From bugzilla at redhat.com Mon Nov 1 09:24:31 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Nov 2010 14:54:31 +0530 Subject: [RHSA-2010:0817-01] Low: Red Hat Enterprise Linux 3 - End Of Life Message-ID: <201011010924.oA19OVqm015115@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 - End Of Life Advisory ID: RHSA-2010:0817-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0817.html Issue date: 2010-11-01 ===================================================================== 1. Summary: This is the End Of Life notification for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 3 has ended. Red Hat has discontinued the regular subscription services for Red Hat Enterprise Linux 3. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services are no longer available for the following products: * Red Hat Enterprise Linux AS 3 * Red Hat Enterprise Linux ES 3 * Red Hat Enterprise Linux WS 3 * Red Hat Enterprise Linux Extras 3 * Red Hat Desktop 3 * Red Hat Global File System 3 * Red Hat Cluster Suite 3 Servers subscribed to Red Hat Enterprise Linux 3 channels on the Red Hat Network will shortly become unsubscribed. As a benefit of the Red Hat subscription model, those subscriptions can be used to entitle any system on any currently supported release of Red Hat Enterprise Linux. Red Hat Enterprise Linux Subscriptions are version-independent and allow access to all major releases of Red Hat Enterprise Linux, that are currently supported within their regular 7-year life-cycle. Therefore customers retain access to Red Hat Enterprise Linux 4, 5 and soon to be released 6. There are no additional upgrade fees when moving from Red Hat Enterprise Linux 3 to any of these newer releases. For customers who are unable to migrate off Red Hat Enterprise Linux 3, Red Hat is offering a limited, optional extension program referred to as RHEL 3 Extended Life Cycle Support (ELS). For more information, contact your Red Hat sales representative or channel partner on this program. Additionally you can find more information on this program here: http://www.redhat.com/rhel/server/extended_lifecycle_support/ Once you are eligible for subscribing to the RHEL 3 ELS channels, read the Red Hat Knowledgebase article DOC-40489 at https://access.redhat.com/kb/docs/DOC-40489 for detailed information on how to subscribe to the RHEL 3 ELS channels. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: http://www.redhat.com/security/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 644878 - Send Out RHEL 3 final EOL Notice 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/redhat-release-3AS-13.9.11.src.rpm i386: redhat-release-3AS-13.9.11.i386.rpm redhat-release-debuginfo-3AS-13.9.11.i386.rpm ia64: redhat-release-3AS-13.9.11.ia64.rpm redhat-release-debuginfo-3AS-13.9.11.ia64.rpm ppc: redhat-release-3AS-13.9.11.ppc.rpm redhat-release-debuginfo-3AS-13.9.11.ppc.rpm s390: redhat-release-3AS-13.9.11.s390.rpm redhat-release-debuginfo-3AS-13.9.11.s390.rpm s390x: redhat-release-3AS-13.9.11.s390x.rpm redhat-release-debuginfo-3AS-13.9.11.s390x.rpm x86_64: redhat-release-3AS-13.9.11.x86_64.rpm redhat-release-debuginfo-3AS-13.9.11.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/redhat-release-3Desktop-13.9.11.src.rpm i386: redhat-release-3Desktop-13.9.11.i386.rpm redhat-release-debuginfo-3Desktop-13.9.11.i386.rpm x86_64: redhat-release-3Desktop-13.9.11.x86_64.rpm redhat-release-debuginfo-3Desktop-13.9.11.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/redhat-release-3ES-13.9.11.src.rpm i386: redhat-release-3ES-13.9.11.i386.rpm redhat-release-debuginfo-3ES-13.9.11.i386.rpm ia64: redhat-release-3ES-13.9.11.ia64.rpm redhat-release-debuginfo-3ES-13.9.11.ia64.rpm x86_64: redhat-release-3ES-13.9.11.x86_64.rpm redhat-release-debuginfo-3ES-13.9.11.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/redhat-release-3WS-13.9.11.src.rpm i386: redhat-release-3WS-13.9.11.i386.rpm redhat-release-debuginfo-3WS-13.9.11.i386.rpm ia64: redhat-release-3WS-13.9.11.ia64.rpm redhat-release-debuginfo-3WS-13.9.11.ia64.rpm x86_64: redhat-release-3WS-13.9.11.x86_64.rpm redhat-release-debuginfo-3WS-13.9.11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/security/updates/classification/#low https://access.redhat.com/kb/docs/DOC-40489 http://www.redhat.com/security/updates/errata/ http://www.redhat.com/rhel/server/extended_lifecycle_support/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMzocyXlSAg2UNWIIRAhXAAJ0X9cfbAGX1rMQbSZpG2z8Wst4OXQCeKAde lqxWC5TLOcppsSWVCMUW9X8= =mbMl -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 1 19:52:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Nov 2010 13:52:53 -0600 Subject: [RHSA-2010:0819-01] Moderate: pam security update Message-ID: <201011011952.oA1Jqr2u024942@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pam security update Advisory ID: RHSA-2010:0819-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0819.html Issue date: 2010-11-01 CVE Names: CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 ===================================================================== 1. Summary: Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls 641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges 643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pam-0.99.6.2-6.el5_5.2.src.rpm i386: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm x86_64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.x86_64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pam-0.99.6.2-6.el5_5.2.src.rpm i386: pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm x86_64: pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pam-0.99.6.2-6.el5_5.2.src.rpm i386: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm ia64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.ia64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ia64.rpm pam-devel-0.99.6.2-6.el5_5.2.ia64.rpm ppc: pam-0.99.6.2-6.el5_5.2.ppc.rpm pam-0.99.6.2-6.el5_5.2.ppc64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ppc.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.ppc64.rpm pam-devel-0.99.6.2-6.el5_5.2.ppc.rpm pam-devel-0.99.6.2-6.el5_5.2.ppc64.rpm s390x: pam-0.99.6.2-6.el5_5.2.s390.rpm pam-0.99.6.2-6.el5_5.2.s390x.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.s390.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.s390x.rpm pam-devel-0.99.6.2-6.el5_5.2.s390.rpm pam-devel-0.99.6.2-6.el5_5.2.s390x.rpm x86_64: pam-0.99.6.2-6.el5_5.2.i386.rpm pam-0.99.6.2-6.el5_5.2.x86_64.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.i386.rpm pam-debuginfo-0.99.6.2-6.el5_5.2.x86_64.rpm pam-devel-0.99.6.2-6.el5_5.2.i386.rpm pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3316.html https://www.redhat.com/security/data/cve/CVE-2010-3435.html https://www.redhat.com/security/data/cve/CVE-2010-3853.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMzxqFXlSAg2UNWIIRArfBAJ9qcKIF/IydoOYO6Ol3sJXkRoCtFwCfYCuV GH2MTJIBmimm9XsTiJvPTJI= =22g0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 3 20:25:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Nov 2010 14:25:53 -0600 Subject: [RHSA-2010:0824-01] Moderate: mysql security update Message-ID: <201011032025.oA3KPslQ009543@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2010:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0824.html Issue date: 2010-11-03 CVE Names: CVE-2010-1848 CVE-2010-3681 CVE-2010-3840 ===================================================================== 1. Summary: Updated mysql packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially-crafted table name. (CVE-2010-1848) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592079 - CVE-2010-1848 mysql: multiple insufficient table name checks 628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) 640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mysql-4.1.22-2.el4_8.4.src.rpm i386: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-bench-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-devel-4.1.22-2.el4_8.4.i386.rpm mysql-server-4.1.22-2.el4_8.4.i386.rpm ia64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.ia64.rpm mysql-bench-4.1.22-2.el4_8.4.ia64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.ia64.rpm mysql-devel-4.1.22-2.el4_8.4.ia64.rpm mysql-server-4.1.22-2.el4_8.4.ia64.rpm ppc: mysql-4.1.22-2.el4_8.4.ppc.rpm mysql-4.1.22-2.el4_8.4.ppc64.rpm mysql-bench-4.1.22-2.el4_8.4.ppc.rpm mysql-debuginfo-4.1.22-2.el4_8.4.ppc.rpm mysql-debuginfo-4.1.22-2.el4_8.4.ppc64.rpm mysql-devel-4.1.22-2.el4_8.4.ppc.rpm mysql-server-4.1.22-2.el4_8.4.ppc.rpm s390: mysql-4.1.22-2.el4_8.4.s390.rpm mysql-bench-4.1.22-2.el4_8.4.s390.rpm mysql-debuginfo-4.1.22-2.el4_8.4.s390.rpm mysql-devel-4.1.22-2.el4_8.4.s390.rpm mysql-server-4.1.22-2.el4_8.4.s390.rpm s390x: mysql-4.1.22-2.el4_8.4.s390.rpm mysql-4.1.22-2.el4_8.4.s390x.rpm mysql-bench-4.1.22-2.el4_8.4.s390x.rpm mysql-debuginfo-4.1.22-2.el4_8.4.s390.rpm mysql-debuginfo-4.1.22-2.el4_8.4.s390x.rpm mysql-devel-4.1.22-2.el4_8.4.s390x.rpm mysql-server-4.1.22-2.el4_8.4.s390x.rpm x86_64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.x86_64.rpm mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.x86_64.rpm mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm mysql-server-4.1.22-2.el4_8.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mysql-4.1.22-2.el4_8.4.src.rpm i386: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-bench-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-devel-4.1.22-2.el4_8.4.i386.rpm mysql-server-4.1.22-2.el4_8.4.i386.rpm x86_64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.x86_64.rpm mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.x86_64.rpm mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm mysql-server-4.1.22-2.el4_8.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mysql-4.1.22-2.el4_8.4.src.rpm i386: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-bench-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-devel-4.1.22-2.el4_8.4.i386.rpm mysql-server-4.1.22-2.el4_8.4.i386.rpm ia64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.ia64.rpm mysql-bench-4.1.22-2.el4_8.4.ia64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.ia64.rpm mysql-devel-4.1.22-2.el4_8.4.ia64.rpm mysql-server-4.1.22-2.el4_8.4.ia64.rpm x86_64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.x86_64.rpm mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.x86_64.rpm mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm mysql-server-4.1.22-2.el4_8.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mysql-4.1.22-2.el4_8.4.src.rpm i386: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-bench-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-devel-4.1.22-2.el4_8.4.i386.rpm mysql-server-4.1.22-2.el4_8.4.i386.rpm ia64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.ia64.rpm mysql-bench-4.1.22-2.el4_8.4.ia64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.ia64.rpm mysql-devel-4.1.22-2.el4_8.4.ia64.rpm mysql-server-4.1.22-2.el4_8.4.ia64.rpm x86_64: mysql-4.1.22-2.el4_8.4.i386.rpm mysql-4.1.22-2.el4_8.4.x86_64.rpm mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm mysql-debuginfo-4.1.22-2.el4_8.4.i386.rpm mysql-debuginfo-4.1.22-2.el4_8.4.x86_64.rpm mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm mysql-server-4.1.22-2.el4_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1848.html https://www.redhat.com/security/data/cve/CVE-2010-3681.html https://www.redhat.com/security/data/cve/CVE-2010-3840.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM0cU9XlSAg2UNWIIRAlBNAJ0a0OPlJ0RUhK/utVpRoDurUbZBUACcCfZD ezF/WWIx2e8Ra4Uj03UuhBw= =OctO -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 3 20:27:19 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Nov 2010 14:27:19 -0600 Subject: [RHSA-2010:0825-01] Moderate: mysql security update Message-ID: <201011032027.oA3KRJGs013317@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2010:0825-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0825.html Issue date: 2010-11-03 CVE Names: CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 ===================================================================== 1. Summary: Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575) 628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044) 628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711) 628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) 640751 - CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826) 640819 - CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564) 640845 - CVE-2010-3836 MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568) 640856 - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476) 640858 - CVE-2010-3838 MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461) 640861 - CVE-2010-3839 MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544) 640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.77-4.el5_5.4.src.rpm i386: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm x86_64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.77-4.el5_5.4.src.rpm i386: mysql-bench-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-server-5.0.77-4.el5_5.4.i386.rpm mysql-test-5.0.77-4.el5_5.4.i386.rpm x86_64: mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm mysql-server-5.0.77-4.el5_5.4.x86_64.rpm mysql-test-5.0.77-4.el5_5.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.77-4.el5_5.4.src.rpm i386: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-bench-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-server-5.0.77-4.el5_5.4.i386.rpm mysql-test-5.0.77-4.el5_5.4.i386.rpm ia64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.ia64.rpm mysql-bench-5.0.77-4.el5_5.4.ia64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ia64.rpm mysql-devel-5.0.77-4.el5_5.4.ia64.rpm mysql-server-5.0.77-4.el5_5.4.ia64.rpm mysql-test-5.0.77-4.el5_5.4.ia64.rpm ppc: mysql-5.0.77-4.el5_5.4.ppc.rpm mysql-5.0.77-4.el5_5.4.ppc64.rpm mysql-bench-5.0.77-4.el5_5.4.ppc.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ppc.rpm mysql-debuginfo-5.0.77-4.el5_5.4.ppc64.rpm mysql-devel-5.0.77-4.el5_5.4.ppc.rpm mysql-devel-5.0.77-4.el5_5.4.ppc64.rpm mysql-server-5.0.77-4.el5_5.4.ppc.rpm mysql-server-5.0.77-4.el5_5.4.ppc64.rpm mysql-test-5.0.77-4.el5_5.4.ppc.rpm s390x: mysql-5.0.77-4.el5_5.4.s390.rpm mysql-5.0.77-4.el5_5.4.s390x.rpm mysql-bench-5.0.77-4.el5_5.4.s390x.rpm mysql-debuginfo-5.0.77-4.el5_5.4.s390.rpm mysql-debuginfo-5.0.77-4.el5_5.4.s390x.rpm mysql-devel-5.0.77-4.el5_5.4.s390.rpm mysql-devel-5.0.77-4.el5_5.4.s390x.rpm mysql-server-5.0.77-4.el5_5.4.s390x.rpm mysql-test-5.0.77-4.el5_5.4.s390x.rpm x86_64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.x86_64.rpm mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm mysql-debuginfo-5.0.77-4.el5_5.4.i386.rpm mysql-debuginfo-5.0.77-4.el5_5.4.x86_64.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm mysql-server-5.0.77-4.el5_5.4.x86_64.rpm mysql-test-5.0.77-4.el5_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3677.html https://www.redhat.com/security/data/cve/CVE-2010-3680.html https://www.redhat.com/security/data/cve/CVE-2010-3681.html https://www.redhat.com/security/data/cve/CVE-2010-3682.html https://www.redhat.com/security/data/cve/CVE-2010-3833.html https://www.redhat.com/security/data/cve/CVE-2010-3835.html https://www.redhat.com/security/data/cve/CVE-2010-3836.html https://www.redhat.com/security/data/cve/CVE-2010-3837.html https://www.redhat.com/security/data/cve/CVE-2010-3838.html https://www.redhat.com/security/data/cve/CVE-2010-3839.html https://www.redhat.com/security/data/cve/CVE-2010-3840.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM0cVeXlSAg2UNWIIRAo2wAJ9El7FssRd8ARHXSNUF/tRwiLmHgwCfczvp GlADjy9lPl4R9Kp2zumFuuU= =z1hX -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Nov 6 00:52:01 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 5 Nov 2010 20:52:01 -0400 Subject: [RHSA-2010:0829-01] Critical: flash-plugin security update Message-ID: <201011060052.oA60q21k021597@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2010:0829-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0829.html Issue date: 2010-11-05 CVE Names: CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654) An input validation flaw was discovered in flash-plugin. Certain server encodings could lead to a bypass of cross-domain policy file restrictions, possibly leading to cross-domain information disclosure. (CVE-2010-3636) During testing, it was discovered that there were regressions with Flash Player on certain sites, such as fullscreen playback on YouTube. Despite these regressions, we feel these security flaws are serious enough to update the package with what Adobe has provided. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.1.102.64. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 647525 - CVE-2010-3654 acroread/flash-plugin: critical vulnerablility (APSA10-05, APSB10-26) 649938 - flash-plugin: security bulletin APSB10-26 6. Package List: RHEL Desktop Supplementary (v. 5 client): i386: flash-plugin-10.1.102.64-1.el5.i386.rpm x86_64: flash-plugin-10.1.102.64-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: flash-plugin-10.1.102.64-1.el5.i386.rpm x86_64: flash-plugin-10.1.102.64-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3636.html https://www.redhat.com/security/data/cve/CVE-2010-3639.html https://www.redhat.com/security/data/cve/CVE-2010-3640.html https://www.redhat.com/security/data/cve/CVE-2010-3641.html https://www.redhat.com/security/data/cve/CVE-2010-3642.html https://www.redhat.com/security/data/cve/CVE-2010-3643.html https://www.redhat.com/security/data/cve/CVE-2010-3644.html https://www.redhat.com/security/data/cve/CVE-2010-3645.html https://www.redhat.com/security/data/cve/CVE-2010-3646.html https://www.redhat.com/security/data/cve/CVE-2010-3647.html https://www.redhat.com/security/data/cve/CVE-2010-3648.html https://www.redhat.com/security/data/cve/CVE-2010-3649.html https://www.redhat.com/security/data/cve/CVE-2010-3650.html https://www.redhat.com/security/data/cve/CVE-2010-3652.html https://www.redhat.com/security/data/cve/CVE-2010-3654.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-26.html 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM1KamXlSAg2UNWIIRAgkWAJ9BUanZbaRqbvrhUaK39f9hikU3vACgw/bO ujjY+72WDR4a9uFUUPW35xY= =rr1i -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 8 16:27:36 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Nov 2010 09:27:36 -0700 Subject: [RHSA-2010:0834-01] Critical: flash-plugin security update Message-ID: <201011081627.oA8GRaNN009563@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2010:0834-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0834.html Issue date: 2010-11-08 CVE Names: CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 Extras. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654) An input validation flaw was discovered in flash-plugin. Certain server encodings could lead to a bypass of cross-domain policy file restrictions, possibly leading to cross-domain information disclosure. (CVE-2010-3636) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 9.0.289.0. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 647525 - CVE-2010-3654 acroread/flash-plugin: critical vulnerablility (APSA10-05, APSB10-26) 649938 - flash-plugin: security bulletin APSB10-26 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.289.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.289.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.289.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.289.0-1.el4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3636.html https://www.redhat.com/security/data/cve/CVE-2010-3639.html https://www.redhat.com/security/data/cve/CVE-2010-3640.html https://www.redhat.com/security/data/cve/CVE-2010-3641.html https://www.redhat.com/security/data/cve/CVE-2010-3642.html https://www.redhat.com/security/data/cve/CVE-2010-3643.html https://www.redhat.com/security/data/cve/CVE-2010-3644.html https://www.redhat.com/security/data/cve/CVE-2010-3645.html https://www.redhat.com/security/data/cve/CVE-2010-3646.html https://www.redhat.com/security/data/cve/CVE-2010-3647.html https://www.redhat.com/security/data/cve/CVE-2010-3648.html https://www.redhat.com/security/data/cve/CVE-2010-3649.html https://www.redhat.com/security/data/cve/CVE-2010-3650.html https://www.redhat.com/security/data/cve/CVE-2010-3652.html https://www.redhat.com/security/data/cve/CVE-2010-3654.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-26.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2CTiXlSAg2UNWIIRAtDtAKCPUtJmVUNl5f9uLl6EWo4e6l0TPACgpOrG NpW4411pfY8AJ+DDg+vDyW8= =KVkg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 9 18:11:07 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Nov 2010 11:11:07 -0700 Subject: [RHSA-2010:0839-01] Moderate: kernel security and bug fix update Message-ID: <201011091811.oA9IB8Sv015287@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2010:0839-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0839.html Issue date: 2010-11-09 CVE Names: CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086 CVE-2010-3477 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the io_submit_one() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3066, Moderate) * A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel XFS file system implementation. A data structure in xfs_ioc_fsgetxattr() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3078, Moderate) * The exception fixup code for the __futex_atomic_op1, __futex_atomic_op2, and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a NOP instruction. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3086, Moderate) * A flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate) * A missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low) Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3066, CVE-2010-3086, and CVE-2010-3067, and Dan Rosenberg for reporting CVE-2010-3078. