From bugzilla at redhat.com Thu Sep 2 18:19:28 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 2 Sep 2010 14:19:28 -0400 Subject: [RHSA-2010:0670-01] Important: kernel security and bug fix update Message-ID: <201009021819.o82IJSr3029386@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0670-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0670.html Issue date: 2010-09-02 CVE Names: CVE-2010-2240 CVE-2010-2798 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) * A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 (GFS2) implementation. A local, unprivileged user with write access to a GFS2-mounted file system could perform a rename operation on that file system to trigger a NULL pointer dereference, possibly resulting in a denial of service or privilege escalation. (CVE-2010-2798, Important) Red Hat would like to thank the X.Org security team for reporting CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original reporter; and Grant Diffey of CenITex for reporting CVE-2010-2798. This update also fixes the following bugs: * Problems receiving network traffic correctly via a non-standard layer 3 protocol when using the ixgbe driver. This update corrects this issue. (BZ#618275) * A bug was found in the way the megaraid_sas driver (for SAS based RAID controllers) handled physical disks and management IOCTLs. All physical disks were exported to the disk layer, allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout occurred. One possible trigger for this bug was running "mkfs". This update resolves this issue by updating the megaraid_sas driver to version 4.31. (BZ#619363) * Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus writes resulted in the serialization of MSIs, leading to poor performance on systems with high MSI load. This update adds a new kernel boot parameter, msi_nolock, which forgoes the PCI bus writes and allows for better simultaneous processing of MSIs. (BZ#621939) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment 618275 - Received data corrupts when non standards L3 protocols are used on ixgbe [rhel-5.4.z] 619363 - [LSI 5.6 feat] update megaraid_sas to version 4.31 [rhel-5.4.z] 620300 - CVE-2010-2798 kernel: gfs2: rename causes kernel panic 621939 - Significant MSI performance issue due to redundant interrupt masking [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux (v. 5.4.z server): Source: kernel-2.6.18-164.25.1.el5.src.rpm i386: kernel-2.6.18-164.25.1.el5.i686.rpm kernel-PAE-2.6.18-164.25.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.25.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.25.1.el5.i686.rpm kernel-debug-2.6.18-164.25.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.25.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.25.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.25.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.25.1.el5.i686.rpm kernel-devel-2.6.18-164.25.1.el5.i686.rpm kernel-headers-2.6.18-164.25.1.el5.i386.rpm kernel-xen-2.6.18-164.25.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.25.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.25.1.el5.i686.rpm ia64: kernel-2.6.18-164.25.1.el5.ia64.rpm kernel-debug-2.6.18-164.25.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.25.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.25.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.25.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.25.1.el5.ia64.rpm kernel-devel-2.6.18-164.25.1.el5.ia64.rpm kernel-headers-2.6.18-164.25.1.el5.ia64.rpm kernel-xen-2.6.18-164.25.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.25.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.25.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.25.1.el5.noarch.rpm ppc: kernel-2.6.18-164.25.1.el5.ppc64.rpm kernel-debug-2.6.18-164.25.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.25.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.25.1.el5.ppc64.rpm kernel-devel-2.6.18-164.25.1.el5.ppc64.rpm kernel-headers-2.6.18-164.25.1.el5.ppc.rpm kernel-headers-2.6.18-164.25.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.25.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.25.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.25.1.el5.s390x.rpm kernel-debug-2.6.18-164.25.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.25.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.25.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.25.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.25.1.el5.s390x.rpm kernel-devel-2.6.18-164.25.1.el5.s390x.rpm kernel-headers-2.6.18-164.25.1.el5.s390x.rpm kernel-kdump-2.6.18-164.25.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.25.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.25.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.25.1.el5.x86_64.rpm kernel-debug-2.6.18-164.25.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.25.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.25.1.el5.x86_64.rpm kernel-devel-2.6.18-164.25.1.el5.x86_64.rpm kernel-headers-2.6.18-164.25.1.el5.x86_64.rpm kernel-xen-2.6.18-164.25.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.25.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2240.html https://www.redhat.com/security/data/cve/CVE-2010-2798.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMf+pyXlSAg2UNWIIRAruyAJkBsiXvhvRRVoH4eLLtafeJm3/WWwCguyWT 388ZNGJZ/EzJZWBo0YXyuKM= =+eLB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 7 14:43:20 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 10:43:20 -0400 Subject: [RHSA-2010:0675-01] Important: sudo security update Message-ID: <201009071443.o87EhKMP001785@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2010:0675-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0675.html Issue date: 2010-09-07 CVE Names: CVE-2010-2956 ===================================================================== 1. Summary: An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 628628 - CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-8.el5_5.src.rpm i386: sudo-1.7.2p1-8.el5_5.i386.rpm sudo-debuginfo-1.7.2p1-8.el5_5.i386.rpm x86_64: sudo-1.7.2p1-8.el5_5.x86_64.rpm sudo-debuginfo-1.7.2p1-8.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-8.el5_5.src.rpm i386: sudo-1.7.2p1-8.el5_5.i386.rpm sudo-debuginfo-1.7.2p1-8.el5_5.i386.rpm ia64: sudo-1.7.2p1-8.el5_5.ia64.rpm sudo-debuginfo-1.7.2p1-8.el5_5.ia64.rpm ppc: sudo-1.7.2p1-8.el5_5.ppc.rpm sudo-debuginfo-1.7.2p1-8.el5_5.ppc.rpm s390x: sudo-1.7.2p1-8.el5_5.s390x.rpm sudo-debuginfo-1.7.2p1-8.el5_5.s390x.rpm x86_64: sudo-1.7.2p1-8.el5_5.x86_64.rpm sudo-debuginfo-1.7.2p1-8.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2956.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhk9YXlSAg2UNWIIRAoNDAKCdV0JNdu7KcModP0VGdcq5frKriQCfXpz4 nk0DQbnlAGgzN6BWtI/S0u8= =3JMz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 7 14:44:27 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 10:44:27 -0400 Subject: [RHSA-2010:0676-01] Important: kernel security update Message-ID: <201009071444.o87EiReg002222@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0676-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0676.html Issue date: 2010-09-07 CVE Names: CVE-2010-2240 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Users should upgrade to these updated packages, which contain backported patches to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm i386: kernel-2.6.9-89.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm kernel-devel-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm kernel-smp-2.6.9-89.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm ia64: kernel-2.6.9-89.0.29.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm kernel-devel-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.29.EL.noarch.rpm ppc: kernel-2.6.9-89.0.29.EL.ppc64.rpm kernel-2.6.9-89.0.29.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.29.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.29.EL.ppc64.rpm kernel-devel-2.6.9-89.0.29.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.29.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.ppc64.rpm s390: kernel-2.6.9-89.0.29.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.29.EL.s390.rpm kernel-devel-2.6.9-89.0.29.EL.s390.rpm s390x: kernel-2.6.9-89.0.29.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.29.EL.s390x.rpm kernel-devel-2.6.9-89.0.29.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm i386: kernel-2.6.9-89.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm kernel-devel-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm kernel-smp-2.6.9-89.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.29.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm i386: kernel-2.6.9-89.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm kernel-devel-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm kernel-smp-2.6.9-89.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm ia64: kernel-2.6.9-89.0.29.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm kernel-devel-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.29.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.29.EL.src.rpm i386: kernel-2.6.9-89.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.29.EL.i686.rpm kernel-devel-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-2.6.9-89.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.29.EL.i686.rpm kernel-smp-2.6.9-89.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-2.6.9-89.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.i686.rpm ia64: kernel-2.6.9-89.0.29.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.ia64.rpm kernel-devel-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.29.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.29.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.29.EL.x86_64.rpm kernel-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-2.6.9-89.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.29.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2240.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhk+PXlSAg2UNWIIRAsKJAKCLFYpAlVpKz+Yn0vqXd96l5mJl8gCfb/yL 7Rve6nqXZ1eJAjdnqNlPqGM= =jCbM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 7 14:45:23 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 10:45:23 -0400 Subject: [RHSA-2010:0677-01] Important: kernel security update Message-ID: <201009071445.o87EjN5D002737@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0677-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0677.html Issue date: 2010-09-07 CVE Names: CVE-2010-2240 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Users should upgrade to these updated packages, which contain backported patches to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment 6. Package List: Red Hat Enterprise Linux AS version 4.7.z: Source: kernel-2.6.9-78.0.32.EL.src.rpm i386: kernel-2.6.9-78.0.32.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.32.EL.i686.rpm kernel-devel-2.6.9-78.0.32.EL.i686.rpm kernel-hugemem-2.6.9-78.0.32.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.32.EL.i686.rpm kernel-smp-2.6.9-78.0.32.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.32.EL.i686.rpm kernel-xenU-2.6.9-78.0.32.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.32.EL.i686.rpm ia64: kernel-2.6.9-78.0.32.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.32.EL.ia64.rpm kernel-devel-2.6.9-78.0.32.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.32.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.32.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.32.EL.noarch.rpm ppc: kernel-2.6.9-78.0.32.EL.ppc64.rpm kernel-2.6.9-78.0.32.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.32.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.32.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.32.EL.ppc64.rpm kernel-devel-2.6.9-78.0.32.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.32.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.32.EL.ppc64.rpm s390: kernel-2.6.9-78.0.32.