cpl before emulating debug register access 562776 - Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1 using virtio-blk 563463 - CVE-2010-0419 kvm: emulator privilege escalation segment selector check 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-105.el5_4.27.src.rpm x86_64: kmod-kvm-83-105.el5_4.27.x86_64.rpm kvm-83-105.el5_4.27.x86_64.rpm kvm-debuginfo-83-105.el5_4.27.x86_64.rpm kvm-qemu-img-83-105.el5_4.27.x86_64.rpm kvm-tools-83-105.el5_4.27.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-105.el5_4.27.src.rpm x86_64: kmod-kvm-83-105.el5_4.27.x86_64.rpm kvm-83-105.el5_4.27.x86_64.rpm kvm-debuginfo-83-105.el5_4.27.x86_64.rpm kvm-qemu-img-83-105.el5_4.27.x86_64.rpm kvm-tools-83-105.el5_4.27.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3722.html https://www.redhat.com/security/data/cve/CVE-2010-0419.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLjBTcXlSAg2UNWIIRAtc6AJ9WlMpAXR4WgLAd5z0MgYPZCDhkXgCglVl4 eEJTq1IxIN2Z6Yc9cjNj2MI= =3in0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 3 18:17:28 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Mar 2010 13:17:28 -0500 Subject: [RHSA-2010:0129-01] Moderate: cups security update Message-ID: <201003031817.o23IHSs9015184@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2010:0129-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0129.html Issue date: 2010-03-03 CVE Names: CVE-2010-0302 ===================================================================== 1. Summary: Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially-crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 557775 - CVE-2010-0302 cups Incomplete fix for CVE-2009-3553 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-11.el5_4.6.src.rpm i386: cups-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-libs-1.3.7-11.el5_4.6.i386.rpm cups-lpd-1.3.7-11.el5_4.6.i386.rpm x86_64: cups-1.3.7-11.el5_4.6.x86_64.rpm cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.x86_64.rpm cups-libs-1.3.7-11.el5_4.6.i386.rpm cups-libs-1.3.7-11.el5_4.6.x86_64.rpm cups-lpd-1.3.7-11.el5_4.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-11.el5_4.6.src.rpm i386: cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-devel-1.3.7-11.el5_4.6.i386.rpm x86_64: cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.x86_64.rpm cups-devel-1.3.7-11.el5_4.6.i386.rpm cups-devel-1.3.7-11.el5_4.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-11.el5_4.6.src.rpm i386: cups-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-devel-1.3.7-11.el5_4.6.i386.rpm cups-libs-1.3.7-11.el5_4.6.i386.rpm cups-lpd-1.3.7-11.el5_4.6.i386.rpm ia64: cups-1.3.7-11.el5_4.6.ia64.rpm cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.ia64.rpm cups-devel-1.3.7-11.el5_4.6.ia64.rpm cups-libs-1.3.7-11.el5_4.6.i386.rpm cups-libs-1.3.7-11.el5_4.6.ia64.rpm cups-lpd-1.3.7-11.el5_4.6.ia64.rpm ppc: cups-1.3.7-11.el5_4.6.ppc.rpm cups-debuginfo-1.3.7-11.el5_4.6.ppc.rpm cups-debuginfo-1.3.7-11.el5_4.6.ppc64.rpm cups-devel-1.3.7-11.el5_4.6.ppc.rpm cups-devel-1.3.7-11.el5_4.6.ppc64.rpm cups-libs-1.3.7-11.el5_4.6.ppc.rpm cups-libs-1.3.7-11.el5_4.6.ppc64.rpm cups-lpd-1.3.7-11.el5_4.6.ppc.rpm s390x: cups-1.3.7-11.el5_4.6.s390x.rpm cups-debuginfo-1.3.7-11.el5_4.6.s390.rpm cups-debuginfo-1.3.7-11.el5_4.6.s390x.rpm cups-devel-1.3.7-11.el5_4.6.s390.rpm cups-devel-1.3.7-11.el5_4.6.s390x.rpm cups-libs-1.3.7-11.el5_4.6.s390.rpm cups-libs-1.3.7-11.el5_4.6.s390x.rpm cups-lpd-1.3.7-11.el5_4.6.s390x.rpm x86_64: cups-1.3.7-11.el5_4.6.x86_64.rpm cups-debuginfo-1.3.7-11.el5_4.6.i386.rpm cups-debuginfo-1.3.7-11.el5_4.6.x86_64.rpm cups-devel-1.3.7-11.el5_4.6.i386.rpm cups-devel-1.3.7-11.el5_4.6.x86_64.rpm cups-libs-1.3.7-11.el5_4.6.i386.rpm cups-libs-1.3.7-11.el5_4.6.x86_64.rpm cups-lpd-1.3.7-11.el5_4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0302.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLjqenXlSAg2UNWIIRArcFAJ9MJkj4+ZKbVNvuk7Wv3W3nrrM1+QCeItEi v4KdjTOf4BuOFTpYCJDOACI= =UI/I -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 3 18:23:26 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Mar 2010 13:23:26 -0500 Subject: [RHSA-2010:0130-01] Moderate: java-1.5.0-ibm security update Message-ID: <201003031823.o23INQXA019399@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.5.0-ibm security update Advisory ID: RHSA-2010:0130-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0130.html Issue date: 2010-03-03 CVE Names: CVE-2009-3555 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. (CVE-2009-3555) This update disables renegotiation in the Java Secure Socket Extension (JSSE) component. Unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR11-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.s390.rpm java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.11.1-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.11.1-1jpp.3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLjqkCXlSAg2UNWIIRAo4iAJ9Htnva6uRj0e39vEEAkYb4UIuQHACgsscc OntQs0wrBL6+6e0kFXtQPLs= =Hach -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 15 23:19:25 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 19:19:25 -0400 Subject: [RHSA-2010:0140-01] Moderate: pango security update Message-ID: <201003152319.o2FNJQa1014657@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pango security update Advisory ID: RHSA-2010:0140-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0140.html Issue date: 2010-03-15 CVE Names: CVE-2010-0421 ===================================================================== 1. Summary: Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition (GDEF) table from a font's character map and the Unicode property database. If an attacker created a specially-crafted font file and tricked a local, unsuspecting user into loading the font file in an application that uses the Pango font rendering library, it could cause that application to crash. (CVE-2010-0421) Users of pango and evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart your X session for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 555831 - CVE-2010-0421 libpangoft2 segfaults on forged font files 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pango-1.2.5-10.src.rpm i386: pango-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-devel-1.2.5-10.i386.rpm ia64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.ia64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.ia64.rpm pango-devel-1.2.5-10.ia64.rpm ppc: pango-1.2.5-10.ppc.rpm pango-1.2.5-10.ppc64.rpm pango-debuginfo-1.2.5-10.ppc.rpm pango-debuginfo-1.2.5-10.ppc64.rpm pango-devel-1.2.5-10.ppc.rpm s390: pango-1.2.5-10.s390.rpm pango-debuginfo-1.2.5-10.s390.rpm pango-devel-1.2.5-10.s390.rpm s390x: pango-1.2.5-10.s390.rpm pango-1.2.5-10.s390x.rpm pango-debuginfo-1.2.5-10.s390.rpm pango-debuginfo-1.2.5-10.s390x.rpm pango-devel-1.2.5-10.s390x.rpm x86_64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.x86_64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.x86_64.rpm pango-devel-1.2.5-10.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pango-1.2.5-10.src.rpm i386: pango-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-devel-1.2.5-10.i386.rpm x86_64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.x86_64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.x86_64.rpm pango-devel-1.2.5-10.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pango-1.2.5-10.src.rpm i386: pango-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-devel-1.2.5-10.i386.rpm ia64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.ia64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.ia64.rpm pango-devel-1.2.5-10.ia64.rpm x86_64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.x86_64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.x86_64.rpm pango-devel-1.2.5-10.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pango-1.2.5-10.src.rpm i386: pango-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-devel-1.2.5-10.i386.rpm ia64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.ia64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.ia64.rpm pango-devel-1.2.5-10.ia64.rpm x86_64: pango-1.2.5-10.i386.rpm pango-1.2.5-10.x86_64.rpm pango-debuginfo-1.2.5-10.i386.rpm pango-debuginfo-1.2.5-10.x86_64.rpm pango-devel-1.2.5-10.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pango-1.6.0-16.el4_8.src.rpm i386: evolution28-pango-1.14.9-13.el4_8.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.i386.rpm evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm pango-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-devel-1.6.0-16.el4_8.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_8.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_8.ia64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.ia64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.ia64.rpm pango-devel-1.6.0-16.el4_8.ia64.rpm ppc: evolution28-pango-1.14.9-13.el4_8.ppc.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.ppc.rpm evolution28-pango-devel-1.14.9-13.el4_8.ppc.rpm pango-1.6.0-16.el4_8.ppc.rpm pango-1.6.0-16.el4_8.ppc64.rpm pango-debuginfo-1.6.0-16.el4_8.ppc.rpm pango-debuginfo-1.6.0-16.el4_8.ppc64.rpm pango-devel-1.6.0-16.el4_8.ppc.rpm s390: evolution28-pango-1.14.9-13.el4_8.s390.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.s390.rpm evolution28-pango-devel-1.14.9-13.el4_8.s390.rpm pango-1.6.0-16.el4_8.s390.rpm pango-debuginfo-1.6.0-16.el4_8.s390.rpm pango-devel-1.6.0-16.el4_8.s390.rpm s390x: evolution28-pango-1.14.9-13.el4_8.s390x.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.s390x.rpm evolution28-pango-devel-1.14.9-13.el4_8.s390x.rpm pango-1.6.0-16.el4_8.s390.rpm pango-1.6.0-16.el4_8.s390x.rpm pango-debuginfo-1.6.0-16.el4_8.s390.rpm pango-debuginfo-1.6.0-16.el4_8.s390x.rpm pango-devel-1.6.0-16.el4_8.s390x.rpm x86_64: evolution28-pango-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.x86_64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.x86_64.rpm pango-devel-1.6.0-16.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pango-1.6.0-16.el4_8.src.rpm i386: evolution28-pango-1.14.9-13.el4_8.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.i386.rpm evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm pango-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-devel-1.6.0-16.el4_8.i386.rpm x86_64: evolution28-pango-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.x86_64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.x86_64.rpm pango-devel-1.6.0-16.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pango-1.6.0-16.el4_8.src.rpm i386: evolution28-pango-1.14.9-13.el4_8.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.i386.rpm evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm pango-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-devel-1.6.0-16.el4_8.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_8.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_8.ia64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.ia64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.ia64.rpm pango-devel-1.6.0-16.el4_8.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.x86_64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.x86_64.rpm pango-devel-1.6.0-16.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pango-1.6.0-16.el4_8.src.rpm i386: evolution28-pango-1.14.9-13.el4_8.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.i386.rpm evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm pango-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-devel-1.6.0-16.el4_8.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_8.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_8.ia64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.ia64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.ia64.rpm pango-devel-1.6.0-16.el4_8.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_8.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm pango-1.6.0-16.el4_8.i386.rpm pango-1.6.0-16.el4_8.x86_64.rpm pango-debuginfo-1.6.0-16.el4_8.i386.rpm pango-debuginfo-1.6.0-16.el4_8.x86_64.rpm pango-devel-1.6.0-16.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5.src.rpm i386: pango-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.i386.rpm x86_64: pango-1.14.9-8.el5.i386.rpm pango-1.14.9-8.el5.x86_64.rpm pango-debuginfo-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5.src.rpm i386: pango-debuginfo-1.14.9-8.el5.i386.rpm pango-devel-1.14.9-8.el5.i386.rpm x86_64: pango-debuginfo-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.x86_64.rpm pango-devel-1.14.9-8.el5.i386.rpm pango-devel-1.14.9-8.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pango-1.14.9-8.el5.src.rpm i386: pango-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.i386.rpm pango-devel-1.14.9-8.el5.i386.rpm ia64: pango-1.14.9-8.el5.i386.rpm pango-1.14.9-8.el5.ia64.rpm pango-debuginfo-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.ia64.rpm pango-devel-1.14.9-8.el5.ia64.rpm ppc: pango-1.14.9-8.el5.ppc.rpm pango-1.14.9-8.el5.ppc64.rpm pango-debuginfo-1.14.9-8.el5.ppc.rpm pango-debuginfo-1.14.9-8.el5.ppc64.rpm pango-devel-1.14.9-8.el5.ppc.rpm pango-devel-1.14.9-8.el5.ppc64.rpm s390x: pango-1.14.9-8.el5.s390.rpm pango-1.14.9-8.el5.s390x.rpm pango-debuginfo-1.14.9-8.el5.s390.rpm pango-debuginfo-1.14.9-8.el5.s390x.rpm pango-devel-1.14.9-8.el5.s390.rpm pango-devel-1.14.9-8.el5.s390x.rpm x86_64: pango-1.14.9-8.el5.i386.rpm pango-1.14.9-8.el5.x86_64.rpm pango-debuginfo-1.14.9-8.el5.i386.rpm pango-debuginfo-1.14.9-8.el5.x86_64.rpm pango-devel-1.14.9-8.el5.i386.rpm pango-devel-1.14.9-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0421.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnsAiXlSAg2UNWIIRAhr7AKCQMs0AzrTofQMDdmgOrps1dhCdHgCdGClf wYke9nKsdg0SvbtmyaahT/k= =Y+aJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 16 01:39:24 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 21:39:24 -0400 Subject: [RHSA-2010:0141-01] Moderate: tar security update Message-ID: <201003160139.o2G1dOWK011008@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tar security update Advisory ID: RHSA-2010:0141-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0141.html Issue date: 2010-03-15 CVE Names: CVE-2007-4476 CVE-2010-0624 ===================================================================== 1. Summary: An updated tar package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to crash or execute arbitrary code with the privileges of the user running tar. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way tar expanded archive files. If a user expanded a specially-crafted archive, it could cause the tar executable to crash. (CVE-2007-4476) Users of tar are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 280961 - CVE-2007-4476 tar/cpio stack crashing in safer_name_suffix 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tar-1.14-13.el4_8.1.src.rpm i386: tar-1.14-13.el4_8.1.i386.rpm tar-debuginfo-1.14-13.el4_8.1.i386.rpm ia64: tar-1.14-13.el4_8.1.ia64.rpm tar-debuginfo-1.14-13.el4_8.1.ia64.rpm ppc: tar-1.14-13.el4_8.1.ppc.rpm tar-debuginfo-1.14-13.el4_8.1.ppc.rpm s390: tar-1.14-13.el4_8.1.s390.rpm tar-debuginfo-1.14-13.el4_8.1.s390.rpm s390x: tar-1.14-13.el4_8.1.s390x.rpm tar-debuginfo-1.14-13.el4_8.1.s390x.rpm x86_64: tar-1.14-13.el4_8.1.x86_64.rpm tar-debuginfo-1.14-13.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tar-1.14-13.el4_8.1.src.rpm i386: tar-1.14-13.el4_8.1.i386.rpm tar-debuginfo-1.14-13.el4_8.1.i386.rpm x86_64: tar-1.14-13.el4_8.1.x86_64.rpm tar-debuginfo-1.14-13.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tar-1.14-13.el4_8.1.src.rpm i386: tar-1.14-13.el4_8.1.i386.rpm tar-debuginfo-1.14-13.el4_8.1.i386.rpm ia64: tar-1.14-13.el4_8.1.ia64.rpm tar-debuginfo-1.14-13.el4_8.1.ia64.rpm x86_64: tar-1.14-13.el4_8.1.x86_64.rpm tar-debuginfo-1.14-13.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tar-1.14-13.el4_8.1.src.rpm i386: tar-1.14-13.el4_8.1.i386.rpm tar-debuginfo-1.14-13.el4_8.1.i386.rpm ia64: tar-1.14-13.el4_8.1.ia64.rpm tar-debuginfo-1.14-13.el4_8.1.ia64.rpm x86_64: tar-1.14-13.el4_8.1.x86_64.rpm tar-debuginfo-1.14-13.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tar-1.15.1-23.0.1.el5_4.2.src.rpm i386: tar-1.15.1-23.0.1.el5_4.2.i386.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.i386.rpm x86_64: tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tar-1.15.1-23.0.1.el5_4.2.src.rpm i386: tar-1.15.1-23.0.1.el5_4.2.i386.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.i386.rpm ia64: tar-1.15.1-23.0.1.el5_4.2.ia64.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.ia64.rpm ppc: tar-1.15.1-23.0.1.el5_4.2.ppc.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.ppc.rpm s390x: tar-1.15.1-23.0.1.el5_4.2.s390x.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.s390x.rpm x86_64: tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm tar-debuginfo-1.15.1-23.0.1.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-4476.html https://www.redhat.com/security/data/cve/CVE-2010-0624.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnuFEXlSAg2UNWIIRAnxjAJ9GgFlPQZj/8ynlgZO0dYy1b/WauACePzmm X0wj7lN6d/rnLQwU/qjtYnc= =3Tmy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 16 01:39:37 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 21:39:37 -0400 Subject: [RHSA-2010:0142-01] Moderate: tar security update Message-ID: <201003160139.o2G1dbi3004724@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tar security update Advisory ID: RHSA-2010:0142-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0142.html Issue date: 2010-03-15 CVE Names: CVE-2010-0624 ===================================================================== 1. Summary: An updated tar package that fixes one security issue is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to crash or execute arbitrary code with the privileges of the user running tar. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Users of tar are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tar-1.13.25-16.RHEL3.src.rpm i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm ppc: tar-1.13.25-16.RHEL3.ppc.rpm tar-debuginfo-1.13.25-16.RHEL3.ppc.rpm s390: tar-1.13.25-16.RHEL3.s390.rpm tar-debuginfo-1.13.25-16.RHEL3.s390.rpm s390x: tar-1.13.25-16.RHEL3.s390x.rpm tar-debuginfo-1.13.25-16.RHEL3.s390x.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tar-1.13.25-16.RHEL3.src.rpm i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tar-1.13.25-16.RHEL3.src.rpm i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tar-1.13.25-16.RHEL3.src.rpm i386: tar-1.13.25-16.RHEL3.i386.rpm tar-debuginfo-1.13.25-16.RHEL3.i386.rpm ia64: tar-1.13.25-16.RHEL3.ia64.rpm tar-debuginfo-1.13.25-16.RHEL3.ia64.rpm x86_64: tar-1.13.25-16.RHEL3.x86_64.rpm tar-debuginfo-1.13.25-16.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0624.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnuFQXlSAg2UNWIIRAgbvAJ98oRGGhjJh/xXVedtAB3+weX4I2wCfahVI cN37+S0WW2sl8HkUhJAFG+A= =mXrH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 16 01:39:50 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 21:39:50 -0400 Subject: [RHSA-2010:0143-01] Moderate: cpio security update Message-ID: <201003160139.o2G1doqN009235@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2010:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0143.html Issue date: 2010-03-15 CVE Names: CVE-2010-0624 ===================================================================== 1. Summary: An updated cpio package that fixes one security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Users of cpio are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cpio-2.5-16.el4_8.1.src.rpm i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm ppc: cpio-2.5-16.el4_8.1.ppc.rpm cpio-debuginfo-2.5-16.el4_8.1.ppc.rpm s390: cpio-2.5-16.el4_8.1.s390.rpm cpio-debuginfo-2.5-16.el4_8.1.s390.rpm s390x: cpio-2.5-16.el4_8.1.s390x.rpm cpio-debuginfo-2.5-16.el4_8.1.s390x.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cpio-2.5-16.el4_8.1.src.rpm i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cpio-2.5-16.el4_8.1.src.rpm i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cpio-2.5-16.el4_8.1.src.rpm i386: cpio-2.5-16.el4_8.1.i386.rpm cpio-debuginfo-2.5-16.el4_8.1.i386.rpm ia64: cpio-2.5-16.el4_8.1.ia64.rpm cpio-debuginfo-2.5-16.el4_8.1.ia64.rpm x86_64: cpio-2.5-16.el4_8.1.x86_64.rpm cpio-debuginfo-2.5-16.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0624.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnuFdXlSAg2UNWIIRAk/DAJ9grvxhxaqa4rxunM+aTYXmJg3bZACgtUbE hu4UKT3csRygrMNkpljjKCY= =T9ke -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 16 01:40:07 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 21:40:07 -0400 Subject: [RHSA-2010:0144-01] Moderate: cpio security update Message-ID: <201003160140.o2G1e7gI011169@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2010:0144-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0144.html Issue date: 2010-03-15 CVE Names: CVE-2007-4476 CVE-2010-0624 ===================================================================== 1. Summary: An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way cpio expanded archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. (CVE-2007-4476) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 280961 - CVE-2007-4476 tar/cpio stack crashing in safer_name_suffix 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cpio-2.6-23.el5_4.1.src.rpm i386: cpio-2.6-23.el5_4.1.i386.rpm cpio-debuginfo-2.6-23.el5_4.1.i386.rpm x86_64: cpio-2.6-23.el5_4.1.x86_64.rpm cpio-debuginfo-2.6-23.el5_4.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cpio-2.6-23.el5_4.1.src.rpm i386: cpio-2.6-23.el5_4.1.i386.rpm cpio-debuginfo-2.6-23.el5_4.1.i386.rpm ia64: cpio-2.6-23.el5_4.1.ia64.rpm cpio-debuginfo-2.6-23.el5_4.1.ia64.rpm ppc: cpio-2.6-23.el5_4.1.ppc.rpm cpio-debuginfo-2.6-23.el5_4.1.ppc.rpm s390x: cpio-2.6-23.el5_4.1.s390x.rpm cpio-debuginfo-2.6-23.el5_4.1.s390x.rpm x86_64: cpio-2.6-23.el5_4.1.x86_64.rpm cpio-debuginfo-2.6-23.el5_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-4476.html https://www.redhat.com/security/data/cve/CVE-2010-0624.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnuFsXlSAg2UNWIIRAgrDAJ9XO9ohIGqyy6Ct4hjrqFNW1RIQDQCbBvOn AUikWVJik+Io8GPO2uKVocA= =xqvs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 16 01:40:29 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Mar 2010 21:40:29 -0400 Subject: [RHSA-2010:0145-01] Moderate: cpio security update Message-ID: <201003160140.o2G1eTW4006804@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cpio security update Advisory ID: RHSA-2010:0145-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0145.html Issue date: 2010-03-15 CVE Names: CVE-2005-4268 CVE-2010-0624 ===================================================================== 1. Summary: An updated cpio package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A stack-based buffer overflow flaw was found in the way cpio expanded large archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. This issue only affected 64-bit platforms. (CVE-2005-4268) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 229191 - CVE-2005-4268 cpio large filesize buffer overflow 564368 - CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cpio-2.5-6.RHEL3.src.rpm i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm ppc: cpio-2.5-6.RHEL3.ppc.rpm cpio-debuginfo-2.5-6.RHEL3.ppc.rpm s390: cpio-2.5-6.RHEL3.s390.rpm cpio-debuginfo-2.5-6.RHEL3.s390.rpm s390x: cpio-2.5-6.RHEL3.s390x.rpm cpio-debuginfo-2.5-6.RHEL3.s390x.