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 619365 - [LSI 5.6 feat] update megaraid_sas to version 4.31 [rhel-5.5.z] 628889 - [NetApp 5.6 bug] RHEL NFS clients disconnected from NetApp NFSv4 shares with: v4 server returned a bad sequence-id error! [rhel-5.5.z] 629241 - kernel: thinkpad-acpi: lock down video output state access [rhel-5.5.z] 629441 - CVE-2010-3067 kernel: do_io_submit() infoleak 629861 - Reserve PNP enumerated system board iomem resources [rhel-5.5.z] 630540 - [RHEL5.5] soft lockup on vlan with bonding in balance-alb mode [rhel-5.5.z] 630804 - CVE-2010-3078 kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak 630989 - HVM guest w/ UP and PV driver hangs after live migration or suspend/resume [rhel-5.5.z] 631716 - CVE-2010-3066 kernel: io_submit_one() NULL ptr deref 632255 - RHEVH - Vdsm - Storage: lvextend fails during VMs intensive power up [rhel-5.5.z] 633170 - CVE-2010-3086 kernel panic via futex 634976 - icmpmsg_put() in kernel writes beyond array bounds, leading to junk in /proc/net/snmp and memory corruption [rhel-5.5.z] 634977 - Spinning up disk for device on standby path causing long boot up [rhel-5.5.z] 636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak 637069 - time drift with VXTIME_PMTMR mode in case of early / short real ticks [rhel-5.5.z] 637206 - system crashes due to corrupt net_device_wrapper structure [rhel-5.5.z] 637220 - [RHEL5 IA64 XEN] netfront driver: alloc_dev: Private data too big. [rhel-5.5.z] 637727 - lpfc ioctl crash in lpfc_nlp_put() [rhel-5.5.z] 638579 - dasd: fix race between tasklet and dasd_sleep_on [rhel-5.5.z] 638866 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.5.z] 639073 - GFS1 vs GFS2 performance issue [rhel-5.5.z] 640973 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover [rhel-5.5.z] 641915 - backward time drift in RHEL4, 5, and 6 Xen HVM guests that use PM timer / bug in hypervisor routine pmt_update_time() [rhel-5.5.z] 642465 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write 642470 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write [rhel-5.5.z] 642628 - [5.6 FEAT] NFSv4 remove does not wait for close. Silly rename [rhel-5.5.z] 643135 - [NetApp/QLogic 5.5.z bug] Kernel panic hit on RHEL 5.5 QLogic FC host at qla2x00_abort_fcport_cmds [rhel-5.5.z] 643571 - [EMC 5.6 bug] severe fragmentation with xfs file system [rhel-5.5.z] 643806 - Add OFED-1.5.2 patch to increase log_mtts_per_seg for 5.5z-stream [rhel-5.5.z] 644822 - 802.3ad link aggregation won't work with newer (2.6.194-8.1.el5) kernel and ixgbe driver [rhel-5.5.z] 647601 - Direct IO write to a file on an nfs mount does not work [rhel-5.5.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.26.1.el5.src.rpm i386: kernel-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.26.1.el5.i686.rpm kernel-debug-2.6.18-194.26.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.26.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.i686.rpm kernel-devel-2.6.18-194.26.1.el5.i686.rpm kernel-headers-2.6.18-194.26.1.el5.i386.rpm kernel-xen-2.6.18-194.26.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.26.1.el5.i686.rpm noarch: kernel-doc-2.6.18-194.26.1.el5.noarch.rpm x86_64: kernel-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.26.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.x86_64.rpm kernel-devel-2.6.18-194.26.1.el5.x86_64.rpm kernel-headers-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.26.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.26.1.el5.src.rpm i386: kernel-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.26.1.el5.i686.rpm kernel-debug-2.6.18-194.26.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.26.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.i686.rpm kernel-devel-2.6.18-194.26.1.el5.i686.rpm kernel-headers-2.6.18-194.26.1.el5.i386.rpm kernel-xen-2.6.18-194.26.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.26.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.26.1.el5.i686.rpm ia64: kernel-2.6.18-194.26.1.el5.ia64.rpm kernel-debug-2.6.18-194.26.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.ia64.rpm kernel-debug-devel-2.6.18-194.26.1.el5.ia64.rpm kernel-debuginfo-2.6.18-194.26.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.ia64.rpm kernel-devel-2.6.18-194.26.1.el5.ia64.rpm kernel-headers-2.6.18-194.26.1.el5.ia64.rpm kernel-xen-2.6.18-194.26.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.26.1.el5.ia64.rpm kernel-xen-devel-2.6.18-194.26.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.26.1.el5.noarch.rpm ppc: kernel-2.6.18-194.26.1.el5.ppc64.rpm kernel-debug-2.6.18-194.26.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.26.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.26.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.ppc64.rpm kernel-devel-2.6.18-194.26.1.el5.ppc64.rpm kernel-headers-2.6.18-194.26.1.el5.ppc.rpm kernel-headers-2.6.18-194.26.1.el5.ppc64.rpm kernel-kdump-2.6.18-194.26.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.26.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.26.1.el5.ppc64.rpm s390x: kernel-2.6.18-194.26.1.el5.s390x.rpm kernel-debug-2.6.18-194.26.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.s390x.rpm kernel-debug-devel-2.6.18-194.26.1.el5.s390x.rpm kernel-debuginfo-2.6.18-194.26.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.s390x.rpm kernel-devel-2.6.18-194.26.1.el5.s390x.rpm kernel-headers-2.6.18-194.26.1.el5.s390x.rpm kernel-kdump-2.6.18-194.26.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.26.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.26.1.el5.s390x.rpm x86_64: kernel-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.26.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.26.1.el5.x86_64.rpm kernel-devel-2.6.18-194.26.1.el5.x86_64.rpm kernel-headers-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.26.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.26.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3066.html https://www.redhat.com/security/data/cve/CVE-2010-3067.html https://www.redhat.com/security/data/cve/CVE-2010-3078.html https://www.redhat.com/security/data/cve/CVE-2010-3086.html https://www.redhat.com/security/data/cve/CVE-2010-3477.html http://www.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/5.5_Technical_Notes/index.html#RHSA-2010:0839 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2Y6OXlSAg2UNWIIRArUOAKC1b5yoEKRSAt6iPkbE/sevLkRJ1QCeJnrr DpXDZvrvM3t6++9CGG9Hs4E= =LEoq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:27:54 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:27:54 -0700 Subject: [RHSA-2010:0842-01] Important: kernel security and bug fix update Message-ID: <201011101927.oAAJRtnC029534@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0842-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0842.html Issue date: 2010-11-10 CVE Names: CVE-2010-2803 CVE-2010-2955 CVE-2010-2962 CVE-2010-3079 CVE-2010-3081 CVE-2010-3084 CVE-2010-3301 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3698 CVE-2010-3705 CVE-2010-3904 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important) * compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) * A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu Ethernet driver in the Linux kernel, could allow a local user to cause a denial of service or escalate their privileges. (CVE-2010-3084, Important) * A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges. (CVE-2010-3301, Important) * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service. (CVE-2010-3705, Important) * A function in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks, which could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3904, Important) * A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager (DRM) implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-2803, Moderate) * It was found that wireless drivers might not always clear allocated buffers when handling a driver-specific IOCTL information request. A local user could trigger this flaw to cause an information leak. (CVE-2010-2955, Moderate) * A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2010-3079, Moderate) * A flaw in the Linux kernel's packet writing driver could be triggered via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local, unprivileged user with access to "/dev/pktcdvd/control" to cause an information leak. Note: By default, only users in the cdrom group have access to "/dev/pktcdvd/control". (CVE-2010-3437, Moderate) * A flaw was found in the way KVM (Kernel-based Virtual Machine) handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host. (CVE-2010-3698, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2010-2962 and CVE-2010-2803; Ben Hawkes for reporting CVE-2010-3081 and CVE-2010-3301; Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-3705, CVE-2010-3904, and CVE-2010-3437; and Robert Swiecki for reporting CVE-2010-3079. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 621435 - CVE-2010-2803 kernel: drm ioctls infoleak 628434 - CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl 631623 - CVE-2010-3079 kernel: ftrace NULL ptr deref 632069 - CVE-2010-3084 kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL 632292 - RHEL55.x32 crashes when installing under RHEL6 KVM on an AMD host [rhel-6.0.z] 633864 - block: fix s390 tape block driver crash that occurs when it switches the IO scheduler [rhel-6.0.z] 633865 - [FIPS140][RHEL6] kernel module should failed to load if DSA signature check fails when FIPS mode is on [rhel-6.0.z] 633964 - RHEL-UV: kernel panic on boot uvsw-sys [rhel-6.0.z] 633966 - winxp BSOD when boot with cpu mode name [rhel-6.0.z] 634449 - CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 634973 - Detect and recover from cxgb3 adapter parity errors [rhel-6.0.z] 634984 - RHEL6 can NOT boot(displays nothing) on boards with RS880 [rhel-6.0.z] 635951 - kernel-kdump-debuginfo rpm does not contain debug symbols for s390 [rhel-6.0.z] 636116 - MADV_HUGEPAGE undeclared [rhel-6.0.z] 637087 - Kernel Memory dump to a FCP device fails with panic [rhel-6.0.z] 637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config 637688 - CVE-2010-2962 kernel: arbitrary kernel memory write via i915 GEM ioctl 638085 - CVE-2010-3437 kernel: pktcdvd ioctl dev_minor missing range check 638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new() 638973 - [RHEL6 Snapshot 13]: The boot parameters 'nomodeset xforcevesa' is needed to install on Precision M4500 [rhel-6.0.z] 639412 - block: must prevent merges of discard and write requests [rhel-6.0.z] 639879 - CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic 640036 - CVE-2010-3705 kernel: sctp memory corruption in HMAC handling 641258 - fix split_huge_page error like mapcount 3 page_mapcount 2 [rhel-6.0.z] 641454 - Output 'JBD: spotted dirty metadata buffer' message when usrquota is enabled [rhel-6.0.z] 641455 - [Intel 6.0 Bug] NPIV broken in SW FCoE [rhel-6.0.z] 641456 - [Intel 6.1 Bug] FCoE Boot ROM, unable to see LUN during system install thru NPV [rhel-6.0.z] 641457 - FCoE: Do not fall back to non-FIP FLOGI [rhel-6.0.z] 641458 - vmstat incorrectly reports disk IO as swap in [rhel-6.0.z] 641459 - Don't lose dirty bits leading to data corruption during KSM swapping [rhel-6.0.z] 641460 - KSM: fix page_address_in_vma anon_vma oops [rhel-6.0.z] 641483 - Stack size mapping is decreased through mlock/munlock call [rhel-6.0.z] 641907 - lpfc driver oops during rhel6 installation with snapshot 12/13 and emulex FC [rhel-6.0.z] 642043 - slow memory leak in i915 module on all intel hw [rhel-6.0.z] 642045 - major memory leak in radeon driver due when scrolling certain sites in firefox [rhel-6.0.z] 642465 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write 642679 - kernel BUG at mm/huge_memory.c:1279! [rhel-6.0.z] 642680 - XFS: accounting of reclaimable inodes is incorrect [rhel-6.0.z] 642896 - CVE-2010-3904 RDS sockets local privilege escalation 644037 - kernel BUG at mm/huge_memory.c:1267! - mapcount 5 page_mapcount 4 [rhel-6.0.z] 644038 - avoid crashes: backport hold mm->page_table_lock patch [rhel-6.0.z] 644636 - kernel wastes huge amounts of memory due to CONFIG_IMA [rhel-6.0.z] 644926 - calling elevator_change immediately after blk_init_queue results in a null pointer dereference [rhel-6.0.z] 646994 - Booting AMD Dinar system results in softlockups in ttm code [rhel-6.0.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm i386: kernel-2.6.32-71.7.1.el6.i686.rpm kernel-debug-2.6.32-71.7.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-devel-2.6.32-71.7.1.el6.i686.rpm kernel-headers-2.6.32-71.7.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm perf-2.6.32-71.7.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm noarch: kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm perf-2.6.32-71.7.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm i386: kernel-2.6.32-71.7.1.el6.i686.rpm kernel-debug-2.6.32-71.7.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-devel-2.6.32-71.7.1.el6.i686.rpm kernel-headers-2.6.32-71.7.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm perf-2.6.32-71.7.1.el6.noarch.rpm ppc64: kernel-2.6.32-71.7.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.7.1.el6.ppc64.rpm kernel-debug-2.6.32-71.7.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.7.1.el6.ppc64.rpm kernel-devel-2.6.32-71.7.1.el6.ppc64.rpm kernel-headers-2.6.32-71.7.1.el6.ppc64.rpm s390x: kernel-2.6.32-71.7.1.el6.s390x.rpm kernel-debug-2.6.32-71.7.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.s390x.rpm kernel-debug-devel-2.6.32-71.7.1.el6.s390x.rpm kernel-debuginfo-2.6.32-71.7.1.el6.s390x.rpm kernel-devel-2.6.32-71.7.1.el6.s390x.rpm kernel-headers-2.6.32-71.7.1.el6.s390x.rpm kernel-kdump-2.6.32-71.7.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.7.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.7.1.el6.s390x.rpm x86_64: kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm i386: kernel-2.6.32-71.7.1.el6.i686.rpm kernel-debug-2.6.32-71.7.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm kernel-devel-2.6.32-71.7.1.el6.i686.rpm kernel-headers-2.6.32-71.7.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm perf-2.6.32-71.7.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2803.html https://www.redhat.com/security/data/cve/CVE-2010-2955.html https://www.redhat.com/security/data/cve/CVE-2010-2962.html https://www.redhat.com/security/data/cve/CVE-2010-3079.html https://www.redhat.com/security/data/cve/CVE-2010-3081.html https://www.redhat.com/security/data/cve/CVE-2010-3084.html https://www.redhat.com/security/data/cve/CVE-2010-3301.html https://www.redhat.com/security/data/cve/CVE-2010-3432.html https://www.redhat.com/security/data/cve/CVE-2010-3437.html https://www.redhat.com/security/data/cve/CVE-2010-3442.html https://www.redhat.com/security/data/cve/CVE-2010-3698.html https://www.redhat.com/security/data/cve/CVE-2010-3705.html https://www.redhat.com/security/data/cve/CVE-2010-3904.html http://www.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Technical_Notes/index.html#RHSA-2010:0842 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vIpXlSAg2UNWIIRAhP5AKC0brl5x5ea/40EJlXWeMsduhLJUQCdE8oY pU9zeM5DaNHONahSCqnBcuQ= =j8JK -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:28:29 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:28:29 -0700 Subject: [RHSA-2010:0858-03] Important: bzip2 security update Message-ID: <201011101928.oAAJSUDd012847@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bzip2 security update Advisory ID: RHSA-2010:0858-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0858.html Issue date: 2010-11-10 CVE Names: CVE-2010-0405 ===================================================================== 1. Summary: Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 627882 - CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm i386: bzip2-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm x86_64: bzip2-1.0.5-7.el6_0.x86_64.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm i386: bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm x86_64: bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm x86_64: bzip2-1.0.5-7.el6_0.x86_64.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm x86_64: bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm i386: bzip2-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm ppc64: bzip2-1.0.5-7.el6_0.ppc64.rpm bzip2-debuginfo-1.0.5-7.el6_0.ppc.rpm bzip2-debuginfo-1.0.5-7.el6_0.ppc64.rpm bzip2-devel-1.0.5-7.el6_0.ppc.rpm bzip2-devel-1.0.5-7.el6_0.ppc64.rpm bzip2-libs-1.0.5-7.el6_0.ppc.rpm bzip2-libs-1.0.5-7.el6_0.ppc64.rpm s390x: bzip2-1.0.5-7.el6_0.s390x.rpm bzip2-debuginfo-1.0.5-7.el6_0.s390.rpm bzip2-debuginfo-1.0.5-7.el6_0.s390x.rpm bzip2-devel-1.0.5-7.el6_0.s390.rpm bzip2-devel-1.0.5-7.el6_0.s390x.rpm bzip2-libs-1.0.5-7.el6_0.s390.rpm bzip2-libs-1.0.5-7.el6_0.s390x.rpm x86_64: bzip2-1.0.5-7.el6_0.x86_64.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.x86_64.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bzip2-1.0.5-7.el6_0.src.rpm i386: bzip2-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm x86_64: bzip2-1.0.5-7.el6_0.x86_64.rpm bzip2-debuginfo-1.0.5-7.el6_0.i686.rpm bzip2-debuginfo-1.0.5-7.el6_0.x86_64.rpm bzip2-devel-1.0.5-7.el6_0.i686.rpm bzip2-devel-1.0.5-7.el6_0.x86_64.rpm bzip2-libs-1.0.5-7.el6_0.i686.rpm bzip2-libs-1.0.5-7.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0405.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vJPXlSAg2UNWIIRAhDjAKC48dJpaosiVbbCgKPMsTELZQd4DQCdFddW lwFEfrDu228ccL3xrVjYiIU= =BLU3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:30:21 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:30:21 -0700 Subject: [RHSA-2010:0859-03] Important: poppler security update Message-ID: <201011101930.oAAJUMTN013379@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: poppler security update Advisory ID: RHSA-2010:0859-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0859.html Issue date: 2010-11-10 CVE Names: CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 ===================================================================== 1. Summary: Updated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 639356 - CVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-utils-0.12.4-3.el6_0.1.i686.rpm x86_64: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-0.12.4-3.el6_0.1.x86_64.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.x86_64.rpm poppler-utils-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm x86_64: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm x86_64: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-0.12.4-3.el6_0.1.x86_64.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-utils-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm x86_64: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-utils-0.12.4-3.el6_0.1.i686.rpm ppc64: poppler-0.12.4-3.el6_0.1.ppc.rpm poppler-0.12.4-3.el6_0.1.ppc64.rpm poppler-debuginfo-0.12.4-3.el6_0.1.ppc.rpm poppler-debuginfo-0.12.4-3.el6_0.1.ppc64.rpm poppler-glib-0.12.4-3.el6_0.1.ppc.rpm poppler-glib-0.12.4-3.el6_0.1.ppc64.rpm poppler-qt4-0.12.4-3.el6_0.1.ppc64.rpm poppler-utils-0.12.4-3.el6_0.1.ppc64.rpm s390x: poppler-0.12.4-3.el6_0.1.s390.rpm poppler-0.12.4-3.el6_0.1.s390x.rpm poppler-debuginfo-0.12.4-3.el6_0.1.s390.rpm poppler-debuginfo-0.12.4-3.el6_0.1.s390x.rpm poppler-glib-0.12.4-3.el6_0.1.s390.rpm poppler-glib-0.12.4-3.el6_0.1.s390x.rpm poppler-qt4-0.12.4-3.el6_0.1.s390x.rpm poppler-utils-0.12.4-3.el6_0.1.s390x.rpm x86_64: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-0.12.4-3.el6_0.1.x86_64.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.x86_64.rpm poppler-utils-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm ppc64: poppler-debuginfo-0.12.4-3.el6_0.1.ppc.rpm poppler-debuginfo-0.12.4-3.el6_0.1.ppc64.rpm poppler-devel-0.12.4-3.el6_0.1.ppc.rpm poppler-devel-0.12.4-3.el6_0.1.ppc64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.ppc.rpm poppler-glib-devel-0.12.4-3.el6_0.1.ppc64.rpm poppler-qt-0.12.4-3.el6_0.1.ppc.rpm poppler-qt-0.12.4-3.el6_0.1.ppc64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.ppc.rpm poppler-qt-devel-0.12.4-3.el6_0.1.ppc64.rpm poppler-qt4-0.12.4-3.el6_0.1.ppc.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.ppc.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.ppc64.rpm s390x: poppler-debuginfo-0.12.4-3.el6_0.1.s390.rpm poppler-debuginfo-0.12.4-3.el6_0.1.s390x.rpm poppler-devel-0.12.4-3.el6_0.1.s390.rpm poppler-devel-0.12.4-3.el6_0.1.s390x.rpm poppler-glib-devel-0.12.4-3.el6_0.1.s390.rpm poppler-glib-devel-0.12.4-3.el6_0.1.s390x.rpm poppler-qt-0.12.4-3.el6_0.1.s390.rpm poppler-qt-0.12.4-3.el6_0.1.s390x.rpm poppler-qt-devel-0.12.4-3.el6_0.1.s390.rpm poppler-qt-devel-0.12.4-3.el6_0.1.s390x.rpm poppler-qt4-0.12.4-3.el6_0.1.s390.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.s390.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.s390x.rpm x86_64: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-utils-0.12.4-3.el6_0.1.i686.rpm x86_64: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-0.12.4-3.el6_0.1.x86_64.rpm poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.x86_64.rpm poppler-utils-0.12.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm x86_64: poppler-debuginfo-0.12.4-3.el6_0.1.i686.rpm poppler-debuginfo-0.12.4-3.el6_0.1.x86_64.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3702.html https://www.redhat.com/security/data/cve/CVE-2010-3703.html https://www.redhat.com/security/data/cve/CVE-2010-3704.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vKyXlSAg2UNWIIRAv3iAJ0WBBem/9uaux2SECY5IccQGCejCQCcCEvc T0JuuP4kNYfX9oaLDZ2Ke4w= =ruzM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:31:12 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:31:12 -0700 Subject: [RHSA-2010:0860-02] Critical: samba security update Message-ID: <201011101931.oAAJVDQs013962@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2010:0860-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0860.html Issue date: 2010-11-10 CVE Names: CVE-2010-3069 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630869 - CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-3.5.4-68.el6_0.1.i686.rpm samba-client-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-winbind-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm x86_64: libsmbclient-3.5.4-68.el6_0.1.i686.rpm libsmbclient-3.5.4-68.el6_0.1.x86_64.rpm samba-client-3.5.4-68.el6_0.1.x86_64.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm samba-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-doc-3.5.4-68.el6_0.1.