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.32.EL.s390.rpm kernel-devel-2.6.9-78.0.32.EL.s390.rpm s390x: kernel-2.6.9-78.0.32.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.32.EL.s390x.rpm kernel-devel-2.6.9-78.0.32.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.32.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.32.EL.x86_64.rpm kernel-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.32.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-smp-2.6.9-78.0.32.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.32.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.32.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: Source: kernel-2.6.9-78.0.32.EL.src.rpm i386: kernel-2.6.9-78.0.32.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.32.EL.i686.rpm kernel-devel-2.6.9-78.0.32.EL.i686.rpm kernel-hugemem-2.6.9-78.0.32.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.32.EL.i686.rpm kernel-smp-2.6.9-78.0.32.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.32.EL.i686.rpm kernel-xenU-2.6.9-78.0.32.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.32.EL.i686.rpm ia64: kernel-2.6.9-78.0.32.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.32.EL.ia64.rpm kernel-devel-2.6.9-78.0.32.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.32.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.32.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.32.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.32.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.32.EL.x86_64.rpm kernel-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.32.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-smp-2.6.9-78.0.32.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.32.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.32.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.32.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2240.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhk/QXlSAg2UNWIIRAqoWAJ9JwBUdCUUty7RY8WlkCElcKSR/EwCePAiK aNVYvqTYmWEdn/MbJnHiuYE= =jF2h -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 7 14:46:38 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 10:46:38 -0400 Subject: [RHSA-2010:0678-01] Moderate: rpm security update Message-ID: <201009071446.o87EkdvR029140@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rpm security update Advisory ID: RHSA-2010:0678-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0678.html Issue date: 2010-09-07 CVE Names: CVE-2005-4889 CVE-2010-2059 ===================================================================== 1. Summary: Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded or removed by a system administrator. This could have security implications if a package was upgraded or removed because of a security flaw in a setuid or setgid program. (CVE-2005-4889, CVE-2010-2059) All users of rpm are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 598775 - CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade 625756 - CVE-2005-4889 rpm: fails to drop SUID/SGID bits on package removal 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm i386: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm ia64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm ppc: popt-1.9.1-33_nonptl.el4_8.1.ppc.rpm popt-1.9.1-33_nonptl.el4_8.1.ppc64.rpm rpm-4.3.3-33_nonptl.el4_8.1.ppc.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.ppc.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ppc.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ppc64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.ppc.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.ppc.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.ppc64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.ppc.rpm s390: popt-1.9.1-33_nonptl.el4_8.1.s390.rpm rpm-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.s390.rpm s390x: popt-1.9.1-33_nonptl.el4_8.1.s390.rpm popt-1.9.1-33_nonptl.el4_8.1.s390x.rpm rpm-4.3.3-33_nonptl.el4_8.1.s390x.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.s390x.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.s390x.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.s390x.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.s390.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.s390x.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.s390x.rpm x86_64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm i386: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm x86_64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm i386: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm ia64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm x86_64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/rpm-4.3.3-33_nonptl.el4_8.1.src.rpm i386: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm rpm-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.i386.rpm ia64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.ia64.rpm rpm-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.ia64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.ia64.rpm x86_64: popt-1.9.1-33_nonptl.el4_8.1.i386.rpm popt-1.9.1-33_nonptl.el4_8.1.x86_64.rpm rpm-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-build-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-debuginfo-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-devel-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.i386.rpm rpm-libs-4.3.3-33_nonptl.el4_8.1.x86_64.rpm rpm-python-4.3.3-33_nonptl.el4_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2005-4889.html https://www.redhat.com/security/data/cve/CVE-2010-2059.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhlAJXlSAg2UNWIIRAvTvAKCs05ZEYDlWl6LFdwpUDP5exd5R0QCggUAV iDscY1PCG4aiRQJ/ohy2Ic8= =a3De -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 7 14:47:57 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 10:47:57 -0400 Subject: [RHSA-2010:0679-01] Moderate: rpm security and bug fix update Message-ID: <201009071447.o87Elvm5007807@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rpm security and bug fix update Advisory ID: RHSA-2010:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0679.html Issue date: 2010-09-07 CVE Names: CVE-2010-2059 ===================================================================== 1. Summary: Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded by a system administrator. This could have security implications if a package was upgraded because of a security flaw in a setuid or setgid program. (CVE-2010-2059) This update also fixes the following bug: * A memory leak in the communication between RPM and the Security-Enhanced Linux (SELinux) subsystem, which could have caused extensive memory consumption. In reported cases, this issue was triggered by running rhn_check when errata were scheduled to be applied. (BZ#627630) All users of rpm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 598775 - CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade 627630 - rpm: selinux context initialization memory leak 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm i386: popt-1.10.2.3-20.el5_5.1.i386.rpm rpm-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm rpm-python-4.4.2.3-20.el5_5.1.i386.rpm x86_64: popt-1.10.2.3-20.el5_5.1.i386.rpm popt-1.10.2.3-20.el5_5.1.x86_64.rpm rpm-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm rpm-libs-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-python-4.4.2.3-20.el5_5.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm i386: rpm-apidocs-4.4.2.3-20.el5_5.1.i386.rpm rpm-build-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm x86_64: rpm-apidocs-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-build-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm rpm-devel-4.4.2.3-20.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rpm-4.4.2.3-20.el5_5.1.src.rpm i386: popt-1.10.2.3-20.el5_5.1.i386.rpm rpm-4.4.2.3-20.el5_5.1.i386.rpm rpm-apidocs-4.4.2.3-20.el5_5.1.i386.rpm rpm-build-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm rpm-python-4.4.2.3-20.el5_5.1.i386.rpm ia64: popt-1.10.2.3-20.el5_5.1.ia64.rpm rpm-4.4.2.3-20.el5_5.1.ia64.rpm rpm-apidocs-4.4.2.3-20.el5_5.1.ia64.rpm rpm-build-4.4.2.3-20.el5_5.1.ia64.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.ia64.rpm rpm-devel-4.4.2.3-20.el5_5.1.ia64.rpm rpm-libs-4.4.2.3-20.el5_5.1.ia64.rpm rpm-python-4.4.2.3-20.el5_5.1.ia64.rpm ppc: popt-1.10.2.3-20.el5_5.1.ppc.rpm popt-1.10.2.3-20.el5_5.1.ppc64.rpm rpm-4.4.2.3-20.el5_5.1.ppc.rpm rpm-apidocs-4.4.2.3-20.el5_5.1.ppc.rpm rpm-build-4.4.2.3-20.el5_5.1.ppc.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.ppc.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.ppc64.rpm rpm-devel-4.4.2.3-20.el5_5.1.ppc.rpm rpm-devel-4.4.2.3-20.el5_5.1.ppc64.rpm rpm-libs-4.4.2.3-20.el5_5.1.ppc.rpm rpm-libs-4.4.2.3-20.el5_5.1.ppc64.rpm rpm-python-4.4.2.3-20.el5_5.1.ppc.rpm s390x: popt-1.10.2.3-20.el5_5.1.s390.rpm popt-1.10.2.3-20.el5_5.1.s390x.rpm rpm-4.4.2.3-20.el5_5.1.s390x.rpm rpm-apidocs-4.4.2.3-20.el5_5.1.s390x.rpm rpm-build-4.4.2.3-20.el5_5.1.s390x.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.s390.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.s390x.rpm rpm-devel-4.4.2.3-20.el5_5.1.s390.rpm rpm-devel-4.4.2.3-20.el5_5.1.s390x.rpm rpm-libs-4.4.2.3-20.el5_5.1.s390.rpm rpm-libs-4.4.2.3-20.el5_5.1.s390x.rpm rpm-python-4.4.2.3-20.el5_5.1.s390x.rpm x86_64: popt-1.10.2.3-20.el5_5.1.i386.rpm popt-1.10.2.3-20.el5_5.1.x86_64.rpm rpm-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-apidocs-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-build-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.i386.rpm rpm-debuginfo-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-devel-4.4.2.3-20.el5_5.1.i386.rpm rpm-devel-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-libs-4.4.2.3-20.el5_5.1.i386.rpm rpm-libs-4.4.2.3-20.el5_5.1.x86_64.rpm rpm-python-4.4.2.3-20.el5_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2059.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhlBXXlSAg2UNWIIRAgfkAJ4iit6LaSCnVZKWfV3TurEl04bl6ACfXoJe n3ztefT1d+4E+DFKjqA/d0Q= =yhAM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 8 01:23:51 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 21:23:51 -0400 Subject: [RHSA-2010:0680-01] Critical: seamonkey security update Message-ID: <201009080123.o881Nr9x031545@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2010:0680-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0680.html Issue date: 2010-09-07 CVE Names: CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50) 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51) 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54) 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55) 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56) 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61) 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/seamonkey-1.0.9-0.60.el3.src.rpm i386: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-chat-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-devel-1.0.9-0.60.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.60.el3.i386.rpm seamonkey-mail-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.60.el3.i386.rpm ia64: seamonkey-1.0.9-0.60.el3.ia64.rpm seamonkey-chat-1.0.9-0.60.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.ia64.rpm seamonkey-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.ia64.rpm seamonkey-mail-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.ia64.rpm ppc: seamonkey-1.0.9-0.60.el3.ppc.rpm seamonkey-chat-1.0.9-0.60.el3.ppc.rpm seamonkey-debuginfo-1.0.9-0.60.el3.ppc.rpm seamonkey-devel-1.0.9-0.60.el3.ppc.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.ppc.rpm seamonkey-js-debugger-1.0.9-0.60.el3.ppc.rpm seamonkey-mail-1.0.9-0.60.el3.ppc.rpm seamonkey-nspr-1.0.9-0.60.el3.ppc.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.ppc.rpm seamonkey-nss-1.0.9-0.60.el3.ppc.rpm seamonkey-nss-devel-1.0.9-0.60.el3.ppc.rpm s390: seamonkey-1.0.9-0.60.el3.s390.rpm seamonkey-chat-1.0.9-0.60.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.60.el3.s390.rpm seamonkey-devel-1.0.9-0.60.el3.s390.