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cpio-2.5-6.RHEL3.src.rpm i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cpio-2.5-6.RHEL3.src.rpm i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cpio-2.5-6.RHEL3.src.rpm i386: cpio-2.5-6.RHEL3.i386.rpm cpio-debuginfo-2.5-6.RHEL3.i386.rpm ia64: cpio-2.5-6.RHEL3.ia64.rpm cpio-debuginfo-2.5-6.RHEL3.ia64.rpm x86_64: cpio-2.5-6.RHEL3.x86_64.rpm cpio-debuginfo-2.5-6.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2005-4268.html https://www.redhat.com/security/data/cve/CVE-2010-0624.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLnuF8XlSAg2UNWIIRAlfnAJ98t8FX0EHH4SMLVTiZvvbodQyjoQCZAQ+y AzwCTY7x+8o3rQjoMSFyqPI= =9Kon -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 03:30:06 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Mar 2010 23:30:06 -0400 Subject: [RHSA-2010:0147-01] Important: kernel security and bug fix update Message-ID: <201003170330.o2H3U66M014522@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0147-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0147.html Issue date: 2010-03-16 CVE Names: CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes: * a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) * a race issue in the Journaling Block Device. (BZ#553132) * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684) * the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) * adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) * some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) * on some systems, VF cannot be enabled in dom0. (BZ#560665) * on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) * for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) * serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) * improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) * dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) * a fix for a bug that could potentially cause file system corruption. (BZ#564281) * a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) * gfs2_delete_inode failed on read-only file systems. (BZ#564290) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 547255 - CVE-2009-4308 kernel: ext4: Avoid null pointer dereference when decoding EROFS w/o a journal 553132 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.4.z] 554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN 555658 - CVE-2010-0008 kernel: sctp remote denial of service 557684 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.4.z] 559335 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.4.z] 560588 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost [rhel-5.4.z] 560640 - Call trace error display when resume from suspend to disk (ide block) - pvclock related [rhel-5.4.z] 560665 - [SR-IOV] VF can not be enabled in Dom0 [rhel-5.4.z] 561417 - Kernel panic when using GRO through ixgbe driver and xen bridge [rhel-5.4.z] 561454 - kvm pvclock on i386 suffers from double registering [rhel-5.4.z] 562582 - CVE-2010-0415 kernel: sys_move_pages infoleak 562746 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit [rhel-5.4.z] 562772 - 5.5 - cciss backport some upstream bits to improve kexec/kdump [rhel-5.4.z] 562777 - [RHEL5 Xen] EXPERIMENTAL EX/MC: Dom0 soft lockups on >64-way system from hard-virt patches [rhel-5.4.z] 563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference 564281 - Please implement upstream fix for potential filesystem corruption bug [rhel-5.4.z] 564288 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block [rhel-5.4.z] 564290 - 1916556 - GFS2 gfs2_delete_inode failing on RO filesystem [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm i386: kernel-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm kernel-debug-2.6.18-164.15.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm kernel-devel-2.6.18-164.15.1.el5.i686.rpm kernel-headers-2.6.18-164.15.1.el5.i386.rpm kernel-xen-2.6.18-164.15.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm noarch: kernel-doc-2.6.18-164.15.1.el5.noarch.rpm x86_64: kernel-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm i386: kernel-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm kernel-debug-2.6.18-164.15.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm kernel-devel-2.6.18-164.15.1.el5.i686.rpm kernel-headers-2.6.18-164.15.1.el5.i386.rpm kernel-xen-2.6.18-164.15.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm ia64: kernel-2.6.18-164.15.1.el5.ia64.rpm kernel-debug-2.6.18-164.15.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.15.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.15.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.ia64.rpm kernel-devel-2.6.18-164.15.1.el5.ia64.rpm kernel-headers-2.6.18-164.15.1.el5.ia64.rpm kernel-xen-2.6.18-164.15.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.15.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.15.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.15.1.el5.noarch.rpm ppc: kernel-2.6.18-164.15.1.el5.ppc64.rpm kernel-debug-2.6.18-164.15.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.15.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.ppc64.rpm kernel-devel-2.6.18-164.15.1.el5.ppc64.rpm kernel-headers-2.6.18-164.15.1.el5.ppc.rpm kernel-headers-2.6.18-164.15.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.15.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.15.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.15.1.el5.s390x.rpm kernel-debug-2.6.18-164.15.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.15.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.15.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.s390x.rpm kernel-devel-2.6.18-164.15.1.el5.s390x.rpm kernel-headers-2.6.18-164.15.1.el5.s390x.rpm kernel-kdump-2.6.18-164.15.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.15.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.15.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4308.html https://www.redhat.com/security/data/cve/CVE-2010-0003.html https://www.redhat.com/security/data/cve/CVE-2010-0007.html https://www.redhat.com/security/data/cve/CVE-2010-0008.html https://www.redhat.com/security/data/cve/CVE-2010-0415.html https://www.redhat.com/security/data/cve/CVE-2010-0437.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoEyyXlSAg2UNWIIRAvflAJsEoPULkoHoW6J3ww40pY67AeH5GgCfRAqI RLQD6oYwCLZPptzp6TyEmHw= =JQ+a -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 03:30:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Mar 2010 23:30:32 -0400 Subject: [RHSA-2010:0146-01] Important: kernel security and bug fix update Message-ID: <201003170330.o2H3UXnM022471@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0146-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0146.html Issue date: 2010-03-16 CVE Names: CVE-2009-4271 CVE-2010-0003 CVE-2010-0007 CVE-2010-0008 CVE-2010-0307 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs: * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options: "Cannot set new wake-on-lan settings: Operation not supported not setting wol" This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 548876 - CVE-2009-4271 kernel: 32bit process on 64bit system can trigger a kernel panic 553135 - ext2online resize hangs [rhel-4.8.z] 554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN 555658 - CVE-2010-0008 kernel: sctp remote denial of service 560547 - CVE-2010-0307 kernel: DoS on x86_64 560563 - Write barrier operations not working for libata and general SCSI disks [rhel-4.8.z] 561453 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching hba for target [rhel-4.8.z] 565496 - e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm i386: kernel-2.6.9-89.0.23.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm kernel-devel-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm kernel-smp-2.6.9-89.0.23.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm ia64: kernel-2.6.9-89.0.23.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm kernel-devel-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.23.EL.noarch.rpm ppc: kernel-2.6.9-89.0.23.EL.ppc64.rpm kernel-2.6.9-89.0.23.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.23.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.23.EL.ppc64.rpm kernel-devel-2.6.9-89.0.23.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.23.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.ppc64.rpm s390: kernel-2.6.9-89.0.23.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.23.EL.s390.rpm kernel-devel-2.6.9-89.0.23.EL.s390.rpm s390x: kernel-2.6.9-89.0.23.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.23.EL.s390x.rpm kernel-devel-2.6.9-89.0.23.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.23.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm i386: kernel-2.6.9-89.0.23.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm kernel-devel-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm kernel-smp-2.6.9-89.0.23.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.23.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.23.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm i386: kernel-2.6.9-89.0.23.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm kernel-devel-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm kernel-smp-2.6.9-89.0.23.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm ia64: kernel-2.6.9-89.0.23.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm kernel-devel-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.23.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.23.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm i386: kernel-2.6.9-89.0.23.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm kernel-devel-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm kernel-smp-2.6.9-89.0.23.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-2.6.9-89.0.23.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm ia64: kernel-2.6.9-89.0.23.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm kernel-devel-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.23.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.23.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4271.html https://www.redhat.com/security/data/cve/CVE-2010-0003.html https://www.redhat.com/security/data/cve/CVE-2010-0007.html https://www.redhat.com/security/data/cve/CVE-2010-0008.html https://www.redhat.com/security/data/cve/CVE-2010-0307.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoEzRXlSAg2UNWIIRAhx+AKCTPAIwNCqfILjnZt+fwfzoArW+4QCgmelm QKdBpGNpm+cVgt2kXHnbdMU= =cwST -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 03:30:48 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Mar 2010 23:30:48 -0400 Subject: [RHSA-2010:0148-01] Important: kernel security and bug fix update Message-ID: <201003170330.o2H3UmsW026987@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0148-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0148.html Issue date: 2010-03-16 CVE Names: CVE-2010-0008 CVE-2010-0437 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) This update also fixes the following bugs: * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. With this update, when such programs attempt to call sched_rr_get_interval() on 64-bit systems, sys32_sched_rr_get_interval() is called instead, which resolves this issue. (BZ#557682) * the fix for CVE-2009-4538 provided by RHSA-2010:0079 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options: "Cannot set new wake-on-lan settings: Operation not supported not setting wol" This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#559333) * a number of bugs have been fixed in the copy_user routines for Intel 64 and AMD64 systems, one of which could have possibly led to data corruption. (BZ#568305) * on some systems, a race condition in the inode-based file event notifications implementation caused soft lockups and the following messages: "BUG: warning at fs/inotify.c:181/set_dentry_child_flags()" "BUG: soft lockup - CPU#[x] stuck for 10s!" This update resolves this race condition, and also removes the inotify debugging code from the kernel, due to race conditions in that code. (BZ#568662) * if a program that calls posix_fadvise() were compiled on x86, and then run on a 64-bit system, that program could experience various problems, including performance issues and the call to posix_fadvise() failing, causing the program to not run as expected or even abort. With this update, when such programs attempt to call posix_fadvise() on 64-bit systems, sys32_fadvise64() is called instead, which resolves this issue. This update also fixes other 32-bit system calls that were mistakenly called on 64-bit systems (including systems running the kernel-xen kernel). (BZ#569595) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 555658 - CVE-2010-0008 kernel: sctp remote denial of service 557682 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.2.z] 559333 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.2.z] 563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference 568305 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.2.z] 568662 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.2.z] 569595 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. [rhel-5.2.z] 6. Package List: Red Hat Enterprise Linux (v. 5.2.z server): Source: kernel-2.6.18-92.1.38.el5.src.rpm i386: kernel-2.6.18-92.1.38.el5.i686.rpm kernel-PAE-2.6.18-92.1.38.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.38.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.38.el5.i686.rpm kernel-debug-2.6.18-92.1.38.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.38.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.38.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.38.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.38.el5.i686.rpm kernel-devel-2.6.18-92.1.38.el5.i686.rpm kernel-headers-2.6.18-92.1.38.el5.i386.rpm kernel-xen-2.6.18-92.1.38.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.38.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.38.el5.i686.rpm ia64: kernel-2.6.18-92.1.38.el5.ia64.rpm kernel-debug-2.6.18-92.1.38.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.38.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.38.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.38.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.38.el5.ia64.rpm kernel-devel-2.6.18-92.1.38.el5.ia64.rpm kernel-headers-2.6.18-92.1.38.el5.ia64.rpm kernel-xen-2.6.18-92.1.38.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.38.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.38.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.38.el5.noarch.rpm ppc: kernel-2.6.18-92.1.38.el5.ppc64.rpm kernel-debug-2.6.18-92.1.38.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.38.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.38.el5.ppc64.rpm kernel-devel-2.6.18-92.1.38.el5.ppc64.rpm kernel-headers-2.6.18-92.1.38.el5.ppc.rpm kernel-headers-2.6.18-92.1.38.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.38.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.38.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.38.el5.s390x.rpm kernel-debug-2.6.18-92.1.38.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.38.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.38.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.38.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.38.el5.s390x.rpm kernel-devel-2.6.18-92.1.38.el5.s390x.rpm kernel-headers-2.6.18-92.1.38.el5.s390x.rpm kernel-kdump-2.6.18-92.1.38.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.38.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.38.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.38.el5.x86_64.rpm kernel-debug-2.6.18-92.1.38.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.38.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.38.el5.x86_64.rpm kernel-devel-2.6.18-92.1.38.el5.x86_64.rpm kernel-headers-2.6.18-92.1.38.el5.x86_64.rpm kernel-xen-2.6.18-92.1.38.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.38.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0008.html https://www.redhat.com/security/data/cve/CVE-2010-0437.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoEzdXlSAg2UNWIIRAjt9AJ4sV1X4t8cYdcxFkDI3GWfPfzt5rwCfVJ02 w7vdCwUu11Bv636Ufeuqvm8= =bQqu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 04:05:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2010 00:05:32 -0400 Subject: [RHSA-2010:0149-01] Important: kernel security and bug fix update Message-ID: <201003170405.o2H45WHH028321@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0149-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0149.html Issue date: 2010-03-16 CVE Names: CVE-2009-4141 CVE-2010-0008 CVE-2010-0437 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a deficiency was found in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) This update also fixes the following bugs: * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. With this update, when such programs attempt to call sched_rr_get_interval() on 64-bit systems, sys32_sched_rr_get_interval() is called instead, which resolves this issue. (BZ#557683) * the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options: "Cannot set new wake-on-lan settings: Operation not supported not setting wol" This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#559334) * a number of bugs have been fixed in the copy_user routines for Intel 64 and AMD64 systems, one of which could have possibly led to data corruption. (BZ#568307) * on some systems, a race condition in the inode-based file event notifications implementation caused soft lockups and the following messages: "BUG: warning at fs/inotify.c:181/set_dentry_child_flags()" "BUG: soft lockup - CPU#[x] stuck for 10s!" This update resolves this race condition, and also removes the inotify debugging code from the kernel, due to race conditions in that code. (BZ#568663) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state 555658 - CVE-2010-0008 kernel: sctp remote denial of service 557683 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.3.z] 559334 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.3.z] 563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference 568307 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.3.z] 568663 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.3.z] 6. Package List: Red Hat Enterprise Linux (v. 5.3.z server): Source: kernel-2.6.18-128.14.1.el5.src.rpm i386: kernel-2.6.18-128.14.1.el5.i686.rpm kernel-PAE-2.6.18-128.14.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.14.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.14.1.el5.i686.rpm kernel-debug-2.6.18-128.14.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.14.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.14.1.el5.i686.rpm kernel-debuginfo-2.6.18-128.14.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.14.1.el5.i686.rpm kernel-devel-2.6.18-128.14.1.el5.i686.rpm kernel-headers-2.6.18-128.14.1.el5.i386.rpm kernel-xen-2.6.18-128.14.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.14.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.14.1.el5.i686.rpm ia64: kernel-2.6.18-128.14.1.el5.ia64.rpm kernel-debug-2.6.18-128.14.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.14.1.el5.ia64.rpm kernel-debug-devel-2.6.18-128.14.1.el5.ia64.rpm kernel-debuginfo-2.6.18-128.14.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.14.1.el5.ia64.rpm kernel-devel-2.6.18-128.14.1.el5.ia64.rpm kernel-headers-2.6.18-128.14.1.el5.ia64.rpm kernel-xen-2.6.18-128.14.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.14.1.el5.ia64.rpm kernel-xen-devel-2.6.18-128.14.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.14.1.el5.noarch.rpm ppc: kernel-2.6.18-128.14.1.el5.ppc64.rpm kernel-debug-2.6.18-128.14.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.14.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.14.1.el5.ppc64.rpm kernel-devel-2.6.18-128.14.1.el5.ppc64.rpm kernel-headers-2.6.18-128.14.1.el5.ppc.rpm kernel-headers-2.6.18-128.14.1.el5.ppc64.rpm kernel-kdump-2.6.18-128.14.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.14.1.el5.ppc64.rpm s390x: kernel-2.6.18-128.14.1.el5.s390x.rpm kernel-debug-2.6.18-128.14.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.14.1.el5.s390x.rpm kernel-debug-devel-2.6.18-128.14.1.el5.s390x.rpm kernel-debuginfo-2.6.18-128.14.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.14.1.el5.s390x.rpm kernel-devel-2.6.18-128.14.1.el5.s390x.rpm kernel-headers-2.6.18-128.14.1.el5.s390x.rpm kernel-kdump-2.6.18-128.14.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.14.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.14.1.el5.s390x.rpm x86_64: kernel-2.6.18-128.14.1.el5.x86_64.rpm kernel-debug-2.6.18-128.14.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.14.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.14.1.el5.x86_64.rpm kernel-devel-2.6.18-128.14.1.el5.x86_64.rpm kernel-headers-2.6.18-128.14.1.el5.x86_64.rpm kernel-xen-2.6.18-128.14.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.14.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4141.html https://www.redhat.com/security/data/cve/CVE-2010-0008.html https://www.redhat.com/security/data/cve/CVE-2010-0437.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoFUAXlSAg2UNWIIRAsMKAJsHHELEbCa7B/xil2chhTIlvC8TNQCdHWZY VDIUwbHPU9NdZ0/mJObJQ/s= =rNtZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 15:33:21 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2010 11:33:21 -0400 Subject: [RHSA-2010:0153-02] Moderate: thunderbird security update Message-ID: <201003171533.o2HFXLqN029253@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0153-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0153.html Issue date: 2010-03-17 CVE Names: CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3979 CVE-2010-0159 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 512128 - CVE-2009-2462 Mozilla Browser engine crashes 512131 - CVE-2009-2463 Mozilla Base64 decoding crash 512136 - CVE-2009-2466 Mozilla JavaScript engine crashes 512145 - CVE-2009-2470 Mozilla data corruption with SOCKS5 reply 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530162 - CVE-2009-0689 (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 546694 - CVE-2009-3979 Mozilla crash with evidence of memory corruption 566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) 566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-2.el5_4.src.rpm i386: thunderbird-2.0.0.24-2.el5_4.i386.rpm thunderbird-debuginfo-2.0.0.24-2.el5_4.i386.rpm x86_64: thunderbird-2.0.0.24-2.el5_4.x86_64.rpm thunderbird-debuginfo-2.0.0.24-2.el5_4.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-2.el5_4.src.rpm i386: thunderbird-2.0.0.24-2.el5_4.i386.rpm thunderbird-debuginfo-2.0.0.24-2.el5_4.i386.rpm x86_64: thunderbird-2.0.0.24-2.el5_4.x86_64.rpm thunderbird-debuginfo-2.0.0.24-2.