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.i686.rpm samba-swat-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.1.x86_64.rpm samba-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-doc-3.5.4-68.el6_0.1.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.x86_64.rpm samba-swat-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm x86_64: samba-client-3.5.4-68.el6_0.1.x86_64.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm x86_64: libsmbclient-3.5.4-68.el6_0.1.i686.rpm libsmbclient-3.5.4-68.el6_0.1.x86_64.rpm libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.1.x86_64.rpm samba-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-doc-3.5.4-68.el6_0.1.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.x86_64.rpm samba-swat-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-3.5.4-68.el6_0.1.i686.rpm samba-3.5.4-68.el6_0.1.i686.rpm samba-client-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-winbind-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm ppc64: libsmbclient-3.5.4-68.el6_0.1.ppc.rpm libsmbclient-3.5.4-68.el6_0.1.ppc64.rpm samba-3.5.4-68.el6_0.1.ppc64.rpm samba-client-3.5.4-68.el6_0.1.ppc64.rpm samba-common-3.5.4-68.el6_0.1.ppc.rpm samba-common-3.5.4-68.el6_0.1.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.1.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.1.ppc64.rpm samba-winbind-3.5.4-68.el6_0.1.ppc64.rpm samba-winbind-clients-3.5.4-68.el6_0.1.ppc.rpm samba-winbind-clients-3.5.4-68.el6_0.1.ppc64.rpm s390x: libsmbclient-3.5.4-68.el6_0.1.s390.rpm libsmbclient-3.5.4-68.el6_0.1.s390x.rpm samba-3.5.4-68.el6_0.1.s390x.rpm samba-client-3.5.4-68.el6_0.1.s390x.rpm samba-common-3.5.4-68.el6_0.1.s390.rpm samba-common-3.5.4-68.el6_0.1.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.1.s390.rpm samba-debuginfo-3.5.4-68.el6_0.1.s390x.rpm samba-winbind-3.5.4-68.el6_0.1.s390x.rpm samba-winbind-clients-3.5.4-68.el6_0.1.s390.rpm samba-winbind-clients-3.5.4-68.el6_0.1.s390x.rpm x86_64: libsmbclient-3.5.4-68.el6_0.1.i686.rpm libsmbclient-3.5.4-68.el6_0.1.x86_64.rpm samba-3.5.4-68.el6_0.1.x86_64.rpm samba-client-3.5.4-68.el6_0.1.x86_64.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-doc-3.5.4-68.el6_0.1.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.i686.rpm samba-swat-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm ppc64: libsmbclient-devel-3.5.4-68.el6_0.1.ppc.rpm libsmbclient-devel-3.5.4-68.el6_0.1.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.1.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.1.ppc64.rpm samba-doc-3.5.4-68.el6_0.1.ppc64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.ppc64.rpm samba-swat-3.5.4-68.el6_0.1.ppc64.rpm samba-winbind-devel-3.5.4-68.el6_0.1.ppc.rpm samba-winbind-devel-3.5.4-68.el6_0.1.ppc64.rpm s390x: libsmbclient-devel-3.5.4-68.el6_0.1.s390.rpm libsmbclient-devel-3.5.4-68.el6_0.1.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.1.s390.rpm samba-debuginfo-3.5.4-68.el6_0.1.s390x.rpm samba-doc-3.5.4-68.el6_0.1.s390x.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.s390x.rpm samba-swat-3.5.4-68.el6_0.1.s390x.rpm samba-winbind-devel-3.5.4-68.el6_0.1.s390.rpm samba-winbind-devel-3.5.4-68.el6_0.1.s390x.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-doc-3.5.4-68.el6_0.1.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.x86_64.rpm samba-swat-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-3.5.4-68.el6_0.1.i686.rpm samba-3.5.4-68.el6_0.1.i686.rpm samba-client-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-winbind-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm x86_64: libsmbclient-3.5.4-68.el6_0.1.i686.rpm libsmbclient-3.5.4-68.el6_0.1.x86_64.rpm samba-3.5.4-68.el6_0.1.x86_64.rpm samba-client-3.5.4-68.el6_0.1.x86_64.rpm samba-common-3.5.4-68.el6_0.1.i686.rpm samba-common-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.1.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.4-68.el6_0.1.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-doc-3.5.4-68.el6_0.1.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.i686.rpm samba-swat-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.1.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.1.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.1.i686.rpm samba-debuginfo-3.5.4-68.el6_0.1.x86_64.rpm samba-doc-3.5.4-68.el6_0.1.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.1.x86_64.rpm samba-swat-3.5.4-68.el6_0.1.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.1.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3069.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vLrXlSAg2UNWIIRAjUuAJwKHCcHmdweh9b2M5csOLyMwKiEAgCfdpSv 9/oDz4K7v9epOTrJv6c+2RA= =u0lc -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:31:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:31:57 -0700 Subject: [RHSA-2010:0861-02] Critical: firefox security update Message-ID: <201011101931.oAAJVwII006607@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0861-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0861.html Issue date: 2010-11-10 CVE Names: CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards 642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter 642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs 642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: firefox-3.6.12-1.el6_0.i686.rpm firefox-debuginfo-3.6.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm x86_64: firefox-3.6.12-1.el6_0.x86_64.rpm firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: firefox-3.6.12-1.el6_0.x86_64.rpm firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: firefox-3.6.12-1.el6_0.i686.rpm firefox-debuginfo-3.6.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm ppc64: firefox-3.6.12-1.el6_0.ppc64.rpm firefox-debuginfo-3.6.12-1.el6_0.ppc64.rpm xulrunner-1.9.2.12-1.el6_0.ppc.rpm xulrunner-1.9.2.12-1.el6_0.ppc64.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc64.rpm s390x: firefox-3.6.12-1.el6_0.s390x.rpm firefox-debuginfo-3.6.12-1.el6_0.s390x.rpm xulrunner-1.9.2.12-1.el6_0.s390.rpm xulrunner-1.9.2.12-1.el6_0.s390x.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.s390x.rpm x86_64: firefox-3.6.12-1.el6_0.x86_64.rpm firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.ppc64.rpm xulrunner-devel-1.9.2.12-1.el6_0.ppc.rpm xulrunner-devel-1.9.2.12-1.el6_0.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.12-1.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.s390x.rpm xulrunner-devel-1.9.2.12-1.el6_0.s390.rpm xulrunner-devel-1.9.2.12-1.el6_0.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.12-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: firefox-3.6.12-1.el6_0.i686.rpm firefox-debuginfo-3.6.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm x86_64: firefox-3.6.12-1.el6_0.x86_64.rpm firefox-debuginfo-3.6.12-1.el6_0.x86_64.rpm xulrunner-1.9.2.12-1.el6_0.i686.rpm xulrunner-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.12-1.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.12-1.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.12-1.el6_0.x86_64.rpm xulrunner-devel-1.9.2.12-1.el6_0.i686.rpm xulrunner-devel-1.9.2.12-1.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3175.html https://www.redhat.com/security/data/cve/CVE-2010-3176.html https://www.redhat.com/security/data/cve/CVE-2010-3177.html https://www.redhat.com/security/data/cve/CVE-2010-3178.html https://www.redhat.com/security/data/cve/CVE-2010-3179.html https://www.redhat.com/security/data/cve/CVE-2010-3180.html https://www.redhat.com/security/data/cve/CVE-2010-3182.html https://www.redhat.com/security/data/cve/CVE-2010-3183.html https://www.redhat.com/security/data/cve/CVE-2010-3765.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/ http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/ http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vMWXlSAg2UNWIIRApOkAJsHsYKuJS6rZV/wiB/t3rVMmXCSCQCfdcZe msXDY+N3K39YWrJoxpY7dLM= =xA4/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:32:44 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:32:44 -0700 Subject: [RHSA-2010:0862-02] Low: nss security update Message-ID: <201011101932.oAAJWiQ8031233@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: nss security update Advisory ID: RHSA-2010:0862-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0862.html Issue date: 2010-11-10 CVE Names: CVE-2010-3170 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All NSS users should upgrade to these updated packages, which provide NSS version 3.12.8 to resolve this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630047 - CVE-2010-3170 firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely 642410 - nss update needed for firefox 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm i386: nss-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-sysinit-3.12.8-1.el6_0.i686.rpm nss-tools-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm x86_64: nss-3.12.8-1.el6_0.i686.rpm nss-3.12.8-1.el6_0.x86_64.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.x86_64.rpm nss-sysinit-3.12.8-1.el6_0.x86_64.rpm nss-tools-3.12.8-1.el6_0.x86_64.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm i386: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm x86_64: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.x86_64.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm x86_64: nss-3.12.8-1.el6_0.i686.rpm nss-3.12.8-1.el6_0.x86_64.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.x86_64.rpm nss-sysinit-3.12.8-1.el6_0.x86_64.rpm nss-tools-3.12.8-1.el6_0.x86_64.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm x86_64: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.x86_64.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm i386: nss-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-sysinit-3.12.8-1.el6_0.i686.rpm nss-tools-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm ppc64: nss-3.12.8-1.el6_0.ppc.rpm nss-3.12.8-1.el6_0.ppc64.rpm nss-debuginfo-3.12.8-1.el6_0.ppc.rpm nss-debuginfo-3.12.8-1.el6_0.ppc64.rpm nss-devel-3.12.8-1.el6_0.ppc.rpm nss-devel-3.12.8-1.el6_0.ppc64.rpm nss-softokn-3.12.8-1.el6_0.ppc.rpm nss-softokn-3.12.8-1.el6_0.ppc64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.ppc.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.ppc64.rpm nss-softokn-devel-3.12.8-1.el6_0.ppc.rpm nss-softokn-devel-3.12.8-1.el6_0.ppc64.rpm nss-softokn-freebl-3.12.8-1.el6_0.ppc.rpm nss-softokn-freebl-3.12.8-1.el6_0.ppc64.rpm nss-sysinit-3.12.8-1.el6_0.ppc64.rpm nss-tools-3.12.8-1.el6_0.ppc64.rpm nss-util-3.12.8-1.el6_0.ppc.rpm nss-util-3.12.8-1.el6_0.ppc64.rpm nss-util-debuginfo-3.12.8-1.el6_0.ppc.rpm nss-util-debuginfo-3.12.8-1.el6_0.ppc64.rpm nss-util-devel-3.12.8-1.el6_0.ppc.rpm nss-util-devel-3.12.8-1.el6_0.ppc64.rpm s390x: nss-3.12.8-1.el6_0.s390.rpm nss-3.12.8-1.el6_0.s390x.rpm nss-debuginfo-3.12.8-1.el6_0.s390.rpm nss-debuginfo-3.12.8-1.el6_0.s390x.rpm nss-devel-3.12.8-1.el6_0.s390.rpm nss-devel-3.12.8-1.el6_0.s390x.rpm nss-softokn-3.12.8-1.el6_0.s390.rpm nss-softokn-3.12.8-1.el6_0.s390x.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.s390.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.s390x.rpm nss-softokn-devel-3.12.8-1.el6_0.s390.rpm nss-softokn-devel-3.12.8-1.el6_0.s390x.rpm nss-softokn-freebl-3.12.8-1.el6_0.s390.rpm nss-softokn-freebl-3.12.8-1.el6_0.s390x.rpm nss-sysinit-3.12.8-1.el6_0.s390x.rpm nss-tools-3.12.8-1.el6_0.s390x.rpm nss-util-3.12.8-1.el6_0.s390.rpm nss-util-3.12.8-1.el6_0.s390x.rpm nss-util-debuginfo-3.12.8-1.el6_0.s390.rpm nss-util-debuginfo-3.12.8-1.el6_0.s390x.rpm nss-util-devel-3.12.8-1.el6_0.s390.rpm nss-util-devel-3.12.8-1.el6_0.s390x.rpm x86_64: nss-3.12.8-1.el6_0.i686.rpm nss-3.12.8-1.el6_0.x86_64.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.x86_64.rpm nss-sysinit-3.12.8-1.el6_0.x86_64.rpm nss-tools-3.12.8-1.el6_0.x86_64.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm i386: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm ppc64: nss-debuginfo-3.12.8-1.el6_0.ppc.rpm nss-debuginfo-3.12.8-1.el6_0.ppc64.rpm nss-pkcs11-devel-3.12.8-1.el6_0.ppc.rpm nss-pkcs11-devel-3.12.8-1.el6_0.ppc64.rpm s390x: nss-debuginfo-3.12.8-1.el6_0.s390.rpm nss-debuginfo-3.12.8-1.el6_0.s390x.rpm nss-pkcs11-devel-3.12.8-1.el6_0.s390.rpm nss-pkcs11-devel-3.12.8-1.el6_0.s390x.rpm x86_64: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-softokn-3.12.8-1.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.12.8-1.el6_0.src.rpm i386: nss-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-sysinit-3.12.8-1.el6_0.i686.rpm nss-tools-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm x86_64: nss-3.12.8-1.el6_0.i686.rpm nss-3.12.8-1.el6_0.x86_64.rpm nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-devel-3.12.8-1.el6_0.i686.rpm nss-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-3.12.8-1.el6_0.i686.rpm nss-softokn-3.12.8-1.el6_0.x86_64.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.i686.rpm nss-softokn-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-softokn-devel-3.12.8-1.el6_0.i686.rpm nss-softokn-devel-3.12.8-1.el6_0.x86_64.rpm nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm nss-softokn-freebl-3.12.8-1.el6_0.x86_64.rpm nss-sysinit-3.12.8-1.el6_0.x86_64.rpm nss-tools-3.12.8-1.el6_0.x86_64.rpm nss-util-3.12.8-1.el6_0.i686.rpm nss-util-3.12.8-1.el6_0.x86_64.rpm nss-util-debuginfo-3.12.8-1.el6_0.i686.rpm nss-util-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-util-devel-3.12.8-1.el6_0.i686.rpm nss-util-devel-3.12.8-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.8-1.el6_0.src.rpm i386: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm x86_64: nss-debuginfo-3.12.8-1.el6_0.i686.rpm nss-debuginfo-3.12.8-1.el6_0.x86_64.rpm nss-pkcs11-devel-3.12.8-1.el6_0.i686.rpm nss-pkcs11-devel-3.12.8-1.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3170.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vNDXlSAg2UNWIIRApQNAJ9Kr9KIIJnTX9BN4i7oYBBGPLKBWACfbyS1 wgSRoNeOv95ypUW44Fm3sNs= =ef0G -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:33:25 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:33:25 -0700 Subject: [RHSA-2010:0863-02] Important: krb5 security update Message-ID: <201011101933.oAAJXPcU014535@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2010:0863-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0863.html Issue date: 2010-11-10 CVE Names: CVE-2010-1322 ===================================================================== 1. Summary: Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS (Ticket-granting Server) request messages. A remote, authenticated attacker could use this flaw to crash the KDC or, possibly, disclose KDC memory or execute arbitrary code with the privileges of the KDC (krb5kdc). (CVE-2010-1322) Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Upstream acknowledges Mike Roszkowski as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 636335 - CVE-2010-1322 krb5: KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.i686.rpm krb5-workstation-1.8.2-3.el6_0.1.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-server-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.i686.rpm krb5-server-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-workstation-1.8.2-3.el6_0.1.i686.rpm ppc64: krb5-debuginfo-1.8.2-3.el6_0.1.ppc.rpm krb5-debuginfo-1.8.2-3.el6_0.1.ppc64.rpm krb5-devel-1.8.2-3.el6_0.1.ppc.rpm krb5-devel-1.8.2-3.el6_0.1.ppc64.rpm krb5-libs-1.8.2-3.el6_0.1.ppc.rpm krb5-libs-1.8.2-3.el6_0.1.ppc64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.ppc64.rpm krb5-server-1.8.2-3.el6_0.1.ppc64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.ppc.rpm krb5-server-ldap-1.8.2-3.el6_0.1.ppc64.rpm krb5-workstation-1.8.2-3.el6_0.1.ppc64.rpm s390x: krb5-debuginfo-1.8.2-3.el6_0.1.s390.rpm krb5-debuginfo-1.8.2-3.el6_0.1.s390x.rpm krb5-devel-1.8.2-3.el6_0.1.s390.rpm krb5-devel-1.8.2-3.el6_0.1.s390x.rpm krb5-libs-1.8.2-3.el6_0.1.s390.rpm krb5-libs-1.8.2-3.el6_0.1.s390x.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.s390x.rpm krb5-server-1.8.2-3.el6_0.1.s390x.rpm krb5-server-ldap-1.8.2-3.el6_0.1.s390.rpm krb5-server-ldap-1.8.2-3.el6_0.1.s390x.rpm krb5-workstation-1.8.2-3.el6_0.1.s390x.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.x86_64.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.8.2-3.el6_0.1.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.i686.rpm krb5-server-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-workstation-1.8.2-3.el6_0.1.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.1.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.1.x86_64.rpm krb5-devel-1.8.2-3.el6_0.1.i686.rpm krb5-devel-1.8.2-3.el6_0.1.x86_64.rpm krb5-libs-1.8.2-3.el6_0.1.i686.rpm krb5-libs-1.8.2-3.el6_0.1.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-1.8.2-3.el6_0.1.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.1.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.1.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1322.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vNvXlSAg2UNWIIRAoEAAKCnUYI1+sGjeFUSWTpgY9PgncWHDwCeLhdq rgJkriJugi6LtMbi7Vw52Q4= =DGg3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:34:06 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:34:06 -0700 Subject: [RHSA-2010:0864-02] Important: freetype security update Message-ID: <201011101934.oAAJY6nG014830@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0864-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0864.html Issue date: 2010-11-10 CVE Names: CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311 ===================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. It was found that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2805, CVE-2010-3311) A stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 621907 - CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts 621980 - CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656) 623625 - CVE-2010-3311 freetype: Input stream position error by processing Compact Font Format (CFF) font files 625626 - CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate certain position values 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm ppc64: freetype-2.3.11-6.el6_0.1.ppc.rpm freetype-2.3.11-6.el6_0.1.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.ppc.rpm freetype-debuginfo-2.3.11-6.el6_0.1.ppc64.rpm freetype-devel-2.3.11-6.el6_0.1.ppc.rpm freetype-devel-2.3.11-6.el6_0.1.ppc64.rpm s390x: freetype-2.3.11-6.el6_0.1.s390.rpm freetype-2.3.11-6.el6_0.1.s390x.rpm freetype-debuginfo-2.3.11-6.el6_0.1.s390.rpm freetype-debuginfo-2.3.11-6.el6_0.1.s390x.rpm freetype-devel-2.3.11-6.el6_0.1.s390.rpm freetype-devel-2.3.11-6.el6_0.1.s390x.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_0.1.ppc64.rpm freetype-demos-2.3.11-6.el6_0.1.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_0.1.s390x.rpm freetype-demos-2.3.11-6.el6_0.1.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-2.3.11-6.el6_0.1.i686.rpm freetype-2.3.11-6.el6_0.1.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-devel-2.3.11-6.el6_0.1.i686.rpm freetype-devel-2.3.11-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_0.1.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.1.i686.rpm freetype-demos-2.3.11-6.el6_0.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.1.x86_64.rpm freetype-demos-2.3.11-6.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2805.html https://www.redhat.com/security/data/cve/CVE-2010-2806.html https://www.redhat.com/security/data/cve/CVE-2010-2808.html https://www.redhat.com/security/data/cve/CVE-2010-3311.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vObXlSAg2UNWIIRAkzlAKCOwfOhUQYus2LbAtvBnGiORA827QCgn7c+ qqJRZequxdKFKsl4g7SEycA= =07mU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:34:45 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:34:45 -0700 Subject: [RHSA-2010:0865-02] Important: java-1.6.0-openjdk security and bug fix update Message-ID: <201011101934.oAAJYjDc007484@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security and bug fix update Advisory ID: RHSA-2010:0865-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0865.html Issue date: 2010-11-10 CVE Names: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The java-1.6.0-openjdk packages shipped with the GA release of Red Hat Enterprise Linux 6 mitigated a man-in-the-middle attack in the way the TLS/SSL protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network "connect" permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the "appletviewer" application. Bug fixes: * One defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#642779) 4. Solution: All java-1.6.0-openjdk users are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642779 - Error connecting to Active Directory (AD) over SSL. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.31.b17.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.31.b17.el6_0.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.31.b17.el6_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.31.b17.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-3541.html https://www.redhat.com/security/data/cve/CVE-2010-3548.html https://www.redhat.com/security/data/cve/CVE-2010-3549.html https://www.redhat.com/security/data/cve/CVE-2010-3551.html https://www.redhat.com/security/data/cve/CVE-2010-3553.html https://www.redhat.com/security/data/cve/CVE-2010-3554.html https://www.redhat.com/security/data/cve/CVE-2010-3557.html https://www.redhat.com/security/data/cve/CVE-2010-3561.html https://www.redhat.com/security/data/cve/CVE-2010-3562.html https://www.redhat.com/security/data/cve/CVE-2010-3564.html https://www.redhat.com/security/data/cve/CVE-2010-3565.html https://www.redhat.com/security/data/cve/CVE-2010-3567.html https://www.redhat.com/security/data/cve/CVE-2010-3568.html https://www.redhat.com/security/data/cve/CVE-2010-3569.html https://www.redhat.com/security/data/cve/CVE-2010-3573.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-20491 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFM2vPCXlSAg2UNWIIRAu4KAJMHT/xo4Fv9ySVH6jaEVXkUFKC5AJ0Xqv37 sZIVE+QDOnA71j1I5Mr2mg== =i96s -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:35:30 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:35:30 -0700 Subject: [RHSA-2010:0866-02] Important: cups security update Message-ID: <201011101935.oAAJZV6o015749@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2010:0866-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0866.html Issue date: 2010-11-10 CVE Names: CVE-2010-2941 ===================================================================== 1. Summary: Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 624438 - CVE-2010-2941 cups: cupsd memory corruption vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-lpd-1.4.2-35.el6_0.1.i686.rpm x86_64: cups-1.4.2-35.el6_0.1.x86_64.