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.s390.rpm seamonkey-js-debugger-1.0.9-0.60.el3.s390.rpm seamonkey-mail-1.0.9-0.60.el3.s390.rpm seamonkey-nspr-1.0.9-0.60.el3.s390.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.s390.rpm seamonkey-nss-1.0.9-0.60.el3.s390.rpm seamonkey-nss-devel-1.0.9-0.60.el3.s390.rpm s390x: seamonkey-1.0.9-0.60.el3.s390x.rpm seamonkey-chat-1.0.9-0.60.el3.s390x.rpm seamonkey-debuginfo-1.0.9-0.60.el3.s390.rpm seamonkey-debuginfo-1.0.9-0.60.el3.s390x.rpm seamonkey-devel-1.0.9-0.60.el3.s390x.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.s390x.rpm seamonkey-js-debugger-1.0.9-0.60.el3.s390x.rpm seamonkey-mail-1.0.9-0.60.el3.s390x.rpm seamonkey-nspr-1.0.9-0.60.el3.s390.rpm seamonkey-nspr-1.0.9-0.60.el3.s390x.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.s390x.rpm seamonkey-nss-1.0.9-0.60.el3.s390.rpm seamonkey-nss-1.0.9-0.60.el3.s390x.rpm seamonkey-nss-devel-1.0.9-0.60.el3.s390x.rpm x86_64: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-1.0.9-0.60.el3.x86_64.rpm seamonkey-chat-1.0.9-0.60.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.x86_64.rpm seamonkey-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.x86_64.rpm seamonkey-mail-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/seamonkey-1.0.9-0.60.el3.src.rpm i386: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-chat-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-devel-1.0.9-0.60.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.60.el3.i386.rpm seamonkey-mail-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.60.el3.i386.rpm x86_64: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-1.0.9-0.60.el3.x86_64.rpm seamonkey-chat-1.0.9-0.60.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.x86_64.rpm seamonkey-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.x86_64.rpm seamonkey-mail-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/seamonkey-1.0.9-0.60.el3.src.rpm i386: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-chat-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-devel-1.0.9-0.60.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.60.el3.i386.rpm seamonkey-mail-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.60.el3.i386.rpm ia64: seamonkey-1.0.9-0.60.el3.ia64.rpm seamonkey-chat-1.0.9-0.60.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.ia64.rpm seamonkey-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.ia64.rpm seamonkey-mail-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-1.0.9-0.60.el3.x86_64.rpm seamonkey-chat-1.0.9-0.60.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.x86_64.rpm seamonkey-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.x86_64.rpm seamonkey-mail-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/seamonkey-1.0.9-0.60.el3.src.rpm i386: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-chat-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-devel-1.0.9-0.60.el3.i386.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.i386.rpm seamonkey-js-debugger-1.0.9-0.60.el3.i386.rpm seamonkey-mail-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-devel-1.0.9-0.60.el3.i386.rpm ia64: seamonkey-1.0.9-0.60.el3.ia64.rpm seamonkey-chat-1.0.9-0.60.el3.ia64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.ia64.rpm seamonkey-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.ia64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.ia64.rpm seamonkey-mail-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.ia64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.ia64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.ia64.rpm x86_64: seamonkey-1.0.9-0.60.el3.i386.rpm seamonkey-1.0.9-0.60.el3.x86_64.rpm seamonkey-chat-1.0.9-0.60.el3.x86_64.rpm seamonkey-debuginfo-1.0.9-0.60.el3.i386.rpm seamonkey-debuginfo-1.0.9-0.60.el3.x86_64.rpm seamonkey-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.60.el3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.60.el3.x86_64.rpm seamonkey-mail-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-1.0.9-0.60.el3.i386.rpm seamonkey-nspr-1.0.9-0.60.el3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-1.0.9-0.60.el3.i386.rpm seamonkey-nss-1.0.9-0.60.el3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.60.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-63.el4.src.rpm i386: seamonkey-1.0.9-63.el4.i386.rpm seamonkey-chat-1.0.9-63.el4.i386.rpm seamonkey-debuginfo-1.0.9-63.el4.i386.rpm seamonkey-devel-1.0.9-63.el4.i386.rpm seamonkey-dom-inspector-1.0.9-63.el4.i386.rpm seamonkey-js-debugger-1.0.9-63.el4.i386.rpm seamonkey-mail-1.0.9-63.el4.i386.rpm ia64: seamonkey-1.0.9-63.el4.ia64.rpm seamonkey-chat-1.0.9-63.el4.ia64.rpm seamonkey-debuginfo-1.0.9-63.el4.ia64.rpm seamonkey-devel-1.0.9-63.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-63.el4.ia64.rpm seamonkey-js-debugger-1.0.9-63.el4.ia64.rpm seamonkey-mail-1.0.9-63.el4.ia64.rpm ppc: seamonkey-1.0.9-63.el4.ppc.rpm seamonkey-chat-1.0.9-63.el4.ppc.rpm seamonkey-debuginfo-1.0.9-63.el4.ppc.rpm seamonkey-devel-1.0.9-63.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-63.el4.ppc.rpm seamonkey-js-debugger-1.0.9-63.el4.ppc.rpm seamonkey-mail-1.0.9-63.el4.ppc.rpm s390: seamonkey-1.0.9-63.el4.s390.rpm seamonkey-chat-1.0.9-63.el4.s390.rpm seamonkey-debuginfo-1.0.9-63.el4.s390.rpm seamonkey-devel-1.0.9-63.el4.s390.rpm seamonkey-dom-inspector-1.0.9-63.el4.s390.rpm seamonkey-js-debugger-1.0.9-63.el4.s390.rpm seamonkey-mail-1.0.9-63.el4.s390.rpm s390x: seamonkey-1.0.9-63.el4.s390x.rpm seamonkey-chat-1.0.9-63.el4.s390x.rpm seamonkey-debuginfo-1.0.9-63.el4.s390x.rpm seamonkey-devel-1.0.9-63.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-63.el4.s390x.rpm seamonkey-js-debugger-1.0.9-63.el4.s390x.rpm seamonkey-mail-1.0.9-63.el4.s390x.rpm x86_64: seamonkey-1.0.9-63.el4.x86_64.rpm seamonkey-chat-1.0.9-63.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-63.el4.x86_64.rpm seamonkey-devel-1.0.9-63.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-63.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-63.el4.x86_64.rpm seamonkey-mail-1.0.9-63.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-63.el4.src.rpm i386: seamonkey-1.0.9-63.el4.i386.rpm seamonkey-chat-1.0.9-63.el4.i386.rpm seamonkey-debuginfo-1.0.9-63.el4.i386.rpm seamonkey-devel-1.0.9-63.el4.i386.rpm seamonkey-dom-inspector-1.0.9-63.el4.i386.rpm seamonkey-js-debugger-1.0.9-63.el4.i386.rpm seamonkey-mail-1.0.9-63.el4.i386.rpm x86_64: seamonkey-1.0.9-63.el4.x86_64.rpm seamonkey-chat-1.0.9-63.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-63.el4.x86_64.rpm seamonkey-devel-1.0.9-63.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-63.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-63.el4.x86_64.rpm seamonkey-mail-1.0.9-63.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-63.el4.src.rpm i386: seamonkey-1.0.9-63.el4.i386.rpm seamonkey-chat-1.0.9-63.el4.i386.rpm seamonkey-debuginfo-1.0.9-63.el4.i386.rpm seamonkey-devel-1.0.9-63.el4.i386.rpm seamonkey-dom-inspector-1.0.9-63.el4.i386.rpm seamonkey-js-debugger-1.0.9-63.el4.i386.rpm seamonkey-mail-1.0.9-63.el4.i386.rpm ia64: seamonkey-1.0.9-63.el4.ia64.rpm seamonkey-chat-1.0.9-63.el4.ia64.rpm seamonkey-debuginfo-1.0.9-63.el4.ia64.rpm seamonkey-devel-1.0.9-63.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-63.el4.ia64.rpm seamonkey-js-debugger-1.0.9-63.el4.ia64.rpm seamonkey-mail-1.0.9-63.el4.ia64.rpm x86_64: seamonkey-1.0.9-63.el4.x86_64.rpm seamonkey-chat-1.0.9-63.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-63.el4.x86_64.rpm seamonkey-devel-1.0.9-63.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-63.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-63.el4.x86_64.rpm seamonkey-mail-1.0.9-63.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-63.el4.src.rpm i386: seamonkey-1.0.9-63.el4.i386.rpm seamonkey-chat-1.0.9-63.el4.i386.rpm seamonkey-debuginfo-1.0.9-63.el4.i386.rpm seamonkey-devel-1.0.9-63.el4.i386.rpm seamonkey-dom-inspector-1.0.9-63.el4.i386.rpm seamonkey-js-debugger-1.0.9-63.el4.i386.rpm seamonkey-mail-1.0.9-63.el4.i386.rpm ia64: seamonkey-1.0.9-63.el4.ia64.rpm seamonkey-chat-1.0.9-63.el4.ia64.rpm seamonkey-debuginfo-1.0.9-63.el4.ia64.rpm seamonkey-devel-1.0.9-63.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-63.el4.ia64.rpm seamonkey-js-debugger-1.0.9-63.el4.ia64.rpm seamonkey-mail-1.0.9-63.el4.ia64.rpm x86_64: seamonkey-1.0.9-63.el4.x86_64.rpm seamonkey-chat-1.0.9-63.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-63.el4.x86_64.rpm seamonkey-devel-1.0.9-63.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-63.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-63.el4.x86_64.rpm seamonkey-mail-1.0.9-63.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2760.html https://www.redhat.com/security/data/cve/CVE-2010-2765.html https://www.redhat.com/security/data/cve/CVE-2010-2767.html https://www.redhat.com/security/data/cve/CVE-2010-2768.html https://www.redhat.com/security/data/cve/CVE-2010-3167.html https://www.redhat.com/security/data/cve/CVE-2010-3168.html https://www.redhat.com/security/data/cve/CVE-2010-3169.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhuWRXlSAg2UNWIIRAqOwAJ4yejSW+JK6Fa2mbuI4Lfy7D0jjEQCfSqwv uQv1LzzriPp5Z5gEXnYRwKI= =2qZv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 8 01:24:21 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 21:24:21 -0400 Subject: [RHSA-2010:0681-01] Critical: firefox security update Message-ID: <201009080124.o881ONb2032753@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2010:0681-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0681.html Issue date: 2010-09-07 CVE Names: CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server's ephemeral key is too small. Connecting to such servers is a security risk as an ephemeral key that is too small makes the SSL connection vulnerable to attack. Refer to the Solution section for further information. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 If you encounter the condition where Firefox fails to connect to a server that has an ephemeral key that is too small, you can try connecting using a cipher suite with a different key exchange algorithm by disabling all DHE cipher suites in Firefox: 1) Type about:config in the URL bar and press the Enter key. 2) In the Filter search bar, type ssl3.dhe 3) For all preferences now presented, double-click the true value to change the value to false. Note: This change would affect connections to all HTTPS servers. 