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-0689.html https://www.redhat.com/security/data/cve/CVE-2009-1571.html https://www.redhat.com/security/data/cve/CVE-2009-2462.html https://www.redhat.com/security/data/cve/CVE-2009-2463.html https://www.redhat.com/security/data/cve/CVE-2009-2466.html https://www.redhat.com/security/data/cve/CVE-2009-2470.html https://www.redhat.com/security/data/cve/CVE-2009-3072.html https://www.redhat.com/security/data/cve/CVE-2009-3075.html https://www.redhat.com/security/data/cve/CVE-2009-3076.html https://www.redhat.com/security/data/cve/CVE-2009-3077.html https://www.redhat.com/security/data/cve/CVE-2009-3274.html https://www.redhat.com/security/data/cve/CVE-2009-3376.html https://www.redhat.com/security/data/cve/CVE-2009-3380.html https://www.redhat.com/security/data/cve/CVE-2009-3979.html https://www.redhat.com/security/data/cve/CVE-2010-0159.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoPX3XlSAg2UNWIIRAgKJAJ92yAEo/8kT1mkxcNJvi3lFMsA2nwCgrbqa J7f6yEvoEpbL7bD1j5KezeU= =uF/4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 15:34:30 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2010 11:34:30 -0400 Subject: [RHSA-2010:0154-02] Moderate: thunderbird security update Message-ID: <201003171534.o2HFYURW031497@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0154-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0154.html Issue date: 2010-03-17 CVE Names: CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3979 CVE-2010-0159 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 512128 - CVE-2009-2462 Mozilla Browser engine crashes 512131 - CVE-2009-2463 Mozilla Base64 decoding crash 512136 - CVE-2009-2466 Mozilla JavaScript engine crashes 512145 - CVE-2009-2470 Mozilla data corruption with SOCKS5 reply 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530162 - CVE-2009-0689 (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 546694 - CVE-2009-3979 Mozilla crash with evidence of memory corruption 566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) 566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-25.el4.src.rpm i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm ppc: thunderbird-1.5.0.12-25.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ppc.rpm s390: thunderbird-1.5.0.12-25.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-25.el4.s390.rpm s390x: thunderbird-1.5.0.12-25.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-25.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-25.el4.src.rpm i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-25.el4.src.rpm i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-25.el4.src.rpm i386: thunderbird-1.5.0.12-25.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-25.el4.i386.rpm ia64: thunderbird-1.5.0.12-25.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-25.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-25.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-0689.html https://www.redhat.com/security/data/cve/CVE-2009-1571.html https://www.redhat.com/security/data/cve/CVE-2009-2462.html https://www.redhat.com/security/data/cve/CVE-2009-2463.html https://www.redhat.com/security/data/cve/CVE-2009-2466.html https://www.redhat.com/security/data/cve/CVE-2009-2470.html https://www.redhat.com/security/data/cve/CVE-2009-3072.html https://www.redhat.com/security/data/cve/CVE-2009-3075.html https://www.redhat.com/security/data/cve/CVE-2009-3076.html https://www.redhat.com/security/data/cve/CVE-2009-3077.html https://www.redhat.com/security/data/cve/CVE-2009-3274.html https://www.redhat.com/security/data/cve/CVE-2009-3376.html https://www.redhat.com/security/data/cve/CVE-2009-3380.html https://www.redhat.com/security/data/cve/CVE-2009-3979.html https://www.redhat.com/security/data/cve/CVE-2010-0159.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoPZMXlSAg2UNWIIRAuy2AJsGUflse43NwGrqRXD2m3hgkjiabQCfXXzl xxXD5RY2tiPE+loC0q4iBdk= =SWx6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 17:27:19 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2010 13:27:19 -0400 Subject: [RHSA-2010:0155-01] Moderate: java-1.4.2-ibm security and bug fix update Message-ID: <201003171727.o2HHRJUC027735@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-ibm security and bug fix update Advisory ID: RHSA-2010:0155-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0155.html Issue date: 2010-03-17 CVE Names: CVE-2009-3555 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. (CVE-2009-3555) This update disables renegotiation in the non-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE) component. The default JSSE provider is not updated with this fix. Refer to the IBMJSSE2 Provider Reference Guide, linked to in the References, for instructions on how to configure the IBM Java 2 Runtime Environment to use the JSSE2 provider by default. When using the JSSE2 provider, unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 This update also fixes the following bug: * the libjaasauth.so file was missing from the java-1.4.2-ibm packages for the Intel Itanium architecture (.ia64.rpm). This update adds the file to the packages for the Itanium architecture, which resolves this issue. (BZ#572577) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 http://www.ibm.com/developerworks/java/jdk/security/142/secguides/jsse2docs/JSSE2RefGuide.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLoRB/XlSAg2UNWIIRAiuIAKCHF5ac1+Im7UDZ38BIIBtHkIqNsQCguvj+ 7nVBkNXdI+huMsV1eGC0bj4= =42oL -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 23 15:57:34 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Mar 2010 11:57:34 -0400 Subject: [RHSA-2010:0161-01] Important: kernel-rt security and bug fix update Message-ID: <201003231557.o2NFvYin001591@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2010:0161-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0161.html Issue date: 2010-03-23 CVE Names: CVE-2009-4141 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0437 CVE-2010-0622 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 1.2. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a deficiency was found in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * multiple flaws were found in the mmap and mremap implementations. A local, unprivileged user could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2010-0291, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the Fast Userspace Mutexes (futexes) implementation. The unlock code path did not check if the futex value associated with pi_state->owner had been modified. A local user could use this flaw to modify the futex value, possibly leading to a denial of service or privilege escalation when the pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important) * an information leak was found in the print_fatal_signal() implementation. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary amount of notification requests using specially-crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs: * references were missing for two LSI MegaRAID SAS controllers already supported by the kernel, preventing systems using these controllers from booting. (BZ#554664) * a typo in the fix for CVE-2009-2691 resulted in gdb being unable to read core files created by gcore. (BZ#554965) * values for certain pointers used by the kernel, which should be undereferencable, could potentially be abused when a kernel OOPS occurs. Values that are harder to dereference are now used. (BZ#555227) * this update redesigns the locking scheme of the TTY process group (tty->pgrp) structure, due to race conditions introduced when tty->pgrp started using struct pid instead of pid_t. (BZ#559101) * the way the NFS kernel server used iget() and the way in which it kept its cache of inode information, could have led to (mainly on busy file servers) inconsistencies between the local file system and the file system being served to clients. (BZ#561275) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state 554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 554664 - MRG current has a very old megaraid_sas driver 554965 - gcore tool produces unusable corefile with MRG kernel 555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN 556703 - CVE-2010-0291 kernel: untangle the do_mremap() 561275 - kernel: serious ugliness in iget() uses by nfsd [mrg-1] 561682 - CVE-2010-0410 kernel: OOM/crash in drivers/connector 562582 - CVE-2010-0415 kernel: sys_move_pages infoleak 563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully 563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-149.el5rt.src.rpm i386: kernel-rt-2.6.24.7-149.el5rt.i686.rpm kernel-rt-debug-2.6.24.7-149.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.i686.rpm kernel-rt-debug-devel-2.6.24.7-149.el5rt.i686.rpm kernel-rt-debuginfo-2.6.24.7-149.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.i686.rpm kernel-rt-devel-2.6.24.7-149.el5rt.i686.rpm kernel-rt-trace-2.6.24.7-149.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.i686.rpm kernel-rt-trace-devel-2.6.24.7-149.el5rt.i686.rpm kernel-rt-vanilla-2.6.24.7-149.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.24.7-149.el5rt.noarch.rpm x86_64: kernel-rt-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-debug-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-devel-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-trace-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4141.html https://www.redhat.com/security/data/cve/CVE-2010-0003.html https://www.redhat.com/security/data/cve/CVE-2010-0007.html https://www.redhat.com/security/data/cve/CVE-2010-0291.html https://www.redhat.com/security/data/cve/CVE-2010-0410.html https://www.redhat.com/security/data/cve/CVE-2010-0415.html https://www.redhat.com/security/data/cve/CVE-2010-0437.html https://www.redhat.com/security/data/cve/CVE-2010-0622.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLqOTAXlSAg2UNWIIRAqEnAJ9PcReXgHmM9+pdfygigHVGsggt8gCfdSbS RjCs09nuCAhBEYXbEidE+/s= =opcK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 10:55:39 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 11:55:39 +0100 Subject: [RHSA-2010:0162-01] Important: openssl security update Message-ID: <201003251055.o2PAtdZR020170@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2010:0162-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0162.html Issue date: 2010-03-25 CVE Names: CVE-2009-3245 CVE-2009-3555 CVE-2010-0433 ===================================================================== 1. Summary: Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 A missing return value check flaw was discovered in OpenSSL, that could possibly cause OpenSSL to call a Kerberos library function with invalid arguments, resulting in a NULL pointer dereference crash in the MIT Kerberos library. In certain configurations, a remote attacker could use this flaw to crash a TLS/SSL server using OpenSSL by requesting Kerberos cipher suites during the TLS handshake. (CVE-2010-0433) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 567711 - Nessus PCI scan segfaults openssl dependent products due to kerberos enabled in openssl 569774 - CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_4.6.src.rpm i386: openssl-0.9.8e-12.el5_4.6.i386.rpm openssl-0.9.8e-12.el5_4.6.i686.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i386.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i686.rpm openssl-perl-0.9.8e-12.el5_4.6.i386.rpm x86_64: openssl-0.9.8e-12.el5_4.6.i686.rpm openssl-0.9.8e-12.el5_4.6.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i686.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.x86_64.rpm openssl-perl-0.9.8e-12.el5_4.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-12.el5_4.6.src.rpm i386: openssl-debuginfo-0.9.8e-12.el5_4.6.i386.rpm openssl-devel-0.9.8e-12.el5_4.6.i386.rpm x86_64: openssl-debuginfo-0.9.8e-12.el5_4.6.i386.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.x86_64.rpm openssl-devel-0.9.8e-12.el5_4.6.i386.rpm openssl-devel-0.9.8e-12.el5_4.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-12.el5_4.6.src.rpm i386: openssl-0.9.8e-12.el5_4.6.i386.rpm openssl-0.9.8e-12.el5_4.6.i686.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i386.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i686.rpm openssl-devel-0.9.8e-12.el5_4.6.i386.rpm openssl-perl-0.9.8e-12.el5_4.6.i386.rpm ia64: openssl-0.9.8e-12.el5_4.6.i686.rpm openssl-0.9.8e-12.el5_4.6.ia64.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i686.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.ia64.rpm openssl-devel-0.9.8e-12.el5_4.6.ia64.rpm openssl-perl-0.9.8e-12.el5_4.6.ia64.rpm ppc: openssl-0.9.8e-12.el5_4.6.ppc.rpm openssl-0.9.8e-12.el5_4.6.ppc64.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.ppc.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.ppc64.rpm openssl-devel-0.9.8e-12.el5_4.6.ppc.rpm openssl-devel-0.9.8e-12.el5_4.6.ppc64.rpm openssl-perl-0.9.8e-12.el5_4.6.ppc.rpm s390x: openssl-0.9.8e-12.el5_4.6.s390.rpm openssl-0.9.8e-12.el5_4.6.s390x.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.s390.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.s390x.rpm openssl-devel-0.9.8e-12.el5_4.6.s390.rpm openssl-devel-0.9.8e-12.el5_4.6.s390x.rpm openssl-perl-0.9.8e-12.el5_4.6.s390x.rpm x86_64: openssl-0.9.8e-12.el5_4.6.i686.rpm openssl-0.9.8e-12.el5_4.6.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i386.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.i686.rpm openssl-debuginfo-0.9.8e-12.el5_4.6.x86_64.rpm openssl-devel-0.9.8e-12.el5_4.6.i386.rpm openssl-devel-0.9.8e-12.el5_4.6.x86_64.rpm openssl-perl-0.9.8e-12.el5_4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3245.html https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-0433.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0B6XlSAg2UNWIIRAlcuAJ0S9vFtZxUw0gQBaucg0+6uPbE6RgCgtzWx g0caYewBk/iJ9tI9m3Q1joY= =wzq+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 10:58:01 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 11:58:01 +0100 Subject: [RHSA-2010:0163-01] Moderate: openssl security update Message-ID: <201003251058.o2PAw193020530@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0163-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0163.html Issue date: 2010-03-25 CVE Names: CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 ===================================================================== 1. Summary: Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 492304 - CVE-2009-0590 openssl: ASN1 printing crash 510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm i386: openssl-0.9.7a-33.26.i386.rpm openssl-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.i386.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-devel-0.9.7a-33.26.i386.rpm openssl-perl-0.9.7a-33.26.i386.rpm ia64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.ia64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.ia64.rpm openssl-devel-0.9.7a-33.26.ia64.rpm openssl-perl-0.9.7a-33.26.ia64.rpm ppc: openssl-0.9.7a-33.26.ppc.rpm openssl-0.9.7a-33.26.ppc64.rpm openssl-debuginfo-0.9.7a-33.26.ppc.rpm openssl-debuginfo-0.9.7a-33.26.ppc64.rpm openssl-devel-0.9.7a-33.26.ppc.rpm openssl-perl-0.9.7a-33.26.ppc.rpm s390: openssl-0.9.7a-33.26.s390.rpm openssl-debuginfo-0.9.7a-33.26.s390.rpm openssl-devel-0.9.7a-33.26.s390.rpm openssl-perl-0.9.7a-33.26.s390.rpm s390x: openssl-0.9.7a-33.26.s390.rpm openssl-0.9.7a-33.26.s390x.rpm openssl-debuginfo-0.9.7a-33.26.s390.rpm openssl-debuginfo-0.9.7a-33.26.s390x.rpm openssl-devel-0.9.7a-33.26.s390x.rpm openssl-perl-0.9.7a-33.26.s390x.rpm x86_64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.x86_64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.x86_64.rpm openssl-devel-0.9.7a-33.26.x86_64.rpm openssl-perl-0.9.7a-33.26.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm i386: openssl-0.9.7a-33.26.i386.rpm openssl-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.i386.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-devel-0.9.7a-33.26.i386.rpm openssl-perl-0.9.7a-33.26.i386.rpm x86_64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.x86_64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.x86_64.rpm openssl-devel-0.9.7a-33.26.x86_64.rpm openssl-perl-0.9.7a-33.26.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm i386: openssl-0.9.7a-33.26.i386.rpm openssl-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.i386.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-devel-0.9.7a-33.26.i386.rpm openssl-perl-0.9.7a-33.26.i386.rpm ia64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.ia64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.ia64.rpm openssl-devel-0.9.7a-33.26.ia64.rpm openssl-perl-0.9.7a-33.26.ia64.rpm x86_64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.x86_64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.x86_64.rpm openssl-devel-0.9.7a-33.26.x86_64.rpm openssl-perl-0.9.7a-33.26.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.26.src.rpm i386: openssl-0.9.7a-33.26.i386.rpm openssl-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.i386.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-devel-0.9.7a-33.26.i386.rpm openssl-perl-0.9.7a-33.26.i386.rpm ia64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.ia64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.ia64.rpm openssl-devel-0.9.7a-33.26.ia64.rpm openssl-perl-0.9.7a-33.26.ia64.rpm x86_64: openssl-0.9.7a-33.26.i686.rpm openssl-0.9.7a-33.26.x86_64.rpm openssl-debuginfo-0.9.7a-33.26.i686.rpm openssl-debuginfo-0.9.7a-33.26.x86_64.rpm openssl-devel-0.9.7a-33.26.x86_64.rpm openssl-perl-0.9.7a-33.26.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm i386: openssl-0.9.7a-43.17.el4_8.5.i386.rpm openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm ppc: openssl-0.9.7a-43.17.el4_8.5.ppc.rpm openssl-0.9.7a-43.17.el4_8.5.ppc64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.ppc.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.ppc64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.ppc.rpm openssl-devel-0.9.7a-43.17.el4_8.5.ppc64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.ppc.rpm s390: openssl-0.9.7a-43.17.el4_8.5.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.5.s390.rpm openssl-perl-0.9.7a-43.17.el4_8.5.s390.rpm s390x: openssl-0.9.7a-43.17.el4_8.5.s390.rpm openssl-0.9.7a-43.17.el4_8.5.s390x.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.s390x.rpm openssl-devel-0.9.7a-43.17.el4_8.5.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.5.s390x.rpm openssl-perl-0.9.7a-43.17.el4_8.5.s390x.rpm x86_64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm i386: openssl-0.9.7a-43.17.el4_8.5.i386.rpm openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm x86_64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm i386: openssl-0.9.7a-43.17.el4_8.5.i386.rpm openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.17.el4_8.5.src.rpm i386: openssl-0.9.7a-43.17.el4_8.5.i386.rpm openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.5.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.5.i686.rpm openssl-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.5.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.5.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-0590.html https://www.redhat.com/security/data/cve/CVE-2009-2409.html https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0FMXlSAg2UNWIIRAkUBAJ9U9UK/AKGkp6C6aKNiju/0H85ncACff/Ik XNkd/Dl7OFXMXyyM51/Tb50= =6XPJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 10:59:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 11:59:32 +0100 Subject: [RHSA-2010:0164-01] Moderate: openssl097a security update Message-ID: <201003251059.o2PAxWsq009977@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl097a security update Advisory ID: RHSA-2010:0164-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0164.html Issue date: 2010-03-25 CVE Names: CVE-2009-3555 ===================================================================== 1. Summary: Updated openssl097a packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 All openssl097a users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the openssl097a library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl097a-0.9.7a-9.el5_4.2.src.rpm i386: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.i386.rpm x86_64: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-0.9.7a-9.el5_4.2.x86_64.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.i386.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl097a-0.9.7a-9.el5_4.2.src.rpm i386: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.i386.rpm ia64: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-0.9.7a-9.el5_4.2.ia64.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.i386.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.ia64.rpm ppc: openssl097a-0.9.7a-9.el5_4.2.ppc.rpm openssl097a-0.9.7a-9.el5_4.2.ppc64.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.ppc.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.ppc64.rpm s390x: openssl097a-0.9.7a-9.el5_4.2.s390.rpm openssl097a-0.9.7a-9.el5_4.2.s390x.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.s390.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.s390x.rpm x86_64: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-0.9.7a-9.el5_4.2.x86_64.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.i386.rpm openssl097a-debuginfo-0.9.7a-9.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 http://kbase.redhat.com/faq/docs/DOC-26039 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0HHXlSAg2UNWIIRAvydAJ92aVkvmVHGXvbwlnnYlAtWA11PxACePt9C j9S9BjWZ3MJxWfSeBo94QDw= =2O86 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 11:03:03 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 12:03:03 +0100 Subject: [RHSA-2010:0165-01] Moderate: nss security update Message-ID: <201003251103.o2PB33iM015305@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss security update Advisory ID: RHSA-2010:0165-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0165.html Issue date: 2010-03-25 CVE Names: CVE-2009-3555 ===================================================================== 1. Summary: Updated nss packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Users of Red Hat Certificate System 7.3 and 8.0 should review the following Knowledgebase article before installing this update: http://kbase.redhat.com/faq/docs/DOC-28439 All users of NSS are advised to upgrade to these updated packages, which update NSS to version 3.12.6. This erratum also updates the NSPR packages to the version required by NSS 3.12.6. All running applications using the NSS library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nspr-4.8.4-1.1.