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.x86_64.rpm cups-lpd-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-php-1.4.2-35.el6_0.1.i686.rpm x86_64: cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.x86_64.rpm cups-php-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm x86_64: cups-1.4.2-35.el6_0.1.x86_64.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.x86_64.rpm cups-lpd-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm x86_64: cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.x86_64.rpm cups-php-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-lpd-1.4.2-35.el6_0.1.i686.rpm ppc64: cups-1.4.2-35.el6_0.1.ppc64.rpm cups-debuginfo-1.4.2-35.el6_0.1.ppc.rpm cups-debuginfo-1.4.2-35.el6_0.1.ppc64.rpm cups-devel-1.4.2-35.el6_0.1.ppc.rpm cups-devel-1.4.2-35.el6_0.1.ppc64.rpm cups-libs-1.4.2-35.el6_0.1.ppc.rpm cups-libs-1.4.2-35.el6_0.1.ppc64.rpm cups-lpd-1.4.2-35.el6_0.1.ppc64.rpm s390x: cups-1.4.2-35.el6_0.1.s390x.rpm cups-debuginfo-1.4.2-35.el6_0.1.s390.rpm cups-debuginfo-1.4.2-35.el6_0.1.s390x.rpm cups-devel-1.4.2-35.el6_0.1.s390.rpm cups-devel-1.4.2-35.el6_0.1.s390x.rpm cups-libs-1.4.2-35.el6_0.1.s390.rpm cups-libs-1.4.2-35.el6_0.1.s390x.rpm cups-lpd-1.4.2-35.el6_0.1.s390x.rpm x86_64: cups-1.4.2-35.el6_0.1.x86_64.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.x86_64.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.x86_64.rpm cups-lpd-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-php-1.4.2-35.el6_0.1.i686.rpm ppc64: cups-debuginfo-1.4.2-35.el6_0.1.ppc64.rpm cups-php-1.4.2-35.el6_0.1.ppc64.rpm s390x: cups-debuginfo-1.4.2-35.el6_0.1.s390x.rpm cups-php-1.4.2-35.el6_0.1.s390x.rpm x86_64: cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-php-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-lpd-1.4.2-35.el6_0.1.i686.rpm x86_64: cups-1.4.2-35.el6_0.1.x86_64.rpm cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-devel-1.4.2-35.el6_0.1.i686.rpm cups-devel-1.4.2-35.el6_0.1.x86_64.rpm cups-libs-1.4.2-35.el6_0.1.i686.rpm cups-libs-1.4.2-35.el6_0.1.x86_64.rpm cups-lpd-1.4.2-35.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-35.el6_0.1.src.rpm i386: cups-debuginfo-1.4.2-35.el6_0.1.i686.rpm cups-php-1.4.2-35.el6_0.1.i686.rpm x86_64: cups-debuginfo-1.4.2-35.el6_0.1.x86_64.rpm cups-php-1.4.2-35.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2941.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vPrXlSAg2UNWIIRAgTKAJ4n0qAROmQd8dhYlmm/XMgPDGoP3ACePWMV nT1hqfsJH4aS3ognz79JaqI= =QnEI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:40:16 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:40:16 -0700 Subject: [RHSA-2010:0867-02] Critical: flash-plugin security update Message-ID: <201011101940.oAAJeG32002181@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2010:0867-02 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0867.html Issue date: 2010-11-10 CVE Names: CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654) An input validation flaw was discovered in flash-plugin. Certain server encodings could lead to a bypass of cross-domain policy file restrictions, possibly leading to cross-domain information disclosure. (CVE-2010-3636) During testing, it was discovered that there were regressions with Flash Player on certain sites, such as fullscreen playback on YouTube. Despite these regressions, we feel these security flaws are serious enough to update the package with what Adobe has provided. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.1.102.64. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 647525 - CVE-2010-3654 acroread/flash-plugin: critical vulnerablility (APSA10-05, APSB10-26) 649938 - flash-plugin: security bulletin APSB10-26 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.1.102.64-1.el6.i686.rpm x86_64: flash-plugin-10.1.102.64-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.1.102.64-1.el6.i686.rpm x86_64: flash-plugin-10.1.102.64-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.1.102.64-1.el6.i686.rpm x86_64: flash-plugin-10.1.102.64-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3636.html https://www.redhat.com/security/data/cve/CVE-2010-3639.html https://www.redhat.com/security/data/cve/CVE-2010-3640.html https://www.redhat.com/security/data/cve/CVE-2010-3641.html https://www.redhat.com/security/data/cve/CVE-2010-3642.html https://www.redhat.com/security/data/cve/CVE-2010-3643.html https://www.redhat.com/security/data/cve/CVE-2010-3644.html https://www.redhat.com/security/data/cve/CVE-2010-3645.html https://www.redhat.com/security/data/cve/CVE-2010-3646.html https://www.redhat.com/security/data/cve/CVE-2010-3647.html https://www.redhat.com/security/data/cve/CVE-2010-3648.html https://www.redhat.com/security/data/cve/CVE-2010-3649.html https://www.redhat.com/security/data/cve/CVE-2010-3650.html https://www.redhat.com/security/data/cve/CVE-2010-3652.html https://www.redhat.com/security/data/cve/CVE-2010-3654.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-26.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vQSXlSAg2UNWIIRAsHUAJ9+zmZ8VvAVHgK70VTYAN6G+XI2NwCeOw9D n1uIAxr1hYscoItm3oCv6Kg= =Mybx -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:41:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:41:32 -0700 Subject: [RHSA-2010:0872-02] Important: glibc security and bug fix update Message-ID: <201011101941.oAAJfWDe017594@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: glibc security and bug fix update Advisory ID: RHSA-2010:0872-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0872.html Issue date: 2010-11-10 CVE Names: CVE-2010-3847 CVE-2010-3856 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847) It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856) Red Hat would like to thank Tavis Ormandy for reporting the CVE-2010-3847 issue, and Ben Hawkes and Tavis Ormandy for reporting the CVE-2010-3856 issue. This update also fixes the following bugs: * Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected. (BZ#643341) * The "TCB_ALIGNMENT" value has been increased to 32 bytes to prevent applications from crashing during symbol resolution on 64-bit systems with support for Intel AVX vector registers. (BZ#643343) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 643306 - CVE-2010-3847 glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs 643341 - memmem, strstr, and strcasestr are broken 643343 - [Intel 6.0 Bug] Dynamic linker failed to align TCB for AVX 645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-common-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-headers-2.12-1.7.el6_0.3.i686.rpm glibc-utils-2.12-1.7.el6_0.3.i686.rpm nscd-2.12-1.7.el6_0.3.i686.rpm x86_64: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-2.12-1.7.el6_0.3.x86_64.rpm glibc-common-2.12-1.7.el6_0.3.x86_64.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.x86_64.rpm glibc-headers-2.12-1.7.el6_0.3.x86_64.rpm glibc-utils-2.12-1.7.el6_0.3.x86_64.rpm nscd-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-static-2.12-1.7.el6_0.3.i686.rpm x86_64: glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-static-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm x86_64: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-2.12-1.7.el6_0.3.x86_64.rpm glibc-common-2.12-1.7.el6_0.3.x86_64.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.x86_64.rpm glibc-headers-2.12-1.7.el6_0.3.x86_64.rpm glibc-utils-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm x86_64: glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-static-2.12-1.7.el6_0.3.x86_64.rpm nscd-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-common-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-headers-2.12-1.7.el6_0.3.i686.rpm glibc-utils-2.12-1.7.el6_0.3.i686.rpm nscd-2.12-1.7.el6_0.3.i686.rpm ppc64: glibc-2.12-1.7.el6_0.3.ppc.rpm glibc-2.12-1.7.el6_0.3.ppc64.rpm glibc-common-2.12-1.7.el6_0.3.ppc64.rpm glibc-debuginfo-2.12-1.7.el6_0.3.ppc.rpm glibc-debuginfo-2.12-1.7.el6_0.3.ppc64.rpm glibc-devel-2.12-1.7.el6_0.3.ppc.rpm glibc-devel-2.12-1.7.el6_0.3.ppc64.rpm glibc-headers-2.12-1.7.el6_0.3.ppc64.rpm glibc-utils-2.12-1.7.el6_0.3.ppc64.rpm nscd-2.12-1.7.el6_0.3.ppc64.rpm s390x: glibc-2.12-1.7.el6_0.3.s390.rpm glibc-2.12-1.7.el6_0.3.s390x.rpm glibc-common-2.12-1.7.el6_0.3.s390x.rpm glibc-debuginfo-2.12-1.7.el6_0.3.s390.rpm glibc-debuginfo-2.12-1.7.el6_0.3.s390x.rpm glibc-devel-2.12-1.7.el6_0.3.s390.rpm glibc-devel-2.12-1.7.el6_0.3.s390x.rpm glibc-headers-2.12-1.7.el6_0.3.s390x.rpm glibc-utils-2.12-1.7.el6_0.3.s390x.rpm nscd-2.12-1.7.el6_0.3.s390x.rpm x86_64: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-2.12-1.7.el6_0.3.x86_64.rpm glibc-common-2.12-1.7.el6_0.3.x86_64.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.x86_64.rpm glibc-headers-2.12-1.7.el6_0.3.x86_64.rpm glibc-utils-2.12-1.7.el6_0.3.x86_64.rpm nscd-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-static-2.12-1.7.el6_0.3.i686.rpm ppc64: glibc-debuginfo-2.12-1.7.el6_0.3.ppc64.rpm glibc-static-2.12-1.7.el6_0.3.ppc64.rpm s390x: glibc-debuginfo-2.12-1.7.el6_0.3.s390x.rpm glibc-static-2.12-1.7.el6_0.3.s390x.rpm x86_64: glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-static-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-common-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-headers-2.12-1.7.el6_0.3.i686.rpm glibc-utils-2.12-1.7.el6_0.3.i686.rpm nscd-2.12-1.7.el6_0.3.i686.rpm x86_64: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-2.12-1.7.el6_0.3.x86_64.rpm glibc-common-2.12-1.7.el6_0.3.x86_64.rpm glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.x86_64.rpm glibc-headers-2.12-1.7.el6_0.3.x86_64.rpm glibc-utils-2.12-1.7.el6_0.3.x86_64.rpm nscd-2.12-1.7.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-debuginfo-2.12-1.7.el6_0.3.i686.rpm glibc-static-2.12-1.7.el6_0.3.i686.rpm x86_64: glibc-debuginfo-2.12-1.7.el6_0.3.x86_64.rpm glibc-static-2.12-1.7.el6_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3847.html https://www.redhat.com/security/data/cve/CVE-2010-3856.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vVBXlSAg2UNWIIRAnrHAJ9oUOQ0B/t7qQKdbe13H5G9a2BbYwCgin8R zI5tnvloLFQFUvG+Ifda8uI= =Nk0i -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 10 19:42:31 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Nov 2010 12:42:31 -0700 Subject: [RHSA-2010:0873-02] Critical: java-1.5.0-ibm security update Message-ID: <201011101942.oAAJgV7T018219@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2010:0873-02 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0873.html Issue date: 2010-11-10 CVE Names: CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556, CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP2 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642606 - CVE-2010-3559 JDK unspecified vulnerability in Sound component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3541.html https://www.redhat.com/security/data/cve/CVE-2010-3548.html https://www.redhat.com/security/data/cve/CVE-2010-3549.html https://www.redhat.com/security/data/cve/CVE-2010-3550.html https://www.redhat.com/security/data/cve/CVE-2010-3551.html https://www.redhat.com/security/data/cve/CVE-2010-3556.html https://www.redhat.com/security/data/cve/CVE-2010-3559.html https://www.redhat.com/security/data/cve/CVE-2010-3562.html https://www.redhat.com/security/data/cve/CVE-2010-3565.html https://www.redhat.com/security/data/cve/CVE-2010-3566.html https://www.redhat.com/security/data/cve/CVE-2010-3568.html https://www.redhat.com/security/data/cve/CVE-2010-3569.html https://www.redhat.com/security/data/cve/CVE-2010-3572.html https://www.redhat.com/security/data/cve/CVE-2010-3573.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html http://www.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM2vV9XlSAg2UNWIIRArj3AKCsSCD5lL6OKsu8lPPsDz0AGOcnEQCgiWfH nvJqFreqDIh0kzC3gdgztmg= =/Xkv -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Nov 12 09:37:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Nov 2010 09:37:53 +0000 Subject: [RHSA-2010:0882-01] Important: kernel security and bug fix update Message-ID: <201011120937.oAC9brol031041@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0882-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0882.html Issue date: 2010-11-12 CVE Names: CVE-2009-3080 CVE-2009-3620 CVE-2009-4536 CVE-2010-1188 CVE-2010-2240 CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support (ELS). The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An array index error was found in the gdth driver in the Linux kernel. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * NULL pointer dereference flaws were found in the r128 driver in the Linux kernel. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * A flaw was found in the Intel PRO/1000 Linux driver, e1000, in the Linux kernel. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. This flaw could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, Important) * A use-after-free flaw was found in the tcp_rcv_state_process() function in the Linux kernel TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_PKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic (denial of service). (CVE-2010-1188, Important) * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank the X.Org security team for reporting the CVE-2010-2240 issue, with upstream acknowledging Rafal Wojtczuk as the original reporter; and Ben Hawkes for reporting the CVE-2010-3081 issue. This update also fixes the following bug: * The RHSA-2009:1550 kernel update introduced a regression that prevented certain custom kernel modules from loading, failing with "unresolved symbol" errors. This update corrects this issue, allowing the affected modules to load as expected. (BZ#556909) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised 539414 - CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl 552126 - CVE-2009-4536 kernel: e1000 issue reported at 26c3 556909 - unresolved symbol sock_recvmsg_Rsmp_4c34ff14 577711 - CVE-2010-1188 kernel: ipv6: skb is unexpectedly freed 606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: kernel-2.4.21-66.EL.src.rpm i386: kernel-2.4.21-66.EL.athlon.rpm kernel-2.4.21-66.EL.i686.rpm kernel-BOOT-2.4.21-66.EL.i386.rpm kernel-debuginfo-2.4.21-66.EL.athlon.rpm kernel-debuginfo-2.4.21-66.EL.i386.rpm kernel-debuginfo-2.4.21-66.EL.i686.rpm kernel-doc-2.4.21-66.EL.i386.rpm kernel-hugemem-2.4.21-66.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-66.EL.i686.rpm kernel-smp-2.4.21-66.EL.athlon.rpm kernel-smp-2.4.21-66.EL.i686.rpm kernel-smp-unsupported-2.4.21-66.EL.athlon.rpm kernel-smp-unsupported-2.4.21-66.EL.i686.rpm kernel-source-2.4.21-66.EL.i386.rpm kernel-unsupported-2.4.21-66.EL.athlon.rpm kernel-unsupported-2.4.21-66.EL.i686.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: kernel-2.4.21-66.EL.src.rpm i386: kernel-2.4.21-66.EL.athlon.rpm kernel-2.4.21-66.EL.i686.rpm kernel-BOOT-2.4.21-66.EL.i386.rpm kernel-debuginfo-2.4.21-66.EL.athlon.rpm kernel-debuginfo-2.4.21-66.EL.i386.rpm kernel-debuginfo-2.4.21-66.EL.i686.rpm kernel-doc-2.4.21-66.EL.i386.rpm kernel-hugemem-2.4.21-66.EL.i686.rpm kernel-hugemem-unsupported-2.4.21-66.EL.i686.rpm kernel-smp-2.4.21-66.EL.athlon.rpm kernel-smp-2.4.21-66.EL.i686.rpm kernel-smp-unsupported-2.4.21-66.EL.athlon.rpm kernel-smp-unsupported-2.4.21-66.EL.i686.rpm kernel-source-2.4.21-66.EL.i386.rpm kernel-unsupported-2.4.21-66.EL.athlon.rpm kernel-unsupported-2.4.21-66.EL.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3080.html https://www.redhat.com/security/data/cve/CVE-2009-3620.html https://www.redhat.com/security/data/cve/CVE-2009-4536.html https://www.redhat.com/security/data/cve/CVE-2010-1188.html https://www.redhat.com/security/data/cve/CVE-2010-2240.html https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 http://www.redhat.com/rhel/server/extended_lifecycle_support/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM3QrWXlSAg2UNWIIRAoRoAKCeqXq98m3zfAgZbR7mi6KuhSsjuACfS8hW hGzOl6G3TKuLORoaC9qF3zQ= =jMer -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 17:04:28 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 12:04:28 -0500 Subject: [RHSA-2010:0888-01] Important: openssl security update Message-ID: <201011161704.oAGH4T3n032368@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2010:0888-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0888.html Issue date: 2010-11-16 CVE Names: CVE-2010-3864 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenSSL applications. Under certain specific conditions, it may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application. (CVE-2010-3864) Note that this issue does not affect the Apache HTTP Server. Refer to Red Hat Bugzilla bug 649304 for more technical details on how to determine if your application is affected. Red Hat would like to thank Rob Hulswit for reporting this issue. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 649304 - CVE-2010-3864 OpenSSL TLS extension parsing race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm x86_64: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-1.0.0-4.el6_0.1.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm openssl-perl-1.0.0-4.el6_0.1.i686.rpm openssl-static-1.0.0-4.el6_0.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm openssl-static-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm x86_64: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-1.0.0-4.el6_0.1.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm openssl-static-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm ppc64: openssl-1.0.0-4.el6_0.1.ppc.rpm openssl-1.0.0-4.el6_0.1.ppc64.rpm openssl-debuginfo-1.0.0-4.el6_0.1.ppc.rpm openssl-debuginfo-1.0.0-4.el6_0.1.ppc64.rpm openssl-devel-1.0.0-4.el6_0.1.ppc.rpm openssl-devel-1.0.0-4.el6_0.1.ppc64.rpm s390x: openssl-1.0.0-4.el6_0.1.s390.rpm openssl-1.0.0-4.el6_0.1.s390x.rpm openssl-debuginfo-1.0.0-4.el6_0.1.s390.rpm openssl-debuginfo-1.0.0-4.el6_0.1.s390x.rpm openssl-devel-1.0.0-4.el6_0.1.s390.rpm openssl-devel-1.0.0-4.el6_0.1.s390x.rpm x86_64: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-1.0.0-4.el6_0.1.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-perl-1.0.0-4.el6_0.1.i686.rpm openssl-static-1.0.0-4.el6_0.1.i686.rpm ppc64: openssl-debuginfo-1.0.0-4.el6_0.1.ppc64.rpm openssl-perl-1.0.0-4.el6_0.1.ppc64.rpm openssl-static-1.0.0-4.el6_0.1.ppc64.rpm s390x: openssl-debuginfo-1.0.0-4.el6_0.1.s390x.rpm openssl-perl-1.0.0-4.el6_0.1.s390x.rpm openssl-static-1.0.0-4.el6_0.1.s390x.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm openssl-static-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm x86_64: openssl-1.0.0-4.el6_0.1.i686.rpm openssl-1.0.0-4.el6_0.1.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-devel-1.0.0-4.el6_0.1.i686.rpm openssl-devel-1.0.0-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-4.el6_0.1.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.1.i686.rpm openssl-perl-1.0.0-4.el6_0.1.i686.rpm openssl-static-1.0.0-4.el6_0.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.1.x86_64.rpm openssl-perl-1.0.0-4.el6_0.1.x86_64.rpm openssl-static-1.0.0-4.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3864.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4rlVXlSAg2UNWIIRApdbAKCKRS/XcNuU/ydeyDRw6hc1jKnrPACgoaj+ L0CaNc6mmQufE+cvV5h+jl4= =dOzJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 17:16:03 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 12:16:03 -0500 Subject: [RHSA-2010:0889-01] Important: freetype security update Message-ID: <201011161716.oAGHG56q023238@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2010:0889-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0889.html Issue date: 2010-11-16 CVE Names: CVE-2010-3855 ===================================================================== 1. Summary: Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. A heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855) Note: This issue only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 645275 - CVE-2010-3855 Freetype : Heap based buffer overflow in ft_var_readpackedpoints() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-17.el4_8.1.src.rpm i386: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-demos-2.1.9-17.el4_8.1.i386.rpm freetype-devel-2.1.9-17.el4_8.1.i386.rpm freetype-utils-2.1.9-17.el4_8.1.i386.rpm ia64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.ia64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.ia64.rpm freetype-demos-2.1.9-17.el4_8.1.ia64.rpm freetype-devel-2.1.9-17.el4_8.1.ia64.rpm freetype-utils-2.1.9-17.el4_8.1.ia64.rpm ppc: freetype-2.1.9-17.el4_8.1.ppc.rpm freetype-2.1.9-17.el4_8.1.ppc64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.ppc.rpm freetype-debuginfo-2.1.9-17.el4_8.1.ppc64.rpm freetype-demos-2.1.9-17.el4_8.1.ppc.rpm freetype-devel-2.1.9-17.el4_8.1.ppc.rpm freetype-utils-2.1.9-17.el4_8.1.ppc.rpm s390: freetype-2.1.9-17.el4_8.1.s390.rpm freetype-debuginfo-2.1.9-17.el4_8.1.s390.rpm freetype-demos-2.1.9-17.el4_8.1.s390.rpm freetype-devel-2.1.9-17.el4_8.1.s390.rpm freetype-utils-2.1.9-17.el4_8.1.s390.rpm s390x: freetype-2.1.9-17.el4_8.1.s390.rpm freetype-2.1.9-17.el4_8.1.s390x.rpm freetype-debuginfo-2.1.9-17.el4_8.1.s390.rpm freetype-debuginfo-2.1.9-17.el4_8.1.s390x.rpm freetype-demos-2.1.9-17.el4_8.1.s390x.rpm freetype-devel-2.1.9-17.el4_8.1.s390x.rpm freetype-utils-2.1.9-17.el4_8.1.s390x.rpm x86_64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.x86_64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.x86_64.rpm freetype-demos-2.1.9-17.el4_8.1.x86_64.rpm freetype-devel-2.1.9-17.el4_8.1.x86_64.rpm freetype-utils-2.1.9-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-17.el4_8.1.src.rpm i386: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-demos-2.1.9-17.el4_8.1.i386.rpm freetype-devel-2.1.9-17.el4_8.1.i386.rpm freetype-utils-2.1.9-17.el4_8.1.i386.rpm x86_64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.x86_64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.x86_64.rpm freetype-demos-2.1.9-17.el4_8.1.x86_64.rpm freetype-devel-2.1.9-17.el4_8.1.x86_64.rpm freetype-utils-2.1.9-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-17.el4_8.1.src.rpm i386: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-demos-2.1.9-17.el4_8.1.i386.rpm freetype-devel-2.1.9-17.el4_8.1.i386.rpm freetype-utils-2.1.9-17.el4_8.1.i386.rpm ia64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.ia64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.ia64.rpm freetype-demos-2.1.9-17.el4_8.1.ia64.rpm freetype-devel-2.1.9-17.el4_8.1.ia64.rpm freetype-utils-2.1.9-17.el4_8.1.ia64.rpm x86_64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.x86_64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.x86_64.rpm freetype-demos-2.1.9-17.el4_8.1.x86_64.rpm freetype-devel-2.1.9-17.el4_8.1.x86_64.rpm freetype-utils-2.1.9-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-17.el4_8.1.src.rpm i386: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-demos-2.1.9-17.el4_8.1.i386.rpm freetype-devel-2.1.9-17.el4_8.1.i386.rpm freetype-utils-2.1.9-17.el4_8.1.i386.rpm ia64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.ia64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.ia64.rpm freetype-demos-2.1.9-17.el4_8.1.ia64.rpm freetype-devel-2.1.9-17.el4_8.1.ia64.rpm freetype-utils-2.1.9-17.el4_8.1.ia64.rpm x86_64: freetype-2.1.9-17.el4_8.1.i386.rpm freetype-2.1.9-17.el4_8.1.x86_64.rpm freetype-debuginfo-2.1.9-17.el4_8.1.i386.rpm freetype-debuginfo-2.1.9-17.el4_8.1.x86_64.rpm freetype-demos-2.1.9-17.el4_8.1.x86_64.rpm freetype-devel-2.1.9-17.el4_8.1.x86_64.rpm freetype-utils-2.1.9-17.