5. Bugs fixed (http://bugzilla.redhat.com/): 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50) 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51) 630061 - CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53) 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54) 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55) 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56) 630069 - CVE-2010-2766 Mozilla Crash and remote code execution in normalizeDocument (MFSA 2010-57) 630071 - CVE-2010-2762 Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59) 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61) 630075 - CVE-2010-2769 Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62) 630078 - CVE-2010-2764 Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.9-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nspr-4.8.6-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.7-1.el4.src.rpm i386: firefox-3.6.9-1.el4.i386.rpm firefox-debuginfo-3.6.9-1.el4.i386.rpm nspr-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-devel-4.8.6-1.el4.i386.rpm nss-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-devel-3.12.7-1.el4.i386.rpm nss-tools-3.12.7-1.el4.i386.rpm ia64: firefox-3.6.9-1.el4.ia64.rpm firefox-debuginfo-3.6.9-1.el4.ia64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.ia64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.ia64.rpm nspr-devel-4.8.6-1.el4.ia64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.ia64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.ia64.rpm nss-devel-3.12.7-1.el4.ia64.rpm nss-tools-3.12.7-1.el4.ia64.rpm ppc: firefox-3.6.9-1.el4.ppc.rpm firefox-debuginfo-3.6.9-1.el4.ppc.rpm nspr-4.8.6-1.el4.ppc.rpm nspr-4.8.6-1.el4.ppc64.rpm nspr-debuginfo-4.8.6-1.el4.ppc.rpm nspr-debuginfo-4.8.6-1.el4.ppc64.rpm nspr-devel-4.8.6-1.el4.ppc.rpm nss-3.12.7-1.el4.ppc.rpm nss-3.12.7-1.el4.ppc64.rpm nss-debuginfo-3.12.7-1.el4.ppc.rpm nss-debuginfo-3.12.7-1.el4.ppc64.rpm nss-devel-3.12.7-1.el4.ppc.rpm nss-tools-3.12.7-1.el4.ppc.rpm s390: firefox-3.6.9-1.el4.s390.rpm firefox-debuginfo-3.6.9-1.el4.s390.rpm nspr-4.8.6-1.el4.s390.rpm nspr-debuginfo-4.8.6-1.el4.s390.rpm nspr-devel-4.8.6-1.el4.s390.rpm nss-3.12.7-1.el4.s390.rpm nss-debuginfo-3.12.7-1.el4.s390.rpm nss-devel-3.12.7-1.el4.s390.rpm nss-tools-3.12.7-1.el4.s390.rpm s390x: firefox-3.6.9-1.el4.s390x.rpm firefox-debuginfo-3.6.9-1.el4.s390x.rpm nspr-4.8.6-1.el4.s390.rpm nspr-4.8.6-1.el4.s390x.rpm nspr-debuginfo-4.8.6-1.el4.s390.rpm nspr-debuginfo-4.8.6-1.el4.s390x.rpm nspr-devel-4.8.6-1.el4.s390x.rpm nss-3.12.7-1.el4.s390.rpm nss-3.12.7-1.el4.s390x.rpm nss-debuginfo-3.12.7-1.el4.s390.rpm nss-debuginfo-3.12.7-1.el4.s390x.rpm nss-devel-3.12.7-1.el4.s390x.rpm nss-tools-3.12.7-1.el4.s390x.rpm x86_64: firefox-3.6.9-1.el4.x86_64.rpm firefox-debuginfo-3.6.9-1.el4.x86_64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.x86_64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.x86_64.rpm nspr-devel-4.8.6-1.el4.x86_64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.x86_64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.x86_64.rpm nss-devel-3.12.7-1.el4.x86_64.rpm nss-tools-3.12.7-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.9-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nspr-4.8.6-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.7-1.el4.src.rpm i386: firefox-3.6.9-1.el4.i386.rpm firefox-debuginfo-3.6.9-1.el4.i386.rpm nspr-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-devel-4.8.6-1.el4.i386.rpm nss-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-devel-3.12.7-1.el4.i386.rpm nss-tools-3.12.7-1.el4.i386.rpm x86_64: firefox-3.6.9-1.el4.x86_64.rpm firefox-debuginfo-3.6.9-1.el4.x86_64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.x86_64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.x86_64.rpm nspr-devel-4.8.6-1.el4.x86_64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.x86_64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.x86_64.rpm nss-devel-3.12.7-1.el4.x86_64.rpm nss-tools-3.12.7-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.9-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nspr-4.8.6-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.7-1.el4.src.rpm i386: firefox-3.6.9-1.el4.i386.rpm firefox-debuginfo-3.6.9-1.el4.i386.rpm nspr-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-devel-4.8.6-1.el4.i386.rpm nss-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-devel-3.12.7-1.el4.i386.rpm nss-tools-3.12.7-1.el4.i386.rpm ia64: firefox-3.6.9-1.el4.ia64.rpm firefox-debuginfo-3.6.9-1.el4.ia64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.ia64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.ia64.rpm nspr-devel-4.8.6-1.el4.ia64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.ia64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.ia64.rpm nss-devel-3.12.7-1.el4.ia64.rpm nss-tools-3.12.7-1.el4.ia64.rpm x86_64: firefox-3.6.9-1.el4.x86_64.rpm firefox-debuginfo-3.6.9-1.el4.x86_64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.x86_64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.x86_64.rpm nspr-devel-4.8.6-1.el4.x86_64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.x86_64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.x86_64.rpm nss-devel-3.12.7-1.el4.x86_64.rpm nss-tools-3.12.7-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.9-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nspr-4.8.6-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.7-1.el4.src.rpm i386: firefox-3.6.9-1.el4.i386.rpm firefox-debuginfo-3.6.9-1.el4.i386.rpm nspr-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-devel-4.8.6-1.el4.i386.rpm nss-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-devel-3.12.7-1.el4.i386.rpm nss-tools-3.12.7-1.el4.i386.rpm ia64: firefox-3.6.9-1.el4.ia64.rpm firefox-debuginfo-3.6.9-1.el4.ia64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.ia64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.ia64.rpm nspr-devel-4.8.6-1.el4.ia64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.ia64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.ia64.rpm nss-devel-3.12.7-1.el4.ia64.rpm nss-tools-3.12.7-1.el4.ia64.rpm x86_64: firefox-3.6.9-1.el4.x86_64.rpm firefox-debuginfo-3.6.9-1.el4.x86_64.rpm nspr-4.8.6-1.el4.i386.rpm nspr-4.8.6-1.el4.x86_64.rpm nspr-debuginfo-4.8.6-1.el4.i386.rpm nspr-debuginfo-4.8.6-1.el4.x86_64.rpm nspr-devel-4.8.6-1.el4.x86_64.rpm nss-3.12.7-1.el4.i386.rpm nss-3.12.7-1.el4.x86_64.rpm nss-debuginfo-3.12.7-1.el4.i386.rpm nss-debuginfo-3.12.7-1.el4.x86_64.rpm nss-devel-3.12.7-1.el4.x86_64.rpm nss-tools-3.12.7-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.9-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.6-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.7-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.9-1.el5.src.rpm i386: firefox-3.6.9-2.el5.i386.rpm firefox-debuginfo-3.6.9-2.el5.i386.rpm nspr-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.i386.rpm nss-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-tools-3.12.7-2.el5.i386.rpm xulrunner-1.9.2.9-1.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm x86_64: firefox-3.6.9-2.el5.i386.rpm firefox-3.6.9-2.el5.x86_64.rpm firefox-debuginfo-3.6.9-2.el5.i386.rpm firefox-debuginfo-3.6.9-2.el5.x86_64.rpm nspr-4.8.6-1.el5.i386.rpm nspr-4.8.6-1.el5.x86_64.rpm nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.x86_64.rpm nss-3.12.7-2.el5.i386.rpm nss-3.12.7-2.el5.x86_64.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.x86_64.rpm nss-tools-3.12.7-2.el5.x86_64.rpm xulrunner-1.9.2.9-1.el5.i386.rpm xulrunner-1.9.2.9-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.6-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.7-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.9-1.el5.src.rpm i386: nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-devel-4.8.6-1.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-devel-3.12.7-2.el5.i386.rpm nss-pkcs11-devel-3.12.7-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm xulrunner-devel-1.9.2.9-1.el5.i386.rpm x86_64: nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.x86_64.rpm nspr-devel-4.8.6-1.el5.i386.rpm nspr-devel-4.8.6-1.el5.x86_64.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.x86_64.rpm nss-devel-3.12.7-2.el5.i386.rpm nss-devel-3.12.7-2.el5.x86_64.rpm nss-pkcs11-devel-3.12.7-2.el5.i386.rpm nss-pkcs11-devel-3.12.7-2.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.x86_64.rpm xulrunner-devel-1.9.2.9-1.el5.i386.rpm xulrunner-devel-1.9.2.9-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.9-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.8.6-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.7-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.9-1.el5.src.rpm i386: firefox-3.6.9-2.el5.i386.rpm firefox-debuginfo-3.6.9-2.el5.i386.rpm nspr-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-devel-4.8.6-1.el5.i386.rpm nss-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-devel-3.12.7-2.el5.i386.rpm nss-pkcs11-devel-3.12.7-2.el5.i386.rpm nss-tools-3.12.7-2.el5.i386.rpm xulrunner-1.9.2.9-1.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm xulrunner-devel-1.9.2.9-1.el5.i386.rpm ia64: firefox-3.6.9-2.el5.ia64.rpm firefox-debuginfo-3.6.9-2.el5.ia64.rpm nspr-4.8.6-1.el5.i386.rpm nspr-4.8.6-1.el5.ia64.rpm nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.ia64.rpm nspr-devel-4.8.6-1.el5.ia64.rpm nss-3.12.7-2.el5.i386.rpm nss-3.12.7-2.el5.ia64.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.ia64.rpm nss-devel-3.12.7-2.el5.ia64.rpm nss-pkcs11-devel-3.12.7-2.el5.ia64.rpm nss-tools-3.12.7-2.el5.ia64.rpm xulrunner-1.9.2.9-1.el5.ia64.rpm xulrunner-debuginfo-1.9.2.9-1.el5.ia64.rpm xulrunner-devel-1.9.2.9-1.el5.ia64.rpm ppc: firefox-3.6.9-2.el5.ppc.rpm firefox-debuginfo-3.6.9-2.el5.ppc.rpm nspr-4.8.6-1.el5.ppc.rpm nspr-4.8.6-1.el5.ppc64.rpm nspr-debuginfo-4.8.6-1.el5.ppc.rpm nspr-debuginfo-4.8.6-1.el5.ppc64.rpm nspr-devel-4.8.6-1.el5.ppc.rpm nspr-devel-4.8.6-1.el5.ppc64.rpm nss-3.12.7-2.el5.ppc.rpm nss-3.12.7-2.el5.ppc64.rpm nss-debuginfo-3.12.7-2.el5.ppc.rpm nss-debuginfo-3.12.7-2.el5.ppc64.rpm nss-devel-3.12.7-2.el5.ppc.rpm nss-devel-3.12.7-2.el5.ppc64.rpm nss-pkcs11-devel-3.12.7-2.el5.ppc.rpm nss-pkcs11-devel-3.12.7-2.el5.ppc64.rpm nss-tools-3.12.7-2.el5.ppc.rpm xulrunner-1.9.2.9-1.el5.ppc.rpm xulrunner-1.9.2.9-1.el5.ppc64.rpm xulrunner-debuginfo-1.9.2.9-1.el5.ppc.rpm xulrunner-debuginfo-1.9.2.9-1.el5.ppc64.rpm xulrunner-devel-1.9.2.9-1.el5.ppc.rpm xulrunner-devel-1.9.2.9-1.el5.ppc64.rpm s390x: firefox-3.6.9-2.el5.s390.rpm firefox-3.6.9-2.el5.s390x.rpm firefox-debuginfo-3.6.9-2.el5.s390.rpm firefox-debuginfo-3.6.9-2.el5.s390x.rpm nspr-4.8.6-1.el5.s390.rpm nspr-4.8.6-1.el5.s390x.rpm nspr-debuginfo-4.8.6-1.el5.s390.rpm nspr-debuginfo-4.8.6-1.el5.s390x.rpm nspr-devel-4.8.6-1.el5.s390.rpm nspr-devel-4.8.6-1.el5.s390x.rpm nss-3.12.7-2.el5.s390.rpm nss-3.12.7-2.el5.s390x.rpm nss-debuginfo-3.12.7-2.el5.s390.rpm nss-debuginfo-3.12.7-2.el5.s390x.rpm nss-devel-3.12.7-2.el5.s390.rpm nss-devel-3.12.7-2.el5.s390x.rpm nss-pkcs11-devel-3.12.7-2.el5.s390.rpm nss-pkcs11-devel-3.12.7-2.el5.s390x.rpm nss-tools-3.12.7-2.el5.s390x.rpm xulrunner-1.9.2.9-1.el5.s390.rpm xulrunner-1.9.2.9-1.el5.s390x.rpm xulrunner-debuginfo-1.9.2.9-1.el5.s390.rpm xulrunner-debuginfo-1.9.2.9-1.el5.s390x.rpm xulrunner-devel-1.9.2.9-1.el5.s390.rpm xulrunner-devel-1.9.2.9-1.el5.s390x.rpm x86_64: firefox-3.6.9-2.el5.i386.rpm firefox-3.6.9-2.el5.x86_64.rpm firefox-debuginfo-3.6.9-2.el5.i386.rpm firefox-debuginfo-3.6.9-2.el5.x86_64.rpm nspr-4.8.6-1.el5.i386.rpm nspr-4.8.6-1.el5.x86_64.rpm nspr-debuginfo-4.8.6-1.el5.i386.rpm nspr-debuginfo-4.8.6-1.el5.x86_64.rpm nspr-devel-4.8.6-1.el5.i386.rpm nspr-devel-4.8.6-1.el5.x86_64.rpm nss-3.12.7-2.el5.i386.rpm nss-3.12.7-2.el5.x86_64.rpm nss-debuginfo-3.12.7-2.el5.i386.rpm nss-debuginfo-3.12.7-2.el5.x86_64.rpm nss-devel-3.12.7-2.el5.i386.rpm nss-devel-3.12.7-2.el5.x86_64.rpm nss-pkcs11-devel-3.12.7-2.el5.i386.rpm nss-pkcs11-devel-3.12.7-2.el5.x86_64.rpm nss-tools-3.12.7-2.el5.x86_64.rpm xulrunner-1.9.2.9-1.el5.i386.rpm xulrunner-1.9.2.9-1.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.9-1.el5.i386.rpm xulrunner-debuginfo-1.9.2.9-1.el5.x86_64.rpm xulrunner-devel-1.9.2.9-1.el5.i386.rpm xulrunner-devel-1.9.2.9-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2760.html https://www.redhat.com/security/data/cve/CVE-2010-2762.html https://www.redhat.com/security/data/cve/CVE-2010-2764.html https://www.redhat.com/security/data/cve/CVE-2010-2765.html https://www.redhat.com/security/data/cve/CVE-2010-2766.html https://www.redhat.com/security/data/cve/CVE-2010-2767.html https://www.redhat.com/security/data/cve/CVE-2010-2768.html https://www.redhat.com/security/data/cve/CVE-2010-2769.html https://www.redhat.com/security/data/cve/CVE-2010-3166.html https://www.redhat.com/security/data/cve/CVE-2010-3167.html https://www.redhat.com/security/data/cve/CVE-2010-3168.html https://www.redhat.com/security/data/cve/CVE-2010-3169.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhuXCXlSAg2UNWIIRAlGjAJ4rrSNgFyTDMYAWo4QqzOxfPDxfwgCfVxhf PUGO3vLIr7H/cAmYjq1wO4Q= =vMs0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 8 01:24:44 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Sep 2010 21:24:44 -0400 Subject: [RHSA-2010:0682-01] Moderate: thunderbird security update Message-ID: <201009080124.o881Oj4s009831@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2010:0682-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0682.html Issue date: 2010-09-07 CVE Names: CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50) 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51) 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54) 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55) 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56) 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-30.el4.src.rpm i386: thunderbird-1.5.0.12-30.