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.6-1.el4_8.src.rpm i386: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-devel-4.8.4-1.1.el4_8.i386.rpm nss-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-devel-3.12.6-1.el4_8.i386.rpm nss-tools-3.12.6-1.el4_8.i386.rpm ia64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.ia64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.ia64.rpm nspr-devel-4.8.4-1.1.el4_8.ia64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.ia64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.ia64.rpm nss-devel-3.12.6-1.el4_8.ia64.rpm nss-tools-3.12.6-1.el4_8.ia64.rpm ppc: nspr-4.8.4-1.1.el4_8.ppc.rpm nspr-4.8.4-1.1.el4_8.ppc64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.ppc.rpm nspr-debuginfo-4.8.4-1.1.el4_8.ppc64.rpm nspr-devel-4.8.4-1.1.el4_8.ppc.rpm nss-3.12.6-1.el4_8.ppc.rpm nss-3.12.6-1.el4_8.ppc64.rpm nss-debuginfo-3.12.6-1.el4_8.ppc.rpm nss-debuginfo-3.12.6-1.el4_8.ppc64.rpm nss-devel-3.12.6-1.el4_8.ppc.rpm nss-tools-3.12.6-1.el4_8.ppc.rpm s390: nspr-4.8.4-1.1.el4_8.s390.rpm nspr-debuginfo-4.8.4-1.1.el4_8.s390.rpm nspr-devel-4.8.4-1.1.el4_8.s390.rpm nss-3.12.6-1.el4_8.s390.rpm nss-debuginfo-3.12.6-1.el4_8.s390.rpm nss-devel-3.12.6-1.el4_8.s390.rpm nss-tools-3.12.6-1.el4_8.s390.rpm s390x: nspr-4.8.4-1.1.el4_8.s390.rpm nspr-4.8.4-1.1.el4_8.s390x.rpm nspr-debuginfo-4.8.4-1.1.el4_8.s390.rpm nspr-debuginfo-4.8.4-1.1.el4_8.s390x.rpm nspr-devel-4.8.4-1.1.el4_8.s390x.rpm nss-3.12.6-1.el4_8.s390.rpm nss-3.12.6-1.el4_8.s390x.rpm nss-debuginfo-3.12.6-1.el4_8.s390.rpm nss-debuginfo-3.12.6-1.el4_8.s390x.rpm nss-devel-3.12.6-1.el4_8.s390x.rpm nss-tools-3.12.6-1.el4_8.s390x.rpm x86_64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.x86_64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.x86_64.rpm nspr-devel-4.8.4-1.1.el4_8.x86_64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.x86_64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.x86_64.rpm nss-devel-3.12.6-1.el4_8.x86_64.rpm nss-tools-3.12.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nspr-4.8.4-1.1.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.6-1.el4_8.src.rpm i386: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-devel-4.8.4-1.1.el4_8.i386.rpm nss-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-devel-3.12.6-1.el4_8.i386.rpm nss-tools-3.12.6-1.el4_8.i386.rpm x86_64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.x86_64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.x86_64.rpm nspr-devel-4.8.4-1.1.el4_8.x86_64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.x86_64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.x86_64.rpm nss-devel-3.12.6-1.el4_8.x86_64.rpm nss-tools-3.12.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nspr-4.8.4-1.1.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.6-1.el4_8.src.rpm i386: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-devel-4.8.4-1.1.el4_8.i386.rpm nss-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-devel-3.12.6-1.el4_8.i386.rpm nss-tools-3.12.6-1.el4_8.i386.rpm ia64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.ia64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.ia64.rpm nspr-devel-4.8.4-1.1.el4_8.ia64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.ia64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.ia64.rpm nss-devel-3.12.6-1.el4_8.ia64.rpm nss-tools-3.12.6-1.el4_8.ia64.rpm x86_64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.x86_64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.x86_64.rpm nspr-devel-4.8.4-1.1.el4_8.x86_64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.x86_64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.x86_64.rpm nss-devel-3.12.6-1.el4_8.x86_64.rpm nss-tools-3.12.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nspr-4.8.4-1.1.el4_8.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.6-1.el4_8.src.rpm i386: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-devel-4.8.4-1.1.el4_8.i386.rpm nss-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-devel-3.12.6-1.el4_8.i386.rpm nss-tools-3.12.6-1.el4_8.i386.rpm ia64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.ia64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.ia64.rpm nspr-devel-4.8.4-1.1.el4_8.ia64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.ia64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.ia64.rpm nss-devel-3.12.6-1.el4_8.ia64.rpm nss-tools-3.12.6-1.el4_8.ia64.rpm x86_64: nspr-4.8.4-1.1.el4_8.i386.rpm nspr-4.8.4-1.1.el4_8.x86_64.rpm nspr-debuginfo-4.8.4-1.1.el4_8.i386.rpm nspr-debuginfo-4.8.4-1.1.el4_8.x86_64.rpm nspr-devel-4.8.4-1.1.el4_8.x86_64.rpm nss-3.12.6-1.el4_8.i386.rpm nss-3.12.6-1.el4_8.x86_64.rpm nss-debuginfo-3.12.6-1.el4_8.i386.rpm nss-debuginfo-3.12.6-1.el4_8.x86_64.rpm nss-devel-3.12.6-1.el4_8.x86_64.rpm nss-tools-3.12.6-1.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.4-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.6-1.el5_4.src.rpm i386: nspr-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nss-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-tools-3.12.6-1.el5_4.i386.rpm x86_64: nspr-4.8.4-1.el5_4.i386.rpm nspr-4.8.4-1.el5_4.x86_64.rpm nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.x86_64.rpm nss-3.12.6-1.el5_4.i386.rpm nss-3.12.6-1.el5_4.x86_64.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.x86_64.rpm nss-tools-3.12.6-1.el5_4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.4-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.6-1.el5_4.src.rpm i386: nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-devel-4.8.4-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-devel-3.12.6-1.el5_4.i386.rpm nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm x86_64: nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.x86_64.rpm nspr-devel-4.8.4-1.el5_4.i386.rpm nspr-devel-4.8.4-1.el5_4.x86_64.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.x86_64.rpm nss-devel-3.12.6-1.el5_4.i386.rpm nss-devel-3.12.6-1.el5_4.x86_64.rpm nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm nss-pkcs11-devel-3.12.6-1.el5_4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.8.4-1.el5_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.6-1.el5_4.src.rpm i386: nspr-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-devel-4.8.4-1.el5_4.i386.rpm nss-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-devel-3.12.6-1.el5_4.i386.rpm nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm nss-tools-3.12.6-1.el5_4.i386.rpm ia64: nspr-4.8.4-1.el5_4.i386.rpm nspr-4.8.4-1.el5_4.ia64.rpm nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.ia64.rpm nspr-devel-4.8.4-1.el5_4.ia64.rpm nss-3.12.6-1.el5_4.i386.rpm nss-3.12.6-1.el5_4.ia64.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.ia64.rpm nss-devel-3.12.6-1.el5_4.ia64.rpm nss-pkcs11-devel-3.12.6-1.el5_4.ia64.rpm nss-tools-3.12.6-1.el5_4.ia64.rpm ppc: nspr-4.8.4-1.el5_4.ppc.rpm nspr-4.8.4-1.el5_4.ppc64.rpm nspr-debuginfo-4.8.4-1.el5_4.ppc.rpm nspr-debuginfo-4.8.4-1.el5_4.ppc64.rpm nspr-devel-4.8.4-1.el5_4.ppc.rpm nspr-devel-4.8.4-1.el5_4.ppc64.rpm nss-3.12.6-1.el5_4.ppc.rpm nss-3.12.6-1.el5_4.ppc64.rpm nss-debuginfo-3.12.6-1.el5_4.ppc.rpm nss-debuginfo-3.12.6-1.el5_4.ppc64.rpm nss-devel-3.12.6-1.el5_4.ppc.rpm nss-devel-3.12.6-1.el5_4.ppc64.rpm nss-pkcs11-devel-3.12.6-1.el5_4.ppc.rpm nss-pkcs11-devel-3.12.6-1.el5_4.ppc64.rpm nss-tools-3.12.6-1.el5_4.ppc.rpm s390x: nspr-4.8.4-1.el5_4.s390.rpm nspr-4.8.4-1.el5_4.s390x.rpm nspr-debuginfo-4.8.4-1.el5_4.s390.rpm nspr-debuginfo-4.8.4-1.el5_4.s390x.rpm nspr-devel-4.8.4-1.el5_4.s390.rpm nspr-devel-4.8.4-1.el5_4.s390x.rpm nss-3.12.6-1.el5_4.s390.rpm nss-3.12.6-1.el5_4.s390x.rpm nss-debuginfo-3.12.6-1.el5_4.s390.rpm nss-debuginfo-3.12.6-1.el5_4.s390x.rpm nss-devel-3.12.6-1.el5_4.s390.rpm nss-devel-3.12.6-1.el5_4.s390x.rpm nss-pkcs11-devel-3.12.6-1.el5_4.s390.rpm nss-pkcs11-devel-3.12.6-1.el5_4.s390x.rpm nss-tools-3.12.6-1.el5_4.s390x.rpm x86_64: nspr-4.8.4-1.el5_4.i386.rpm nspr-4.8.4-1.el5_4.x86_64.rpm nspr-debuginfo-4.8.4-1.el5_4.i386.rpm nspr-debuginfo-4.8.4-1.el5_4.x86_64.rpm nspr-devel-4.8.4-1.el5_4.i386.rpm nspr-devel-4.8.4-1.el5_4.x86_64.rpm nss-3.12.6-1.el5_4.i386.rpm nss-3.12.6-1.el5_4.x86_64.rpm nss-debuginfo-3.12.6-1.el5_4.i386.rpm nss-debuginfo-3.12.6-1.el5_4.x86_64.rpm nss-devel-3.12.6-1.el5_4.i386.rpm nss-devel-3.12.6-1.el5_4.x86_64.rpm nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm nss-pkcs11-devel-3.12.6-1.el5_4.x86_64.rpm nss-tools-3.12.6-1.el5_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 http://kbase.redhat.com/faq/docs/DOC-28439 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0JXXlSAg2UNWIIRAjEzAKC61nCUsxHfL7CpbzpPy3aYqFzAuACdFMEw /P91vo2S8cdK8VfnnbDItwo= =oW2l -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 11:04:50 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 12:04:50 +0100 Subject: [RHSA-2010:0166-01] Moderate: gnutls security update Message-ID: <201003251104.o2PB4oo8011210@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security update Advisory ID: RHSA-2010:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0166.html Issue date: 2010-03-25 CVE Names: CVE-2009-2409 CVE-2009-3555 ===================================================================== 1. Summary: Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm i386: gnutls-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-utils-1.4.1-3.el5_4.8.i386.rpm x86_64: gnutls-1.4.1-3.el5_4.8.i386.rpm gnutls-1.4.1-3.el5_4.8.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm gnutls-utils-1.4.1-3.el5_4.8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm i386: gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-devel-1.4.1-3.el5_4.8.i386.rpm x86_64: gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm gnutls-devel-1.4.1-3.el5_4.8.i386.rpm gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-3.el5_4.8.src.rpm i386: gnutls-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-devel-1.4.1-3.el5_4.8.i386.rpm gnutls-utils-1.4.1-3.el5_4.8.i386.rpm ia64: gnutls-1.4.1-3.el5_4.8.i386.rpm gnutls-1.4.1-3.el5_4.8.ia64.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.ia64.rpm gnutls-devel-1.4.1-3.el5_4.8.ia64.rpm gnutls-utils-1.4.1-3.el5_4.8.ia64.rpm ppc: gnutls-1.4.1-3.el5_4.8.ppc.rpm gnutls-1.4.1-3.el5_4.8.ppc64.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.ppc.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.ppc64.rpm gnutls-devel-1.4.1-3.el5_4.8.ppc.rpm gnutls-devel-1.4.1-3.el5_4.8.ppc64.rpm gnutls-utils-1.4.1-3.el5_4.8.ppc.rpm s390x: gnutls-1.4.1-3.el5_4.8.s390.rpm gnutls-1.4.1-3.el5_4.8.s390x.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.s390.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.s390x.rpm gnutls-devel-1.4.1-3.el5_4.8.s390.rpm gnutls-devel-1.4.1-3.el5_4.8.s390x.rpm gnutls-utils-1.4.1-3.el5_4.8.s390x.rpm x86_64: gnutls-1.4.1-3.el5_4.8.i386.rpm gnutls-1.4.1-3.el5_4.8.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.i386.rpm gnutls-debuginfo-1.4.1-3.el5_4.8.x86_64.rpm gnutls-devel-1.4.1-3.el5_4.8.i386.rpm gnutls-devel-1.4.1-3.el5_4.8.x86_64.rpm gnutls-utils-1.4.1-3.el5_4.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2409.html https://www.redhat.com/security/data/cve/CVE-2009-3555.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0L9XlSAg2UNWIIRAlTdAJ9/f95/Xu9E4bQ0yhF0BTFP4PrMLwCgkgip /nHNcTR+TNuZsl7SzbvQozo= =hJDd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 11:06:14 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 12:06:14 +0100 Subject: [RHSA-2010:0167-01] Moderate: gnutls security update Message-ID: <201003251106.o2PB6EnW016478@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security update Advisory ID: RHSA-2010:0167-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0167.html Issue date: 2010-03-25 CVE Names: CVE-2009-3555 CVE-2010-0731 ===================================================================== 1. Summary: Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 A flaw was found in the way GnuTLS extracted serial numbers from X.509 certificates. On 64-bit big endian platforms, this flaw could cause the certificate revocation list (CRL) check to be bypassed; cause various GnuTLS utilities to crash; or, possibly, execute arbitrary code. (CVE-2010-0731) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 573028 - CVE-2010-0731 gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm i386: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-devel-1.0.20-4.el4_8.7.i386.rpm ia64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm ppc: gnutls-1.0.20-4.el4_8.7.ppc.rpm gnutls-1.0.20-4.el4_8.7.ppc64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.ppc.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.ppc64.rpm gnutls-devel-1.0.20-4.el4_8.7.ppc.rpm s390: gnutls-1.0.20-4.el4_8.7.s390.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.s390.rpm gnutls-devel-1.0.20-4.el4_8.7.s390.rpm s390x: gnutls-1.0.20-4.el4_8.7.s390.rpm gnutls-1.0.20-4.el4_8.7.s390x.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.s390.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.s390x.rpm gnutls-devel-1.0.20-4.el4_8.7.s390x.rpm x86_64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm i386: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-devel-1.0.20-4.el4_8.7.i386.rpm x86_64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm i386: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-devel-1.0.20-4.el4_8.7.i386.rpm ia64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm x86_64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnutls-1.0.20-4.el4_8.7.src.rpm i386: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-devel-1.0.20-4.el4_8.7.i386.rpm ia64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.ia64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.ia64.rpm gnutls-devel-1.0.20-4.el4_8.7.ia64.rpm x86_64: gnutls-1.0.20-4.el4_8.7.i386.rpm gnutls-1.0.20-4.el4_8.7.x86_64.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.i386.rpm gnutls-debuginfo-1.0.20-4.el4_8.7.x86_64.rpm gnutls-devel-1.0.20-4.el4_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-0731.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0NjXlSAg2UNWIIRAoznAKC3psERipbgqF+zN1IK2ThTR0RJXwCfU+LG MgrPGavNSwGjm58ZE/y6LxY= =zZwH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 11:08:34 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 12:08:34 +0100 Subject: [RHSA-2010:0168-01] Moderate: httpd security and enhancement update Message-ID: <201003251108.o2PB8YdT018292@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and enhancement update Advisory ID: RHSA-2010:0168-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0168.html Issue date: 2010-03-25 CVE Names: CVE-2010-0408 CVE-2010-0434 ===================================================================== 1. Summary: Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period (60 seconds by default) by sending specially-crafted requests. (CVE-2010-0408) A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also adds the following enhancement: * with the updated openssl packages from RHSA-2010:0162 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This update adds the "SSLInsecureRenegotiation" configuration directive. If this directive is enabled, mod_ssl will renegotiate insecurely with unpatched clients. (BZ#567980) Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491 All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 567980 - [RFE] mod_ssl: Add SSLInsecureRenegotiation directive [rhel-5] 569905 - CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS 570171 - CVE-2010-0434 httpd: request header information leak 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-31.el5_4.4.src.rpm i386: httpd-2.2.3-31.el5_4.4.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.4.i386.rpm mod_ssl-2.2.3-31.el5_4.4.i386.rpm x86_64: httpd-2.2.3-31.el5_4.4.x86_64.rpm httpd-debuginfo-2.2.3-31.el5_4.4.x86_64.rpm mod_ssl-2.2.3-31.el5_4.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-31.el5_4.4.src.rpm i386: httpd-debuginfo-2.2.3-31.el5_4.4.i386.rpm httpd-devel-2.2.3-31.el5_4.4.i386.rpm httpd-manual-2.2.3-31.el5_4.4.i386.rpm x86_64: httpd-debuginfo-2.2.3-31.el5_4.4.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.4.x86_64.rpm httpd-devel-2.2.3-31.el5_4.4.i386.rpm httpd-devel-2.2.3-31.el5_4.4.x86_64.rpm httpd-manual-2.2.3-31.el5_4.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-31.el5_4.4.src.rpm i386: httpd-2.2.3-31.el5_4.4.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.4.i386.rpm httpd-devel-2.2.3-31.el5_4.4.i386.rpm httpd-manual-2.2.3-31.el5_4.4.i386.rpm mod_ssl-2.2.3-31.el5_4.4.i386.rpm ia64: httpd-2.2.3-31.el5_4.4.ia64.rpm httpd-debuginfo-2.2.3-31.el5_4.4.ia64.rpm httpd-devel-2.2.3-31.el5_4.4.ia64.rpm httpd-manual-2.2.3-31.el5_4.4.ia64.rpm mod_ssl-2.2.3-31.el5_4.4.ia64.rpm ppc: httpd-2.2.3-31.el5_4.4.ppc.rpm httpd-debuginfo-2.2.3-31.el5_4.4.ppc.rpm httpd-debuginfo-2.2.3-31.el5_4.4.ppc64.rpm httpd-devel-2.2.3-31.el5_4.4.ppc.rpm httpd-devel-2.2.3-31.el5_4.4.ppc64.rpm httpd-manual-2.2.3-31.el5_4.4.ppc.rpm mod_ssl-2.2.3-31.el5_4.4.ppc.rpm s390x: httpd-2.2.3-31.el5_4.4.s390x.rpm httpd-debuginfo-2.2.3-31.el5_4.4.s390.rpm httpd-debuginfo-2.2.3-31.el5_4.4.s390x.rpm httpd-devel-2.2.3-31.el5_4.4.s390.rpm httpd-devel-2.2.3-31.el5_4.4.s390x.rpm httpd-manual-2.2.3-31.el5_4.4.s390x.rpm mod_ssl-2.2.3-31.el5_4.4.s390x.rpm x86_64: httpd-2.2.3-31.el5_4.4.x86_64.rpm httpd-debuginfo-2.2.3-31.el5_4.4.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.4.x86_64.rpm httpd-devel-2.2.3-31.el5_4.4.i386.rpm httpd-devel-2.2.3-31.el5_4.4.x86_64.rpm httpd-manual-2.2.3-31.el5_4.4.x86_64.rpm mod_ssl-2.2.3-31.el5_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0408.html https://www.redhat.com/security/data/cve/CVE-2010-0434.html http://www.redhat.com/security/updates/classification/#moderate http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0O9XlSAg2UNWIIRArtjAJ9xSUFspvZd3sA9pHvQ9r5CfNfzmwCfQB3B T3PiK20o3d0V6m26ZqVSHiM= =p6kl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 11:10:19 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 12:10:19 +0100 Subject: [RHSA-2010:0173-02] Important: openssl096b security update Message-ID: <201003251110.o2PBAJWR012578@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl096b security update Advisory ID: RHSA-2010:0173-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0173.html Issue date: 2010-03-25 CVE Names: CVE-2009-3245 ===================================================================== 1. Summary: Updated openssl096b packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) All openssl096b users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all programs using the openssl096b library must be restarted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm i386: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm ia64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.ia64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm ppc: openssl096b-0.9.6b-16.50.ppc.rpm openssl096b-debuginfo-0.9.6b-16.50.ppc.rpm s390: openssl096b-0.9.6b-16.50.s390.rpm openssl096b-debuginfo-0.9.6b-16.50.s390.rpm s390x: openssl096b-0.9.6b-16.50.s390.rpm openssl096b-debuginfo-0.9.6b-16.50.s390.rpm x86_64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.x86_64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm i386: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm x86_64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.x86_64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm i386: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm ia64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.ia64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm x86_64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.x86_64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.50.src.rpm i386: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm ia64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.ia64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.ia64.rpm x86_64: openssl096b-0.9.6b-16.50.i386.rpm openssl096b-0.9.6b-16.50.x86_64.rpm openssl096b-debuginfo-0.9.6b-16.50.i386.rpm openssl096b-debuginfo-0.9.6b-16.50.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm i386: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm ia64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm ppc: openssl096b-0.9.6b-22.46.el4_8.1.ppc.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ppc.rpm s390: openssl096b-0.9.6b-22.46.el4_8.1.s390.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.s390.rpm s390x: openssl096b-0.9.6b-22.46.el4_8.1.s390.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.s390.rpm x86_64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm i386: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm x86_64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm i386: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm ia64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm x86_64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.46.el4_8.1.src.rpm i386: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm ia64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.ia64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.ia64.rpm x86_64: openssl096b-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-0.9.6b-22.46.el4_8.1.x86_64.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.i386.rpm openssl096b-debuginfo-0.9.6b-22.46.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3245.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-26039 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq0RMXlSAg2UNWIIRAmfLAKCIBkAHs0W+Qtywt0TLXYvQYJyZuQCfYj2Q CZhGx9kJjfLx7npxl9NXxS4= =xhhj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 25 15:55:27 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Mar 2010 09:55:27 -0600 Subject: [RHSA-2010:0175-01] Low: httpd security, bug fix, and enhancement update Message-ID: <201003251555.o2PFtSMx010050@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2010:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0175.html Issue date: 2010-03-25 CVE Names: CVE-2010-0434 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug: * a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a "Could not get next bucket brigade" error logged. With this update, failed PUT requests no longer cause mod_dav to delete files, which resolves this issue. (BZ#572932) As well, this update adds the following enhancement: * with the updated openssl packages from RHSA-2010:0163 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This update adds the "SSLInsecureRenegotiation" configuration directive. If this directive is enabled, mod_ssl will renegotiate insecurely with unpatched clients. (BZ#575805) Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491 All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570171 - CVE-2010-0434 httpd: request header information leak 572932 - "could not get next bucket brigade" while a client is doing a PUT results in data loss 575805 - mod_ssl: Add SSLInsecureRenegotiation directive [rhel-4] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm i386: httpd-2.0.52-41.ent.7.i386.rpm httpd-debuginfo-2.0.52-41.ent.7.i386.rpm httpd-devel-2.0.52-41.ent.7.i386.rpm httpd-manual-2.0.52-41.ent.7.i386.rpm httpd-suexec-2.0.52-41.ent.7.i386.rpm mod_ssl-2.0.52-41.ent.7.i386.rpm ia64: httpd-2.0.52-41.ent.7.ia64.rpm httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm httpd-devel-2.0.52-41.ent.7.ia64.rpm httpd-manual-2.0.52-41.ent.7.ia64.rpm httpd-suexec-2.0.52-41.ent.7.ia64.rpm mod_ssl-2.0.52-41.ent.7.ia64.rpm ppc: httpd-2.0.52-41.ent.7.ppc.rpm httpd-debuginfo-2.0.52-41.ent.7.ppc.rpm httpd-devel-2.0.52-41.ent.7.ppc.rpm httpd-manual-2.0.52-41.ent.7.ppc.rpm httpd-suexec-2.0.52-41.ent.7.ppc.rpm mod_ssl-2.0.52-41.ent.7.ppc.rpm s390: httpd-2.0.52-41.ent.7.s390.rpm httpd-debuginfo-2.0.52-41.ent.7.s390.rpm httpd-devel-2.0.52-41.ent.7.s390.rpm httpd-manual-2.0.52-41.ent.7.s390.rpm httpd-suexec-2.0.52-41.ent.7.s390.rpm mod_ssl-2.0.52-41.ent.7.s390.rpm s390x: httpd-2.0.52-41.ent.7.s390x.rpm httpd-debuginfo-2.0.52-41.ent.7.s390x.rpm httpd-devel-2.0.52-41.ent.7.s390x.rpm httpd-manual-2.0.52-41.ent.7.s390x.rpm httpd-suexec-2.0.52-41.ent.7.s390x.rpm mod_ssl-2.0.52-41.ent.7.s390x.rpm x86_64: httpd-2.0.52-41.ent.7.