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_5.1.src.rpm i386: freetype-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm x86_64: freetype-2.2.1-28.el5_5.1.i386.rpm freetype-2.2.1-28.el5_5.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_5.1.src.rpm i386: freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-demos-2.2.1-28.el5_5.1.i386.rpm freetype-devel-2.2.1-28.el5_5.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.x86_64.rpm freetype-demos-2.2.1-28.el5_5.1.x86_64.rpm freetype-devel-2.2.1-28.el5_5.1.i386.rpm freetype-devel-2.2.1-28.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_5.1.src.rpm i386: freetype-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-demos-2.2.1-28.el5_5.1.i386.rpm freetype-devel-2.2.1-28.el5_5.1.i386.rpm ia64: freetype-2.2.1-28.el5_5.1.i386.rpm freetype-2.2.1-28.el5_5.1.ia64.rpm freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.ia64.rpm freetype-demos-2.2.1-28.el5_5.1.ia64.rpm freetype-devel-2.2.1-28.el5_5.1.ia64.rpm ppc: freetype-2.2.1-28.el5_5.1.ppc.rpm freetype-2.2.1-28.el5_5.1.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_5.1.ppc.rpm freetype-debuginfo-2.2.1-28.el5_5.1.ppc64.rpm freetype-demos-2.2.1-28.el5_5.1.ppc.rpm freetype-devel-2.2.1-28.el5_5.1.ppc.rpm freetype-devel-2.2.1-28.el5_5.1.ppc64.rpm s390x: freetype-2.2.1-28.el5_5.1.s390.rpm freetype-2.2.1-28.el5_5.1.s390x.rpm freetype-debuginfo-2.2.1-28.el5_5.1.s390.rpm freetype-debuginfo-2.2.1-28.el5_5.1.s390x.rpm freetype-demos-2.2.1-28.el5_5.1.s390x.rpm freetype-devel-2.2.1-28.el5_5.1.s390.rpm freetype-devel-2.2.1-28.el5_5.1.s390x.rpm x86_64: freetype-2.2.1-28.el5_5.1.i386.rpm freetype-2.2.1-28.el5_5.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_5.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_5.1.x86_64.rpm freetype-demos-2.2.1-28.el5_5.1.x86_64.rpm freetype-devel-2.2.1-28.el5_5.1.i386.rpm freetype-devel-2.2.1-28.el5_5.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm x86_64: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-2.3.11-6.el6_0.2.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-demos-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-demos-2.3.11-6.el6_0.2.x86_64.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm x86_64: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-2.3.11-6.el6_0.2.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-demos-2.3.11-6.el6_0.2.x86_64.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm ppc64: freetype-2.3.11-6.el6_0.2.ppc.rpm freetype-2.3.11-6.el6_0.2.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_0.2.ppc.rpm freetype-debuginfo-2.3.11-6.el6_0.2.ppc64.rpm freetype-devel-2.3.11-6.el6_0.2.ppc.rpm freetype-devel-2.3.11-6.el6_0.2.ppc64.rpm s390x: freetype-2.3.11-6.el6_0.2.s390.rpm freetype-2.3.11-6.el6_0.2.s390x.rpm freetype-debuginfo-2.3.11-6.el6_0.2.s390.rpm freetype-debuginfo-2.3.11-6.el6_0.2.s390x.rpm freetype-devel-2.3.11-6.el6_0.2.s390.rpm freetype-devel-2.3.11-6.el6_0.2.s390x.rpm x86_64: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-2.3.11-6.el6_0.2.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-demos-2.3.11-6.el6_0.2.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_0.2.ppc64.rpm freetype-demos-2.3.11-6.el6_0.2.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_0.2.s390x.rpm freetype-demos-2.3.11-6.el6_0.2.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-demos-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm x86_64: freetype-2.3.11-6.el6_0.2.i686.rpm freetype-2.3.11-6.el6_0.2.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-devel-2.3.11-6.el6_0.2.i686.rpm freetype-devel-2.3.11-6.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_0.2.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_0.2.i686.rpm freetype-demos-2.3.11-6.el6_0.2.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_0.2.x86_64.rpm freetype-demos-2.3.11-6.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3855.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4rwMXlSAg2UNWIIRAmcFAJ9b1zDebvM3gh3d3M+NO64P+rhrBQCgowmH xpWydWhlqJIrdCxsPcTQOeQ= =qok0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 17:50:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 12:50:57 -0500 Subject: [RHSA-2010:0890-01] Moderate: pidgin security update Message-ID: <201011161751.oAGHoxix015639@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2010:0890-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0890.html Issue date: 2010-11-16 CVE Names: CVE-2010-3711 ===================================================================== 1. Summary: Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication. (CVE-2010-3711) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter. All Pidgin users should upgrade to these updated packages, which contain a backported patch to resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 641921 - CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.6.6-6.el6_0.src.rpm i386: libpurple-2.6.6-6.el6_0.i686.rpm pidgin-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm x86_64: libpurple-2.6.6-6.el6_0.i686.rpm libpurple-2.6.6-6.el6_0.x86_64.rpm pidgin-2.6.6-6.el6_0.x86_64.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.6.6-6.el6_0.src.rpm i386: finch-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-perl-2.6.6-6.el6_0.i686.rpm libpurple-tcl-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-docs-2.6.6-6.el6_0.i686.rpm pidgin-perl-2.6.6-6.el6_0.i686.rpm x86_64: finch-2.6.6-6.el6_0.i686.rpm finch-2.6.6-6.el6_0.x86_64.rpm finch-devel-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-perl-2.6.6-6.el6_0.x86_64.rpm libpurple-tcl-2.6.6-6.el6_0.x86_64.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.x86_64.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.x86_64.rpm pidgin-docs-2.6.6-6.el6_0.x86_64.rpm pidgin-perl-2.6.6-6.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.6.6-6.el6_0.src.rpm i386: finch-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.i686.rpm libpurple-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-perl-2.6.6-6.el6_0.i686.rpm libpurple-tcl-2.6.6-6.el6_0.i686.rpm pidgin-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-docs-2.6.6-6.el6_0.i686.rpm pidgin-perl-2.6.6-6.el6_0.i686.rpm ppc64: finch-2.6.6-6.el6_0.ppc.rpm finch-2.6.6-6.el6_0.ppc64.rpm finch-devel-2.6.6-6.el6_0.ppc.rpm finch-devel-2.6.6-6.el6_0.ppc64.rpm libpurple-2.6.6-6.el6_0.ppc.rpm libpurple-2.6.6-6.el6_0.ppc64.rpm libpurple-devel-2.6.6-6.el6_0.ppc.rpm libpurple-devel-2.6.6-6.el6_0.ppc64.rpm libpurple-perl-2.6.6-6.el6_0.ppc64.rpm libpurple-tcl-2.6.6-6.el6_0.ppc64.rpm pidgin-2.6.6-6.el6_0.ppc64.rpm pidgin-debuginfo-2.6.6-6.el6_0.ppc.rpm pidgin-debuginfo-2.6.6-6.el6_0.ppc64.rpm pidgin-devel-2.6.6-6.el6_0.ppc.rpm pidgin-devel-2.6.6-6.el6_0.ppc64.rpm pidgin-docs-2.6.6-6.el6_0.ppc64.rpm pidgin-perl-2.6.6-6.el6_0.ppc64.rpm x86_64: finch-2.6.6-6.el6_0.i686.rpm finch-2.6.6-6.el6_0.x86_64.rpm finch-devel-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-2.6.6-6.el6_0.i686.rpm libpurple-2.6.6-6.el6_0.x86_64.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-perl-2.6.6-6.el6_0.x86_64.rpm libpurple-tcl-2.6.6-6.el6_0.x86_64.rpm pidgin-2.6.6-6.el6_0.x86_64.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.x86_64.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.x86_64.rpm pidgin-docs-2.6.6-6.el6_0.x86_64.rpm pidgin-perl-2.6.6-6.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.6.6-6.el6_0.src.rpm i386: libpurple-2.6.6-6.el6_0.i686.rpm pidgin-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm x86_64: libpurple-2.6.6-6.el6_0.i686.rpm libpurple-2.6.6-6.el6_0.x86_64.rpm pidgin-2.6.6-6.el6_0.x86_64.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.6.6-6.el6_0.src.rpm i386: finch-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-perl-2.6.6-6.el6_0.i686.rpm libpurple-tcl-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-docs-2.6.6-6.el6_0.i686.rpm pidgin-perl-2.6.6-6.el6_0.i686.rpm x86_64: finch-2.6.6-6.el6_0.i686.rpm finch-2.6.6-6.el6_0.x86_64.rpm finch-devel-2.6.6-6.el6_0.i686.rpm finch-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-devel-2.6.6-6.el6_0.i686.rpm libpurple-devel-2.6.6-6.el6_0.x86_64.rpm libpurple-perl-2.6.6-6.el6_0.x86_64.rpm libpurple-tcl-2.6.6-6.el6_0.x86_64.rpm pidgin-debuginfo-2.6.6-6.el6_0.i686.rpm pidgin-debuginfo-2.6.6-6.el6_0.x86_64.rpm pidgin-devel-2.6.6-6.el6_0.i686.rpm pidgin-devel-2.6.6-6.el6_0.x86_64.rpm pidgin-docs-2.6.6-6.el6_0.x86_64.rpm pidgin-perl-2.6.6-6.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3711.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4sQ/XlSAg2UNWIIRAik9AJ9AUa5TbifaTVNPcDGzgmQ98eQjLgCgoe6g XfdjV2pJLo5Xjto1jX4t5Tc= =SUmB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 18:15:16 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 13:15:16 -0500 Subject: [RHSA-2010:0891-01] Moderate: pam security update Message-ID: <201011161815.oAGIFH3H024857@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pam security update Advisory ID: RHSA-2010:0891-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0891.html Issue date: 2010-11-16 CVE Names: CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 ===================================================================== 1. Summary: Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file. Also, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Note: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env. It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 637898 - CVE-2010-3316 pam: pam_xauth missing return value checks from setuid() and similar calls 641335 - CVE-2010-3435 pam: pam_env and pam_mail accessing users' file with root privileges 643043 - CVE-2010-3853 pam: pam_namespace executes namespace.init with service's environment 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm i386: pam-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm x86_64: pam-1.1.1-4.el6_0.1.i686.rpm pam-1.1.1-4.el6_0.1.x86_64.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm i386: pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm x86_64: pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm x86_64: pam-1.1.1-4.el6_0.1.i686.rpm pam-1.1.1-4.el6_0.1.x86_64.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm x86_64: pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm i386: pam-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm ppc64: pam-1.1.1-4.el6_0.1.ppc.rpm pam-1.1.1-4.el6_0.1.ppc64.rpm pam-debuginfo-1.1.1-4.el6_0.1.ppc.rpm pam-debuginfo-1.1.1-4.el6_0.1.ppc64.rpm pam-devel-1.1.1-4.el6_0.1.ppc.rpm pam-devel-1.1.1-4.el6_0.1.ppc64.rpm s390x: pam-1.1.1-4.el6_0.1.s390.rpm pam-1.1.1-4.el6_0.1.s390x.rpm pam-debuginfo-1.1.1-4.el6_0.1.s390.rpm pam-debuginfo-1.1.1-4.el6_0.1.s390x.rpm pam-devel-1.1.1-4.el6_0.1.s390.rpm pam-devel-1.1.1-4.el6_0.1.s390x.rpm x86_64: pam-1.1.1-4.el6_0.1.i686.rpm pam-1.1.1-4.el6_0.1.x86_64.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pam-1.1.1-4.el6_0.1.src.rpm i386: pam-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm x86_64: pam-1.1.1-4.el6_0.1.i686.rpm pam-1.1.1-4.el6_0.1.x86_64.rpm pam-debuginfo-1.1.1-4.el6_0.1.i686.rpm pam-debuginfo-1.1.1-4.el6_0.1.x86_64.rpm pam-devel-1.1.1-4.el6_0.1.i686.rpm pam-devel-1.1.1-4.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3316.html https://www.redhat.com/security/data/cve/CVE-2010-3435.html https://www.redhat.com/security/data/cve/CVE-2010-3853.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4sn5XlSAg2UNWIIRAuB5AJ9gtuG2ADentMBkpczlTA5YkRDunACdF62K kp2lIAPhH4sSN0LC7ZfJxHI= =eM9w -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 18:29:43 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 13:29:43 -0500 Subject: [RHSA-2010:0892-01] Moderate: openswan security update Message-ID: <201011161829.oAGITjdt018701@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openswan security update Advisory ID: RHSA-2010:0892-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0892.html Issue date: 2010-11-16 CVE Names: CVE-2010-3302 CVE-2010-3308 CVE-2010-3752 CVE-2010-3753 ===================================================================== 1. Summary: Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308) Two input sanitization flaws were found in the Openswan client-side handling of Cisco gateway banners. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3752, CVE-2010-3753) Red Hat would like to thank the Openswan project for reporting these issues. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 634264 - CVE-2010-3302 openswan: buffer overflow vulnerability in XAUTH client-side support 637924 - CVE-2010-3308 Openswan cisco banner option handling vulnerability 640711 - CVE-2010-3752 Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet 640715 - CVE-2010-3753 Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-2.6.24-8.el6_0.1.i686.rpm openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm x86_64: openswan-2.6.24-8.el6_0.1.x86_64.rpm openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm openswan-doc-2.6.24-8.el6_0.1.i686.rpm x86_64: openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-2.6.24-8.el6_0.1.i686.rpm openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm ppc64: openswan-2.6.24-8.el6_0.1.ppc64.rpm openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm s390x: openswan-2.6.24-8.el6_0.1.s390x.rpm openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm x86_64: openswan-2.6.24-8.el6_0.1.x86_64.rpm openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm openswan-doc-2.6.24-8.el6_0.1.i686.rpm ppc64: openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm openswan-doc-2.6.24-8.el6_0.1.ppc64.rpm s390x: openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm openswan-doc-2.6.24-8.el6_0.1.s390x.rpm x86_64: openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-2.6.24-8.el6_0.1.i686.rpm openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm x86_64: openswan-2.6.24-8.el6_0.1.x86_64.rpm openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.24-8.el6_0.1.src.rpm i386: openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm openswan-doc-2.6.24-8.el6_0.1.i686.rpm x86_64: openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3302.html https://www.redhat.com/security/data/cve/CVE-2010-3308.html https://www.redhat.com/security/data/cve/CVE-2010-3752.html https://www.redhat.com/security/data/cve/CVE-2010-3753.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4s1tXlSAg2UNWIIRAtH8AJ9n7wWvxO18rpEok8r3Fm68Dy7ztwCfUXt4 Y9B11KvTkaQROedFXDj4lpU= =OQAH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 16 19:20:39 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Nov 2010 14:20:39 -0500 Subject: [RHSA-2010:0893-01] Important: kernel security and bug fix update Message-ID: <201011161920.oAGJKfZw017250@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0893-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0893.html Issue date: 2010-11-16 CVE Names: CVE-2010-2521 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important) This update also fixes the following bugs: * A race condition existed when generating new process IDs with the result that the wrong process could have been signaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638864) * When multiple JBD-based (Journaling Block Device) file systems were mounted concurrently, and no other JBD-based file systems were already mounted, a race could occur between JBD slab cache creation and deletion. (BZ#645653) * A missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#638868) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf 638864 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.3.z] 638868 - race in aio_complete() leads to process hang [rhel-5.3.z] 645653 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.3.z] 6. Package List: Red Hat Enterprise Linux (v. 5.3.z server): Source: kernel-2.6.18-128.26.1.el5.src.rpm i386: kernel-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.26.1.el5.i686.rpm kernel-debug-2.6.18-128.26.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.26.1.el5.i686.rpm kernel-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.i686.rpm kernel-devel-2.6.18-128.26.1.el5.i686.rpm kernel-headers-2.6.18-128.26.1.el5.i386.rpm kernel-xen-2.6.18-128.26.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.26.1.el5.i686.rpm ia64: kernel-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.ia64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.ia64.rpm kernel-devel-2.6.18-128.26.1.el5.ia64.rpm kernel-headers-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-devel-2.6.18-128.26.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.26.1.el5.noarch.rpm ppc: kernel-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.ppc64.rpm kernel-devel-2.6.18-128.26.1.el5.ppc64.rpm kernel-headers-2.6.18-128.26.1.el5.ppc.rpm kernel-headers-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.26.1.el5.ppc64.rpm s390x: kernel-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-devel-2.6.18-128.26.1.el5.s390x.rpm kernel-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.s390x.rpm kernel-devel-2.6.18-128.26.1.el5.s390x.rpm kernel-headers-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.26.1.el5.s390x.rpm x86_64: kernel-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.x86_64.rpm kernel-devel-2.6.18-128.26.1.el5.x86_64.rpm kernel-headers-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.26.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2521.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4tlIXlSAg2UNWIIRAuiKAKCMBlnSsY9IGitEtZI3CVrZMt2ssgCgoAP/ n7rq27KIcLFomWzJpvmxsK0= =VJNZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 17 14:50:15 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Nov 2010 20:20:15 +0530 Subject: [RHSA-2010:0894-01] Important: systemtap security update Message-ID: <201011171450.oAHEoHQT024253@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: systemtap security update Advisory ID: RHSA-2010:0894-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0894.html Issue date: 2010-11-17 CVE Names: CVE-2010-4170 CVE-2010-4171 ===================================================================== 1. Summary: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) It was discovered that staprun did not check if the module to be unloaded was previously loaded by SystemTap. A local, unprivileged user could use this flaw to unload an arbitrary kernel module that was not in use. (CVE-2010-4171) Note: After installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting these issues. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 653604 - CVE-2010-4170 Systemtap: Insecure loading of modules 653606 - CVE-2010-4171 Systemtap: Ability to remove unused modules by unprivileged user 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-1.1-3.el5_5.3.src.rpm i386: systemtap-1.1-3.el5_5.3.i386.rpm systemtap-client-1.1-3.el5_5.3.i386.rpm systemtap-debuginfo-1.1-3.el5_5.3.i386.rpm systemtap-initscript-1.1-3.el5_5.3.i386.rpm systemtap-runtime-1.1-3.el5_5.3.i386.rpm systemtap-sdt-devel-1.1-3.el5_5.3.i386.rpm systemtap-server-1.1-3.el5_5.3.i386.rpm systemtap-testsuite-1.1-3.el5_5.3.i386.rpm x86_64: systemtap-1.1-3.el5_5.3.x86_64.rpm systemtap-client-1.1-3.el5_5.3.x86_64.rpm systemtap-debuginfo-1.1-3.el5_5.3.i386.rpm systemtap-debuginfo-1.1-3.el5_5.3.x86_64.rpm systemtap-initscript-1.1-3.el5_5.3.x86_64.rpm systemtap-runtime-1.1-3.el5_5.3.x86_64.rpm systemtap-sdt-devel-1.1-3.el5_5.3.i386.rpm systemtap-sdt-devel-1.1-3.el5_5.3.x86_64.rpm systemtap-server-1.1-3.el5_5.3.x86_64.rpm systemtap-testsuite-1.1-3.el5_5.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-1.1-3.el5_5.3.src.rpm i386: systemtap-1.1-3.el5_5.3.i386.rpm systemtap-client-1.1-3.el5_5.3.i386.rpm systemtap-debuginfo-1.1-3.el5_5.3.i386.rpm systemtap-initscript-1.1-3.el5_5.3.i386.rpm systemtap-runtime-1.1-3.el5_5.3.i386.rpm systemtap-sdt-devel-1.1-3.el5_5.3.i386.rpm systemtap-server-1.1-3.el5_5.3.i386.rpm systemtap-testsuite-1.1-3.el5_5.3.i386.rpm ia64: systemtap-1.1-3.el5_5.3.ia64.rpm systemtap-client-1.1-3.el5_5.3.ia64.rpm systemtap-debuginfo-1.1-3.el5_5.3.ia64.rpm systemtap-initscript-1.1-3.el5_5.3.ia64.rpm systemtap-runtime-1.1-3.el5_5.3.ia64.rpm systemtap-sdt-devel-1.1-3.el5_5.3.ia64.rpm systemtap-server-1.1-3.el5_5.3.ia64.rpm systemtap-testsuite-1.1-3.el5_5.3.ia64.rpm ppc: systemtap-1.1-3.el5_5.3.ppc64.rpm systemtap-client-1.1-3.el5_5.3.ppc64.rpm systemtap-debuginfo-1.1-3.el5_5.3.ppc64.rpm systemtap-initscript-1.1-3.el5_5.3.ppc64.rpm systemtap-runtime-1.1-3.el5_5.3.ppc64.rpm systemtap-sdt-devel-1.1-3.el5_5.3.ppc64.rpm systemtap-server-1.1-3.el5_5.3.ppc64.rpm systemtap-testsuite-1.1-3.el5_5.3.ppc64.rpm s390x: systemtap-1.1-3.el5_5.3.s390x.rpm systemtap-client-1.1-3.el5_5.3.s390x.rpm systemtap-debuginfo-1.1-3.el5_5.3.s390.rpm systemtap-debuginfo-1.1-3.el5_5.3.s390x.rpm systemtap-initscript-1.1-3.el5_5.3.s390x.rpm systemtap-runtime-1.1-3.el5_5.3.s390x.rpm systemtap-sdt-devel-1.1-3.el5_5.3.s390.rpm systemtap-sdt-devel-1.1-3.el5_5.3.s390x.rpm systemtap-server-1.1-3.el5_5.3.s390x.rpm systemtap-testsuite-1.1-3.el5_5.3.s390x.rpm x86_64: systemtap-1.1-3.el5_5.3.x86_64.rpm systemtap-client-1.1-3.el5_5.3.x86_64.rpm systemtap-debuginfo-1.1-3.el5_5.3.i386.rpm systemtap-debuginfo-1.1-3.el5_5.3.x86_64.rpm systemtap-initscript-1.1-3.el5_5.3.x86_64.rpm systemtap-runtime-1.1-3.el5_5.3.x86_64.rpm systemtap-sdt-devel-1.1-3.el5_5.3.i386.rpm systemtap-sdt-devel-1.1-3.el5_5.3.x86_64.rpm systemtap-server-1.1-3.el5_5.3.x86_64.rpm systemtap-testsuite-1.1-3.el5_5.