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-30.el4.i386.rpm ia64: thunderbird-1.5.0.12-30.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.ia64.rpm ppc: thunderbird-1.5.0.12-30.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-30.el4.ppc.rpm s390: thunderbird-1.5.0.12-30.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-30.el4.s390.rpm s390x: thunderbird-1.5.0.12-30.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-30.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-30.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-30.el4.src.rpm i386: thunderbird-1.5.0.12-30.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-30.el4.i386.rpm x86_64: thunderbird-1.5.0.12-30.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-30.el4.src.rpm i386: thunderbird-1.5.0.12-30.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-30.el4.i386.rpm ia64: thunderbird-1.5.0.12-30.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-30.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-30.el4.src.rpm i386: thunderbird-1.5.0.12-30.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-30.el4.i386.rpm ia64: thunderbird-1.5.0.12-30.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-30.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-30.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-8.el5.src.rpm i386: thunderbird-2.0.0.24-8.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-8.el5.i386.rpm x86_64: thunderbird-2.0.0.24-8.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-8.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-8.el5.src.rpm i386: thunderbird-2.0.0.24-8.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-8.el5.i386.rpm x86_64: thunderbird-2.0.0.24-8.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2760.html https://www.redhat.com/security/data/cve/CVE-2010-2765.html https://www.redhat.com/security/data/cve/CVE-2010-2767.html https://www.redhat.com/security/data/cve/CVE-2010-2768.html https://www.redhat.com/security/data/cve/CVE-2010-3167.html https://www.redhat.com/security/data/cve/CVE-2010-3168.html https://www.redhat.com/security/data/cve/CVE-2010-3169.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMhuXaXlSAg2UNWIIRAlpdAKCojAaN3TFkAhsUQ4TfQUewddky4gCdEWLw fXYuSj5+LTKayb6mHCumGBA= =p+e1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 14 22:10:30 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Sep 2010 16:10:30 -0600 Subject: [RHSA-2010:0697-01] Critical: samba security and bug fix update Message-ID: <201009142210.o8EMAVc3020375@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security and bug fix update Advisory ID: RHSA-2010:0697-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0697.html Issue date: 2010-09-14 CVE Names: CVE-2010-3069 ===================================================================== 1. Summary: Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Red Hat Enterprise Linux 4, this update also fixes the following bug: * Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error: /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 629602 - restorecon: command not found after upgrade - leaves two samba-common versions 630869 - CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.18.src.rpm i386: samba-3.0.9-1.3E.18.i386.rpm samba-client-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-swat-3.0.9-1.3E.18.i386.rpm ia64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.ia64.rpm samba-client-3.0.9-1.3E.18.ia64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.ia64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.ia64.rpm samba-swat-3.0.9-1.3E.18.ia64.rpm ppc: samba-3.0.9-1.3E.18.ppc.rpm samba-3.0.9-1.3E.18.ppc64.rpm samba-client-3.0.9-1.3E.18.ppc.rpm samba-common-3.0.9-1.3E.18.ppc.rpm samba-common-3.0.9-1.3E.18.ppc64.rpm samba-debuginfo-3.0.9-1.3E.18.ppc.rpm samba-debuginfo-3.0.9-1.3E.18.ppc64.rpm samba-swat-3.0.9-1.3E.18.ppc.rpm s390: samba-3.0.9-1.3E.18.s390.rpm samba-client-3.0.9-1.3E.18.s390.rpm samba-common-3.0.9-1.3E.18.s390.rpm samba-debuginfo-3.0.9-1.3E.18.s390.rpm samba-swat-3.0.9-1.3E.18.s390.rpm s390x: samba-3.0.9-1.3E.18.s390.rpm samba-3.0.9-1.3E.18.s390x.rpm samba-client-3.0.9-1.3E.18.s390x.rpm samba-common-3.0.9-1.3E.18.s390.rpm samba-common-3.0.9-1.3E.18.s390x.rpm samba-debuginfo-3.0.9-1.3E.18.s390.rpm samba-debuginfo-3.0.9-1.3E.18.s390x.rpm samba-swat-3.0.9-1.3E.18.s390x.rpm x86_64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.x86_64.rpm samba-client-3.0.9-1.3E.18.x86_64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.x86_64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.x86_64.rpm samba-swat-3.0.9-1.3E.18.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.18.src.rpm i386: samba-3.0.9-1.3E.18.i386.rpm samba-client-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-swat-3.0.9-1.3E.18.i386.rpm x86_64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.x86_64.rpm samba-client-3.0.9-1.3E.18.x86_64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.x86_64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.x86_64.rpm samba-swat-3.0.9-1.3E.18.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.18.src.rpm i386: samba-3.0.9-1.3E.18.i386.rpm samba-client-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-swat-3.0.9-1.3E.18.i386.rpm ia64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.ia64.rpm samba-client-3.0.9-1.3E.18.ia64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.ia64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.ia64.rpm samba-swat-3.0.9-1.3E.18.ia64.rpm x86_64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.x86_64.rpm samba-client-3.0.9-1.3E.18.x86_64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.x86_64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.x86_64.rpm samba-swat-3.0.9-1.3E.18.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.18.src.rpm i386: samba-3.0.9-1.3E.18.i386.rpm samba-client-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-swat-3.0.9-1.3E.18.i386.rpm ia64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.ia64.rpm samba-client-3.0.9-1.3E.18.ia64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.ia64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.ia64.rpm samba-swat-3.0.9-1.3E.18.ia64.rpm x86_64: samba-3.0.9-1.3E.18.i386.rpm samba-3.0.9-1.3E.18.x86_64.rpm samba-client-3.0.9-1.3E.18.x86_64.rpm samba-common-3.0.9-1.3E.18.i386.rpm samba-common-3.0.9-1.3E.18.x86_64.rpm samba-debuginfo-3.0.9-1.3E.18.i386.rpm samba-debuginfo-3.0.9-1.3E.18.x86_64.rpm samba-swat-3.0.9-1.3E.18.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm i386: samba-3.0.33-0.19.el4_8.3.i386.rpm samba-client-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-swat-3.0.33-0.19.el4_8.3.i386.rpm ia64: samba-3.0.33-0.19.el4_8.3.ia64.rpm samba-client-3.0.33-0.19.el4_8.3.ia64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.ia64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.ia64.rpm samba-swat-3.0.33-0.19.el4_8.3.ia64.rpm ppc: samba-3.0.33-0.19.el4_8.3.ppc.rpm samba-client-3.0.33-0.19.el4_8.3.ppc.rpm samba-common-3.0.33-0.19.el4_8.3.ppc.rpm samba-common-3.0.33-0.19.el4_8.3.ppc64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.ppc.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.ppc64.rpm samba-swat-3.0.33-0.19.el4_8.3.ppc.rpm s390: samba-3.0.33-0.19.el4_8.3.s390.rpm samba-client-3.0.33-0.19.el4_8.3.s390.rpm samba-common-3.0.33-0.19.el4_8.3.s390.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.s390.rpm samba-swat-3.0.33-0.19.el4_8.3.s390.rpm s390x: samba-3.0.33-0.19.el4_8.3.s390x.rpm samba-client-3.0.33-0.19.el4_8.3.s390x.rpm samba-common-3.0.33-0.19.el4_8.3.s390.rpm samba-common-3.0.33-0.19.el4_8.3.s390x.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.s390.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.s390x.rpm samba-swat-3.0.33-0.19.el4_8.3.s390x.rpm x86_64: samba-3.0.33-0.19.el4_8.3.x86_64.rpm samba-client-3.0.33-0.19.el4_8.3.x86_64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.x86_64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.x86_64.rpm samba-swat-3.0.33-0.19.el4_8.3.x86_64.rpm Red Hat Enterprise Linux AS version 4.7.z: Source: samba-3.0.28-0.10.el4_7.1.src.rpm i386: samba-3.0.28-0.10.el4_7.1.i386.rpm samba-client-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-swat-3.0.28-0.10.el4_7.1.i386.rpm ia64: samba-3.0.28-0.10.el4_7.1.ia64.rpm samba-client-3.0.28-0.10.el4_7.1.ia64.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.ia64.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.ia64.rpm samba-swat-3.0.28-0.10.el4_7.1.ia64.rpm ppc: samba-3.0.28-0.10.el4_7.1.ppc.rpm samba-client-3.0.28-0.10.el4_7.1.ppc.rpm samba-common-3.0.28-0.10.el4_7.1.ppc.rpm samba-common-3.0.28-0.10.el4_7.1.ppc64.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.ppc.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.ppc64.rpm samba-swat-3.0.28-0.10.el4_7.1.ppc.rpm s390: samba-3.0.28-0.10.el4_7.1.s390.rpm samba-client-3.0.28-0.10.el4_7.1.s390.rpm samba-common-3.0.28-0.10.el4_7.1.s390.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.s390.rpm samba-swat-3.0.28-0.10.el4_7.1.s390.rpm s390x: samba-3.0.28-0.10.el4_7.1.s390x.rpm samba-client-3.0.28-0.10.el4_7.1.s390x.rpm samba-common-3.0.28-0.10.el4_7.1.s390.rpm samba-common-3.0.28-0.10.el4_7.1.s390x.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.s390.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.s390x.rpm samba-swat-3.0.28-0.10.el4_7.1.s390x.rpm x86_64: samba-3.0.28-0.10.el4_7.1.x86_64.rpm samba-client-3.0.28-0.10.el4_7.1.x86_64.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.x86_64.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.x86_64.rpm samba-swat-3.0.28-0.10.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm i386: samba-3.0.33-0.19.el4_8.3.i386.rpm samba-client-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-swat-3.0.33-0.19.el4_8.3.i386.rpm x86_64: samba-3.0.33-0.19.el4_8.3.x86_64.rpm samba-client-3.0.33-0.19.el4_8.3.x86_64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.x86_64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.x86_64.rpm samba-swat-3.0.33-0.19.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm i386: samba-3.0.33-0.19.el4_8.3.i386.rpm samba-client-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-swat-3.0.33-0.19.el4_8.3.i386.rpm ia64: samba-3.0.33-0.19.el4_8.3.ia64.rpm samba-client-3.0.33-0.19.el4_8.3.ia64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.ia64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.ia64.rpm samba-swat-3.0.33-0.19.el4_8.3.ia64.rpm x86_64: samba-3.0.33-0.19.el4_8.3.x86_64.rpm samba-client-3.0.33-0.19.el4_8.3.x86_64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.x86_64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.x86_64.rpm samba-swat-3.0.33-0.19.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: Source: samba-3.0.28-0.10.el4_7.1.src.rpm i386: samba-3.0.28-0.10.el4_7.1.i386.rpm samba-client-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-swat-3.0.28-0.10.el4_7.1.i386.rpm ia64: samba-3.0.28-0.10.el4_7.1.ia64.rpm samba-client-3.0.28-0.10.el4_7.1.ia64.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.ia64.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.ia64.rpm samba-swat-3.0.28-0.10.el4_7.1.ia64.rpm x86_64: samba-3.0.28-0.10.el4_7.1.x86_64.rpm samba-client-3.0.28-0.10.el4_7.1.x86_64.rpm samba-common-3.0.28-0.10.el4_7.1.i386.rpm samba-common-3.0.28-0.10.el4_7.1.x86_64.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.i386.rpm samba-debuginfo-3.0.28-0.10.el4_7.1.x86_64.rpm samba-swat-3.0.28-0.10.