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm httpd-devel-2.0.52-41.ent.7.x86_64.rpm httpd-manual-2.0.52-41.ent.7.x86_64.rpm httpd-suexec-2.0.52-41.ent.7.x86_64.rpm mod_ssl-2.0.52-41.ent.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm i386: httpd-2.0.52-41.ent.7.i386.rpm httpd-debuginfo-2.0.52-41.ent.7.i386.rpm httpd-devel-2.0.52-41.ent.7.i386.rpm httpd-manual-2.0.52-41.ent.7.i386.rpm httpd-suexec-2.0.52-41.ent.7.i386.rpm mod_ssl-2.0.52-41.ent.7.i386.rpm x86_64: httpd-2.0.52-41.ent.7.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm httpd-devel-2.0.52-41.ent.7.x86_64.rpm httpd-manual-2.0.52-41.ent.7.x86_64.rpm httpd-suexec-2.0.52-41.ent.7.x86_64.rpm mod_ssl-2.0.52-41.ent.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm i386: httpd-2.0.52-41.ent.7.i386.rpm httpd-debuginfo-2.0.52-41.ent.7.i386.rpm httpd-devel-2.0.52-41.ent.7.i386.rpm httpd-manual-2.0.52-41.ent.7.i386.rpm httpd-suexec-2.0.52-41.ent.7.i386.rpm mod_ssl-2.0.52-41.ent.7.i386.rpm ia64: httpd-2.0.52-41.ent.7.ia64.rpm httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm httpd-devel-2.0.52-41.ent.7.ia64.rpm httpd-manual-2.0.52-41.ent.7.ia64.rpm httpd-suexec-2.0.52-41.ent.7.ia64.rpm mod_ssl-2.0.52-41.ent.7.ia64.rpm x86_64: httpd-2.0.52-41.ent.7.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm httpd-devel-2.0.52-41.ent.7.x86_64.rpm httpd-manual-2.0.52-41.ent.7.x86_64.rpm httpd-suexec-2.0.52-41.ent.7.x86_64.rpm mod_ssl-2.0.52-41.ent.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-41.ent.7.src.rpm i386: httpd-2.0.52-41.ent.7.i386.rpm httpd-debuginfo-2.0.52-41.ent.7.i386.rpm httpd-devel-2.0.52-41.ent.7.i386.rpm httpd-manual-2.0.52-41.ent.7.i386.rpm httpd-suexec-2.0.52-41.ent.7.i386.rpm mod_ssl-2.0.52-41.ent.7.i386.rpm ia64: httpd-2.0.52-41.ent.7.ia64.rpm httpd-debuginfo-2.0.52-41.ent.7.ia64.rpm httpd-devel-2.0.52-41.ent.7.ia64.rpm httpd-manual-2.0.52-41.ent.7.ia64.rpm httpd-suexec-2.0.52-41.ent.7.ia64.rpm mod_ssl-2.0.52-41.ent.7.ia64.rpm x86_64: httpd-2.0.52-41.ent.7.x86_64.rpm httpd-debuginfo-2.0.52-41.ent.7.x86_64.rpm httpd-devel-2.0.52-41.ent.7.x86_64.rpm httpd-manual-2.0.52-41.ent.7.x86_64.rpm httpd-suexec-2.0.52-41.ent.7.x86_64.rpm mod_ssl-2.0.52-41.ent.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0434.html http://www.redhat.com/security/updates/classification/#low http://kbase.redhat.com/faq/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLq4dLXlSAg2UNWIIRAh0RAJ9NmKVsRI0K4yn+2572bhneJpN3rwCaAtto 0JZcH3quVhxOA4XqTIVEQQU= =1JNH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 16:55:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 12:55:32 -0400 Subject: [RHSA-2010:0178-02] Important: Red Hat Enterprise Linux 5.5 kernel security and bug fix update Message-ID: <201003301655.o2UGtWJm004438@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 5.5 kernel security and bug fix update Advisory ID: RHSA-2010:0178-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0178.html Issue date: 2010-03-30 CVE Names: CVE-2009-4027 CVE-2009-4307 CVE-2010-0727 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-4307, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 250561 - w83627ehf sensor not supported by 2.6.18-8.1.8.el5 kernel 322881 - /proc/self/smaps unreadable after setuid 427709 - dump and large file ops are slow, please implement kernel workaround 446061 - IT87 hwmon module does not support later chipset revisions. 448130 - 50-75 % drop in cfq read performance compared to rhel 4.6+ 450121 - RFE: Symbol pci_domain_nr needs to be added the whitelist for ppc64 452129 - memory mapped files not updating timestamps 456181 - Read speed of /sbin/dump command is critically slow with CFQ I/O scheduler 461100 - [PATCH]RHEL5:fix dio write returning EIO due to bh race 461442 - VLAN driver logs excessive messages in kernel message log (dmesg) 461506 - kernel BUG at mm/mempool.c:121! caused by lvcreate 466681 - pygrub uses cached and eventually outdated grub.conf, kernel and initrd 469976 - The EDAC driver not support The Intel 3200 and 3210 Chipsets 473404 - [5.3] Kdump Kernel Hangs on Dell AMD Machines 475457 - [FUJITSU 5.5] More tracepoints support - networking 476075 - use KVM pvclock code to detect/correct lost ticks 481658 - Backport partition table sanity checks to RHEL5 482756 - GFS2: After gfs2_grow, new size is not seen immediately 483646 - bridge: Fix LRO crash with tun (tun_chr_read()) 485016 - HP6510b close lid cause system crash 485099 - Inconsistent behaviour in stripping SUID/SGID flags when chmod/chgrp directories 486092 - httpd Sendfile troubles reading from a CIFS share 486975 - kernel: Unable to write to file as non-root user with setuid and setgid bit set 487346 - ifdown bond0 causes a deadlock 487763 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost 488161 - (direct_io) __blockdev_direct_IO calls kzalloc for dio struct causes OLTP performance regression 489566 - when booted with P-state limit, limit can never be increased 489774 - AVC denied 0x100000 for a directory with eCryptFS and Apache 489931 - NFS umount deadlock in rpciod with rpc_shutdown_client() 491010 - ip_vs module (LVS) routes demasqueraded packets out wrong interface on multihomed directors 493517 - get_partstats() returns NULL and causes panic 494120 - XEN NMI detection fails on Dell 1950 server 495059 - deadlock with NFSv4 reclaimer thread reconnecting socket 496716 - GFS2 ">>" will not update ctime,mtime after appending to the file 496847 - [Patch] jbd slab cache creation/deletion is racey 497200 - definition of file-nr differs from sysctl/fs.txt to filesystems/proc.txt 497257 - The tmpfs filesystem goes on readonly mode. 498461 - I/O scheduler setting via elevator kernel option not picked up by Xen guest 498489 - blktrace stops working after a trace-file-directory replacement 498510 - don't OOM kill task during fresh huge page allocation 498532 - RHEL5 cmirror tracker: multiple device failure of fully synced cmirror causes corruption 498976 - GFS2 - probably lost glock call back 499019 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() 499063 - [RHEL5] undefined reference to `__udivdi3' 499253 - kernel leaves initrd in vmalloc space 499884 - A bond's preferred primary setting is lost after bringing down and up of the primary slave. 500346 - Please update mlx4_en driver for performance improvements and bug fixes 500653 - NFS: problems with virtual IP and locking 500838 - CIFS update for RHEL5.5 501030 - Need to display the current settings of the options bits in st driver. 501075 - soft lockups with software RAID6 create and re-sync' 502491 - rtl8139 doesn't work with bonding in alb mode 502531 - GFS2: smbd proccess hangs with flock() call. 502572 - cat stop responding after 1st cat and CTRL+C interrupt. 502822 - OOPS in "inet_select_addr" on ICMP when "icmp_errors_use_inbound_ifaddr" is turned on 502826 - [RHEL-5 Xen]: F-11 Xen 64-bit domU cannot be started with > 2047MB of memory 502927 - dm-raid1 can return write request as finished and later revert the data 502965 - Snapshot creation in VG with 1k extent size can fail 503837 - [Intel 5.4 Bug] Function dependency link calculated incorrectly for integrated endpoint 505331 - GFS2: genesis stuck writing to unlinked file 506200 - ahci: add device ID for 82801JI sata controller 506217 - Implement blkdev_releasepage() to release the buffer_heads and pages after we release private data belonging to a mounted filesystem. 506799 - Serial ports don't function on 4838-310 without pnpacpi=off boot option 506899 - timeout with physical cdrom on a PV guest 507159 - Cannot increase open file limit greater then 1024 * 1024 (1048576) 507549 - Bug in lockd prevents a locks being freed. 509625 - kernel: fd leak if pipe() is called with an invalid address [rhel-5.4] 509713 - getdents() reports /proc/1/task/1/ as DT_UNKNOWN. 509809 - Host panic when try to run kvm guest on a host which restored from suspend. 509866 - [RHEL5.3] Even if a process have received data but schedule() in select() cannot return 509962 - RHEL 5.4 Beta fails to activate sw raid devices, unable to install to sw raid 510225 - Segfault/Infinite loop in TLS double access 510257 - allow more flexibility for read_ahead_kb store 510686 - xen does not build on gcc 4.4 510746 - BUG: warning at kernel/softirq.c:138/local_bh_enable() (Tainted: G ) 510814 - CPU hotplug notifiers for KVM (for suspend and cpu hotplug support) 510818 - cxgb3 driver fixes 511170 - [NetApp 5.5 bug] nfs_readdir() may fail to return all the files in the directory 511211 - cpuspeed behave strangely after suspend/resume on intel machine hp-dl580g5-01.rhts.bos.redhat.com 511278 - /proc/self/exe reports wrong path after fstat on NFSv4 511374 - ExpressCards should be detected and useful 512006 - [LTC 5.5 FEAT] AF_IUCV SOCK_SEQPACKET support [201885] 512013 - [LTC 5.5 FEAT] Support ACPI S3/S4 Sleeping States [201941] 512203 - [LTC 5.5 FEAT] Update ibmvscsi driver with upstream multipath enhancements [201916] 512361 - Server should return NFS4ERR_ATTRNOTSUPP if attribute 'ACL' is not supported 512552 - Can't write to XFS mount during raid5 resync 513136 - [RHEL5.4 Snapshot1] File write performance degradation in RHEL5.4 Snapshot1 compared to RHEL5.3 GA 513203 - system fails to go into s4 513410 - cifs: panic when mounting DFS referral with hostname that can't be resolved 513692 - ifdown on nVidia CK804 (rev f3) NIC doesn't work 513827 - Out of SW-IOMMU space: External hard disk inaccessible 514141 - mlx4_core fails to load on systems with32 cores 514147 - TCP traffic for VLAN interfaces fails over mlx4_en parent interface. 514250 - e100: return PCI_ERS_RESULT_DISCONNECT on permanent failure 514256 - igb: return PCI_ERS_RESULT_DISCONNECT on permanent failure 514589 - r8169 stopping all activity until the link is reset 514654 - nfsv4-server return NFS4ERR_BAD_STATEID, but return NFS4ERR_EXPIRED when it has invalid stateID 515176 - scsi_transport_fc: fc_user_scan can loop forever, needs mutex with rport list changes 515252 - CIFS multiuser mount fails to locate smbid 515312 - [Broadcom 5.5 feat] Update tg3 and add support for 5717/5718 and 57765 asic revs 515405 - [PATCH RHEL5.5] :NFS Handle putpubfh operation correctly. 515408 - Code under CONFIG_X86_VSMP incorrect after an incorrect patch pull from upstream 515529 - ENOSPC during fsstress leads to filesystem corruption on ext2, ext3, and ext4 515716 - [Broadcom 5.5 FEAT] Update bnx2x to 1.52.1-5 515753 - kdump corefile cannot be backtraced in IA64 515812 - [Emulex 5.5 feat] Three scsi_nl APIs should be added to kabi_whitelist 515863 - FEAT RHEL5.5: Make MegaRAID SAS driver legacy I/O port free 516541 - [NetApp 5.5 bug] Emulex FC ports on RHEL 5.4 GA offlined during target controller faults 516589 - Kernel netlink neighbor updates not sent to multicast group (RTMGRP_NEIGH) 516833 - [QLogic 5.5 feat] netxen - P3 updates 516881 - [Promise 5.5 feat] Update stex driver to version 4.6.0102.4 517238 - [RHEL5 Xen]: Fix for array out-of-bounds in blkfront 517377 - [Broadcom 5.5 FEAT] Update bnx2 to 2.0.2 517378 - [Broadcom 5.5 FEAT] Update bnx2i and cnic drivers 517454 - Add Support for Huawei EC1260 to the RHEL5 kernel 517504 - SCTP Messages out of order 517893 - [QLogic 5.5 bug] qlge - fix hangs and read perfromance 517922 - [QLogic 5.5 bug] qla2xxx - allow use of MSI when MSI-X disabled. 517928 - bare-metal and xen: /proc/cpuinfo does not list all CPU flags presented by CPU 518103 - VTD IOMMU 1:1 mapping performance and bug fixes 518106 - [RFE] GFS2: New mount option: -o errors=withdraw|panic 518496 - Add kernel (scsi_dh_rdac) support for Sun 6540 storage arrays. 519049 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block 519076 - Update for HighPoint RocketRAID hptiop driver in RHEL 5.5 kernel 519086 - [Cisco 5.5 FEAT] Include/Update support for enic version 1.1.0.100 519091 - [Cisco 5.5 FEAT] Update fnic to version x.y.z 519112 - statfs on NFS partition always returns 0 519184 - nfsnobody == 4294967294 causes idmapd to stop responding 519447 - [QLogic 5.5 bug] qla2xxx - updates and fixes from upstream or testing. 519453 - [QLogic 5.5 bug] qlge - updates and fixes from upstream or testing. 519771 - pvclock return bogus wallclock values 520192 - kernel panics from list corruption when using a tape drive connected through cciss adapter 520297 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-5.5] 520867 - glibc should call pselect() and ppoll() on ia64 kernel 521081 - [RHEL5.4 RC2] KMP for xen kernel cannot be applied 521093 - Cluster hangs after node rejoins from simulated network outage 521203 - Update arcmsr driver 521345 - vlan with sky2 is not possible anymore with kernel-xen 2.6.18-164 521865 - Xen fails to boot on ia64 with > 128GB memory 522600 - bnx2x: increase coalescing granularity to 4us instead of 12us 522629 - [LTC 5.5 FEAT] Provide balloon driver for KVM guests [202025] 522745 - thinkpad_acpi: CMOS NVRAM (7) and EC (5) do not agree on display brightness level 522846 - Nehalem Turbo Boost "ida" flag not present in Xen kernel's /proc/cpuinfo output 523335 - sound no longer works after upgrade to RHEL 5.4 523450 - cpu1 didn't come online in a kvm i686 guest 523888 - [RFE] Add qcserial module to RHEL 5 kernel 523982 - kernel: ipt_recent: sanity check hit count [rhel-5.5] 524052 - Boot hang when installing HVM DomU 524129 - LVS master and backup director - Synchronised connections on backup director have unsuitable timeout value 524335 - [LSI 5.5 feat] update rdac scsi device handler to upstream 524651 - Lost the network in a KVM VM on top of 5.4 524702 - kvm_clock patches are slowing guests' shutdown to unusable levels 524787 - cannot compile kernel with CONFIG_ACPI_DEBUG=y 525100 - resize2fs online resize hangs 525390 - FEAT: RHEL 5.5 - update ALSA HDA audio driver from upstream 525467 - Xen panic in msi_msg_read_remap_rte with acpi=off 526043 - Implement smp_call_function_[single|many] in x86_64 and i386 526092 - rw_semaphore bug 526259 - [Cisco 5.5 feat] libfc bug fixes and improvements 526481 - bnx2: panic in bnx2_poll_work() 526612 - kernel: BUG: soft lockup with dcache_lock 526751 - xset b as well as setterm -bfreq set beep to wrong pitch with CONFIG_HDA_INPUT_BEEP 526819 - system crashes in audit_update_watch() 526888 - NFSv4 reclaimer thread in an infinite loop 527424 - igb driver does not work with kexec 527496 - pci_dev->is_enabled is not set in RHEL5.4 527748 - /proc/net/dev sometimes contains bogus values (BCM5706) 528054 - ext4: tech preview refresh 528070 - skip inodes without pages to free in drop_pagecache_sb() 528153 - scsi: export symbol scsilun_to_int 529431 - Update to 2.6.18-164.el5PAE causes working CIFS mount to fail 529796 - GFS2: Enhance statfs and quota usability 530537 - dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. 531016 - NFS: stale nfs_fattr passed to nfs_readdir_lookup() 531268 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour 531488 - [scsi] Fix inconsistent usage of max_lun 531552 - threads on pthread_mutex_lock wake in fifo order, but posix specifies by priority 531593 - [QLogic 5.5 bug] qla2xxx - enable MSI-X and correct/cleanup irq request code 531784 - ipoib: null tx/rx_ring skb pointers on free 532701 - dprintk macro in NFS code doesn't work in some files 533489 - [Cisco 5.5 feat] Need scsi and libfc symbols to be added to whitelist_file 533496 - xen server crashes when used with network bonding modes 5 or 6 534018 - kernel: sysctl: require CAP_SYS_RAWIO to set mmap_min_addr [rhel-5.5] 534158 - Updates for mlx4 drivers 537514 - [LSI 5.5 feat] make scsi_dh_activate asynchronous to address the slower lun failovers with large number of luns 537734 - Backporting MSI-X mask bit acceleration 537876 - Kernel panic when using GRO through ixgbe driver and xen bridge 538407 - PCI AER code introduced a compile problem in powerpc 538484 - gfs2 rename rgrp lock issue 539240 - glock_workqueue -- glock ref count via gfs2_glock_hold 539521 - Call trace error display when resume from suspend to disk (ide block) - pvclock related 540811 - [RHEL5 Xen]: PV guest crash on poweroff 541149 - CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling 541213 - Possible access to invalid memory 541325 - [RHEL5]: A new xenfb thread is created on every save/restore 541953 - kernel panic when doing cpu offline/online frequently on hp-dl785g5-01.rhts.eng.bos.redhat.com 541956 - kernel: sleeping vfs_check_frozen in called in atomic context from do_wp_page [rhel-5.5] 542593 - recursive lock of devlist_mtx 542746 - [QLogic 5.5 feat] netxen P3 - updates from 2.6.32 542834 - [QLogic 5.5 bug] qla2xxx - further testing updates for 5.5 543057 - [QLogic 5.5 bug] qla2xxx - testing updates #3 543270 - Fix deadlock in multipath when removing a device 543307 - Lock snapshot while reporting status 544138 - PTRACE_KILL hangs in 100% cpu loop 544349 - RHEL5: fallocate on XFS returns incorrect value on ENOSPC 544417 - cifs: possible NULL pointer dereference in mount-time DFS referral chasing code 544448 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit 545121 - possible null pointer dereference in ieee80211_change_iface 545135 - [Broadcom 5.5 feat] Add support for 57765 asic revs 545612 - Please implement upstream fix for potential filesystem corruption bug 545899 - rtl8180 shows 0% signal strength while connected 546281 - wireless: report reasonable bitrate for MCS rates through wext 546326 - bnx2: panic in bnx2_free_tx_skbs() because of wrong frags index 546624 - RFE: Add debug to bonding driver as module option 547251 - CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system 547762 - PCI AER: HEST FIRMWARE FIRST support 547980 - [SR-IOV] VF can not be enabled in Dom0 548079 - [RHEL5.4][REGRESSION] iptables --reject-with tcp-reset doesn't work 548565 - aio: eventfd support introduced a 0.5% performance regression 549397 - I/O errors while accessing loop devices or file-based Xen images from GFS volume after Update from RHEL 5.3 to 5.4 549460 - [Emulex 5.5 bug] Multiple bug fixes for be2net 549465 - Cannot run NVIDIA display driver on 32-bit RHEL 5.3 or 5.4 549750 - audit rule with directory auditing crashes the kernel 549763 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63 FC/FCoE 550014 - khungtaskd not stopped during suspend 550148 - [Cisco 5.5 bug] Update enic driver to version 1.1.0.241a 552675 - ipmi_watchdog deadlock 553324 - [RHEL5 Xen]: Cpu frequency scaling is broken on Intel 553447 - GFS2: fatal: filesystem consistency error in gfs2_ri_update 553670 - filesystem mounted with ecryptfs_xattr option could not be written 554078 - Lost the network in a KVM VM on top of 5.4 554545 - [Emulex 5.5 bug] Update be2iscsi driver for bugfixes 555120 - dm-raid1: dmsetup stuck at suspending failed mirror device 555171 - dm-raid1: kernel panic when bio on recovery failed region is released 555604 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.1p FC/FCoE 557095 - kvm pvclock on i386 suffers from double registering 557109 - [5.4] VLAN performance issue with 10gbE Mellanox NICs 557172 - inserting w83627hf kernel module results in panic 557792 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.2p FC/FCoE 557974 - e1000e: wol is broken on 2.6.18-185.el5 558809 - e1000 & e1000e: Memory corruption/paging error when tx hang occurs 559329 - [sky2] initial carrier state is always on 559410 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. 559711 - Add wireless fixes from 2.6.32.y tree 560944 - kernel panic during modprobe smsc47m1 561076 - igb: fix warning in drivers/net/igb/igb_ethtool.c:2090 561322 - [Emulex 5.5 bug] be2net bug fixes for be3 hardware from Alpha testing 561578 - [Broadcom 5.5 feat] Update bnx2 firmware 562006 - WARNING: APIC timer calibration may be wrong 562947 - late breaking CIFS patches for RHEL5.5 564145 - [Emulex 5.5 bug] Fix scsi eh callouts and add support for new chip to be2iscsi driver 564399 - f71805f hwmon driver passes '&sio_data' to platform_device_add_data() 564506 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.3p FC/FCoE 565494 - "dmraid -ay" panics kernel 565594 - [Cisco 5.5 bug] Update fnic to 1.4.0.98 to fix FIP crash/hang issues 565964 - [Broadcom 5.5 bug] tg3: 5717 and 57765 asic revs can panic under load 565965 - [Broadcom 5.5 bug] tg3: Race condition - performance / panic with 57765 devices 566016 - [Broadcom 5.5 bug] tg3: 57765 LED does not work correctly 566221 - GFS2: Use correct GFP for alloc page on write 566696 - iwl5000/5300 fail to transmit data on N-only netwrok 567718 - [Emulex 5.5 bug] be2net bug fixes for be3 hardware from Alpha testing 568040 - network does not work with rhel 5.5 snap1 x64 server, xen kernel, and r8169 driver 568153 - ixgbe: stop unmapping DMA buffers too early 569610 - GFS2 - fiemap - Kernel BUG at fs/gfs2/bmap.c:433 570814 - Disk performance regression in CFQ 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 571818 - Iozone Outcache testing has a greater than 5 % performance regression on reads 573098 - [5.4] VLAN performance issue with 10gbE Mellanox NICs 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.el5.src.rpm i386: kernel-2.6.18-194.el5.i686.rpm kernel-PAE-2.6.18-194.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.el5.i686.rpm kernel-PAE-devel-2.6.18-194.el5.i686.rpm kernel-debug-2.6.18-194.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.el5.i686.rpm kernel-debug-devel-2.6.18-194.el5.i686.rpm kernel-debuginfo-2.6.18-194.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.el5.i686.rpm kernel-devel-2.6.18-194.el5.i686.rpm kernel-headers-2.6.18-194.el5.i386.rpm kernel-xen-2.6.18-194.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.el5.i686.rpm kernel-xen-devel-2.6.18-194.el5.i686.rpm noarch: kernel-doc-2.6.18-194.el5.noarch.rpm x86_64: kernel-2.6.18-194.el5.x86_64.rpm kernel-debug-2.6.18-194.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.el5.x86_64.rpm kernel-devel-2.6.18-194.el5.x86_64.rpm kernel-headers-2.6.18-194.el5.x86_64.rpm kernel-xen-2.6.18-194.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.el5.src.rpm i386: kernel-2.6.18-194.el5.i686.rpm kernel-PAE-2.6.18-194.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.el5.i686.rpm kernel-PAE-devel-2.6.18-194.el5.i686.rpm kernel-debug-2.6.18-194.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.el5.i686.rpm kernel-debug-devel-2.6.18-194.el5.i686.rpm kernel-debuginfo-2.6.18-194.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.el5.i686.rpm kernel-devel-2.6.18-194.el5.i686.rpm kernel-headers-2.6.18-194.el5.i386.rpm kernel-xen-2.6.18-194.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.el5.i686.rpm kernel-xen-devel-2.6.18-194.el5.i686.rpm ia64: kernel-2.6.18-194.el5.ia64.rpm kernel-debug-2.6.18-194.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.el5.ia64.rpm kernel-debug-devel-2.6.18-194.el5.ia64.rpm kernel-debuginfo-2.6.18-194.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.el5.ia64.rpm kernel-devel-2.6.18-194.el5.ia64.rpm kernel-headers-2.6.18-194.el5.ia64.rpm kernel-xen-2.6.18-194.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.el5.ia64.rpm kernel-xen-devel-2.6.18-194.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.el5.noarch.rpm ppc: kernel-2.6.18-194.el5.ppc64.rpm kernel-debug-2.6.18-194.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.el5.ppc64.rpm kernel-devel-2.6.18-194.el5.ppc64.rpm kernel-headers-2.6.18-194.el5.ppc.rpm kernel-headers-2.6.18-194.el5.ppc64.rpm kernel-kdump-2.6.18-194.