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-1.2-11.el6_0.i686.rpm systemtap-client-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-grapher-1.2-11.el6_0.i686.rpm systemtap-initscript-1.2-11.el6_0.i686.rpm systemtap-runtime-1.2-11.el6_0.i686.rpm x86_64: systemtap-1.2-11.el6_0.x86_64.rpm systemtap-client-1.2-11.el6_0.x86_64.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-grapher-1.2-11.el6_0.x86_64.rpm systemtap-initscript-1.2-11.el6_0.x86_64.rpm systemtap-runtime-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-server-1.2-11.el6_0.i686.rpm systemtap-testsuite-1.2-11.el6_0.i686.rpm x86_64: systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.x86_64.rpm systemtap-server-1.2-11.el6_0.x86_64.rpm systemtap-testsuite-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm x86_64: systemtap-1.2-11.el6_0.x86_64.rpm systemtap-client-1.2-11.el6_0.x86_64.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-initscript-1.2-11.el6_0.x86_64.rpm systemtap-runtime-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm x86_64: systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-grapher-1.2-11.el6_0.x86_64.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.x86_64.rpm systemtap-server-1.2-11.el6_0.x86_64.rpm systemtap-testsuite-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-1.2-11.el6_0.i686.rpm systemtap-client-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-grapher-1.2-11.el6_0.i686.rpm systemtap-initscript-1.2-11.el6_0.i686.rpm systemtap-runtime-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-server-1.2-11.el6_0.i686.rpm ppc64: systemtap-1.2-11.el6_0.ppc64.rpm systemtap-client-1.2-11.el6_0.ppc64.rpm systemtap-debuginfo-1.2-11.el6_0.ppc.rpm systemtap-debuginfo-1.2-11.el6_0.ppc64.rpm systemtap-grapher-1.2-11.el6_0.ppc64.rpm systemtap-initscript-1.2-11.el6_0.ppc64.rpm systemtap-runtime-1.2-11.el6_0.ppc64.rpm systemtap-sdt-devel-1.2-11.el6_0.ppc.rpm systemtap-sdt-devel-1.2-11.el6_0.ppc64.rpm systemtap-server-1.2-11.el6_0.ppc64.rpm s390x: systemtap-1.2-11.el6_0.s390x.rpm systemtap-client-1.2-11.el6_0.s390x.rpm systemtap-debuginfo-1.2-11.el6_0.s390.rpm systemtap-debuginfo-1.2-11.el6_0.s390x.rpm systemtap-grapher-1.2-11.el6_0.s390x.rpm systemtap-initscript-1.2-11.el6_0.s390x.rpm systemtap-runtime-1.2-11.el6_0.s390x.rpm systemtap-sdt-devel-1.2-11.el6_0.s390.rpm systemtap-sdt-devel-1.2-11.el6_0.s390x.rpm systemtap-server-1.2-11.el6_0.s390x.rpm x86_64: systemtap-1.2-11.el6_0.x86_64.rpm systemtap-client-1.2-11.el6_0.x86_64.rpm systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-grapher-1.2-11.el6_0.x86_64.rpm systemtap-initscript-1.2-11.el6_0.x86_64.rpm systemtap-runtime-1.2-11.el6_0.x86_64.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.x86_64.rpm systemtap-server-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-testsuite-1.2-11.el6_0.i686.rpm ppc64: systemtap-debuginfo-1.2-11.el6_0.ppc64.rpm systemtap-testsuite-1.2-11.el6_0.ppc64.rpm s390x: systemtap-debuginfo-1.2-11.el6_0.s390x.rpm systemtap-testsuite-1.2-11.el6_0.s390x.rpm x86_64: systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-testsuite-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-1.2-11.el6_0.i686.rpm systemtap-client-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-grapher-1.2-11.el6_0.i686.rpm systemtap-initscript-1.2-11.el6_0.i686.rpm systemtap-runtime-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-server-1.2-11.el6_0.i686.rpm x86_64: systemtap-1.2-11.el6_0.x86_64.rpm systemtap-client-1.2-11.el6_0.x86_64.rpm systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-grapher-1.2-11.el6_0.x86_64.rpm systemtap-initscript-1.2-11.el6_0.x86_64.rpm systemtap-runtime-1.2-11.el6_0.x86_64.rpm systemtap-sdt-devel-1.2-11.el6_0.i686.rpm systemtap-sdt-devel-1.2-11.el6_0.x86_64.rpm systemtap-server-1.2-11.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/systemtap-1.2-11.el6_0.src.rpm i386: systemtap-debuginfo-1.2-11.el6_0.i686.rpm systemtap-testsuite-1.2-11.el6_0.i686.rpm x86_64: systemtap-debuginfo-1.2-11.el6_0.x86_64.rpm systemtap-testsuite-1.2-11.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4170.html https://www.redhat.com/security/data/cve/CVE-2010-4171.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4+uSXlSAg2UNWIIRAtB4AJ9AHcu9EYwi/1YJcJ6s0g5OeLJz/wCfQfDQ bcFe83bv5UEln70Ld6hOjIk= =PD4F -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 17 14:59:36 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Nov 2010 20:29:36 +0530 Subject: [RHSA-2010:0895-01] Moderate: systemtap security update Message-ID: <201011171459.oAHExbLC029030@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2010:0895-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0895.html Issue date: 2010-11-17 CVE Names: CVE-2010-4170 ===================================================================== 1. Summary: Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 653604 - CVE-2010-4170 Systemtap: Insecure loading of modules 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/systemtap-0.6.2-2.el4_8.3.src.rpm i386: systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm ia64: systemtap-0.6.2-2.el4_8.3.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm ppc: systemtap-0.6.2-2.el4_8.3.ppc64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.ppc64.rpm systemtap-runtime-0.6.2-2.el4_8.3.ppc64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.ppc64.rpm x86_64: systemtap-0.6.2-2.el4_8.3.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/systemtap-0.6.2-2.el4_8.3.src.rpm i386: systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm x86_64: systemtap-0.6.2-2.el4_8.3.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/systemtap-0.6.2-2.el4_8.3.src.rpm i386: systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm ia64: systemtap-0.6.2-2.el4_8.3.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm x86_64: systemtap-0.6.2-2.el4_8.3.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/systemtap-0.6.2-2.el4_8.3.src.rpm i386: systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm systemtap-testsuite-0.6.2-2.el4_8.3.i386.rpm ia64: systemtap-0.6.2-2.el4_8.3.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.ia64.rpm systemtap-runtime-0.6.2-2.el4_8.3.ia64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.ia64.rpm x86_64: systemtap-0.6.2-2.el4_8.3.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_8.3.x86_64.rpm systemtap-runtime-0.6.2-2.el4_8.3.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4170.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4+2KXlSAg2UNWIIRAsmuAKCyxRgnOi0yz0pW4cGHIQfLeKwvQwCfWoAZ uIaj1I8A8eMcSWYKQTEhJEE= =ilKH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 17 15:21:59 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Nov 2010 20:51:59 +0530 Subject: [RHSA-2010:0896-01] Moderate: thunderbird security update Message-ID: <201011171522.oAHFM1OG006051@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0896-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0896.html Issue date: 2010-11-17 CVE Names: CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards 642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter 642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.6-1.el6_0.src.rpm i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.6-1.el6_0.src.rpm i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm ppc64: thunderbird-3.1.6-1.el6_0.ppc64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.ppc64.rpm s390x: thunderbird-3.1.6-1.el6_0.s390x.rpm thunderbird-debuginfo-3.1.6-1.el6_0.s390x.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.6-1.el6_0.src.rpm i386: thunderbird-3.1.6-1.el6_0.i686.rpm thunderbird-debuginfo-3.1.6-1.el6_0.i686.rpm x86_64: thunderbird-3.1.6-1.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.6-1.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3175.html https://www.redhat.com/security/data/cve/CVE-2010-3176.html https://www.redhat.com/security/data/cve/CVE-2010-3178.html https://www.redhat.com/security/data/cve/CVE-2010-3179.html https://www.redhat.com/security/data/cve/CVE-2010-3180.html https://www.redhat.com/security/data/cve/CVE-2010-3182.html https://www.redhat.com/security/data/cve/CVE-2010-3183.html https://www.redhat.com/security/data/cve/CVE-2010-3765.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4/MMXlSAg2UNWIIRAvsVAJ0aDdhKalioIxr5ZqA1HB8HlqABpQCfQLnr Qjknaq4cNEmD5x+CdKRTHUw= =2+Jy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 23 16:51:49 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Nov 2010 17:51:49 +0100 Subject: [RHSA-2010:0907-01] Important: kernel security and bug fix update Message-ID: <201011231651.oANGpnJd003154@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0907-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0907.html Issue date: 2010-11-23 CVE Names: CVE-2010-2521 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and four bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important) This update also fixes the following bugs: * A race condition existed when generating new process IDs with the result that the wrong process could have been signaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638865) * In a two node cluster, moving 100 files between two folders using the lock master was nearly instantaneous. However, not using the lock master resulted in considerably worse performance on both GFS1 (Global File System 1) and GFS2 (Global File System 2) file systems. With this update, not using the lock master does not lead to worsened performance on either of the aforementioned file systems. (BZ#639071) * The device naming changed after additional devices were added to the system and caused various problems. With this update, device naming remains constant after adding any additional devices. (BZ#646764) * On some bnx2-based devices, frames could drop unexpectedly. This was shown by the increasing "rx_fw_discards" values in the "ethtool --statistics" output. With this update, frames are no longer dropped and all bnx2-based devices work as expected. (BZ#649254) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf 638865 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.4.z] 639071 - GFS1 vs GFS2 performance issue [rhel-5.4.z] 646764 - RHEL5.6 Include DL580 G7 in bfsort whitelist [rhel-5.4.z] 649254 - bnx2 adapter periodically dropping received packets [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux (v. 5.4.z server): Source: kernel-2.6.18-164.30.1.el5.src.rpm i386: kernel-2.6.18-164.30.1.el5.i686.rpm kernel-PAE-2.6.18-164.30.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.30.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.30.1.el5.i686.rpm kernel-debug-2.6.18-164.30.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.30.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.30.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.30.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.30.1.el5.i686.rpm kernel-devel-2.6.18-164.30.1.el5.i686.rpm kernel-headers-2.6.18-164.30.1.el5.i386.rpm kernel-xen-2.6.18-164.30.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.30.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.30.1.el5.i686.rpm ia64: kernel-2.6.18-164.30.1.el5.ia64.rpm kernel-debug-2.6.18-164.30.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.30.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.30.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.30.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.30.1.el5.ia64.rpm kernel-devel-2.6.18-164.30.1.el5.ia64.rpm kernel-headers-2.6.18-164.30.1.el5.ia64.rpm kernel-xen-2.6.18-164.30.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.30.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.30.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.30.1.el5.noarch.rpm ppc: kernel-2.6.18-164.30.1.el5.ppc64.rpm kernel-debug-2.6.18-164.30.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.30.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.30.1.el5.ppc64.rpm kernel-devel-2.6.18-164.30.1.el5.ppc64.rpm kernel-headers-2.6.18-164.30.1.el5.ppc.rpm kernel-headers-2.6.18-164.30.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.30.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.30.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.30.1.el5.s390x.rpm kernel-debug-2.6.18-164.30.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.30.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.30.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.30.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.30.1.el5.s390x.rpm kernel-devel-2.6.18-164.30.1.el5.s390x.rpm kernel-headers-2.6.18-164.30.1.el5.s390x.rpm kernel-kdump-2.6.18-164.30.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.30.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.30.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.30.1.el5.x86_64.rpm kernel-debug-2.6.18-164.30.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.30.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.30.1.el5.x86_64.rpm kernel-devel-2.6.18-164.30.1.el5.x86_64.rpm kernel-headers-2.6.18-164.30.1.el5.x86_64.rpm kernel-xen-2.6.18-164.30.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.30.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2521.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM6/DwXlSAg2UNWIIRAuytAKCy9R9rjk4hzw9PgIMgvtI8eXvSUgCgxF1h aBLB/1H0lRAexbq3x3PQdWU= =yVb2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 23 16:54:10 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Nov 2010 17:54:10 +0100 Subject: [RHSA-2010:0908-01] Moderate: postgresql security update Message-ID: <201011231654.oANGs901004122@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2010:0908-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0908.html Issue date: 2010-11-23 CVE Names: CVE-2010-3433 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will be executed with the privileges of the user that created it. It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433) These updated postgresql packages upgrade PostgreSQL to version 8.4.5. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 639371 - CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm i386: postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm x86_64: postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm i386: postgresql-8.4.5-1.el6_0.2.i686.rpm postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-docs-8.4.5-1.el6_0.2.i686.rpm postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm postgresql-server-8.4.5-1.el6_0.2.i686.rpm postgresql-test-8.4.5-1.el6_0.2.i686.rpm x86_64: postgresql-8.4.5-1.el6_0.2.x86_64.rpm postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm x86_64: postgresql-8.4.5-1.el6_0.2.x86_64.rpm postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm i386: postgresql-8.4.5-1.el6_0.2.i686.rpm postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-docs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm postgresql-server-8.4.5-1.el6_0.2.i686.rpm postgresql-test-8.4.5-1.el6_0.2.i686.rpm ppc64: postgresql-8.4.5-1.el6_0.2.ppc64.rpm postgresql-contrib-8.4.5-1.el6_0.2.ppc64.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.ppc.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.ppc64.rpm postgresql-devel-8.4.5-1.el6_0.2.ppc.rpm postgresql-devel-8.4.5-1.el6_0.2.ppc64.rpm postgresql-docs-8.4.5-1.el6_0.2.ppc64.rpm postgresql-libs-8.4.5-1.el6_0.2.ppc.rpm postgresql-libs-8.4.5-1.el6_0.2.ppc64.rpm postgresql-plperl-8.4.5-1.el6_0.2.ppc64.rpm postgresql-plpython-8.4.5-1.el6_0.2.ppc64.rpm postgresql-pltcl-8.4.5-1.el6_0.2.ppc64.rpm postgresql-server-8.4.5-1.el6_0.2.ppc64.rpm postgresql-test-8.4.5-1.el6_0.2.ppc64.rpm s390x: postgresql-8.4.5-1.el6_0.2.s390x.rpm postgresql-contrib-8.4.5-1.el6_0.2.s390x.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.s390.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.s390x.rpm postgresql-devel-8.4.5-1.el6_0.2.s390.rpm postgresql-devel-8.4.5-1.el6_0.2.s390x.rpm postgresql-docs-8.4.5-1.el6_0.2.s390x.rpm postgresql-libs-8.4.5-1.el6_0.2.s390.rpm postgresql-libs-8.4.5-1.el6_0.2.s390x.rpm postgresql-plperl-8.4.5-1.el6_0.2.s390x.rpm postgresql-plpython-8.4.5-1.el6_0.2.s390x.rpm postgresql-pltcl-8.4.5-1.el6_0.2.s390x.rpm postgresql-server-8.4.5-1.el6_0.2.s390x.rpm postgresql-test-8.4.5-1.el6_0.2.s390x.rpm x86_64: postgresql-8.4.5-1.el6_0.2.x86_64.rpm postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.5-1.el6_0.2.src.rpm i386: postgresql-8.4.5-1.el6_0.2.i686.rpm postgresql-contrib-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-docs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-plperl-8.4.5-1.el6_0.2.i686.rpm postgresql-plpython-8.4.5-1.el6_0.2.i686.rpm postgresql-pltcl-8.4.5-1.el6_0.2.i686.rpm postgresql-server-8.4.5-1.el6_0.2.i686.rpm postgresql-test-8.4.5-1.el6_0.2.i686.rpm x86_64: postgresql-8.4.5-1.el6_0.2.x86_64.rpm postgresql-contrib-8.4.5-1.el6_0.2.x86_64.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.i686.rpm postgresql-debuginfo-8.4.5-1.el6_0.2.x86_64.rpm postgresql-devel-8.4.5-1.el6_0.2.i686.rpm postgresql-devel-8.4.5-1.el6_0.2.x86_64.rpm postgresql-docs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-libs-8.4.5-1.el6_0.2.i686.rpm postgresql-libs-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plperl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-plpython-8.4.5-1.el6_0.2.x86_64.rpm postgresql-pltcl-8.4.5-1.el6_0.2.x86_64.rpm postgresql-server-8.4.5-1.el6_0.2.x86_64.rpm postgresql-test-8.4.5-1.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3433.html http://www.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.1/interactive/sql-createfunction.html http://www.postgresql.org/docs/8.4/static/release.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM6/E1XlSAg2UNWIIRAnoEAKCWNUSyRaNHmnclmqSAHDVbtfn8IQCfT9m7 rpFZnfWgZYUwkFqB2OminOY= =6QpM -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 29 21:41:38 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Nov 2010 14:41:38 -0700 Subject: [RHSA-2010:0918-01] Moderate: cvs security update Message-ID: <201011292141.oATLfdBc023389@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cvs security update Advisory ID: RHSA-2010:0918-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0918.html Issue date: 2010-11-29 CVE Names: CVE-2010-3846 ===================================================================== 1. Summary: An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Concurrent Version System (CVS) is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially-crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository. (CVE-2010-3846) Red Hat would like to thank Ralph Loader for reporting this issue. All users of cvs are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 642146 - CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cvs-1.11.23-11.el6_0.1.src.rpm i386: cvs-1.11.23-11.el6_0.1.i686.rpm cvs-debuginfo-1.11.23-11.el6_0.1.i686.rpm x86_64: cvs-1.11.23-11.el6_0.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cvs-1.11.23-11.el6_0.1.src.rpm x86_64: cvs-1.11.23-11.el6_0.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cvs-1.11.23-11.el6_0.1.src.rpm i386: cvs-1.11.23-11.el6_0.1.i686.rpm cvs-debuginfo-1.11.23-11.el6_0.1.i686.rpm ppc64: cvs-1.11.23-11.el6_0.1.ppc64.rpm cvs-debuginfo-1.11.23-11.el6_0.1.ppc64.rpm s390x: cvs-1.11.23-11.el6_0.1.s390x.rpm cvs-debuginfo-1.11.23-11.el6_0.1.s390x.rpm x86_64: cvs-1.11.23-11.el6_0.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cvs-1.11.23-11.el6_0.1.src.rpm i386: cvs-1.11.23-11.el6_0.1.i686.rpm cvs-debuginfo-1.11.23-11.el6_0.1.i686.rpm x86_64: cvs-1.11.23-11.el6_0.1.x86_64.rpm cvs-debuginfo-1.11.23-11.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3846.