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.33-0.19.el4_8.3.src.rpm i386: samba-3.0.33-0.19.el4_8.3.i386.rpm samba-client-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-swat-3.0.33-0.19.el4_8.3.i386.rpm ia64: samba-3.0.33-0.19.el4_8.3.ia64.rpm samba-client-3.0.33-0.19.el4_8.3.ia64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.ia64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.ia64.rpm samba-swat-3.0.33-0.19.el4_8.3.ia64.rpm x86_64: samba-3.0.33-0.19.el4_8.3.x86_64.rpm samba-client-3.0.33-0.19.el4_8.3.x86_64.rpm samba-common-3.0.33-0.19.el4_8.3.i386.rpm samba-common-3.0.33-0.19.el4_8.3.x86_64.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.i386.rpm samba-debuginfo-3.0.33-0.19.el4_8.3.x86_64.rpm samba-swat-3.0.33-0.19.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.29.el5_5.1.src.rpm i386: libsmbclient-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.i386.rpm samba-3.0.33-3.29.el5_5.1.i386.rpm samba-client-3.0.33-3.29.el5_5.1.i386.rpm samba-common-3.0.33-3.29.el5_5.1.i386.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.i386.rpm samba-swat-3.0.33-3.29.el5_5.1.i386.rpm x86_64: libsmbclient-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-3.0.33-3.29.el5_5.1.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.x86_64.rpm samba-3.0.33-3.29.el5_5.1.x86_64.rpm samba-client-3.0.33-3.29.el5_5.1.x86_64.rpm samba-common-3.0.33-3.29.el5_5.1.i386.rpm samba-common-3.0.33-3.29.el5_5.1.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.i386.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.x86_64.rpm samba-swat-3.0.33-3.29.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.29.el5_5.1.src.rpm i386: libsmbclient-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.i386.rpm samba-3.0.33-3.29.el5_5.1.i386.rpm samba-client-3.0.33-3.29.el5_5.1.i386.rpm samba-common-3.0.33-3.29.el5_5.1.i386.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.i386.rpm samba-swat-3.0.33-3.29.el5_5.1.i386.rpm ia64: libsmbclient-3.0.33-3.29.el5_5.1.ia64.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.ia64.rpm samba-3.0.33-3.29.el5_5.1.ia64.rpm samba-client-3.0.33-3.29.el5_5.1.ia64.rpm samba-common-3.0.33-3.29.el5_5.1.ia64.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.ia64.rpm samba-swat-3.0.33-3.29.el5_5.1.ia64.rpm ppc: libsmbclient-3.0.33-3.29.el5_5.1.ppc.rpm libsmbclient-3.0.33-3.29.el5_5.1.ppc64.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.ppc.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.ppc64.rpm samba-3.0.33-3.29.el5_5.1.ppc.rpm samba-client-3.0.33-3.29.el5_5.1.ppc.rpm samba-common-3.0.33-3.29.el5_5.1.ppc.rpm samba-common-3.0.33-3.29.el5_5.1.ppc64.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.ppc.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.ppc64.rpm samba-swat-3.0.33-3.29.el5_5.1.ppc.rpm s390x: libsmbclient-3.0.33-3.29.el5_5.1.s390.rpm libsmbclient-3.0.33-3.29.el5_5.1.s390x.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.s390.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.s390x.rpm samba-3.0.33-3.29.el5_5.1.s390x.rpm samba-client-3.0.33-3.29.el5_5.1.s390x.rpm samba-common-3.0.33-3.29.el5_5.1.s390.rpm samba-common-3.0.33-3.29.el5_5.1.s390x.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.s390.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.s390x.rpm samba-swat-3.0.33-3.29.el5_5.1.s390x.rpm x86_64: libsmbclient-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-3.0.33-3.29.el5_5.1.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_5.1.x86_64.rpm samba-3.0.33-3.29.el5_5.1.x86_64.rpm samba-client-3.0.33-3.29.el5_5.1.x86_64.rpm samba-common-3.0.33-3.29.el5_5.1.i386.rpm samba-common-3.0.33-3.29.el5_5.1.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.i386.rpm samba-debuginfo-3.0.33-3.29.el5_5.1.x86_64.rpm samba-swat-3.0.33-3.29.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5.3.z server): Source: samba-3.0.33-3.7.el5_3.3.src.rpm i386: samba-3.0.33-3.7.el5_3.3.i386.rpm samba-client-3.0.33-3.7.el5_3.3.i386.rpm samba-common-3.0.33-3.7.el5_3.3.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.i386.rpm samba-swat-3.0.33-3.7.el5_3.3.i386.rpm ia64: samba-3.0.33-3.7.el5_3.3.ia64.rpm samba-client-3.0.33-3.7.el5_3.3.ia64.rpm samba-common-3.0.33-3.7.el5_3.3.ia64.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.ia64.rpm samba-swat-3.0.33-3.7.el5_3.3.ia64.rpm ppc: samba-3.0.33-3.7.el5_3.3.ppc.rpm samba-client-3.0.33-3.7.el5_3.3.ppc.rpm samba-common-3.0.33-3.7.el5_3.3.ppc.rpm samba-common-3.0.33-3.7.el5_3.3.ppc64.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.ppc.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.ppc64.rpm samba-swat-3.0.33-3.7.el5_3.3.ppc.rpm s390x: samba-3.0.33-3.7.el5_3.3.s390x.rpm samba-client-3.0.33-3.7.el5_3.3.s390x.rpm samba-common-3.0.33-3.7.el5_3.3.s390.rpm samba-common-3.0.33-3.7.el5_3.3.s390x.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.s390.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.s390x.rpm samba-swat-3.0.33-3.7.el5_3.3.s390x.rpm x86_64: samba-3.0.33-3.7.el5_3.3.x86_64.rpm samba-client-3.0.33-3.7.el5_3.3.x86_64.rpm samba-common-3.0.33-3.7.el5_3.3.i386.rpm samba-common-3.0.33-3.7.el5_3.3.x86_64.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.3.x86_64.rpm samba-swat-3.0.33-3.7.el5_3.3.x86_64.rpm Red Hat Enterprise Linux (v. 5.4.z server): Source: samba-3.0.33-3.15.el5_4.3.src.rpm i386: samba-3.0.33-3.15.el5_4.3.i386.rpm samba-client-3.0.33-3.15.el5_4.3.i386.rpm samba-common-3.0.33-3.15.el5_4.3.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.i386.rpm samba-swat-3.0.33-3.15.el5_4.3.i386.rpm ia64: samba-3.0.33-3.15.el5_4.3.ia64.rpm samba-client-3.0.33-3.15.el5_4.3.ia64.rpm samba-common-3.0.33-3.15.el5_4.3.ia64.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.ia64.rpm samba-swat-3.0.33-3.15.el5_4.3.ia64.rpm ppc: samba-3.0.33-3.15.el5_4.3.ppc.rpm samba-client-3.0.33-3.15.el5_4.3.ppc.rpm samba-common-3.0.33-3.15.el5_4.3.ppc.rpm samba-common-3.0.33-3.15.el5_4.3.ppc64.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.ppc.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.ppc64.rpm samba-swat-3.0.33-3.15.el5_4.3.ppc.rpm s390x: samba-3.0.33-3.15.el5_4.3.s390x.rpm samba-client-3.0.33-3.15.el5_4.3.s390x.rpm samba-common-3.0.33-3.15.el5_4.3.s390.rpm samba-common-3.0.33-3.15.el5_4.3.s390x.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.s390.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.s390x.rpm samba-swat-3.0.33-3.15.el5_4.3.s390x.rpm x86_64: samba-3.0.33-3.15.el5_4.3.x86_64.rpm samba-client-3.0.33-3.15.el5_4.3.x86_64.rpm samba-common-3.0.33-3.15.el5_4.3.i386.rpm samba-common-3.0.33-3.15.el5_4.3.x86_64.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.i386.rpm samba-debuginfo-3.0.33-3.15.el5_4.3.x86_64.rpm samba-swat-3.0.33-3.15.el5_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3069.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMj/KBXlSAg2UNWIIRAivwAJ9OzXjdUdIDYVYnFjkQiNJD12ApcwCfePpG CXaWUE6D3XlzYnWBqwo0mVo= =TBoe -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 14 22:11:13 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Sep 2010 16:11:13 -0600 Subject: [RHSA-2010:0698-01] Critical: samba3x security update Message-ID: <201009142211.o8EMBDR7020464@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2010:0698-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0698.html Issue date: 2010-09-14 CVE Names: CVE-2010-3069 ===================================================================== 1. Summary: Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630869 - CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.3.8-0.52.el5_5.2.src.rpm i386: libtalloc-1.2.0-52.el5_5.2.i386.rpm libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm libtdb-1.1.2-52.el5_5.2.i386.rpm libtdb-devel-1.1.2-52.el5_5.2.i386.rpm samba3x-3.3.8-0.52.el5_5.2.i386.rpm samba3x-client-3.3.8-0.52.el5_5.2.i386.rpm samba3x-common-3.3.8-0.52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm samba3x-doc-3.3.8-0.52.el5_5.2.i386.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.i386.rpm samba3x-swat-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.i386.rpm tdb-tools-1.1.2-52.el5_5.2.i386.rpm x86_64: libtalloc-1.2.0-52.el5_5.2.i386.rpm libtalloc-1.2.0-52.el5_5.2.x86_64.rpm libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm libtalloc-devel-1.2.0-52.el5_5.2.x86_64.rpm libtdb-1.1.2-52.el5_5.2.i386.rpm libtdb-1.1.2-52.el5_5.2.x86_64.rpm libtdb-devel-1.1.2-52.el5_5.2.i386.rpm libtdb-devel-1.1.2-52.el5_5.2.x86_64.rpm samba3x-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-client-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-common-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-doc-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-swat-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.x86_64.rpm tdb-tools-1.1.2-52.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): i386: libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm x86_64: libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm libtalloc-devel-1.2.0-52.el5_5.2.x86_64.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.3.8-0.52.el5_5.2.src.rpm i386: libtalloc-1.2.0-52.el5_5.2.i386.rpm libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm libtdb-1.1.2-52.el5_5.2.i386.rpm libtdb-devel-1.1.2-52.el5_5.2.i386.rpm samba3x-3.3.8-0.52.el5_5.2.i386.rpm samba3x-client-3.3.8-0.52.el5_5.2.i386.rpm samba3x-common-3.3.8-0.52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm samba3x-doc-3.3.8-0.52.el5_5.2.i386.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.i386.rpm samba3x-swat-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.i386.rpm tdb-tools-1.1.2-52.el5_5.2.i386.rpm ia64: libtalloc-1.2.0-52.el5_5.2.ia64.rpm libtalloc-devel-1.2.0-52.el5_5.2.ia64.rpm libtdb-1.1.2-52.el5_5.2.ia64.rpm libtdb-devel-1.1.2-52.el5_5.2.ia64.rpm samba3x-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-client-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-common-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-doc-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-swat-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.ia64.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.ia64.rpm tdb-tools-1.1.2-52.el5_5.2.ia64.rpm ppc: libtalloc-1.2.0-52.el5_5.2.ppc.rpm libtalloc-1.2.0-52.el5_5.2.ppc64.rpm libtalloc-devel-1.2.0-52.el5_5.2.ppc.rpm libtalloc-devel-1.2.0-52.el5_5.2.ppc64.rpm libtdb-1.1.2-52.el5_5.2.ppc.rpm libtdb-1.1.2-52.el5_5.2.ppc64.rpm libtdb-devel-1.1.2-52.el5_5.2.ppc.rpm libtdb-devel-1.1.2-52.el5_5.2.ppc64.rpm samba3x-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-client-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-common-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.ppc64.rpm samba3x-doc-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-swat-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.ppc64.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.ppc.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.ppc64.rpm tdb-tools-1.1.2-52.el5_5.2.ppc.rpm s390x: libtalloc-1.2.0-52.el5_5.2.s390.rpm libtalloc-1.2.0-52.el5_5.2.s390x.rpm libtalloc-devel-1.2.0-52.el5_5.2.s390.rpm libtalloc-devel-1.2.0-52.el5_5.2.s390x.rpm libtdb-1.1.2-52.el5_5.2.s390.rpm libtdb-1.1.2-52.el5_5.2.s390x.rpm libtdb-devel-1.1.2-52.el5_5.2.s390.rpm libtdb-devel-1.1.2-52.el5_5.2.s390x.rpm samba3x-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-client-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-common-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.s390.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-doc-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-swat-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.s390.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.s390x.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.s390.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.s390x.rpm tdb-tools-1.1.2-52.el5_5.2.s390x.rpm x86_64: libtalloc-1.2.0-52.el5_5.2.i386.rpm libtalloc-1.2.0-52.el5_5.2.x86_64.rpm libtalloc-devel-1.2.0-52.el5_5.2.i386.rpm libtalloc-devel-1.2.0-52.el5_5.2.x86_64.rpm libtdb-1.1.2-52.el5_5.2.i386.rpm libtdb-1.1.2-52.el5_5.2.x86_64.rpm libtdb-devel-1.1.2-52.el5_5.2.i386.rpm libtdb-devel-1.1.2-52.el5_5.2.x86_64.rpm samba3x-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-client-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-common-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.i386.rpm samba3x-debuginfo-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-doc-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-domainjoin-gui-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-swat-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-3.3.8-0.52.el5_5.2.x86_64.