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.el5.ppc64.rpm s390x: kernel-2.6.18-194.el5.s390x.rpm kernel-debug-2.6.18-194.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.el5.s390x.rpm kernel-debug-devel-2.6.18-194.el5.s390x.rpm kernel-debuginfo-2.6.18-194.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.el5.s390x.rpm kernel-devel-2.6.18-194.el5.s390x.rpm kernel-headers-2.6.18-194.el5.s390x.rpm kernel-kdump-2.6.18-194.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.el5.s390x.rpm x86_64: kernel-2.6.18-194.el5.x86_64.rpm kernel-debug-2.6.18-194.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.el5.x86_64.rpm kernel-devel-2.6.18-194.el5.x86_64.rpm kernel-headers-2.6.18-194.el5.x86_64.rpm kernel-xen-2.6.18-194.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4027.html https://www.redhat.com/security/data/cve/CVE-2009-4307.html https://www.redhat.com/security/data/cve/CVE-2010-0727.html http://www.redhat.com/security/updates/classification/#important http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/ http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsiz9XlSAg2UNWIIRAuWtAJ9aodzwLBsvhavyK88rcnZfWpfwIQCgsqPX s/4b0+GRRVwX2Ep2DT6XoT0= =YNF2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 16:58:46 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 12:58:46 -0400 Subject: [RHSA-2010:0181-05] Low: brltty security and bug fix update Message-ID: <201003301658.o2UGwkHm005303@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: brltty security and bug fix update Advisory ID: RHSA-2010:0181-05 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0181.html Issue date: 2010-03-30 CVE Names: CVE-2008-3279 ===================================================================== 1. Summary: Updated brltty packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: brltty (Braille TTY) is a background process (daemon) which provides access to the Linux console (when in text mode) for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. It was discovered that a brltty library had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-3279) These updated packages also provide fixes for the following bugs: * the brltty configuration file is documented in the brltty manual page, but there is no separate manual page for the /etc/brltty.conf configuration file: running "man brltty.conf" returned "No manual entry for brltty.conf" rather than opening the brltty manual entry. This update adds brltty.conf.5 as an alias to the brltty manual page. Consequently, running "man brltty.conf" now opens the manual entry documenting the brltty.conf specification. (BZ#530554) * previously, the brltty-pm.conf configuration file was installed in the /etc/brltty/ directory. This file, which configures Papenmeier Braille Terminals for use with Red Hat Enterprise Linux, is optional. As well, it did not come with a corresponding manual page. With this update, the file has been moved to /usr/share/doc/brltty-3.7.2/BrailleDrivers/Papenmeier/. This directory also includes a README document that explains the file's purpose and format. (BZ#530554) * during the brltty packages installation, the message Creating screen inspection device /dev/vcsa...done. was presented at the console. This was inadequate, especially during the initial install of the system. These updated packages do not send any message to the console during installation. (BZ#529163) * although brltty contains ELF objects, the brltty-debuginfo package was empty. With this update, the -debuginfo package contains valid debugging information as expected. (BZ#500545) * the MAX_NR_CONSOLES definition was acquired by brltty by #including linux/tty.h in Programs/api_client.c. MAX_NR_CONSOLES has since moved to linux/vt.h but the #include in api_client.c was not updated. Consequently, brltty could not be built from the source RPM against the Red Hat Enterprise Linux 5 kernel. This update corrects the #include in api_client.c to linux/vt.h and brltty now builds from source as expected. (BZ#456247) All brltty users are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 456247 - brltty doesn't build with kernel 2.6.18-92.1.1 457942 - CVE-2008-3279 brltty: insecure relative RPATH 500545 - brltty-debuginfo is empty 529163 - Creating screen inspection device /dev/vcsa...done. 530554 - Missing man-pages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/brltty-3.7.2-4.el5.src.rpm i386: brlapi-0.4.1-4.el5.i386.rpm brltty-3.7.2-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm x86_64: brlapi-0.4.1-4.el5.i386.rpm brlapi-0.4.1-4.el5.x86_64.rpm brltty-3.7.2-4.el5.x86_64.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/brltty-3.7.2-4.el5.src.rpm i386: brlapi-devel-0.4.1-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm x86_64: brlapi-devel-0.4.1-4.el5.i386.rpm brlapi-devel-0.4.1-4.el5.x86_64.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/brltty-3.7.2-4.el5.src.rpm i386: brlapi-0.4.1-4.el5.i386.rpm brlapi-devel-0.4.1-4.el5.i386.rpm brltty-3.7.2-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm ia64: brlapi-0.4.1-4.el5.ia64.rpm brlapi-devel-0.4.1-4.el5.ia64.rpm brltty-3.7.2-4.el5.ia64.rpm brltty-debuginfo-3.7.2-4.el5.ia64.rpm ppc: brlapi-0.4.1-4.el5.ppc.rpm brlapi-0.4.1-4.el5.ppc64.rpm brlapi-devel-0.4.1-4.el5.ppc.rpm brlapi-devel-0.4.1-4.el5.ppc64.rpm brltty-3.7.2-4.el5.ppc.rpm brltty-debuginfo-3.7.2-4.el5.ppc.rpm brltty-debuginfo-3.7.2-4.el5.ppc64.rpm s390x: brlapi-0.4.1-4.el5.s390.rpm brlapi-0.4.1-4.el5.s390x.rpm brlapi-devel-0.4.1-4.el5.s390.rpm brlapi-devel-0.4.1-4.el5.s390x.rpm brltty-3.7.2-4.el5.s390x.rpm brltty-debuginfo-3.7.2-4.el5.s390.rpm brltty-debuginfo-3.7.2-4.el5.s390x.rpm x86_64: brlapi-0.4.1-4.el5.i386.rpm brlapi-0.4.1-4.el5.x86_64.rpm brlapi-devel-0.4.1-4.el5.i386.rpm brlapi-devel-0.4.1-4.el5.x86_64.rpm brltty-3.7.2-4.el5.x86_64.rpm brltty-debuginfo-3.7.2-4.el5.i386.rpm brltty-debuginfo-3.7.2-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-3279.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi26XlSAg2UNWIIRAmTIAJ9+7Ft9t8BpwRIScVebgfWmwI2cHACdFre1 7+vEYGXYuFRuAmJY0uVkt34= =gKBp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 16:59:47 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 12:59:47 -0400 Subject: [RHSA-2010:0198-04] Moderate: openldap security and bug fix update Message-ID: <201003301659.o2UGxm0t002251@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security and bug fix update Advisory ID: RHSA-2010:0198-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0198.html Issue date: 2010-03-30 CVE Names: CVE-2009-3767 ===================================================================== 1. Summary: Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) This update also fixes the following bugs: * the ldap init script did not provide a way to alter system limits for the slapd daemon. A variable is now available in "/etc/sysconfig/ldap" for this option. (BZ#527313) * applications that use the OpenLDAP libraries to contact a Microsoft Active Directory server could crash when a large number of network interfaces existed. This update implements locks in the OpenLDAP library code to resolve this issue. (BZ#510522) * when slapd was configured to allow client certificates, approximately 90% of connections froze because of a large CA certificate file and slapd not checking the success of the SSL handshake. (BZ#509230) * the OpenLDAP server would freeze for unknown reasons under high load. These packages add support for accepting incoming connections by new threads, resolving the issue. (BZ#507276) * the compat-openldap libraries did not list dependencies on other libraries, causing programs that did not specifically specify the libraries to fail. Detection of the Application Binary Interface (ABI) in use on 64-bit systems has been added with this update. (BZ#503734) * the OpenLDAP libraries caused applications to crash due to an unprocessed network timeout. A timeval of -1 is now passed when NULL is passed to LDAP. (BZ#495701) * slapd could crash on a server under heavy load when using rwm overlay, caused by freeing non-allocated memory during operation cleanup. (BZ#495628) * the ldap init script made a temporary script in "/tmp/" and attempted to execute it. Problems arose when "/tmp/" was mounted with the noexec option. The temporary script is no longer created. (BZ#483356) * the ldap init script always started slapd listening on ldap:/// even if instructed to listen only on ldaps:///. By correcting the init script, a user can now select which ports slapd should listen on. (BZ#481003) * the slapd manual page did not mention the supported options -V and -o. (BZ#468206) * slapd.conf had a commented-out option to load the syncprov.la module. Once un-commented, slapd crashed at start-up because the module had already been statically linked to OpenLDAP. This update removes "moduleload syncprov.la" from slapd.conf, which resolves this issue. (BZ#466937) * the migrate_automount.pl script produced output that was unsupported by autofs. This is corrected by updating the output LDIF format for automount records. (BZ#460331) * the ldap init script uses the TERM signal followed by the KILL signal when shutting down slapd. Minimal delay between the two signals could cause the LDAP database to become corrupted if it had not finished saving its state. A delay between the signals has been added via the "STOP_DELAY" option in "/etc/sysconfig/ldap". (BZ#452064) * the migrate_passwd.pl migration script had a problem when number fields contained only a zero. Such fields were considered to be empty, leading to the attribute not being set in the LDIF output. The condition in dump_shadow_attributes has been corrected to allow for the attributes to contain only a zero. (BZ#113857) * the migrate_base.pl migration script did not handle third level domains correctly, creating a second level domain that could not be held by a database with a three level base. This is now allowed by modifying the migrate_base.pl script to generate only one domain. (BZ#104585) Users of OpenLDAP should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 104585 - migrate_base.pl broken with dc=X,dc=Y,dc=Z configuration 113857 - migrate_passwd.pl problems with '0' fields 460331 - openldap-server's migrate_automount.pl produces obsolete output 466937 - moduleload syncprov.la not found 468206 - slapd and slapcat : man pages details 481003 - Wrong init script : slapd always starts with option "ldap:///" 483356 - /etc/init.d/ldap script assumes files in /tmp can be executed 495701 - LDAP queries fail entirely on a (temporarily) slow server 503734 - 64bit shared libs in compat-openldap do not link to other libs 509230 - ldaps fails if TLSVerifyClient=allow unless slapd is run with -d2 510522 - LDAP causes crashes when attempting to authenticate with Active Directory 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 559520 - openldap cannot start when kerberos is enable, found by PES 562714 - openldap init script does not handle listen uris properly 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5.i386.rpm openldap-2.3.43-12.el5.i386.rpm openldap-clients-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.i386.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5.x86_64.rpm openldap-2.3.43-12.el5.i386.rpm openldap-2.3.43-12.el5.x86_64.rpm openldap-clients-2.3.43-12.el5.x86_64.rpm openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5.src.rpm i386: openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-devel-2.3.43-12.el5.i386.rpm openldap-servers-2.3.43-12.el5.i386.rpm openldap-servers-overlays-2.3.43-12.el5.i386.rpm openldap-servers-sql-2.3.43-12.el5.i386.rpm x86_64: openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.x86_64.rpm openldap-devel-2.3.43-12.el5.i386.rpm openldap-devel-2.3.43-12.el5.x86_64.rpm openldap-servers-2.3.43-12.el5.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5.x86_64.rpm openldap-servers-sql-2.3.43-12.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openldap-2.3.43-12.el5.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5.i386.rpm openldap-2.3.43-12.el5.i386.rpm openldap-clients-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-devel-2.3.43-12.el5.i386.rpm openldap-servers-2.3.43-12.el5.i386.rpm openldap-servers-overlays-2.3.43-12.el5.i386.rpm openldap-servers-sql-2.3.43-12.el5.i386.rpm ia64: compat-openldap-2.3.43_2.2.29-12.el5.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5.ia64.rpm openldap-2.3.43-12.el5.i386.rpm openldap-2.3.43-12.el5.ia64.rpm openldap-clients-2.3.43-12.el5.ia64.rpm openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.ia64.rpm openldap-devel-2.3.43-12.el5.ia64.rpm openldap-servers-2.3.43-12.el5.ia64.rpm openldap-servers-overlays-2.3.43-12.el5.ia64.rpm openldap-servers-sql-2.3.43-12.el5.ia64.rpm ppc: compat-openldap-2.3.43_2.2.29-12.el5.ppc.rpm compat-openldap-2.3.43_2.2.29-12.el5.ppc64.rpm openldap-2.3.43-12.el5.ppc.rpm openldap-2.3.43-12.el5.ppc64.rpm openldap-clients-2.3.43-12.el5.ppc.rpm openldap-debuginfo-2.3.43-12.el5.ppc.rpm openldap-debuginfo-2.3.43-12.el5.ppc64.rpm openldap-devel-2.3.43-12.el5.ppc.rpm openldap-devel-2.3.43-12.el5.ppc64.rpm openldap-servers-2.3.43-12.el5.ppc.rpm openldap-servers-overlays-2.3.43-12.el5.ppc.rpm openldap-servers-sql-2.3.43-12.el5.ppc.rpm s390x: compat-openldap-2.3.43_2.2.29-12.el5.s390.rpm compat-openldap-2.3.43_2.2.29-12.el5.s390x.rpm openldap-2.3.43-12.el5.s390.rpm openldap-2.3.43-12.el5.s390x.rpm openldap-clients-2.3.43-12.el5.s390x.rpm openldap-debuginfo-2.3.43-12.el5.s390.rpm openldap-debuginfo-2.3.43-12.el5.s390x.rpm openldap-devel-2.3.43-12.el5.s390.rpm openldap-devel-2.3.43-12.el5.s390x.rpm openldap-servers-2.3.43-12.el5.s390x.rpm openldap-servers-overlays-2.3.43-12.el5.s390x.rpm openldap-servers-sql-2.3.43-12.el5.s390x.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5.x86_64.rpm openldap-2.3.43-12.el5.i386.rpm openldap-2.3.43-12.el5.x86_64.rpm openldap-clients-2.3.43-12.el5.x86_64.rpm openldap-debuginfo-2.3.43-12.el5.i386.rpm openldap-debuginfo-2.3.43-12.el5.x86_64.rpm openldap-devel-2.3.43-12.el5.i386.rpm openldap-devel-2.3.43-12.el5.x86_64.rpm openldap-servers-2.3.43-12.el5.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5.x86_64.rpm openldap-servers-sql-2.3.43-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3767.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi3mXlSAg2UNWIIRAuFSAKCxgKxdjn2v9owj1kZRw5Lyk8+kdgCgjCYu lj+S2q3aalpgmNkkZ2vhWQo= =e2NX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:00:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:00:57 -0400 Subject: [RHSA-2010:0221-04] Low: squid security and bug fix update Message-ID: <201003301700.o2UH0viJ002868@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: squid security and bug fix update Advisory ID: RHSA-2010:0221-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0221.html Issue date: 2010-03-30 CVE Names: CVE-2009-2855 CVE-2010-0308 ===================================================================== 1. Summary: An updated squid package that fixes two security issues and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use (up to 100%). (CVE-2009-2855) Note: The CVE-2009-2855 issue only affected non-default configurations that use an external ACL helper script. A flaw was found in the way Squid handled truncated DNS replies. A remote attacker able to send specially-crafted UDP packets to Squid's DNS client port could trigger an assertion failure in Squid's child process, causing that child process to exit. (CVE-2010-0308) This update also fixes the following bugs: * Squid's init script returns a non-zero value when trying to stop a stopped service. This is not LSB compliant and can generate difficulties in cluster environments. This update makes stopping LSB compliant. (BZ#521926) * Squid is not currently built to support MAC address filtering in ACLs. This update includes support for MAC address filtering. (BZ#496170) * Squid is not currently built to support Kerberos negotiate authentication. This update enables Kerberos authentication. (BZ#516245) * Squid does not include the port number as part of URIs it constructs when configured as an accelerator. This results in a 403 error. This update corrects this behavior. (BZ#538738) * the error_map feature does not work if the same handling is set also on the HTTP server that operates in deflate mode. This update fixes this issue. (BZ#470843) All users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 496170 - Add arp filter option 516245 - negotiate support not enabled in squid (for kerberized sso) 518182 - CVE-2009-2855 DoS (100% CPU use) while processing certain external ACL helper HTTP headers 521926 - squid 'stop after stop' is not LSB compliant 538738 - Squid accelerator mode works only if port 80 is opened 556389 - CVE-2010-0308 squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1) 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/squid-2.6.STABLE21-6.el5.src.rpm i386: squid-2.6.STABLE21-6.el5.i386.rpm squid-debuginfo-2.6.STABLE21-6.el5.i386.rpm x86_64: squid-2.6.STABLE21-6.el5.x86_64.rpm squid-debuginfo-2.6.STABLE21-6.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/squid-2.6.STABLE21-6.el5.src.rpm i386: squid-2.6.STABLE21-6.el5.i386.rpm squid-debuginfo-2.6.STABLE21-6.el5.i386.rpm ia64: squid-2.6.STABLE21-6.el5.ia64.rpm squid-debuginfo-2.6.STABLE21-6.el5.ia64.rpm ppc: squid-2.6.STABLE21-6.el5.ppc.rpm squid-debuginfo-2.6.STABLE21-6.el5.ppc.rpm s390x: squid-2.6.STABLE21-6.el5.s390x.rpm squid-debuginfo-2.6.STABLE21-6.el5.s390x.rpm x86_64: squid-2.6.STABLE21-6.el5.x86_64.rpm squid-debuginfo-2.6.STABLE21-6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2855.html https://www.redhat.com/security/data/cve/CVE-2010-0308.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi4bXlSAg2UNWIIRAvlyAJ9WvFarx8zhoLaZ8o5MPa6g7BBWlACgty4x cNJHsh6qrBPqWOCdJp8XtUM= =BJgW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:01:40 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:01:40 -0400 Subject: [RHSA-2010:0237-05] Low: sendmail security and bug fix update Message-ID: <201003301701.o2UH1fBM011827@int-mx04.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sendmail security and bug fix update Advisory ID: RHSA-2010:0237-05 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0237.html Issue date: 2010-03-30 CVE Names: CVE-2006-7176 CVE-2009-4565 ===================================================================== 1. Summary: Updated sendmail packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. This update also fixes the following bugs: * sendmail was unable to parse files specified by the ServiceSwitchFile option which used a colon as a separator. (BZ#512871) * sendmail incorrectly returned a zero exit code when free space was low. (BZ#299951) * the sendmail manual page had a blank space between the -qG option and parameter. (BZ#250552) * the comments in the sendmail.mc file specified the wrong path to SSL certificates. (BZ#244012) * the sendmail packages did not provide the MTA capability. (BZ#494408) All users of sendmail are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 238540 - CVE-2006-7176 sendmail allows external mail with from address xxx at localhost.localdomain 244012 - Old path to openssl used in sendmail.mc 250552 - the description about option '-qG name' should be modified in the manpage 440616 - there should be %{?dist} instead of %{dist} in the *.spec on the Release: line 449391 - sendmail allows external mail with from address xxx at localhost.localdomain 494408 - Sendmail should provide "MTA" 552622 - CVE-2009-4565 sendmail: incorrect verification of SSL certificate with NUL in name 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm i386: sendmail-8.13.8-8.el5.i386.rpm sendmail-cf-8.13.8-8.el5.i386.rpm sendmail-debuginfo-8.13.8-8.el5.i386.rpm sendmail-doc-8.13.8-8.el5.i386.rpm x86_64: sendmail-8.13.8-8.el5.x86_64.rpm sendmail-cf-8.13.8-8.el5.x86_64.rpm sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm sendmail-doc-8.13.8-8.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm i386: sendmail-debuginfo-8.13.8-8.el5.i386.rpm sendmail-devel-8.13.8-8.el5.i386.rpm x86_64: sendmail-debuginfo-8.13.8-8.el5.i386.rpm sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm sendmail-devel-8.13.8-8.el5.i386.rpm sendmail-devel-8.13.8-8.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sendmail-8.13.8-8.el5.src.rpm i386: sendmail-8.13.8-8.el5.i386.rpm sendmail-cf-8.13.8-8.el5.i386.rpm sendmail-debuginfo-8.13.8-8.el5.i386.rpm sendmail-devel-8.13.8-8.el5.i386.rpm sendmail-doc-8.13.8-8.el5.i386.rpm ia64: sendmail-8.13.8-8.el5.ia64.rpm sendmail-cf-8.13.8-8.el5.ia64.rpm sendmail-debuginfo-8.13.8-8.el5.ia64.rpm sendmail-devel-8.13.8-8.el5.ia64.rpm sendmail-doc-8.13.8-8.el5.ia64.rpm ppc: sendmail-8.13.8-8.el5.ppc.rpm sendmail-cf-8.13.8-8.el5.ppc.rpm sendmail-debuginfo-8.13.8-8.el5.ppc.rpm sendmail-debuginfo-8.13.8-8.el5.ppc64.rpm sendmail-devel-8.13.8-8.el5.ppc.rpm sendmail-devel-8.13.8-8.el5.ppc64.rpm sendmail-doc-8.13.8-8.el5.ppc.rpm s390x: sendmail-8.13.8-8.el5.s390x.rpm sendmail-cf-8.13.8-8.el5.s390x.rpm sendmail-debuginfo-8.13.8-8.el5.s390.rpm sendmail-debuginfo-8.13.8-8.el5.s390x.rpm sendmail-devel-8.13.8-8.el5.s390.rpm sendmail-devel-8.13.8-8.el5.s390x.rpm sendmail-doc-8.13.8-8.el5.s390x.rpm x86_64: sendmail-8.13.8-8.el5.x86_64.rpm sendmail-cf-8.13.8-8.el5.x86_64.rpm sendmail-debuginfo-8.13.8-8.el5.i386.rpm sendmail-debuginfo-8.13.8-8.el5.x86_64.rpm sendmail-devel-8.13.8-8.el5.i386.rpm sendmail-devel-8.13.8-8.el5.x86_64.rpm sendmail-doc-8.13.8-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2006-7176.html https://www.redhat.com/security/data/cve/CVE-2009-4565.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi5eXlSAg2UNWIIRAlOpAJ4gp1kqN+jdrzeE8qXWBaebBxJahQCgo73H n00iMkWN1fCmnabjXrFzOPo= =aqpQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:03:19 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:03:19 -0400 Subject: [RHSA-2010:0258-04] Low: pam_krb5 security and bug fix update Message-ID: <201003301703.o2UH3JwK032701@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: pam_krb5 security and bug fix update Advisory ID: RHSA-2010:0258-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0258.html Issue date: 2010-03-30 CVE Names: CVE-2009-1384 ===================================================================== 1. Summary: Updated pam_krb5 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in pam_krb5. In some non-default configurations (specifically, those where pam_krb5 would be the first module to prompt for a password), the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. (CVE-2009-1384) This update also fixes the following bugs: * certain applications which do not properly implement PAM conversations may fail to authenticate users whose passwords have expired and must be changed, or may succeed without forcing the user's password to be changed. This bug is triggered by a previously-applied fix to pam_krb5 which makes it comply more closely to PAM specifications. If an application misbehaves, enabling the "chpw_prompt" option for its service should restore the old behavior. (BZ#509092) * pam_krb5 does not allow the user to change an expired password in cases where the Key Distribution Center (KDC) is configured to refuse attempts to obtain forwardable password-changing credentials. This update fixes this issue. (BZ#489015) * failure to verify TGT because of wrong keytab handling. (BZ#450776) Users of pam_krb5 are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 450776 - Failed to verify TGT cause of wrong keytab handling 489015 - pam_krb5 cannot offer to change expired password 502602 - CVE-2009-1384 pam_krb5: Password prompt varies for existent and non-existent users 505265 - CVE-2009-1384 RHEL-5's pam_krb5: Password prompt varies for existent and non-existent users 509092 - pam_krb5 update breaks graphical apps (gnome and kde) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pam_krb5-2.2.14-15.src.rpm i386: pam_krb5-2.2.14-15.i386.rpm pam_krb5-debuginfo-2.2.14-15.i386.rpm x86_64: pam_krb5-2.2.14-15.i386.rpm pam_krb5-2.2.14-15.x86_64.rpm pam_krb5-debuginfo-2.2.14-15.i386.rpm pam_krb5-debuginfo-2.2.14-15.