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9B3oXlSAg2UNWIIRAoavAJ4xmri7moHCWnv4nT5qIWIdMJQB9gCgo6x7 51VaJJKJER2oZCbTkZOj+LE= =DKSG -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 29 21:42:37 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Nov 2010 14:42:37 -0700 Subject: [RHSA-2010:0919-01] Moderate: php security update Message-ID: <201011292142.oATLgbNJ031864@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2010:0919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0919.html Issue date: 2010-11-29 CVE Names: CVE-2009-5016 CVE-2010-0397 CVE-2010-1128 CVE-2010-1917 CVE-2010-2531 CVE-2010-3065 CVE-2010-3870 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065) An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531) A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870) It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default. This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128) It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917) A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request. (CVE-2010-0397) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 573779 - CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension 577582 - CVE-2010-1128 php: LCG entropy weakness 617232 - CVE-2010-1917 php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021) 617673 - CVE-2010-2531 php: information leak vulnerability in var_export() 619030 - CVE-2010-3065 php: session serializer session data injection vulnerability (MOPS-2010-060) 649056 - CVE-2010-3870 php: XSS mitigation bypass via utf8_decode() 652836 - CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.31.src.rpm i386: php-4.3.9-3.31.i386.rpm php-debuginfo-4.3.9-3.31.i386.rpm php-devel-4.3.9-3.31.i386.rpm php-domxml-4.3.9-3.31.i386.rpm php-gd-4.3.9-3.31.i386.rpm php-imap-4.3.9-3.31.i386.rpm php-ldap-4.3.9-3.31.i386.rpm php-mbstring-4.3.9-3.31.i386.rpm php-mysql-4.3.9-3.31.i386.rpm php-ncurses-4.3.9-3.31.i386.rpm php-odbc-4.3.9-3.31.i386.rpm php-pear-4.3.9-3.31.i386.rpm php-pgsql-4.3.9-3.31.i386.rpm php-snmp-4.3.9-3.31.i386.rpm php-xmlrpc-4.3.9-3.31.i386.rpm ia64: php-4.3.9-3.31.ia64.rpm php-debuginfo-4.3.9-3.31.ia64.rpm php-devel-4.3.9-3.31.ia64.rpm php-domxml-4.3.9-3.31.ia64.rpm php-gd-4.3.9-3.31.ia64.rpm php-imap-4.3.9-3.31.ia64.rpm php-ldap-4.3.9-3.31.ia64.rpm php-mbstring-4.3.9-3.31.ia64.rpm php-mysql-4.3.9-3.31.ia64.rpm php-ncurses-4.3.9-3.31.ia64.rpm php-odbc-4.3.9-3.31.ia64.rpm php-pear-4.3.9-3.31.ia64.rpm php-pgsql-4.3.9-3.31.ia64.rpm php-snmp-4.3.9-3.31.ia64.rpm php-xmlrpc-4.3.9-3.31.ia64.rpm ppc: php-4.3.9-3.31.ppc.rpm php-debuginfo-4.3.9-3.31.ppc.rpm php-devel-4.3.9-3.31.ppc.rpm php-domxml-4.3.9-3.31.ppc.rpm php-gd-4.3.9-3.31.ppc.rpm php-imap-4.3.9-3.31.ppc.rpm php-ldap-4.3.9-3.31.ppc.rpm php-mbstring-4.3.9-3.31.ppc.rpm php-mysql-4.3.9-3.31.ppc.rpm php-ncurses-4.3.9-3.31.ppc.rpm php-odbc-4.3.9-3.31.ppc.rpm php-pear-4.3.9-3.31.ppc.rpm php-pgsql-4.3.9-3.31.ppc.rpm php-snmp-4.3.9-3.31.ppc.rpm php-xmlrpc-4.3.9-3.31.ppc.rpm s390: php-4.3.9-3.31.s390.rpm php-debuginfo-4.3.9-3.31.s390.rpm php-devel-4.3.9-3.31.s390.rpm php-domxml-4.3.9-3.31.s390.rpm php-gd-4.3.9-3.31.s390.rpm php-imap-4.3.9-3.31.s390.rpm php-ldap-4.3.9-3.31.s390.rpm php-mbstring-4.3.9-3.31.s390.rpm php-mysql-4.3.9-3.31.s390.rpm php-ncurses-4.3.9-3.31.s390.rpm php-odbc-4.3.9-3.31.s390.rpm php-pear-4.3.9-3.31.s390.rpm php-pgsql-4.3.9-3.31.s390.rpm php-snmp-4.3.9-3.31.s390.rpm php-xmlrpc-4.3.9-3.31.s390.rpm s390x: php-4.3.9-3.31.s390x.rpm php-debuginfo-4.3.9-3.31.s390x.rpm php-devel-4.3.9-3.31.s390x.rpm php-domxml-4.3.9-3.31.s390x.rpm php-gd-4.3.9-3.31.s390x.rpm php-imap-4.3.9-3.31.s390x.rpm php-ldap-4.3.9-3.31.s390x.rpm php-mbstring-4.3.9-3.31.s390x.rpm php-mysql-4.3.9-3.31.s390x.rpm php-ncurses-4.3.9-3.31.s390x.rpm php-odbc-4.3.9-3.31.s390x.rpm php-pear-4.3.9-3.31.s390x.rpm php-pgsql-4.3.9-3.31.s390x.rpm php-snmp-4.3.9-3.31.s390x.rpm php-xmlrpc-4.3.9-3.31.s390x.rpm x86_64: php-4.3.9-3.31.x86_64.rpm php-debuginfo-4.3.9-3.31.x86_64.rpm php-devel-4.3.9-3.31.x86_64.rpm php-domxml-4.3.9-3.31.x86_64.rpm php-gd-4.3.9-3.31.x86_64.rpm php-imap-4.3.9-3.31.x86_64.rpm php-ldap-4.3.9-3.31.x86_64.rpm php-mbstring-4.3.9-3.31.x86_64.rpm php-mysql-4.3.9-3.31.x86_64.rpm php-ncurses-4.3.9-3.31.x86_64.rpm php-odbc-4.3.9-3.31.x86_64.rpm php-pear-4.3.9-3.31.x86_64.rpm php-pgsql-4.3.9-3.31.x86_64.rpm php-snmp-4.3.9-3.31.x86_64.rpm php-xmlrpc-4.3.9-3.31.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.31.src.rpm i386: php-4.3.9-3.31.i386.rpm php-debuginfo-4.3.9-3.31.i386.rpm php-devel-4.3.9-3.31.i386.rpm php-domxml-4.3.9-3.31.i386.rpm php-gd-4.3.9-3.31.i386.rpm php-imap-4.3.9-3.31.i386.rpm php-ldap-4.3.9-3.31.i386.rpm php-mbstring-4.3.9-3.31.i386.rpm php-mysql-4.3.9-3.31.i386.rpm php-ncurses-4.3.9-3.31.i386.rpm php-odbc-4.3.9-3.31.i386.rpm php-pear-4.3.9-3.31.i386.rpm php-pgsql-4.3.9-3.31.i386.rpm php-snmp-4.3.9-3.31.i386.rpm php-xmlrpc-4.3.9-3.31.i386.rpm x86_64: php-4.3.9-3.31.x86_64.rpm php-debuginfo-4.3.9-3.31.x86_64.rpm php-devel-4.3.9-3.31.x86_64.rpm php-domxml-4.3.9-3.31.x86_64.rpm php-gd-4.3.9-3.31.x86_64.rpm php-imap-4.3.9-3.31.x86_64.rpm php-ldap-4.3.9-3.31.x86_64.rpm php-mbstring-4.3.9-3.31.x86_64.rpm php-mysql-4.3.9-3.31.x86_64.rpm php-ncurses-4.3.9-3.31.x86_64.rpm php-odbc-4.3.9-3.31.x86_64.rpm php-pear-4.3.9-3.31.x86_64.rpm php-pgsql-4.3.9-3.31.x86_64.rpm php-snmp-4.3.9-3.31.x86_64.rpm php-xmlrpc-4.3.9-3.31.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.31.src.rpm i386: php-4.3.9-3.31.i386.rpm php-debuginfo-4.3.9-3.31.i386.rpm php-devel-4.3.9-3.31.i386.rpm php-domxml-4.3.9-3.31.i386.rpm php-gd-4.3.9-3.31.i386.rpm php-imap-4.3.9-3.31.i386.rpm php-ldap-4.3.9-3.31.i386.rpm php-mbstring-4.3.9-3.31.i386.rpm php-mysql-4.3.9-3.31.i386.rpm php-ncurses-4.3.9-3.31.i386.rpm php-odbc-4.3.9-3.31.i386.rpm php-pear-4.3.9-3.31.i386.rpm php-pgsql-4.3.9-3.31.i386.rpm php-snmp-4.3.9-3.31.i386.rpm php-xmlrpc-4.3.9-3.31.i386.rpm ia64: php-4.3.9-3.31.ia64.rpm php-debuginfo-4.3.9-3.31.ia64.rpm php-devel-4.3.9-3.31.ia64.rpm php-domxml-4.3.9-3.31.ia64.rpm php-gd-4.3.9-3.31.ia64.rpm php-imap-4.3.9-3.31.ia64.rpm php-ldap-4.3.9-3.31.ia64.rpm php-mbstring-4.3.9-3.31.ia64.rpm php-mysql-4.3.9-3.31.ia64.rpm php-ncurses-4.3.9-3.31.ia64.rpm php-odbc-4.3.9-3.31.ia64.rpm php-pear-4.3.9-3.31.ia64.rpm php-pgsql-4.3.9-3.31.ia64.rpm php-snmp-4.3.9-3.31.ia64.rpm php-xmlrpc-4.3.9-3.31.ia64.rpm x86_64: php-4.3.9-3.31.x86_64.rpm php-debuginfo-4.3.9-3.31.x86_64.rpm php-devel-4.3.9-3.31.x86_64.rpm php-domxml-4.3.9-3.31.x86_64.rpm php-gd-4.3.9-3.31.x86_64.rpm php-imap-4.3.9-3.31.x86_64.rpm php-ldap-4.3.9-3.31.x86_64.rpm php-mbstring-4.3.9-3.31.x86_64.rpm php-mysql-4.3.9-3.31.x86_64.rpm php-ncurses-4.3.9-3.31.x86_64.rpm php-odbc-4.3.9-3.31.x86_64.rpm php-pear-4.3.9-3.31.x86_64.rpm php-pgsql-4.3.9-3.31.x86_64.rpm php-snmp-4.3.9-3.31.x86_64.rpm php-xmlrpc-4.3.9-3.31.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.31.src.rpm i386: php-4.3.9-3.31.i386.rpm php-debuginfo-4.3.9-3.31.i386.rpm php-devel-4.3.9-3.31.i386.rpm php-domxml-4.3.9-3.31.i386.rpm php-gd-4.3.9-3.31.i386.rpm php-imap-4.3.9-3.31.i386.rpm php-ldap-4.3.9-3.31.i386.rpm php-mbstring-4.3.9-3.31.i386.rpm php-mysql-4.3.9-3.31.i386.rpm php-ncurses-4.3.9-3.31.i386.rpm php-odbc-4.3.9-3.31.i386.rpm php-pear-4.3.9-3.31.i386.rpm php-pgsql-4.3.9-3.31.i386.rpm php-snmp-4.3.9-3.31.i386.rpm php-xmlrpc-4.3.9-3.31.i386.rpm ia64: php-4.3.9-3.31.ia64.rpm php-debuginfo-4.3.9-3.31.ia64.rpm php-devel-4.3.9-3.31.ia64.rpm php-domxml-4.3.9-3.31.ia64.rpm php-gd-4.3.9-3.31.ia64.rpm php-imap-4.3.9-3.31.ia64.rpm php-ldap-4.3.9-3.31.ia64.rpm php-mbstring-4.3.9-3.31.ia64.rpm php-mysql-4.3.9-3.31.ia64.rpm php-ncurses-4.3.9-3.31.ia64.rpm php-odbc-4.3.9-3.31.ia64.rpm php-pear-4.3.9-3.31.ia64.rpm php-pgsql-4.3.9-3.31.ia64.rpm php-snmp-4.3.9-3.31.ia64.rpm php-xmlrpc-4.3.9-3.31.ia64.rpm x86_64: php-4.3.9-3.31.x86_64.rpm php-debuginfo-4.3.9-3.31.x86_64.rpm php-devel-4.3.9-3.31.x86_64.rpm php-domxml-4.3.9-3.31.x86_64.rpm php-gd-4.3.9-3.31.x86_64.rpm php-imap-4.3.9-3.31.x86_64.rpm php-ldap-4.3.9-3.31.x86_64.rpm php-mbstring-4.3.9-3.31.x86_64.rpm php-mysql-4.3.9-3.31.x86_64.rpm php-ncurses-4.3.9-3.31.x86_64.rpm php-odbc-4.3.9-3.31.x86_64.rpm php-pear-4.3.9-3.31.x86_64.rpm php-pgsql-4.3.9-3.31.x86_64.rpm php-snmp-4.3.9-3.31.x86_64.rpm php-xmlrpc-4.3.9-3.31.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-27.el5_5.3.src.rpm i386: php-5.1.6-27.el5_5.3.i386.rpm php-bcmath-5.1.6-27.el5_5.3.i386.rpm php-cli-5.1.6-27.el5_5.3.i386.rpm php-common-5.1.6-27.el5_5.3.i386.rpm php-dba-5.1.6-27.el5_5.3.i386.rpm php-debuginfo-5.1.6-27.el5_5.3.i386.rpm php-devel-5.1.6-27.el5_5.3.i386.rpm php-gd-5.1.6-27.el5_5.3.i386.rpm php-imap-5.1.6-27.el5_5.3.i386.rpm php-ldap-5.1.6-27.el5_5.3.i386.rpm php-mbstring-5.1.6-27.el5_5.3.i386.rpm php-mysql-5.1.6-27.el5_5.3.i386.rpm php-ncurses-5.1.6-27.el5_5.3.i386.rpm php-odbc-5.1.6-27.el5_5.3.i386.rpm php-pdo-5.1.6-27.el5_5.3.i386.rpm php-pgsql-5.1.6-27.el5_5.3.i386.rpm php-snmp-5.1.6-27.el5_5.3.i386.rpm php-soap-5.1.6-27.el5_5.3.i386.rpm php-xml-5.1.6-27.el5_5.3.i386.rpm php-xmlrpc-5.1.6-27.el5_5.3.i386.rpm x86_64: php-5.1.6-27.el5_5.3.x86_64.rpm php-bcmath-5.1.6-27.el5_5.3.x86_64.rpm php-cli-5.1.6-27.el5_5.3.x86_64.rpm php-common-5.1.6-27.el5_5.3.x86_64.rpm php-dba-5.1.6-27.el5_5.3.x86_64.rpm php-debuginfo-5.1.6-27.el5_5.3.x86_64.rpm php-devel-5.1.6-27.el5_5.3.x86_64.rpm php-gd-5.1.6-27.el5_5.3.x86_64.rpm php-imap-5.1.6-27.el5_5.3.x86_64.rpm php-ldap-5.1.6-27.el5_5.3.x86_64.rpm php-mbstring-5.1.6-27.el5_5.3.x86_64.rpm php-mysql-5.1.6-27.el5_5.3.x86_64.rpm php-ncurses-5.1.6-27.el5_5.3.x86_64.rpm php-odbc-5.1.6-27.el5_5.3.x86_64.rpm php-pdo-5.1.6-27.el5_5.3.x86_64.rpm php-pgsql-5.1.6-27.el5_5.3.x86_64.rpm php-snmp-5.1.6-27.el5_5.3.x86_64.rpm php-soap-5.1.6-27.el5_5.3.x86_64.rpm php-xml-5.1.6-27.el5_5.3.x86_64.rpm php-xmlrpc-5.1.6-27.el5_5.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-27.el5_5.3.src.rpm i386: php-5.1.6-27.el5_5.3.i386.rpm php-bcmath-5.1.6-27.el5_5.3.i386.rpm php-cli-5.1.6-27.el5_5.3.i386.rpm php-common-5.1.6-27.el5_5.3.i386.rpm php-dba-5.1.6-27.el5_5.3.i386.rpm php-debuginfo-5.1.6-27.el5_5.3.i386.rpm php-devel-5.1.6-27.el5_5.3.i386.rpm php-gd-5.1.6-27.el5_5.3.i386.rpm php-imap-5.1.6-27.el5_5.3.i386.rpm php-ldap-5.1.6-27.el5_5.3.i386.rpm php-mbstring-5.1.6-27.el5_5.3.i386.rpm php-mysql-5.1.6-27.el5_5.3.i386.rpm php-ncurses-5.1.6-27.el5_5.3.i386.rpm php-odbc-5.1.6-27.el5_5.3.i386.rpm php-pdo-5.1.6-27.el5_5.3.i386.rpm php-pgsql-5.1.6-27.el5_5.3.i386.rpm php-snmp-5.1.6-27.el5_5.3.i386.rpm php-soap-5.1.6-27.el5_5.3.i386.rpm php-xml-5.1.6-27.el5_5.3.i386.rpm php-xmlrpc-5.1.6-27.el5_5.3.i386.rpm ia64: php-5.1.6-27.el5_5.3.ia64.rpm php-bcmath-5.1.6-27.el5_5.3.ia64.rpm php-cli-5.1.6-27.el5_5.3.ia64.rpm php-common-5.1.6-27.el5_5.3.ia64.rpm php-dba-5.1.6-27.el5_5.3.ia64.rpm php-debuginfo-5.1.6-27.el5_5.3.ia64.rpm php-devel-5.1.6-27.el5_5.3.ia64.rpm php-gd-5.1.6-27.el5_5.3.ia64.rpm php-imap-5.1.6-27.el5_5.3.ia64.rpm php-ldap-5.1.6-27.el5_5.3.ia64.rpm php-mbstring-5.1.6-27.el5_5.3.ia64.rpm php-mysql-5.1.6-27.el5_5.3.ia64.rpm php-ncurses-5.1.6-27.el5_5.3.ia64.rpm php-odbc-5.1.6-27.el5_5.3.ia64.rpm php-pdo-5.1.6-27.el5_5.3.ia64.rpm php-pgsql-5.1.6-27.el5_5.3.ia64.rpm php-snmp-5.1.6-27.el5_5.3.ia64.rpm php-soap-5.1.6-27.el5_5.3.ia64.rpm php-xml-5.1.6-27.el5_5.3.ia64.rpm php-xmlrpc-5.1.6-27.el5_5.3.ia64.rpm ppc: php-5.1.6-27.el5_5.3.ppc.rpm php-bcmath-5.1.6-27.el5_5.3.ppc.rpm php-cli-5.1.6-27.el5_5.3.ppc.rpm php-common-5.1.6-27.el5_5.3.ppc.rpm php-dba-5.1.6-27.el5_5.3.ppc.rpm php-debuginfo-5.1.6-27.el5_5.3.ppc.rpm php-devel-5.1.6-27.el5_5.3.ppc.rpm php-gd-5.1.6-27.el5_5.3.ppc.rpm php-imap-5.1.6-27.el5_5.3.ppc.rpm php-ldap-5.1.6-27.el5_5.3.ppc.rpm php-mbstring-5.1.6-27.el5_5.3.ppc.rpm php-mysql-5.1.6-27.el5_5.3.ppc.rpm php-ncurses-5.1.6-27.el5_5.3.ppc.rpm php-odbc-5.1.6-27.el5_5.3.ppc.rpm php-pdo-5.1.6-27.el5_5.3.ppc.rpm php-pgsql-5.1.6-27.el5_5.3.ppc.rpm php-snmp-5.1.6-27.el5_5.3.ppc.rpm php-soap-5.1.6-27.el5_5.3.ppc.rpm php-xml-5.1.6-27.el5_5.3.ppc.rpm php-xmlrpc-5.1.6-27.el5_5.3.ppc.rpm s390x: php-5.1.6-27.el5_5.3.s390x.rpm php-bcmath-5.1.6-27.el5_5.3.s390x.rpm php-cli-5.1.6-27.el5_5.3.s390x.rpm php-common-5.1.6-27.el5_5.3.s390x.rpm php-dba-5.1.6-27.el5_5.3.s390x.rpm php-debuginfo-5.1.6-27.el5_5.3.s390x.rpm php-devel-5.1.6-27.el5_5.3.s390x.rpm php-gd-5.1.6-27.el5_5.3.s390x.rpm php-imap-5.1.6-27.el5_5.3.s390x.rpm php-ldap-5.1.6-27.el5_5.3.s390x.rpm php-mbstring-5.1.6-27.el5_5.3.s390x.rpm php-mysql-5.1.6-27.el5_5.3.s390x.rpm php-ncurses-5.1.6-27.el5_5.3.s390x.rpm php-odbc-5.1.6-27.el5_5.3.s390x.rpm php-pdo-5.1.6-27.el5_5.3.s390x.rpm php-pgsql-5.1.6-27.el5_5.3.s390x.rpm php-snmp-5.1.6-27.el5_5.3.s390x.rpm php-soap-5.1.6-27.el5_5.3.s390x.rpm php-xml-5.1.6-27.el5_5.3.s390x.rpm php-xmlrpc-5.1.6-27.el5_5.3.s390x.rpm x86_64: php-5.1.6-27.el5_5.3.x86_64.rpm php-bcmath-5.1.6-27.el5_5.3.x86_64.rpm php-cli-5.1.6-27.el5_5.3.x86_64.rpm php-common-5.1.6-27.el5_5.3.x86_64.rpm php-dba-5.1.6-27.el5_5.3.x86_64.rpm php-debuginfo-5.1.6-27.el5_5.3.x86_64.rpm php-devel-5.1.6-27.el5_5.3.x86_64.rpm php-gd-5.1.6-27.el5_5.3.x86_64.rpm php-imap-5.1.6-27.el5_5.3.x86_64.rpm php-ldap-5.1.6-27.el5_5.3.x86_64.rpm php-mbstring-5.1.6-27.el5_5.3.x86_64.rpm php-mysql-5.1.6-27.el5_5.3.x86_64.rpm php-ncurses-5.1.6-27.el5_5.3.x86_64.rpm php-odbc-5.1.6-27.el5_5.3.x86_64.rpm php-pdo-5.1.6-27.el5_5.3.x86_64.rpm php-pgsql-5.1.6-27.el5_5.3.x86_64.rpm php-snmp-5.1.6-27.el5_5.3.x86_64.rpm php-soap-5.1.6-27.el5_5.3.x86_64.rpm php-xml-5.1.6-27.el5_5.3.x86_64.rpm php-xmlrpc-5.1.6-27.el5_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-5016.html https://www.redhat.com/security/data/cve/CVE-2010-0397.html https://www.redhat.com/security/data/cve/CVE-2010-1128.html https://www.redhat.com/security/data/cve/CVE-2010-1917.html https://www.redhat.com/security/data/cve/CVE-2010-2531.html https://www.redhat.com/security/data/cve/CVE-2010-3065.html https://www.redhat.com/security/data/cve/CVE-2010-3870.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9B4uXlSAg2UNWIIRAtgBAJwONIvgqNaAhnt5o6xZL6NEfRINjwCbBOqb pl5q85Dktazh8MJSGYxiOS0= =1XjU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 18:40:53 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 11:40:53 -0700 Subject: [RHSA-2010:0921-01] Important: Red Hat Enterprise MRG Messaging and Grid security update Message-ID: <201011301840.oAUIerw3007331@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise MRG Messaging and Grid security update Advisory ID: RHSA-2010:0921-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0921.html Issue date: 2010-11-30 CVE Names: CVE-2010-4179 ===================================================================== 1. Summary: Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server - i386, x86_64 MRG Grid for RHEL 5 Server - i386, x86_64 MRG Management for RHEL 5 Server - noarch Red Hat MRG Messaging Base for RHEL 5 Server - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 5 Server - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. The Management Console Installation Guide for Red Hat Enterprise MRG 1.3 instructed administrators to configure Condor to allow the MRG Management Console (cumin) to submit jobs on behalf of a user. This configuration facilitated a trust relationship between cumin and the Condor QMF plug-ins; however, there was inadequate access control on the trusted channel, allowing anyone able to publish to a broker to submit jobs to run as any other user (except root, as Condor does not run jobs as root). (CVE-2010-4179) These updated packages also include multiple bug fixes. Users are directed to the Red Hat Enterprise MRG 1.3 Technical Notes for information on these changes: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_N otes/RHSA-2010-0921.html All Red Hat Enterprise MRG users are advised to upgrade to these updated packages, which correct this issue and the issues noted in the Red Hat Enterprise MRG 1.3 Technical Notes. After installing the updated packages, Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 620687 - hello_world example does not allow connection options to be set 621468 - rejected messages are not dequeued 631567 - The C++ address parser throws an exception and leaks memory if it parses an empty list 636850 - QMF: console.py fails to pass v2-style events up to console 643384 - Cumin: NameError: global name 'UpdateException' is not defined 647860 - Incorrect detection of data types in address parameters - C++ client 647861 - Incorrect handling of datatypes for numeric queue constraints 649822 - Need mechanism to limit access to QMF Agent methods 649915 - protect cumin password wherever it lives 652463 - Acknowledged messages are not confirmed 654856 - CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops 6. Package List: MRG Grid for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el5.src.rpm i386: condor-7.4.4-0.17.el5.i386.rpm condor-debuginfo-7.4.4-0.17.el5.i386.rpm condor-kbdd-7.4.4-0.17.el5.i386.rpm condor-qmf-7.4.4-0.17.el5.i386.rpm condor-vm-gahp-7.4.4-0.17.el5.i386.rpm x86_64: condor-7.4.4-0.17.el5.x86_64.rpm condor-debuginfo-7.4.4-0.17.el5.x86_64.rpm condor-kbdd-7.4.4-0.17.el5.x86_64.rpm condor-qmf-7.4.4-0.17.el5.x86_64.rpm condor-vm-gahp-7.4.4-0.17.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el5.src.rpm i386: condor-7.4.4-0.17.el5.i386.rpm condor-debuginfo-7.4.4-0.17.el5.i386.rpm condor-kbdd-7.4.4-0.17.el5.i386.rpm condor-qmf-7.4.4-0.17.el5.i386.rpm condor-vm-gahp-7.4.4-0.17.el5.i386.rpm x86_64: condor-7.4.4-0.17.el5.x86_64.rpm condor-debuginfo-7.4.4-0.17.el5.x86_64.rpm condor-kbdd-7.4.4-0.17.el5.x86_64.rpm condor-qmf-7.4.4-0.17.el5.x86_64.rpm condor-vm-gahp-7.4.4-0.17.el5.x86_64.rpm MRG Management for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.4410-2.el5.src.rpm noarch: cumin-0.1.4410-2.el5.noarch.rpm Red Hat MRG Messaging for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el5.src.rpm i386: qmf-0.7.946106-22.el5.i386.rpm qmf-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-client-0.7.946106-22.el5.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el5.i386.rpm qpid-cpp-client-rdma-0.7.946106-22.el5.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el5.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el5.i386.rpm qpid-cpp-server-0.7.946106-22.el5.i386.rpm qpid-cpp-server-cluster-0.7.946106-22.el5.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-server-rdma-0.7.946106-22.el5.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el5.i386.rpm qpid-cpp-server-store-0.7.946106-22.el5.i386.rpm qpid-cpp-server-xml-0.7.946106-22.el5.i386.rpm rh-qpid-cpp-tests-0.7.946106-22.el5.i386.rpm ruby-qmf-0.7.946106-22.el5.i386.rpm sesame-0.7.4297-4.el5.i386.rpm sesame-debuginfo-0.7.4297-4.el5.i386.rpm noarch: python-qmf-0.7.946106-14.el5.noarch.rpm qpid-java-client-0.7.946106-12.el5.noarch.rpm qpid-java-common-0.7.946106-12.el5.noarch.rpm qpid-java-example-0.7.946106-12.el5.noarch.rpm x86_64: qmf-0.7.946106-22.el5.x86_64.rpm qmf-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-rdma-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el5.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-cluster-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-rdma-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-store-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-xml-0.7.946106-22.el5.x86_64.rpm rh-qpid-cpp-tests-0.7.946106-22.el5.x86_64.rpm ruby-qmf-0.7.946106-22.el5.x86_64.rpm sesame-0.7.4297-4.el5.x86_64.rpm sesame-debuginfo-0.7.4297-4.el5.x86_64.rpm Red Hat MRG Messaging Base for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el5.src.rpm i386: qmf-0.7.946106-22.el5.i386.rpm qmf-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-client-0.7.946106-22.el5.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el5.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el5.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el5.i386.rpm qpid-cpp-server-0.7.946106-22.el5.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el5.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el5.i386.rpm ruby-qmf-0.7.946106-22.el5.i386.rpm sesame-0.7.4297-4.el5.i386.rpm sesame-debuginfo-0.7.4297-4.el5.i386.rpm noarch: python-qmf-0.7.946106-14.el5.noarch.rpm qpid-java-client-0.7.946106-12.el5.noarch.rpm qpid-java-common-0.7.946106-12.el5.noarch.rpm qpid-java-example-0.7.946106-12.el5.noarch.rpm x86_64: qmf-0.7.946106-22.el5.x86_64.rpm qmf-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el5.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el5.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el5.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el5.x86_64.rpm ruby-qmf-0.7.946106-22.el5.x86_64.rpm sesame-0.7.4297-4.el5.x86_64.rpm sesame-debuginfo-0.7.4297-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4179.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0921.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9UUMXlSAg2UNWIIRAqz+AKCYJ+9OAcpbPz5/M0iLIz31/n5ykgCgpk42 rQV3TobIFMiG5+XuUqxEusg= =upIM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 18:41:59 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 11:41:59 -0700 Subject: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update Message-ID: <201011301842.oAUIfxv9008821@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise MRG Messaging and Grid security update Advisory ID: RHSA-2010:0922-01 Product: Red Hat Enterprise MRG for RHEL-4 Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0922.html Issue date: 2010-11-30 CVE Names: CVE-2010-4179 ===================================================================== 1. Summary: Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat MRG Grid Execute Node for RHEL-4 AS - i386, x86_64 Red Hat MRG Grid Execute Node for RHEL-4 ES - i386, x86_64 Red Hat MRG Grid for RHEL-4 AS - i386, x86_64 Red Hat MRG Grid for RHEL-4 ES - i386, x86_64 Red Hat MRG Messaging Base for RHEL-4 AS - i386, noarch, x86_64 Red Hat MRG Messaging Base for RHEL-4 ES - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL-4 AS - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL-4 ES - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. The Management Console Installation Guide for Red Hat Enterprise MRG 1.3 instructed administrators to configure Condor to allow the MRG Management Console (cumin) to submit jobs on behalf of a user. This configuration facilitated a trust relationship between cumin and the Condor QMF plug-ins; however, there was inadequate access control on the trusted channel, allowing anyone able to publish to a broker to submit jobs to run as any other user (except root, as Condor does not run jobs as root). (CVE-2010-4179) These updated packages also include multiple bug fixes. Users are directed to the Red Hat Enterprise MRG 1.3 Technical Notes for information on these changes: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_N otes/RHSA-2010-0922.html All Red Hat Enterprise MRG users are advised to upgrade to these updated packages, which correct this issue and the issues noted in the Red Hat Enterprise MRG 1.3 Technical Notes. After installing the updated packages, Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 652087 - mrg-el4 - Incorrect handling of datatypes for numeric queue constraints 652088 - mrg-el4 - Incorrect detection of data types in address parameters - C++ client 652090 - mrg-el4 - QMF: console.py fails to pass v2-style events up to console 652091 - mrg-el4 - The C++ address parser throws an exception and leaks memory if it parses an empty list 652092 - mrg-el4 - rejected messages are not dequeued 652093 - mrg-el4 - hello_world example does not allow connection options to be set 653471 - mrg-el4 - Acknowledged messages are not confirmed 654422 - mrg-el4 - Need mechanism to limit access to QMF Agent methods 654856 - CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops 6. Package List: Red Hat MRG Grid for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el4.src.rpm i386: condor-7.4.4-0.17.el4.i386.rpm condor-debuginfo-7.4.4-0.17.el4.i386.rpm condor-kbdd-7.4.4-0.17.el4.i386.rpm condor-qmf-7.4.4-0.17.el4.i386.rpm x86_64: condor-7.4.4-0.17.el4.x86_64.rpm condor-debuginfo-7.4.4-0.17.el4.x86_64.rpm condor-kbdd-7.4.4-0.17.el4.x86_64.rpm condor-qmf-7.4.4-0.17.el4.x86_64.rpm Red Hat MRG Grid Execute Node for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el4.src.rpm i386: condor-7.4.4-0.17.el4.i386.rpm condor-debuginfo-7.4.4-0.17.el4.i386.rpm condor-kbdd-7.4.4-0.17.el4.i386.rpm condor-qmf-7.4.4-0.17.el4.i386.rpm x86_64: condor-7.4.4-0.17.el4.x86_64.rpm condor-debuginfo-7.4.4-0.17.el4.x86_64.rpm condor-kbdd-7.4.4-0.17.el4.x86_64.rpm condor-qmf-7.4.4-0.17.el4.x86_64.rpm Red Hat MRG Messaging for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el4.src.rpm i386: qmf-0.7.946106-22.el4.i386.rpm qmf-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.i386.rpm qpid-cpp-server-0.7.946106-22.el4.