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.i386.rpm samba3x-winbind-devel-3.3.8-0.52.el5_5.2.x86_64.rpm tdb-tools-1.1.2-52.el5_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3069.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMj/LpXlSAg2UNWIIRAhYgAJ9aydp2NmnlQ92YbIUt0X09jWNJ9wCfYIEm avIyvjT2YxJDKYs8TV6p5n0= =Oyu0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 21 01:11:52 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Sep 2010 19:11:52 -0600 Subject: [RHSA-2010:0703-01] Important: bzip2 security update Message-ID: <201009210111.o8L1BrjC015917@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bzip2 security update Advisory ID: RHSA-2010:0703-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0703.html Issue date: 2010-09-20 CVE Names: CVE-2010-0405 ===================================================================== 1. Summary: Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 627882 - CVE-2010-0405 bzip2: integer overflow flaw in BZ2_decompress 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/bzip2-1.0.2-14.EL3.src.rpm i386: bzip2-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-devel-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm ia64: bzip2-1.0.2-14.EL3.ia64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.ia64.rpm bzip2-devel-1.0.2-14.EL3.ia64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.ia64.rpm ppc: bzip2-1.0.2-14.EL3.ppc.rpm bzip2-debuginfo-1.0.2-14.EL3.ppc.rpm bzip2-debuginfo-1.0.2-14.EL3.ppc64.rpm bzip2-devel-1.0.2-14.EL3.ppc.rpm bzip2-libs-1.0.2-14.EL3.ppc.rpm bzip2-libs-1.0.2-14.EL3.ppc64.rpm s390: bzip2-1.0.2-14.EL3.s390.rpm bzip2-debuginfo-1.0.2-14.EL3.s390.rpm bzip2-devel-1.0.2-14.EL3.s390.rpm bzip2-libs-1.0.2-14.EL3.s390.rpm s390x: bzip2-1.0.2-14.EL3.s390x.rpm bzip2-debuginfo-1.0.2-14.EL3.s390.rpm bzip2-debuginfo-1.0.2-14.EL3.s390x.rpm bzip2-devel-1.0.2-14.EL3.s390x.rpm bzip2-libs-1.0.2-14.EL3.s390.rpm bzip2-libs-1.0.2-14.EL3.s390x.rpm x86_64: bzip2-1.0.2-14.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.x86_64.rpm bzip2-devel-1.0.2-14.EL3.x86_64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/bzip2-1.0.2-14.EL3.src.rpm i386: bzip2-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-devel-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm x86_64: bzip2-1.0.2-14.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.x86_64.rpm bzip2-devel-1.0.2-14.EL3.x86_64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/bzip2-1.0.2-14.EL3.src.rpm i386: bzip2-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-devel-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm ia64: bzip2-1.0.2-14.EL3.ia64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.ia64.rpm bzip2-devel-1.0.2-14.EL3.ia64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.ia64.rpm x86_64: bzip2-1.0.2-14.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.x86_64.rpm bzip2-devel-1.0.2-14.EL3.x86_64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/bzip2-1.0.2-14.EL3.src.rpm i386: bzip2-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-devel-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm ia64: bzip2-1.0.2-14.EL3.ia64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.ia64.rpm bzip2-devel-1.0.2-14.EL3.ia64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.ia64.rpm x86_64: bzip2-1.0.2-14.EL3.x86_64.rpm bzip2-debuginfo-1.0.2-14.EL3.i386.rpm bzip2-debuginfo-1.0.2-14.EL3.x86_64.rpm bzip2-devel-1.0.2-14.EL3.x86_64.rpm bzip2-libs-1.0.2-14.EL3.i386.rpm bzip2-libs-1.0.2-14.EL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bzip2-1.0.2-16.el4_8.src.rpm i386: bzip2-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm ia64: bzip2-1.0.2-16.el4_8.ia64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.ia64.rpm bzip2-devel-1.0.2-16.el4_8.ia64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.ia64.rpm ppc: bzip2-1.0.2-16.el4_8.ppc.rpm bzip2-debuginfo-1.0.2-16.el4_8.ppc.rpm bzip2-debuginfo-1.0.2-16.el4_8.ppc64.rpm bzip2-devel-1.0.2-16.el4_8.ppc.rpm bzip2-devel-1.0.2-16.el4_8.ppc64.rpm bzip2-libs-1.0.2-16.el4_8.ppc.rpm bzip2-libs-1.0.2-16.el4_8.ppc64.rpm s390: bzip2-1.0.2-16.el4_8.s390.rpm bzip2-debuginfo-1.0.2-16.el4_8.s390.rpm bzip2-devel-1.0.2-16.el4_8.s390.rpm bzip2-libs-1.0.2-16.el4_8.s390.rpm s390x: bzip2-1.0.2-16.el4_8.s390x.rpm bzip2-debuginfo-1.0.2-16.el4_8.s390.rpm bzip2-debuginfo-1.0.2-16.el4_8.s390x.rpm bzip2-devel-1.0.2-16.el4_8.s390.rpm bzip2-devel-1.0.2-16.el4_8.s390x.rpm bzip2-libs-1.0.2-16.el4_8.s390.rpm bzip2-libs-1.0.2-16.el4_8.s390x.rpm x86_64: bzip2-1.0.2-16.el4_8.x86_64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.x86_64.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.x86_64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bzip2-1.0.2-16.el4_8.src.rpm i386: bzip2-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm x86_64: bzip2-1.0.2-16.el4_8.x86_64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.x86_64.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.x86_64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bzip2-1.0.2-16.el4_8.src.rpm i386: bzip2-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm ia64: bzip2-1.0.2-16.el4_8.ia64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.ia64.rpm bzip2-devel-1.0.2-16.el4_8.ia64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.ia64.rpm x86_64: bzip2-1.0.2-16.el4_8.x86_64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.x86_64.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.x86_64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bzip2-1.0.2-16.el4_8.src.rpm i386: bzip2-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm ia64: bzip2-1.0.2-16.el4_8.ia64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.ia64.rpm bzip2-devel-1.0.2-16.el4_8.ia64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.ia64.rpm x86_64: bzip2-1.0.2-16.el4_8.x86_64.rpm bzip2-debuginfo-1.0.2-16.el4_8.i386.rpm bzip2-debuginfo-1.0.2-16.el4_8.x86_64.rpm bzip2-devel-1.0.2-16.el4_8.i386.rpm bzip2-devel-1.0.2-16.el4_8.x86_64.rpm bzip2-libs-1.0.2-16.el4_8.i386.rpm bzip2-libs-1.0.2-16.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bzip2-1.0.3-6.el5_5.src.rpm i386: bzip2-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-libs-1.0.3-6.el5_5.i386.rpm x86_64: bzip2-1.0.3-6.el5_5.x86_64.rpm bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.x86_64.rpm bzip2-libs-1.0.3-6.el5_5.i386.rpm bzip2-libs-1.0.3-6.el5_5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bzip2-1.0.3-6.el5_5.src.rpm i386: bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-devel-1.0.3-6.el5_5.i386.rpm x86_64: bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.x86_64.rpm bzip2-devel-1.0.3-6.el5_5.i386.rpm bzip2-devel-1.0.3-6.el5_5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bzip2-1.0.3-6.el5_5.src.rpm i386: bzip2-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-devel-1.0.3-6.el5_5.i386.rpm bzip2-libs-1.0.3-6.el5_5.i386.rpm ia64: bzip2-1.0.3-6.el5_5.ia64.rpm bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.ia64.rpm bzip2-devel-1.0.3-6.el5_5.ia64.rpm bzip2-libs-1.0.3-6.el5_5.i386.rpm bzip2-libs-1.0.3-6.el5_5.ia64.rpm ppc: bzip2-1.0.3-6.el5_5.ppc.rpm bzip2-debuginfo-1.0.3-6.el5_5.ppc.rpm bzip2-debuginfo-1.0.3-6.el5_5.ppc64.rpm bzip2-devel-1.0.3-6.el5_5.ppc.rpm bzip2-devel-1.0.3-6.el5_5.ppc64.rpm bzip2-libs-1.0.3-6.el5_5.ppc.rpm bzip2-libs-1.0.3-6.el5_5.ppc64.rpm s390x: bzip2-1.0.3-6.el5_5.s390x.rpm bzip2-debuginfo-1.0.3-6.el5_5.s390.rpm bzip2-debuginfo-1.0.3-6.el5_5.s390x.rpm bzip2-devel-1.0.3-6.el5_5.s390.rpm bzip2-devel-1.0.3-6.el5_5.s390x.rpm bzip2-libs-1.0.3-6.el5_5.s390.rpm bzip2-libs-1.0.3-6.el5_5.s390x.rpm x86_64: bzip2-1.0.3-6.el5_5.x86_64.rpm bzip2-debuginfo-1.0.3-6.el5_5.i386.rpm bzip2-debuginfo-1.0.3-6.el5_5.x86_64.rpm bzip2-devel-1.0.3-6.el5_5.i386.rpm bzip2-devel-1.0.3-6.el5_5.x86_64.rpm bzip2-libs-1.0.3-6.el5_5.i386.rpm bzip2-libs-1.0.3-6.el5_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0405.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMmAYpXlSAg2UNWIIRApzAAJ0ckjDEdcTC3jn31AJoF74aeoIcbgCeMEjQ jXZ6vxfbH9zvGAoJsYkAAnI= =A7y4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 21 09:33:04 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Sep 2010 11:33:04 +0200 Subject: [RHSA-2010:0704-01] Important: kernel security update Message-ID: <201009210933.o8L9X4WY032530@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0704-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0704.html Issue date: 2010-09-21 CVE Names: CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.11.4.el5.src.rpm i386: kernel-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-devel-2.6.18-194.11.4.el5.i686.rpm kernel-debug-2.6.18-194.11.4.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-debug-devel-2.6.18-194.11.4.el5.i686.rpm kernel-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.i686.rpm kernel-devel-2.6.18-194.11.4.el5.i686.rpm kernel-headers-2.6.18-194.11.4.el5.i386.rpm kernel-xen-2.6.18-194.11.4.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-xen-devel-2.6.18-194.11.4.el5.i686.rpm noarch: kernel-doc-2.6.18-194.11.4.el5.noarch.rpm x86_64: kernel-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.11.4.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.x86_64.rpm kernel-devel-2.6.18-194.11.4.el5.x86_64.rpm kernel-headers-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.11.4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.11.4.el5.src.rpm i386: kernel-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-PAE-devel-2.6.18-194.11.4.el5.i686.rpm kernel-debug-2.6.18-194.11.4.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-debug-devel-2.6.18-194.11.4.el5.i686.rpm kernel-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.i686.rpm kernel-devel-2.6.18-194.11.4.el5.i686.rpm kernel-headers-2.6.18-194.11.4.el5.i386.rpm kernel-xen-2.6.18-194.11.4.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.11.4.el5.i686.rpm kernel-xen-devel-2.6.18-194.11.4.el5.i686.rpm ia64: kernel-2.6.18-194.11.4.el5.ia64.rpm kernel-debug-2.6.18-194.11.4.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.ia64.rpm kernel-debug-devel-2.6.18-194.11.4.el5.ia64.rpm kernel-debuginfo-2.6.18-194.11.4.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.ia64.rpm kernel-devel-2.6.18-194.11.4.el5.ia64.rpm kernel-headers-2.6.18-194.11.4.el5.ia64.rpm kernel-xen-2.6.18-194.11.4.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.11.4.el5.ia64.rpm kernel-xen-devel-2.6.18-194.11.4.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.11.4.el5.noarch.rpm ppc: kernel-2.6.18-194.11.4.el5.ppc64.rpm kernel-debug-2.6.18-194.11.4.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.11.4.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.11.4.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.ppc64.rpm kernel-devel-2.6.18-194.11.4.el5.ppc64.rpm kernel-headers-2.6.18-194.11.4.el5.ppc.rpm kernel-headers-2.6.18-194.11.4.el5.ppc64.rpm kernel-kdump-2.6.18-194.11.4.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.11.4.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.11.4.el5.ppc64.rpm s390x: kernel-2.6.18-194.11.4.el5.s390x.rpm kernel-debug-2.6.18-194.11.4.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.s390x.rpm kernel-debug-devel-2.6.18-194.11.4.el5.s390x.rpm kernel-debuginfo-2.6.18-194.11.4.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.s390x.rpm kernel-devel-2.6.18-194.11.4.el5.s390x.rpm kernel-headers-2.6.18-194.11.4.el5.s390x.rpm kernel-kdump-2.6.18-194.11.4.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.11.4.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.11.4.el5.s390x.rpm x86_64: kernel-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.11.4.