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pam_krb5-2.2.14-15.src.rpm i386: pam_krb5-2.2.14-15.i386.rpm pam_krb5-debuginfo-2.2.14-15.i386.rpm ia64: pam_krb5-2.2.14-15.i386.rpm pam_krb5-2.2.14-15.ia64.rpm pam_krb5-debuginfo-2.2.14-15.i386.rpm pam_krb5-debuginfo-2.2.14-15.ia64.rpm ppc: pam_krb5-2.2.14-15.ppc.rpm pam_krb5-2.2.14-15.ppc64.rpm pam_krb5-debuginfo-2.2.14-15.ppc.rpm pam_krb5-debuginfo-2.2.14-15.ppc64.rpm s390x: pam_krb5-2.2.14-15.s390.rpm pam_krb5-2.2.14-15.s390x.rpm pam_krb5-debuginfo-2.2.14-15.s390.rpm pam_krb5-debuginfo-2.2.14-15.s390x.rpm x86_64: pam_krb5-2.2.14-15.i386.rpm pam_krb5-2.2.14-15.x86_64.rpm pam_krb5-debuginfo-2.2.14-15.i386.rpm pam_krb5-debuginfo-2.2.14-15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-1384.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi6JXlSAg2UNWIIRAsn/AJ9tnlgj8Zn44IMnfv3yWyB0Z6W6FgCgm00K CMgEf6ucScC6tU6xsOSKaC4= =TPjJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:04:39 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:04:39 -0400 Subject: [RHSA-2010:0271-04] Important: kvm security, bug fix and enhancement update Message-ID: <201003301704.o2UH4djk007027@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security, bug fix and enhancement update Advisory ID: RHSA-2010:0271-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0271.html Issue date: 2010-03-30 CVE Names: CVE-2010-0741 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue, multiple bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO (TCP segment offloading) implementation, a guest's virtio-net driver would transmit improper data to a certain QEMU-KVM process on the host, causing the guest to crash. A remote attacker could use this flaw to send specially-crafted data to a target guest system, causing that guest to crash. (CVE-2010-0741) Additionally, these updated packages include numerous bug fixes and enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5 Technical Notes for details: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs and adding the enhancements noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 508040 - Windows XP not using all CPUS 510706 - qemu-kvm segfault when using i82551 vnic 511072 - KVM - qemu-img fail to copy a RAW format image over FCP storage 512672 - Remove initrd warning message 515549 - upstream qemu issues on rhel 5.4 515655 - Add result test to prevent Infinite loop in raw_pread, reading too large offset 515749 - Remove warnings from kvm compilation 516545 - qemu-kvm crashed when setting 32bitwin28k with 64G ram 516672 - Disable unused/unsupported features on qemu-kvm 516762 - qemu aborted when restart 32bitwin23k with more than 4G mem in intel host. 517223 - BUG: warning at /builddir/build/BUILD/kvm-83-maint-snapshot-20090205/kernel-/x86/x86.c:240/kvm_queue_exception_e() (Tainted: G ) 518090 - [RFE] KVM should be able to export advanced cpu flags to the guest 518169 - Bad qcow2 performance with cache=off 519397 - KVM: MMU: make __kvm_mmu_free_some_pages handle empty list (upstream backport) 520285 - windows 64 bit does vmexit on each cr8 access. 521025 - rtc-td-hack stopped working. Time drifts in windows 521749 - Guest Window2008-R2-datacenter installation is stopped at step "Setup will continue after restarting your computer" (AMD host only) 521835 - German keymap using KVM+VNC missing some keys 522887 - Call to migrate_set_speed after a migrate_cancel causes segmentation fault in kvm 524970 - Guest single-cpu IPI leads to a global IPI on host 525323 - QEMU terminates without warning with virtio-net and SMP enabled 525699 - x86_64 guest hang when set guest's cpu1 online on AMD host 526124 - ne model failed to get ip address 526837 - KVM: x86: verify MTRR/PAT validity (upstream backport) 527722 - Build tree for RHEL 5.X and RHEL 5.4.z contains build bugs 528310 - when kvm is load, Kernel panic on rebooting after implement suspend and resume 529694 - -initrd is broken with > 4GB guests 530134 - RFE - In-place backing file format change 530533 - debug message is displayed when save VM state into a compressed file 531631 - Windows XP unattended install doesn't get an IP address after rebooting, if using -net user 531701 - pvclock msr values are not preserved across remote migration 531827 - O/S Filesystem Corruption with RHEL-5.4 on a RHEV Guest 532086 - Rhev-Block driver causes 'unhandled vm exit' with 32bit win2k3r2sp2 Guest VM on restart 533059 - kvm modules can't be built against latest kernel-devel package 533197 - kvm kmod package should filter only some specific ksym dependencies 533390 - RHEL5.4 VM image corruption with an IDE v-disk 533453 - kvm kmod package should require a compatible kernel version 537075 - qcow2: infinite recursion on grow_refcount_table() error handling 537077 - error codes aren't always propagated up through the block layer (e.g. -ENOSPC) 537646 - backports of qemu barrier support 537655 - qemu-img: error creating a new preallocated volume image on FCP storage 537888 - fix unsafe device data handling 539250 - Cannot eject cd-rom when configured to host cd-rom 539589 - kvm can't build against kernel-2.6.18-174.el5 540893 - qemu-img: snapshot info error 541084 - KVM: x86: Add KVM_GET/SET_VCPU_EVENTS 541731 - kvm: migration: mechanism to make older savevm versions to be emitted on some cases 542923 - Get segmentation fault when running with ide block on kvm-83-136.el5 543137 - time drift in win2k364 KVM guest 543979 - gPXE fails to PXE boot on e1000 virtual NIC 545136 - CVE-2010-0741 whitelist host virtio networking features 545194 - Discrepancy between man page and source code for qcow2 with regards to default value used when no explicit caching is specified 546019 - kvm: use gpxe PXE roms if available 546039 - [FEAT] Supported KVM guests for RHEL5.5 549938 - Maintain barrier state after migration 550053 - require newer etherboot package that is compatible with new pxe ROM paths 550265 - gPXE fails to PXE boot on e1000 virtual NIC 550755 - Hypercall driver doesn't reset device on power-down 552487 - Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1 using virtio-blk 553187 - Add rhel-5.4.4 support to rhel5.5.0 555780 - iozone test can not finish when using virtio_blk in RHEL5u4 guest. 557327 - migration failed with -M rhel5.4.4 between host 5.5 and host 5.4.4 558195 - kvm: NFS : kvm-qemu-img convert failure on RAW/Sparse template with COW/Sparse snapshot 559163 - migration failed host 5.5 with -M rhel5.5.0 to host 5.5 with -M rhel5.5.0. 559509 - KVM:Wake up from hibernation operation failed ( migration to file ) 563141 - qemu-img re-base subcommand got Segmentation fault 569762 - 'qemu-img re-base' broken on block devices 577218 - CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-164.el5.src.rpm x86_64: kmod-kvm-83-164.el5.x86_64.rpm kvm-83-164.el5.x86_64.rpm kvm-debuginfo-83-164.el5.x86_64.rpm kvm-qemu-img-83-164.el5.x86_64.rpm kvm-tools-83-164.el5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-164.el5.src.rpm x86_64: kmod-kvm-83-164.el5.x86_64.rpm kvm-83-164.el5.x86_64.rpm kvm-debuginfo-83-164.el5.x86_64.rpm kvm-qemu-img-83-164.el5.x86_64.rpm kvm-tools-83-164.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0741.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi8fXlSAg2UNWIIRAgfYAJ9LZwTOO4UlmeSOQJZQ7zotl0ZBLQCfeLn2 lByI1aSKVsI9RnlzTJqYoIY= =CCMj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:06:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:06:32 -0400 Subject: [RHSA-2010:0273-05] Moderate: curl security, bug fix and enhancement update Message-ID: <201003301706.o2UH6Wba001284@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security, bug fix and enhancement update Advisory ID: RHSA-2010:0273-05 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0273.html Issue date: 2010-03-30 CVE Names: CVE-2010-0734 ===================================================================== 1. Summary: Updated curl packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734) This update also fixes the following bugs: * when using curl to upload a file, if the connection was broken or reset by the server during the transfer, curl immediately started using 100% CPU and failed to acknowledge that the transfer had failed. With this update, curl displays an appropriate error message and exits when an upload fails mid-transfer due to a broken or reset connection. (BZ#479967) * libcurl experienced a segmentation fault when attempting to reuse a connection after performing GSS-negotiate authentication, which in turn caused the curl program to crash. This update fixes this bug so that reused connections are able to be successfully established even after GSS-negotiate authentication has been performed. (BZ#517199) As well, this update adds the following enhancements: * curl now supports loading Certificate Revocation Lists (CRLs) from a Privacy Enhanced Mail (PEM) file. When curl attempts to access sites that have had their certificate revoked in a CRL, curl refuses access to those sites. (BZ#532069) * the curl(1) manual page has been updated to clarify that the "--socks4" and "--socks5" options do not work with the IPv6, FTPS, or LDAP protocols. (BZ#473128) * the curl utility's program help, which is accessed by running "curl -h", has been updated with descriptions for the "--ftp-account" and "--ftp-alternative-to-user" options. (BZ#517084) Users of curl should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running applications using libcurl must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 479967 - curl uses 100% of CPU if upload connection is broken 517084 - curl program options differ from option in manual page 517199 - curl, libcurl crash when reusing connection after negotiate-auth 563220 - CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-9.el5.src.rpm i386: curl-7.15.5-9.el5.i386.rpm curl-debuginfo-7.15.5-9.el5.i386.rpm x86_64: curl-7.15.5-9.el5.i386.rpm curl-7.15.5-9.el5.x86_64.rpm curl-debuginfo-7.15.5-9.el5.i386.rpm curl-debuginfo-7.15.5-9.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-9.el5.src.rpm i386: curl-debuginfo-7.15.5-9.el5.i386.rpm curl-devel-7.15.5-9.el5.i386.rpm x86_64: curl-debuginfo-7.15.5-9.el5.i386.rpm curl-debuginfo-7.15.5-9.el5.x86_64.rpm curl-devel-7.15.5-9.el5.i386.rpm curl-devel-7.15.5-9.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/curl-7.15.5-9.el5.src.rpm i386: curl-7.15.5-9.el5.i386.rpm curl-debuginfo-7.15.5-9.el5.i386.rpm curl-devel-7.15.5-9.el5.i386.rpm ia64: curl-7.15.5-9.el5.ia64.rpm curl-debuginfo-7.15.5-9.el5.ia64.rpm curl-devel-7.15.5-9.el5.ia64.rpm ppc: curl-7.15.5-9.el5.ppc.rpm curl-7.15.5-9.el5.ppc64.rpm curl-debuginfo-7.15.5-9.el5.ppc.rpm curl-debuginfo-7.15.5-9.el5.ppc64.rpm curl-devel-7.15.5-9.el5.ppc.rpm curl-devel-7.15.5-9.el5.ppc64.rpm s390x: curl-7.15.5-9.el5.s390.rpm curl-7.15.5-9.el5.s390x.rpm curl-debuginfo-7.15.5-9.el5.s390.rpm curl-debuginfo-7.15.5-9.el5.s390x.rpm curl-devel-7.15.5-9.el5.s390.rpm curl-devel-7.15.5-9.el5.s390x.rpm x86_64: curl-7.15.5-9.el5.i386.rpm curl-7.15.5-9.el5.x86_64.rpm curl-debuginfo-7.15.5-9.el5.i386.rpm curl-debuginfo-7.15.5-9.el5.x86_64.rpm curl-devel-7.15.5-9.el5.i386.rpm curl-devel-7.15.5-9.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0734.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi9FXlSAg2UNWIIRAol1AKChPL8s8Lr6hKQm8f0GAt2gAX8WUACcCD0L BnQTyrDkxuOZtzzD7ZpGCk8= =FfJ4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:11:49 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:11:49 -0400 Subject: [RHSA-2010:0291-04] Moderate: gfs-kmod security, bug fix and enhancement update Message-ID: <201003301711.o2UHBoxI005739@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gfs-kmod security, bug fix and enhancement update Advisory ID: RHSA-2010:0291-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0291.html Issue date: 2010-03-30 CVE Names: CVE-2010-0727 ===================================================================== 1. Summary: Updated gfs-kmod packages that fix one security issue, numerous bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.5, kernel release 2.6.18-194.el5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Cluster-Storage (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) These updated gfs-kmod packages are in sync with the latest kernel (2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to. These updated gfs-kmod packages also fix the following bugs: * when SELinux was in permissive mode, a race condition during file creation could have caused one or more cluster nodes to be fenced and lock the remaining nodes out of the GFS file system. This race condition no longer occurs with this update. (BZ#471258) * when ACLs (Access Control Lists) are enabled on a GFS file system, if a transaction that has started to do a write request does not have enough spare blocks for the operation it causes a kernel panic. This update ensures that there are enough blocks for the write request before starting the operation. (BZ#513885) * requesting a "flock" on a file in GFS in either read-only or read-write mode would sometimes cause a "Resource temporarily unavailable" state error (error 11 for EWOULDBLOCK) to occur. In these cases, a flock could not be obtained on the file in question. This has been fixed with this update so that flocks can successfully be obtained on GFS files without this error occurring. (BZ#515717) * the GFS withdraw function is a data integrity feature of GFS file systems in a cluster. If the GFS kernel module detects an inconsistency in a GFS file system following an I/O operation, the file system becomes unavailable to the cluster. The GFS withdraw function is less severe than a kernel panic, which would cause another node to fence the node. With this update, you can override the GFS withdraw function by mounting the file system with the "-o errors=panic" option specified. When this option is specified, any errors that would normally cause the system to withdraw cause the system to panic instead. This stops the node's cluster communications, which causes the node to be fenced. (BZ#517145) Finally, these updated gfs-kmod packages provide the following enhancement: * the GFS kernel modules have been updated to use the new generic freeze and unfreeze ioctl interface that is also supported by the following file systems: ext3, ext4, GFS2, JFS and ReiserFS. With this update, GFS supports freeze/unfreeze through the VFS-level FIFREEZE/FITHAW ioctl interface. (BZ#487610) Users are advised to upgrade to these latest gfs-kmod packages, updated for use with the 2.6.18-194.el5 kernel, which contain backported patches to correct these issues, fix these bugs, and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 471258 - fatal: assertion "gfs_glock_is_locked_by_me(gl) && gfs_glock_is_held_excl(gl)" failed 487610 - GFS: Change gfs freeze/unfreeze to use new standard 513885 - GFS kernel panic, suid + nfsd with posix ACLs enabled 515717 - Flock on GFS fs file will error with "Resource tempory unavailable" for EWOULDBLOCK 517145 - [RFE] GFS: New mount option: -o errors=withdraw|panic 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 6. Package List: RHEL Cluster-Storage (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gfs-kmod-0.1.34-12.el5.src.rpm i386: gfs-kmod-debuginfo-0.1.34-12.el5.i686.rpm kmod-gfs-0.1.34-12.el5.i686.rpm kmod-gfs-PAE-0.1.34-12.el5.i686.rpm kmod-gfs-xen-0.1.34-12.el5.i686.rpm ia64: gfs-kmod-debuginfo-0.1.34-12.el5.ia64.rpm kmod-gfs-0.1.34-12.el5.ia64.rpm kmod-gfs-xen-0.1.34-12.el5.ia64.rpm ppc: gfs-kmod-debuginfo-0.1.34-12.el5.ppc64.rpm kmod-gfs-0.1.34-12.el5.ppc64.rpm x86_64: gfs-kmod-debuginfo-0.1.34-12.el5.x86_64.rpm kmod-gfs-0.1.34-12.el5.x86_64.rpm kmod-gfs-xen-0.1.34-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0727.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsi+qXlSAg2UNWIIRAph7AJ43Q61Hpm87P8Emz+wrszNrdoRh6QCgua95 o4WPF1UY+zOiu3iFOajiisY= =67XL -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:13:10 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:13:10 -0400 Subject: [RHSA-2010:0321-04] Low: automake security update Message-ID: <201003301713.o2UHDBtE003477@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2010:0321-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0321.html Issue date: 2010-03-30 CVE Names: CVE-2009-4029 ===================================================================== 1. Summary: Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 542609 - CVE-2009-4029 Automake: Race condition by creation of "distdir" based directory hierarchy 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/automake-1.9.6-2.3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/automake14-1.4p6-13.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/automake15-1.5-16.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/automake16-1.6.3-8.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/automake17-1.7.9-7.el5.2.src.rpm noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/automake-1.9.6-2.3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/automake14-1.4p6-13.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/automake15-1.5-16.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/automake16-1.6.3-8.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/automake17-1.7.9-7.el5.2.src.rpm noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4029.html http://www.redhat.com/security/updates/classification/#low http://www.gnu.org/prep/standards/html_node/Releases.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjDqXlSAg2UNWIIRAs+eAJ9gAR+Pwec8LLHDdG+PB6zUvbw3rwCdFJ29 sDQzcNq842NPZuddQIY78Uw= =kqw7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:30:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:30:20 -0400 Subject: [RHSA-2010:0329-01] Moderate: curl security update Message-ID: <201003301730.o2UHUKcO015317@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2010:0329-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0329.html Issue date: 2010-03-30 CVE Names: CVE-2010-0734 ===================================================================== 1. Summary: Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 563220 - CVE-2010-0734 curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-11.rhel3.src.rpm i386: curl-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-devel-7.10.6-11.rhel3.i386.rpm ia64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.ia64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.ia64.rpm curl-devel-7.10.6-11.rhel3.ia64.rpm ppc: curl-7.10.6-11.rhel3.ppc.rpm curl-7.10.6-11.rhel3.ppc64.rpm curl-debuginfo-7.10.6-11.rhel3.ppc.rpm curl-debuginfo-7.10.6-11.rhel3.ppc64.rpm curl-devel-7.10.6-11.rhel3.ppc.rpm s390: curl-7.10.6-11.rhel3.s390.rpm curl-debuginfo-7.10.6-11.rhel3.s390.rpm curl-devel-7.10.6-11.rhel3.s390.rpm s390x: curl-7.10.6-11.rhel3.s390.rpm curl-7.10.6-11.rhel3.s390x.rpm curl-debuginfo-7.10.6-11.rhel3.s390.rpm curl-debuginfo-7.10.6-11.rhel3.s390x.rpm curl-devel-7.10.6-11.rhel3.s390x.rpm x86_64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.x86_64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.x86_64.rpm curl-devel-7.10.6-11.rhel3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/curl-7.10.6-11.rhel3.src.rpm i386: curl-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-devel-7.10.6-11.rhel3.i386.rpm x86_64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.x86_64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.x86_64.rpm curl-devel-7.10.6-11.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-11.rhel3.src.rpm i386: curl-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-devel-7.10.6-11.rhel3.i386.rpm ia64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.ia64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.ia64.rpm curl-devel-7.10.6-11.rhel3.ia64.rpm x86_64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.x86_64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.x86_64.rpm curl-devel-7.10.6-11.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-11.rhel3.src.rpm i386: curl-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-devel-7.10.6-11.rhel3.i386.rpm ia64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.ia64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.ia64.rpm curl-devel-7.10.6-11.rhel3.ia64.rpm x86_64: curl-7.10.6-11.rhel3.i386.rpm curl-7.10.6-11.rhel3.x86_64.rpm curl-debuginfo-7.10.6-11.rhel3.i386.rpm curl-debuginfo-7.10.6-11.rhel3.x86_64.rpm curl-devel-7.10.6-11.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-11.1.el4_8.3.src.rpm i386: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-devel-7.12.1-11.1.el4_8.3.i386.rpm ia64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.ia64.rpm curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm ppc: curl-7.12.1-11.1.el4_8.3.ppc.rpm curl-7.12.1-11.1.el4_8.3.ppc64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.ppc.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.ppc64.rpm curl-devel-7.12.1-11.1.el4_8.3.ppc.rpm s390: curl-7.12.1-11.1.el4_8.3.s390.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.s390.rpm curl-devel-7.12.1-11.1.el4_8.3.s390.rpm s390x: curl-7.12.1-11.1.el4_8.3.s390.rpm curl-7.12.1-11.1.el4_8.3.s390x.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.s390.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.s390x.rpm curl-devel-7.12.1-11.1.el4_8.3.s390x.rpm x86_64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.x86_64.rpm curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-11.1.el4_8.3.src.rpm i386: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-devel-7.12.1-11.1.el4_8.3.i386.rpm x86_64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.x86_64.rpm curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-11.1.el4_8.3.src.rpm i386: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-devel-7.12.1-11.1.el4_8.3.i386.rpm ia64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.ia64.rpm curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm x86_64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.x86_64.rpm curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-11.1.el4_8.3.src.rpm i386: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-devel-7.12.1-11.1.el4_8.3.i386.rpm ia64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.ia64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.ia64.rpm curl-devel-7.12.1-11.1.el4_8.3.ia64.rpm x86_64: curl-7.12.1-11.1.el4_8.3.i386.rpm curl-7.12.1-11.1.el4_8.3.x86_64.