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-server-store-0.7.946106-22.el4.i386.rpm qpid-cpp-server-xml-0.7.946106-22.el4.i386.rpm rh-qpid-cpp-tests-0.7.946106-22.el4.i386.rpm sesame-0.7.4297-4.el4.i386.rpm sesame-debuginfo-0.7.4297-4.el4.i386.rpm noarch: python-qmf-0.7.946106-14.el4.noarch.rpm qpid-java-client-0.7.946106-12.el4.noarch.rpm qpid-java-common-0.7.946106-12.el4.noarch.rpm qpid-java-example-0.7.946106-12.el4.noarch.rpm x86_64: qmf-0.7.946106-22.el4.x86_64.rpm qmf-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-store-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-xml-0.7.946106-22.el4.x86_64.rpm rh-qpid-cpp-tests-0.7.946106-22.el4.x86_64.rpm sesame-0.7.4297-4.el4.x86_64.rpm sesame-debuginfo-0.7.4297-4.el4.x86_64.rpm Red Hat MRG Messaging Base for RHEL-4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el4.src.rpm i386: qmf-0.7.946106-22.el4.i386.rpm qmf-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.i386.rpm qpid-cpp-server-0.7.946106-22.el4.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-server-store-0.7.946106-22.el4.i386.rpm qpid-cpp-server-xml-0.7.946106-22.el4.i386.rpm sesame-0.7.4297-4.el4.i386.rpm sesame-debuginfo-0.7.4297-4.el4.i386.rpm noarch: python-qmf-0.7.946106-14.el4.noarch.rpm qpid-java-client-0.7.946106-12.el4.noarch.rpm qpid-java-common-0.7.946106-12.el4.noarch.rpm qpid-java-example-0.7.946106-12.el4.noarch.rpm x86_64: qmf-0.7.946106-22.el4.x86_64.rpm qmf-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-store-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-xml-0.7.946106-22.el4.x86_64.rpm sesame-0.7.4297-4.el4.x86_64.rpm sesame-debuginfo-0.7.4297-4.el4.x86_64.rpm Red Hat MRG Grid for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el4.src.rpm i386: condor-7.4.4-0.17.el4.i386.rpm condor-debuginfo-7.4.4-0.17.el4.i386.rpm condor-kbdd-7.4.4-0.17.el4.i386.rpm condor-qmf-7.4.4-0.17.el4.i386.rpm x86_64: condor-7.4.4-0.17.el4.x86_64.rpm condor-debuginfo-7.4.4-0.17.el4.x86_64.rpm condor-kbdd-7.4.4-0.17.el4.x86_64.rpm condor-qmf-7.4.4-0.17.el4.x86_64.rpm Red Hat MRG Grid Execute Node for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/condor-7.4.4-0.17.el4.src.rpm i386: condor-7.4.4-0.17.el4.i386.rpm condor-debuginfo-7.4.4-0.17.el4.i386.rpm condor-kbdd-7.4.4-0.17.el4.i386.rpm condor-qmf-7.4.4-0.17.el4.i386.rpm x86_64: condor-7.4.4-0.17.el4.x86_64.rpm condor-debuginfo-7.4.4-0.17.el4.x86_64.rpm condor-kbdd-7.4.4-0.17.el4.x86_64.rpm condor-qmf-7.4.4-0.17.el4.x86_64.rpm Red Hat MRG Messaging for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el4.src.rpm i386: qmf-0.7.946106-22.el4.i386.rpm qmf-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.i386.rpm qpid-cpp-server-0.7.946106-22.el4.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-server-store-0.7.946106-22.el4.i386.rpm qpid-cpp-server-xml-0.7.946106-22.el4.i386.rpm rh-qpid-cpp-tests-0.7.946106-22.el4.i386.rpm sesame-0.7.4297-4.el4.i386.rpm sesame-debuginfo-0.7.4297-4.el4.i386.rpm noarch: python-qmf-0.7.946106-14.el4.noarch.rpm qpid-java-client-0.7.946106-12.el4.noarch.rpm qpid-java-common-0.7.946106-12.el4.noarch.rpm qpid-java-example-0.7.946106-12.el4.noarch.rpm x86_64: qmf-0.7.946106-22.el4.x86_64.rpm qmf-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-store-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-xml-0.7.946106-22.el4.x86_64.rpm rh-qpid-cpp-tests-0.7.946106-22.el4.x86_64.rpm sesame-0.7.4297-4.el4.x86_64.rpm sesame-debuginfo-0.7.4297-4.el4.x86_64.rpm Red Hat MRG Messaging Base for RHEL-4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/python-qmf-0.7.946106-14.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.7.946106-22.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/qpid-java-0.7.946106-12.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/RHEMRG/SRPMS/sesame-0.7.4297-4.el4.src.rpm i386: qmf-0.7.946106-22.el4.i386.rpm qmf-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.i386.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.i386.rpm qpid-cpp-server-0.7.946106-22.el4.i386.rpm qpid-cpp-server-devel-0.7.946106-22.el4.i386.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.i386.rpm qpid-cpp-server-store-0.7.946106-22.el4.i386.rpm qpid-cpp-server-xml-0.7.946106-22.el4.i386.rpm sesame-0.7.4297-4.el4.i386.rpm sesame-debuginfo-0.7.4297-4.el4.i386.rpm noarch: python-qmf-0.7.946106-14.el4.noarch.rpm qpid-java-client-0.7.946106-12.el4.noarch.rpm qpid-java-common-0.7.946106-12.el4.noarch.rpm qpid-java-example-0.7.946106-12.el4.noarch.rpm x86_64: qmf-0.7.946106-22.el4.x86_64.rpm qmf-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-devel-docs-0.7.946106-22.el4.x86_64.rpm qpid-cpp-client-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-mrg-debuginfo-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-devel-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-ssl-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-store-0.7.946106-22.el4.x86_64.rpm qpid-cpp-server-xml-0.7.946106-22.el4.x86_64.rpm sesame-0.7.4297-4.el4.x86_64.rpm sesame-debuginfo-0.7.4297-4.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4179.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0922.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9UVPXlSAg2UNWIIRAuIUAKCHA6pZs2uCoZGaBKpuaDacmxyqsQCbBcAZ IfsOIBSvM4whe+KJ/M6uGak= =wmR7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 18:42:33 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 11:42:33 -0700 Subject: [RHSA-2010:0923-01] Moderate: dhcp security update Message-ID: <201011301842.oAUIgYBV002569@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dhcp security update Advisory ID: RHSA-2010:0923-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0923.html Issue date: 2010-11-30 CVE Names: CVE-2010-3611 ===================================================================== 1. Summary: Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A NULL pointer dereference flaw was discovered in the way the dhcpd daemon parsed DHCPv6 packets. A remote attacker could use this flaw to crash dhcpd via a specially-crafted DHCPv6 packet, if dhcpd was running as a DHCPv6 server. (CVE-2010-3611) Users running dhcpd as a DHCPv6 server should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 649877 - CVE-2010-3611 dhcp: NULL pointer dereference crash via crafted DHCPv6 packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhclient-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm x86_64: dhclient-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhcp-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm x86_64: dhcp-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm x86_64: dhclient-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm x86_64: dhcp-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhclient-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm ppc64: dhclient-4.1.1-12.P1.el6_0.1.ppc64.rpm dhcp-4.1.1-12.P1.el6_0.1.ppc64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.ppc64.rpm s390x: dhclient-4.1.1-12.P1.el6_0.1.s390x.rpm dhcp-4.1.1-12.P1.el6_0.1.s390x.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.s390x.rpm x86_64: dhclient-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm ppc64: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.ppc.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.ppc64.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.ppc.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.s390.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.s390x.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.s390.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhclient-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm x86_64: dhclient-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-12.P1.el6_0.1.src.rpm i386: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm x86_64: dhcp-debuginfo-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-debuginfo-4.1.1-12.P1.el6_0.1.x86_64.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3611.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9UWLXlSAg2UNWIIRAr2HAJ0aOqy8lwK7uFxtR41nByAWCdZt7gCePGlm dwbqTlD1z78hrc3cHXXE7Y0= =QhWr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 18:43:22 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 11:43:22 -0700 Subject: [RHSA-2010:0924-01] Moderate: wireshark security update Message-ID: <201011301843.oAUIhNZH007133@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2010:0924-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0924.html Issue date: 2010-11-30 CVE Names: CVE-2010-3445 CVE-2010-4300 ===================================================================== 1. Summary: Updated wireshark packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.13, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 639486 - CVE-2010-3445 wireshark: stack overflow in BER dissector 656456 - CVE-2010-4300 Wireshark: Heap-based buffer overflow in LDSS dissector 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm x86_64: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-1.2.13-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-gnome-1.2.13-1.el6_0.1.i686.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm ppc64: wireshark-1.2.13-1.el6_0.1.ppc.rpm wireshark-1.2.13-1.el6_0.1.ppc64.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.ppc.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.ppc64.rpm s390x: wireshark-1.2.13-1.el6_0.1.s390.rpm wireshark-1.2.13-1.el6_0.1.s390x.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.s390.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.s390x.rpm x86_64: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-1.2.13-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-gnome-1.2.13-1.el6_0.1.i686.rpm ppc64: wireshark-debuginfo-1.2.13-1.el6_0.1.ppc.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.ppc64.rpm wireshark-devel-1.2.13-1.el6_0.1.ppc.rpm wireshark-devel-1.2.13-1.el6_0.1.ppc64.rpm wireshark-gnome-1.2.13-1.el6_0.1.ppc64.rpm s390x: wireshark-debuginfo-1.2.13-1.el6_0.1.s390.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.s390x.rpm wireshark-devel-1.2.13-1.el6_0.1.s390.rpm wireshark-devel-1.2.13-1.el6_0.1.s390x.rpm wireshark-gnome-1.2.13-1.el6_0.1.s390x.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm x86_64: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-1.2.13-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-gnome-1.2.13-1.el6_0.1.i686.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3445.html https://www.redhat.com/security/data/cve/CVE-2010-4300.html http://www.redhat.com/security/updates/classification/#moderate http://www.wireshark.org/security/wnpa-sec-2010-13.html http://www.wireshark.org/security/wnpa-sec-2010-12.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9UWpXlSAg2UNWIIRAmleAJ9QDzA8we/bB/47NK321R4wb8cqbwCfQMrl HBMOwih/xOKiYLFS+PosSP8= =7rGn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 23:00:59 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 16:00:59 -0700 Subject: [RHSA-2010:0925-01] Important: krb5 security and bug fix update Message-ID: <201011302301.oAUN101T008735@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security and bug fix update Advisory ID: RHSA-2010:0925-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0925.html Issue date: 2010-11-30 CVE Names: CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker could use these flaws to tamper with certain Kerberos protocol packets and, possibly, bypass authentication or authorization mechanisms and escalate their privileges. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. This update also fixes the following bug: * When attempting to perform PKINIT pre-authentication, if the client had more than one possible candidate certificate the client could fail to select the certificate and key to use. This usually occurred if certificate selection was configured to use the value of the keyUsage extension, or if any of the candidate certificates did not contain a subjectAltName extension. Consequently, the client attempted to perform pre-authentication using a different (usually password-based) mechanism. (BZ#644825) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 644825 - 'kinit' with smart card login fails to authenticate to the kdc using the cert and its private key. 648674 - CVE-2010-1324 krb5: multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007) 648734 - CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007) 648735 - CVE-2010-4020 krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.i686.rpm krb5-workstation-1.8.2-3.el6_0.3.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-server-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.i686.rpm krb5-server-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-workstation-1.8.2-3.el6_0.3.i686.rpm ppc64: krb5-debuginfo-1.8.2-3.el6_0.3.ppc.rpm krb5-debuginfo-1.8.2-3.el6_0.3.ppc64.rpm krb5-devel-1.8.2-3.el6_0.3.ppc.rpm krb5-devel-1.8.2-3.el6_0.3.ppc64.rpm krb5-libs-1.8.2-3.el6_0.3.ppc.rpm krb5-libs-1.8.2-3.el6_0.3.ppc64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.ppc64.rpm krb5-server-1.8.2-3.el6_0.3.ppc64.rpm krb5-server-ldap-1.8.2-3.el6_0.3.ppc.rpm krb5-server-ldap-1.8.2-3.el6_0.3.ppc64.rpm krb5-workstation-1.8.2-3.el6_0.3.ppc64.rpm s390x: krb5-debuginfo-1.8.2-3.el6_0.3.s390.rpm krb5-debuginfo-1.8.2-3.el6_0.3.s390x.rpm krb5-devel-1.8.2-3.el6_0.3.s390.rpm krb5-devel-1.8.2-3.el6_0.3.s390x.rpm krb5-libs-1.8.2-3.el6_0.3.s390.rpm krb5-libs-1.8.2-3.el6_0.3.s390x.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.s390x.rpm krb5-server-1.8.2-3.el6_0.3.s390x.rpm krb5-server-ldap-1.8.2-3.el6_0.3.s390.rpm krb5-server-ldap-1.8.2-3.el6_0.3.s390x.rpm krb5-workstation-1.8.2-3.el6_0.3.s390x.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.x86_64.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.8.2-3.el6_0.3.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.i686.rpm krb5-server-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-workstation-1.8.2-3.el6_0.3.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.3.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.3.x86_64.rpm krb5-devel-1.8.2-3.el6_0.3.i686.rpm krb5-devel-1.8.2-3.el6_0.3.x86_64.rpm krb5-libs-1.8.2-3.el6_0.3.i686.rpm krb5-libs-1.8.2-3.el6_0.3.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-1.8.2-3.el6_0.3.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.3.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.3.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1323.html https://www.redhat.com/security/data/cve/CVE-2010-1324.html https://www.redhat.com/security/data/cve/CVE-2010-4020.html http://www.redhat.com/security/updates/classification/#important http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-007.txt 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9YIeXlSAg2UNWIIRAuFGAJoCPUEjOOlWGpHQHyBPcZX5qK+K+wCaA+DW WKKxlhO9oSmsMJwmT92xiuk= =hvE4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 30 23:02:07 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Nov 2010 16:02:07 -0700 Subject: [RHSA-2010:0926-01] Moderate: krb5 security update Message-ID: <201011302302.oAUN27Nv010638@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2010:0926-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0926.html Issue date: 2010-11-30 CVE Names: CVE-2010-1323 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker could use these flaws to tamper with certain Kerberos protocol packets and, possibly, bypass authentication mechanisms in certain configurations using Single-use Authentication Mechanisms. (CVE-2010-1323) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 648734 - CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-62.el4_8.3.src.rpm i386: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-devel-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-server-1.3.4-62.el4_8.3.i386.rpm krb5-workstation-1.3.4-62.el4_8.3.i386.rpm ia64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.ia64.rpm krb5-devel-1.3.4-62.el4_8.3.ia64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.ia64.rpm krb5-server-1.3.4-62.el4_8.3.ia64.rpm krb5-workstation-1.3.4-62.el4_8.3.ia64.rpm ppc: krb5-debuginfo-1.3.4-62.el4_8.3.ppc.rpm krb5-debuginfo-1.3.4-62.el4_8.3.ppc64.rpm krb5-devel-1.3.4-62.el4_8.3.ppc.rpm krb5-libs-1.3.4-62.el4_8.3.ppc.rpm krb5-libs-1.3.4-62.el4_8.3.ppc64.rpm krb5-server-1.3.4-62.el4_8.3.ppc.rpm krb5-workstation-1.3.4-62.el4_8.3.ppc.rpm s390: krb5-debuginfo-1.3.4-62.el4_8.3.s390.rpm krb5-devel-1.3.4-62.el4_8.3.s390.rpm krb5-libs-1.3.4-62.el4_8.3.s390.rpm krb5-server-1.3.4-62.el4_8.3.s390.rpm krb5-workstation-1.3.4-62.el4_8.3.s390.rpm s390x: krb5-debuginfo-1.3.4-62.el4_8.3.s390.rpm krb5-debuginfo-1.3.4-62.el4_8.3.s390x.rpm krb5-devel-1.3.4-62.el4_8.3.s390x.rpm krb5-libs-1.3.4-62.el4_8.3.s390.rpm krb5-libs-1.3.4-62.el4_8.3.s390x.rpm krb5-server-1.3.4-62.el4_8.3.s390x.rpm krb5-workstation-1.3.4-62.el4_8.3.s390x.rpm x86_64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.x86_64.rpm krb5-devel-1.3.4-62.el4_8.3.x86_64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.x86_64.rpm krb5-server-1.3.4-62.el4_8.3.x86_64.rpm krb5-workstation-1.3.4-62.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-62.el4_8.3.src.rpm i386: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-devel-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-server-1.3.4-62.el4_8.3.i386.rpm krb5-workstation-1.3.4-62.el4_8.3.i386.rpm x86_64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.x86_64.rpm krb5-devel-1.3.4-62.el4_8.3.x86_64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.x86_64.rpm krb5-server-1.3.4-62.el4_8.3.x86_64.rpm krb5-workstation-1.3.4-62.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-62.el4_8.3.src.rpm i386: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-devel-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-server-1.3.4-62.el4_8.3.i386.rpm krb5-workstation-1.3.4-62.el4_8.3.i386.rpm ia64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.ia64.rpm krb5-devel-1.3.4-62.el4_8.3.ia64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.ia64.rpm krb5-server-1.3.4-62.el4_8.3.ia64.rpm krb5-workstation-1.3.4-62.el4_8.3.ia64.rpm x86_64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.x86_64.rpm krb5-devel-1.3.4-62.el4_8.3.x86_64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.x86_64.rpm krb5-server-1.3.4-62.el4_8.3.x86_64.rpm krb5-workstation-1.3.4-62.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-62.el4_8.3.src.rpm i386: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-devel-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-server-1.3.4-62.el4_8.3.i386.rpm krb5-workstation-1.3.4-62.el4_8.3.i386.rpm ia64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.ia64.rpm krb5-devel-1.3.4-62.el4_8.3.ia64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.ia64.rpm krb5-server-1.3.4-62.el4_8.3.ia64.rpm krb5-workstation-1.3.4-62.el4_8.3.ia64.rpm x86_64: krb5-debuginfo-1.3.4-62.el4_8.3.i386.rpm krb5-debuginfo-1.3.4-62.el4_8.3.x86_64.rpm krb5-devel-1.3.4-62.el4_8.3.x86_64.rpm krb5-libs-1.3.4-62.el4_8.3.i386.rpm krb5-libs-1.3.4-62.el4_8.3.x86_64.rpm krb5-server-1.3.4-62.el4_8.3.x86_64.rpm krb5-workstation-1.3.4-62.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-36.el5_5.6.src.rpm i386: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-libs-1.6.1-36.el5_5.6.i386.rpm krb5-workstation-1.6.1-36.el5_5.6.i386.rpm x86_64: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-debuginfo-1.6.1-36.el5_5.6.x86_64.rpm krb5-libs-1.6.1-36.el5_5.6.i386.rpm krb5-libs-1.6.1-36.el5_5.6.x86_64.rpm krb5-workstation-1.6.1-36.el5_5.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-36.el5_5.6.src.rpm i386: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-devel-1.6.1-36.el5_5.6.i386.rpm krb5-server-1.6.1-36.el5_5.6.i386.rpm x86_64: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-debuginfo-1.6.1-36.el5_5.6.x86_64.rpm krb5-devel-1.6.1-36.el5_5.6.i386.rpm krb5-devel-1.6.1-36.el5_5.6.x86_64.rpm krb5-server-1.6.1-36.el5_5.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/krb5-1.6.1-36.el5_5.6.src.rpm i386: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-devel-1.6.1-36.el5_5.6.i386.rpm krb5-libs-1.6.1-36.el5_5.6.i386.rpm krb5-server-1.6.1-36.el5_5.6.i386.rpm krb5-workstation-1.6.1-36.el5_5.6.i386.rpm ia64: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-debuginfo-1.6.1-36.el5_5.6.ia64.rpm krb5-devel-1.6.1-36.el5_5.6.ia64.rpm krb5-libs-1.6.1-36.el5_5.6.i386.rpm krb5-libs-1.6.1-36.el5_5.6.ia64.rpm krb5-server-1.6.1-36.el5_5.6.ia64.rpm krb5-workstation-1.6.1-36.el5_5.6.ia64.rpm ppc: krb5-debuginfo-1.6.1-36.el5_5.6.ppc.rpm krb5-debuginfo-1.6.1-36.el5_5.6.ppc64.rpm krb5-devel-1.6.1-36.el5_5.6.ppc.rpm krb5-devel-1.6.1-36.el5_5.6.ppc64.rpm krb5-libs-1.6.1-36.el5_5.6.ppc.rpm krb5-libs-1.6.1-36.el5_5.6.ppc64.rpm krb5-server-1.6.1-36.el5_5.6.ppc.rpm krb5-workstation-1.6.1-36.el5_5.6.ppc.rpm s390x: krb5-debuginfo-1.6.1-36.el5_5.6.s390.rpm krb5-debuginfo-1.6.1-36.el5_5.6.s390x.rpm krb5-devel-1.6.1-36.el5_5.6.s390.rpm krb5-devel-1.6.1-36.el5_5.6.s390x.rpm krb5-libs-1.6.1-36.el5_5.6.s390.rpm krb5-libs-1.6.1-36.el5_5.6.s390x.rpm krb5-server-1.6.1-36.el5_5.6.s390x.rpm krb5-workstation-1.6.1-36.el5_5.6.s390x.rpm x86_64: krb5-debuginfo-1.6.1-36.el5_5.6.i386.rpm krb5-debuginfo-1.6.1-36.el5_5.6.x86_64.rpm krb5-devel-1.6.1-36.el5_5.6.i386.rpm krb5-devel-1.6.1-36.el5_5.6.x86_64.rpm krb5-libs-1.6.1-36.el5_5.6.i386.rpm krb5-libs-1.6.1-36.el5_5.6.x86_64.rpm krb5-server-1.6.1-36.el5_5.6.x86_64.rpm krb5-workstation-1.6.1-36.el5_5.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1323.html http://www.redhat.com/security/updates/classification/#moderate http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-007.txt 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM9YJAXlSAg2UNWIIRArfmAJ95ACmHI9Qh3bd0XIkcreVUGIsD+wCcCVpA +fbqv9vlrnvaT8HRn9VNW/g= =CKIH -----END PGP SIGNATURE-----