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.i386.rpm curl-debuginfo-7.12.1-11.1.el4_8.3.x86_64.rpm curl-devel-7.12.1-11.1.el4_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0734.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjTrXlSAg2UNWIIRAqMaAKChg0FxSYaKp5/AkxXXmkQrszamVQCfYwUI qbONvBmkxfJOCKkX/yM0Ul4= =5NFz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:58:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:58:57 -0400 Subject: [RHSA-2010:0330-01] Moderate: GFS security and bug fix update Message-ID: <201003301758.o2UHwvLr021414@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: GFS security and bug fix update Advisory ID: RHSA-2010:0330-01 Product: Red Hat Global File System Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0330.html Issue date: 2010-03-30 CVE Names: CVE-2010-0727 ===================================================================== 1. Summary: Updated GFS packages that fix one security issue are now available for Red Hat Enterprise Linux 3.9, kernel release 2.4.21-63.EL. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Global File System 3AS - i386, ia64, x86_64 Red Hat Global File System 3ES - i386, ia64, x86_64 Red Hat Global File System 3WS - i386, ia64, x86_64 3. Description: The Red Hat Global File System (GFS) allows a cluster of Linux servers to share data in a common pool of storage. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) As well, these updated GFS packages are in sync with the latest kernel (2.4.21-63.EL). The modules in earlier GFS packages fail to load because they do not match the running kernel. It is possible to force-load the modules; however, with this update, force-loading the modules is not required. (BZ#525198) Users are advised to upgrade to these latest GFS packages, which resolve this issue and are updated for use with the 2.4.21-63.EL kernel. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 525198 - Need rebuild for 2.4.21-63.EL kernel 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 6. Package List: Red Hat Global File System 3AS: Source: ftp://updates.redhat.com/enterprise/3AS/en/RHGFS/SRPMS/GFS-6.0.2.36-13.src.rpm i386: GFS-6.0.2.36-13.i386.rpm GFS-6.0.2.36-13.i686.rpm GFS-debuginfo-6.0.2.36-13.i386.rpm GFS-debuginfo-6.0.2.36-13.i686.rpm GFS-devel-6.0.2.36-13.i386.rpm GFS-devel-6.0.2.36-13.i686.rpm GFS-modules-6.0.2.36-13.i386.rpm GFS-modules-6.0.2.36-13.i686.rpm GFS-modules-hugemem-6.0.2.36-13.i686.rpm GFS-modules-smp-6.0.2.36-13.i686.rpm ia64: GFS-6.0.2.36-13.ia64.rpm GFS-debuginfo-6.0.2.36-13.ia64.rpm GFS-devel-6.0.2.36-13.ia64.rpm GFS-modules-6.0.2.36-13.ia64.rpm x86_64: GFS-6.0.2.36-13.ia32e.rpm GFS-6.0.2.36-13.x86_64.rpm GFS-debuginfo-6.0.2.36-13.ia32e.rpm GFS-debuginfo-6.0.2.36-13.x86_64.rpm GFS-devel-6.0.2.36-13.ia32e.rpm GFS-devel-6.0.2.36-13.x86_64.rpm GFS-modules-6.0.2.36-13.ia32e.rpm GFS-modules-6.0.2.36-13.x86_64.rpm GFS-modules-smp-6.0.2.36-13.x86_64.rpm Red Hat Global File System 3ES: Source: ftp://updates.redhat.com/enterprise/3ES/en/RHGFS/SRPMS/GFS-6.0.2.36-13.src.rpm i386: GFS-6.0.2.36-13.i386.rpm GFS-6.0.2.36-13.i686.rpm GFS-debuginfo-6.0.2.36-13.i386.rpm GFS-debuginfo-6.0.2.36-13.i686.rpm GFS-devel-6.0.2.36-13.i386.rpm GFS-devel-6.0.2.36-13.i686.rpm GFS-modules-6.0.2.36-13.i386.rpm GFS-modules-6.0.2.36-13.i686.rpm GFS-modules-hugemem-6.0.2.36-13.i686.rpm GFS-modules-smp-6.0.2.36-13.i686.rpm ia64: GFS-6.0.2.36-13.ia64.rpm GFS-debuginfo-6.0.2.36-13.ia64.rpm GFS-devel-6.0.2.36-13.ia64.rpm GFS-modules-6.0.2.36-13.ia64.rpm x86_64: GFS-6.0.2.36-13.ia32e.rpm GFS-6.0.2.36-13.x86_64.rpm GFS-debuginfo-6.0.2.36-13.ia32e.rpm GFS-debuginfo-6.0.2.36-13.x86_64.rpm GFS-devel-6.0.2.36-13.ia32e.rpm GFS-devel-6.0.2.36-13.x86_64.rpm GFS-modules-6.0.2.36-13.ia32e.rpm GFS-modules-6.0.2.36-13.x86_64.rpm GFS-modules-smp-6.0.2.36-13.x86_64.rpm Red Hat Global File System 3WS: Source: ftp://updates.redhat.com/enterprise/3WS/en/RHGFS/SRPMS/GFS-6.0.2.36-13.src.rpm i386: GFS-6.0.2.36-13.i386.rpm GFS-6.0.2.36-13.i686.rpm GFS-debuginfo-6.0.2.36-13.i386.rpm GFS-debuginfo-6.0.2.36-13.i686.rpm GFS-devel-6.0.2.36-13.i386.rpm GFS-devel-6.0.2.36-13.i686.rpm GFS-modules-6.0.2.36-13.i386.rpm GFS-modules-6.0.2.36-13.i686.rpm GFS-modules-hugemem-6.0.2.36-13.i686.rpm GFS-modules-smp-6.0.2.36-13.i686.rpm ia64: GFS-6.0.2.36-13.ia64.rpm GFS-debuginfo-6.0.2.36-13.ia64.rpm GFS-devel-6.0.2.36-13.ia64.rpm GFS-modules-6.0.2.36-13.ia64.rpm x86_64: GFS-6.0.2.36-13.ia32e.rpm GFS-6.0.2.36-13.x86_64.rpm GFS-debuginfo-6.0.2.36-13.ia32e.rpm GFS-debuginfo-6.0.2.36-13.x86_64.rpm GFS-devel-6.0.2.36-13.ia32e.rpm GFS-devel-6.0.2.36-13.x86_64.rpm GFS-modules-6.0.2.36-13.ia32e.rpm GFS-modules-6.0.2.36-13.x86_64.rpm GFS-modules-smp-6.0.2.36-13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0727.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjvRXlSAg2UNWIIRAuv8AKCq0i++UxQhdufnkegmQLfvCNlOKACfbFKf AnIoy/nWBqZAdUYgR7582hQ= =MeBe -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:59:19 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 13:59:19 -0400 Subject: [RHSA-2010:0331-01] Moderate: GFS-kernel security and bug fix update Message-ID: <201003301759.o2UHxJKX021473@int-mx05.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: GFS-kernel security and bug fix update Advisory ID: RHSA-2010:0331-01 Product: Red Hat Global File System Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0331.html Issue date: 2010-03-30 CVE Names: CVE-2010-0727 ===================================================================== 1. Summary: Updated GFS-kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4.8, kernel release 2.6.9-89.0.20.EL. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Global File System 4AS - i386, ia64, ppc, x86_64 Red Hat Global File System 4ES - i386, ia64, x86_64 Red Hat Global File System 4WS - i386, ia64, x86_64 3. Description: The GFS-kernel packages contain modules that provide the ability to mount and use GFS file systems. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) As well, these updated GFS-kernel packages are in sync with the latest kernel (2.6.9-89.0.20.EL). The modules in earlier GFS-kernel packages fail to load because they do not match the running kernel. It is possible to force-load the modules; however, with this update, force-loading the modules is not required. Users are advised to upgrade to these latest GFS-kernel packages, which resolve this issue and are updated for use with the 2.6.9-89.0.20.EL kernel. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 6. Package List: Red Hat Global File System 4AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHGFS/SRPMS/GFS-kernel-2.6.9-85.2.el4_8.10.src.rpm i386: GFS-kernel-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-hugemem-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.i686.rpm ia64: GFS-kernel-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.ia64.rpm ppc: GFS-kernel-2.6.9-85.2.el4_8.10.ppc64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.ppc64.rpm GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.ppc64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.ppc64.rpm x86_64: GFS-kernel-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.x86_64.rpm Red Hat Global File System 4ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHGFS/SRPMS/GFS-kernel-2.6.9-85.2.el4_8.10.src.rpm i386: GFS-kernel-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-hugemem-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.i686.rpm ia64: GFS-kernel-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.ia64.rpm x86_64: GFS-kernel-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.x86_64.rpm Red Hat Global File System 4WS: Source: ftp://updates.redhat.com/enterprise/4WS/en/RHGFS/SRPMS/GFS-kernel-2.6.9-85.2.el4_8.10.src.rpm i386: GFS-kernel-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-hugemem-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.i686.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.i686.rpm ia64: GFS-kernel-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.ia64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.ia64.rpm x86_64: GFS-kernel-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-debuginfo-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-largesmp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-smp-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernel-xenU-2.6.9-85.2.el4_8.10.x86_64.rpm GFS-kernheaders-2.6.9-85.2.el4_8.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0727.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjvyXlSAg2UNWIIRAqnwAJ98kDrGFYlboY9AOH1VjqxMb1nH2ACdFsSF Klf4y++z7c6AihlFU0SI9Mw= =CFDs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 23:30:21 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 19:30:21 -0400 Subject: [RHSA-2010:0332-01] Critical: firefox security update Message-ID: <201003302330.o2UNULNK001799@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0332-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0332.html Issue date: 2010-03-30 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption 578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection 578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView 578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray 578154 - CVE-2010-0178 Firefox Chrome privilege escalation via forced URL drag and drop 578155 - CVE-2010-0179 Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.0.19-1.el4.src.rpm i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm ppc: firefox-3.0.19-1.el4.ppc.rpm firefox-debuginfo-3.0.19-1.el4.ppc.rpm s390: firefox-3.0.19-1.el4.s390.rpm firefox-debuginfo-3.0.19-1.el4.s390.rpm s390x: firefox-3.0.19-1.el4.s390x.rpm firefox-debuginfo-3.0.19-1.el4.s390x.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.0.19-1.el4.src.rpm i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.0.19-1.el4.src.rpm i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.0.19-1.el4.src.rpm i386: firefox-3.0.19-1.el4.i386.rpm firefox-debuginfo-3.0.19-1.el4.i386.rpm ia64: firefox-3.0.19-1.el4.ia64.rpm firefox-debuginfo-3.0.19-1.el4.ia64.rpm x86_64: firefox-3.0.19-1.el4.x86_64.rpm firefox-debuginfo-3.0.19-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.0.19-1.el5_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.19-1.el5_5.src.rpm i386: firefox-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm x86_64: firefox-3.0.19-1.el5_5.i386.rpm firefox-3.0.19-1.el5_5.x86_64.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.x86_64.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.0.19-1.el5_5.src.rpm i386: xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpm x86_64: xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.0.19-1.el5_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.0.19-1.el5_5.src.rpm i386: firefox-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.i386.rpm ia64: firefox-3.0.19-1.el5_5.ia64.rpm firefox-debuginfo-3.0.19-1.el5_5.ia64.rpm xulrunner-1.9.0.19-1.el5_5.ia64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ia64.rpm xulrunner-devel-1.9.0.19-1.el5_5.ia64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.ia64.rpm ppc: firefox-3.0.19-1.el5_5.ppc.rpm firefox-debuginfo-3.0.19-1.el5_5.ppc.rpm xulrunner-1.9.0.19-1.el5_5.ppc.rpm xulrunner-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ppc.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-devel-1.9.0.19-1.el5_5.ppc.rpm xulrunner-devel-1.9.0.19-1.el5_5.ppc64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.ppc.rpm s390x: firefox-3.0.19-1.el5_5.s390.rpm firefox-3.0.19-1.el5_5.s390x.rpm firefox-debuginfo-3.0.19-1.el5_5.s390.rpm firefox-debuginfo-3.0.19-1.el5_5.s390x.rpm xulrunner-1.9.0.19-1.el5_5.s390.rpm xulrunner-1.9.0.19-1.el5_5.s390x.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.s390.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.s390x.rpm xulrunner-devel-1.9.0.19-1.el5_5.s390.rpm xulrunner-devel-1.9.0.19-1.el5_5.s390x.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.s390x.rpm x86_64: firefox-3.0.19-1.el5_5.i386.rpm firefox-3.0.19-1.el5_5.x86_64.rpm firefox-debuginfo-3.0.19-1.el5_5.i386.rpm firefox-debuginfo-3.0.19-1.el5_5.x86_64.rpm xulrunner-1.9.0.19-1.el5_5.i386.rpm xulrunner-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.i386.rpm xulrunner-debuginfo-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-1.9.0.19-1.el5_5.i386.rpm xulrunner-devel-1.9.0.19-1.el5_5.x86_64.rpm xulrunner-devel-unstable-1.9.0.19-1.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0174.html https://www.redhat.com/security/data/cve/CVE-2010-0175.html https://www.redhat.com/security/data/cve/CVE-2010-0176.html https://www.redhat.com/security/data/cve/CVE-2010-0177.html https://www.redhat.com/security/data/cve/CVE-2010-0178.html https://www.redhat.com/security/data/cve/CVE-2010-0179.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.19 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsomDXlSAg2UNWIIRAtLCAKCwhDeNd8NDKPutMczQAGhv4PLWowCePa72 yIL+sEc1I/Xi84x3SH+mzGU= =WfAT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 23:31:01 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2010 19:31:01 -0400 Subject: [RHSA-2010:0333-01] Critical: seamonkey security update Message-ID: <201003302331.o2UNV29d004308@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0333-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0333.html Issue date: 2010-03-30 CVE Names: CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 578147 - CVE-2010-0174 Mozilla crashes with evidence of memory corruption 578149 - CVE-2010-0175 Mozilla remote code execution with use-after-free in nsTreeSelection 578150 - CVE-2010-0176 Mozilla Dangling pointer vulnerability in nsTreeContentView 578152 - CVE-2010-0177 Mozilla Dangling pointer vulnerability in nsPluginArray 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.52.el3.src.rpm i386: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-chat-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-devel-1.0.9-0.52.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.52.el3.i386.rpm seamonkey-mail-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.52.el3.i386.rpm ia64: seamonkey-1.0.9-0.52.el3.ia64.rpm seamonkey-chat-1.0.9-0.52.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.ia64.rpm seamonkey-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.ia64.rpm seamonkey-mail-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.ia64.rpm ppc: seamonkey-1.0.9-0.52.el3.ppc.rpm seamonkey-chat-1.0.9-0.52.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.52.el3.ppc.rpm seamonkey-devel-1.0.9-0.52.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.52.el3.ppc.rpm seamonkey-mail-1.0.9-0.52.el3.ppc.rpm seamonkey-nspr-1.0.9-0.52.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.ppc.rpm seamonkey-nss-1.0.9-0.52.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.52.el3.ppc.rpm s390: seamonkey-1.0.9-0.52.el3.s390.rpm seamonkey-chat-1.0.9-0.52.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.52.el3.s390.rpm seamonkey-devel-1.0.9-0.52.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.52.el3.s390.rpm seamonkey-mail-1.0.9-0.52.el3.s390.rpm seamonkey-nspr-1.0.9-0.52.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.s390.rpm seamonkey-nss-1.0.9-0.52.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.52.el3.s390.rpm s390x: seamonkey-1.0.9-0.52.el3.s390x.rpm seamonkey-chat-1.0.9-0.52.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.52.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.52.el3.s390x.rpm seamonkey-devel-1.0.9-0.52.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.52.el3.s390x.rpm seamonkey-mail-1.0.9-0.52.el3.s390x.rpm seamonkey-nspr-1.0.9-0.52.el3.s390.rpm seamonkey-nspr-1.0.9-0.52.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.s390x.rpm seamonkey-nss-1.0.9-0.52.el3.s390.rpm seamonkey-nss-1.0.9-0.52.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.52.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-1.0.9-0.52.el3.x86_64.rpm seamonkey-chat-1.0.9-0.52.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.x86_64.rpm seamonkey-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.x86_64.rpm seamonkey-mail-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.52.el3.src.rpm i386: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-chat-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-devel-1.0.9-0.52.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.52.el3.i386.rpm seamonkey-mail-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.52.el3.i386.rpm x86_64: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-1.0.9-0.52.el3.x86_64.rpm seamonkey-chat-1.0.9-0.52.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.x86_64.rpm seamonkey-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.x86_64.rpm seamonkey-mail-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.52.el3.src.rpm i386: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-chat-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-devel-1.0.9-0.52.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.52.el3.i386.rpm seamonkey-mail-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.52.el3.i386.rpm ia64: seamonkey-1.0.9-0.52.el3.ia64.rpm seamonkey-chat-1.0.9-0.52.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.ia64.rpm seamonkey-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.ia64.rpm seamonkey-mail-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-1.0.9-0.52.el3.x86_64.rpm seamonkey-chat-1.0.9-0.52.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.x86_64.rpm seamonkey-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.x86_64.rpm seamonkey-mail-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.52.el3.src.rpm i386: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-chat-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-devel-1.0.9-0.52.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.52.el3.i386.rpm seamonkey-mail-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.52.el3.i386.rpm ia64: seamonkey-1.0.9-0.52.el3.ia64.rpm seamonkey-chat-1.0.9-0.52.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.ia64.rpm seamonkey-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.ia64.rpm seamonkey-mail-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.52.el3.i386.rpm seamonkey-1.0.9-0.52.el3.x86_64.rpm seamonkey-chat-1.0.9-0.52.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.52.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.52.el3.x86_64.rpm seamonkey-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.52.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.52.el3.x86_64.rpm seamonkey-mail-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.52.el3.i386.rpm seamonkey-nspr-1.0.9-0.52.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-1.0.9-0.52.el3.i386.rpm seamonkey-nss-1.0.9-0.52.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.52.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-54.el4_8.src.rpm i386: seamonkey-1.0.9-54.el4_8.i386.rpm seamonkey-chat-1.0.9-54.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-54.el4_8.i386.rpm seamonkey-devel-1.0.9-54.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-54.el4_8.i386.rpm seamonkey-mail-1.0.9-54.el4_8.i386.rpm ia64: seamonkey-1.0.9-54.el4_8.ia64.rpm seamonkey-chat-1.0.9-54.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.ia64.rpm seamonkey-devel-1.0.9-54.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.ia64.rpm seamonkey-mail-1.0.9-54.el4_8.ia64.rpm ppc: seamonkey-1.0.9-54.el4_8.ppc.rpm seamonkey-chat-1.0.9-54.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-54.el4_8.ppc.rpm seamonkey-devel-1.0.9-54.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-54.el4_8.ppc.rpm seamonkey-mail-1.0.9-54.el4_8.ppc.rpm s390: seamonkey-1.0.9-54.el4_8.s390.rpm seamonkey-chat-1.0.9-54.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-54.el4_8.s390.rpm seamonkey-devel-1.0.9-54.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-54.el4_8.s390.rpm seamonkey-mail-1.0.9-54.el4_8.s390.rpm s390x: seamonkey-1.0.9-54.el4_8.s390x.rpm seamonkey-chat-1.0.9-54.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-54.el4_8.s390x.rpm seamonkey-devel-1.0.9-54.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-54.el4_8.s390x.rpm seamonkey-mail-1.0.9-54.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-54.el4_8.x86_64.rpm seamonkey-chat-1.0.9-54.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.x86_64.rpm seamonkey-devel-1.0.9-54.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.x86_64.rpm seamonkey-mail-1.0.9-54.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-54.el4_8.src.rpm i386: seamonkey-1.0.9-54.el4_8.i386.rpm seamonkey-chat-1.0.9-54.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-54.el4_8.i386.rpm seamonkey-devel-1.0.9-54.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-54.el4_8.i386.rpm seamonkey-mail-1.0.9-54.el4_8.i386.rpm x86_64: seamonkey-1.0.9-54.el4_8.x86_64.rpm seamonkey-chat-1.0.9-54.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.x86_64.rpm seamonkey-devel-1.0.9-54.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.x86_64.rpm seamonkey-mail-1.0.9-54.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-54.el4_8.src.rpm i386: seamonkey-1.0.9-54.el4_8.i386.rpm seamonkey-chat-1.0.9-54.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-54.el4_8.i386.rpm seamonkey-devel-1.0.9-54.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-54.el4_8.i386.rpm seamonkey-mail-1.0.9-54.el4_8.i386.rpm ia64: seamonkey-1.0.9-54.el4_8.ia64.rpm seamonkey-chat-1.0.9-54.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.ia64.rpm seamonkey-devel-1.0.9-54.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.ia64.rpm seamonkey-mail-1.0.9-54.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-54.el4_8.x86_64.rpm seamonkey-chat-1.0.9-54.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.x86_64.rpm seamonkey-devel-1.0.9-54.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.x86_64.rpm seamonkey-mail-1.0.9-54.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-54.el4_8.src.rpm i386: seamonkey-1.0.9-54.el4_8.i386.rpm seamonkey-chat-1.0.9-54.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-54.el4_8.i386.rpm seamonkey-devel-1.0.9-54.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-54.el4_8.i386.rpm seamonkey-mail-1.0.9-54.el4_8.i386.rpm ia64: seamonkey-1.0.9-54.el4_8.ia64.rpm seamonkey-chat-1.0.9-54.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.ia64.rpm seamonkey-devel-1.0.9-54.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.ia64.rpm seamonkey-mail-1.0.9-54.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-54.el4_8.x86_64.rpm seamonkey-chat-1.0.9-54.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-54.el4_8.x86_64.rpm seamonkey-devel-1.0.9-54.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-54.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-54.el4_8.x86_64.rpm seamonkey-mail-1.0.9-54.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0174.html https://www.redhat.com/security/data/cve/CVE-2010-0175.html https://www.redhat.com/security/data/cve/CVE-2010-0176.html https://www.redhat.com/security/data/cve/CVE-2010-0177.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsomwXlSAg2UNWIIRAr3nAJwO72g8f348gtHjFQuO6aX6swVtvwCgkgqt rcZIuKhXD85xhWcWNwHFl28= =V5O0 -----END PGP SIGNATURE-----