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.11.4.el5.x86_64.rpm kernel-devel-2.6.18-194.11.4.el5.x86_64.rpm kernel-headers-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.11.4.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.11.4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMmHt4XlSAg2UNWIIRAmZPAJ4xRu4brsQoQcN+V8w8E6pSzWhtqQCfRICe c8fm0gw6daccGtV7BHbvSkA= =MXqM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 21 09:34:32 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Sep 2010 11:34:32 +0200 Subject: [RHSA-2010:0705-01] Important: kernel security update Message-ID: <201009210934.o8L9YX0b006067@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0705-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0705.html Issue date: 2010-09-21 CVE Names: CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux (v. 5.4.z server): Source: kernel-2.6.18-164.25.2.el5.src.rpm i386: kernel-2.6.18-164.25.2.el5.i686.rpm kernel-PAE-2.6.18-164.25.2.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.25.2.el5.i686.rpm kernel-PAE-devel-2.6.18-164.25.2.el5.i686.rpm kernel-debug-2.6.18-164.25.2.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.25.2.el5.i686.rpm kernel-debug-devel-2.6.18-164.25.2.el5.i686.rpm kernel-debuginfo-2.6.18-164.25.2.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.25.2.el5.i686.rpm kernel-devel-2.6.18-164.25.2.el5.i686.rpm kernel-headers-2.6.18-164.25.2.el5.i386.rpm kernel-xen-2.6.18-164.25.2.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.25.2.el5.i686.rpm kernel-xen-devel-2.6.18-164.25.2.el5.i686.rpm ia64: kernel-2.6.18-164.25.2.el5.ia64.rpm kernel-debug-2.6.18-164.25.2.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.25.2.el5.ia64.rpm kernel-debug-devel-2.6.18-164.25.2.el5.ia64.rpm kernel-debuginfo-2.6.18-164.25.2.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.25.2.el5.ia64.rpm kernel-devel-2.6.18-164.25.2.el5.ia64.rpm kernel-headers-2.6.18-164.25.2.el5.ia64.rpm kernel-xen-2.6.18-164.25.2.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.25.2.el5.ia64.rpm kernel-xen-devel-2.6.18-164.25.2.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.25.2.el5.noarch.rpm ppc: kernel-2.6.18-164.25.2.el5.ppc64.rpm kernel-debug-2.6.18-164.25.2.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.25.2.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.25.2.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.25.2.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.25.2.el5.ppc64.rpm kernel-devel-2.6.18-164.25.2.el5.ppc64.rpm kernel-headers-2.6.18-164.25.2.el5.ppc.rpm kernel-headers-2.6.18-164.25.2.el5.ppc64.rpm kernel-kdump-2.6.18-164.25.2.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.25.2.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.25.2.el5.ppc64.rpm s390x: kernel-2.6.18-164.25.2.el5.s390x.rpm kernel-debug-2.6.18-164.25.2.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.25.2.el5.s390x.rpm kernel-debug-devel-2.6.18-164.25.2.el5.s390x.rpm kernel-debuginfo-2.6.18-164.25.2.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.25.2.el5.s390x.rpm kernel-devel-2.6.18-164.25.2.el5.s390x.rpm kernel-headers-2.6.18-164.25.2.el5.s390x.rpm kernel-kdump-2.6.18-164.25.2.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.25.2.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.25.2.el5.s390x.rpm x86_64: kernel-2.6.18-164.25.2.el5.x86_64.rpm kernel-debug-2.6.18-164.25.2.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.25.2.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.25.2.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.25.2.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.25.2.el5.x86_64.rpm kernel-devel-2.6.18-164.25.2.el5.x86_64.rpm kernel-headers-2.6.18-164.25.2.el5.x86_64.rpm kernel-xen-2.6.18-164.25.2.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.25.2.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.25.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMmHvhXlSAg2UNWIIRAqeGAJ9q/1hpVLAOCXV0F3LX3uf4hWLQRQCeJukm p7Ba2/wsN9NpUMs5IAt64p0= =zUpV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 21 09:35:49 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Sep 2010 11:35:49 +0200 Subject: [RHSA-2010:0706-01] Critical: flash-plugin security update Message-ID: <201009210935.o8L9Zn9X027159@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2010:0706-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0706.html Issue date: 2010-09-21 CVE Names: CVE-2010-2884 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 3 and 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB10-22, listed in the References section. If a victim loaded a page containing specially-crafted SWF content, it could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2010-2884) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.1.85.3 for users of Red Hat Enterprise Linux 5 Supplementary, and version 9.0.283 for users of Red Hat Enterprise Linux 3 and 4 Extras. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 633917 - CVE-2010-2884 Adobe Flash: crash or potential arbitrary code execution (APSB10-22) 6. Package List: Red Hat Enterprise Linux AS version 3 Extras: i386: flash-plugin-9.0.283.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: flash-plugin-9.0.283.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: flash-plugin-9.0.283.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: flash-plugin-9.0.283.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.283.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.283.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.283.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.283.0-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: flash-plugin-10.1.85.3-1.el5.i386.rpm x86_64: flash-plugin-10.1.85.3-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: flash-plugin-10.1.85.3-1.el5.i386.rpm x86_64: flash-plugin-10.1.85.3-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2884.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-22.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMmHw1XlSAg2UNWIIRAlDFAJ9AWtBnnI4yietVGQP/rIY5XiK9kgCfeuAa Tp+B9F+qzorX7/p6Eog6Wt4= =MHOM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 22 14:32:01 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 22 Sep 2010 08:32:01 -0600 Subject: [RHSA-2010:0711-01] Important: kernel security update Message-ID: <201009221432.o8MEW2pf025680@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0711-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0711.html Issue date: 2010-09-22 CVE Names: CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux (v. 5.3.z server): Source: kernel-2.6.18-128.23.2.el5.src.rpm i386: kernel-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-devel-2.6.18-128.23.2.el5.i686.rpm kernel-debug-2.6.18-128.23.2.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-debug-devel-2.6.18-128.23.2.el5.i686.rpm kernel-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.i686.rpm kernel-devel-2.6.18-128.23.2.el5.i686.rpm kernel-headers-2.6.18-128.23.2.el5.i386.rpm kernel-xen-2.6.18-128.23.2.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-xen-devel-2.6.18-128.23.2.el5.i686.rpm ia64: kernel-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.ia64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.ia64.rpm kernel-devel-2.6.18-128.23.2.el5.ia64.rpm kernel-headers-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-devel-2.6.18-128.23.2.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.23.2.el5.noarch.rpm ppc: kernel-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.ppc64.rpm kernel-devel-2.6.18-128.23.2.el5.ppc64.rpm kernel-headers-2.6.18-128.23.2.el5.ppc.rpm kernel-headers-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.23.2.el5.ppc64.rpm s390x: kernel-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-devel-2.6.18-128.23.2.el5.s390x.rpm kernel-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.s390x.rpm kernel-devel-2.6.18-128.23.2.el5.s390x.rpm kernel-headers-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.23.2.el5.s390x.rpm x86_64: kernel-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.x86_64.rpm kernel-devel-2.6.18-128.23.2.el5.x86_64.rpm kernel-headers-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.23.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMmhNOXlSAg2UNWIIRAsE3AKCZTYyy+u5vbT9lpIA7mULeyaatmgCgjoFz om5Q8n9+RX/lPVwjn49kQfw= =rByn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 28 15:02:26 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Sep 2010 17:02:26 +0200 Subject: [RHSA-2010:0718-01] Important: kernel security update Message-ID: <201009281502.o8SF2Qtq010588@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0718-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0718.html Issue date: 2010-09-28 CVE Names: CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.29.1.EL.src.rpm i386: kernel-2.6.9-89.29.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.29.1.EL.i686.rpm kernel-devel-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.29.1.EL.i686.rpm kernel-smp-2.6.9-89.29.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.i686.rpm ia64: kernel-2.6.9-89.29.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.ia64.rpm kernel-devel-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.29.1.EL.noarch.rpm ppc: kernel-2.6.9-89.29.1.EL.ppc64.rpm kernel-2.6.9-89.29.1.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.29.1.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.29.1.EL.ppc64.rpm kernel-devel-2.6.9-89.29.1.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.29.1.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.ppc64.rpm s390: kernel-2.6.9-89.29.1.EL.s390.rpm kernel-debuginfo-2.6.9-89.29.1.EL.s390.rpm kernel-devel-2.6.9-89.29.1.EL.s390.rpm s390x: kernel-2.6.9-89.29.1.EL.s390x.rpm kernel-debuginfo-2.6.9-89.29.1.EL.s390x.rpm kernel-devel-2.6.9-89.29.1.EL.s390x.rpm x86_64: kernel-2.6.9-89.29.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.x86_64.rpm kernel-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.29.1.EL.src.rpm i386: kernel-2.6.9-89.29.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.29.1.EL.i686.rpm kernel-devel-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.29.1.EL.i686.rpm kernel-smp-2.6.9-89.29.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.i686.rpm noarch: kernel-doc-2.6.9-89.29.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.29.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.x86_64.rpm kernel-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.29.1.EL.src.rpm i386: kernel-2.6.9-89.29.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.29.1.EL.i686.rpm kernel-devel-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.29.1.EL.i686.rpm kernel-smp-2.6.9-89.29.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.i686.rpm ia64: kernel-2.6.9-89.29.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.ia64.rpm kernel-devel-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.29.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.29.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.x86_64.rpm kernel-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.29.1.EL.src.rpm i386: kernel-2.6.9-89.29.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.29.1.EL.i686.rpm kernel-devel-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-2.6.9-89.29.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.29.1.EL.i686.rpm kernel-smp-2.6.9-89.29.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-2.6.9-89.29.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.i686.rpm ia64: kernel-2.6.9-89.29.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.ia64.rpm kernel-devel-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.29.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.29.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.29.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.29.1.EL.x86_64.rpm kernel-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.29.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-2.6.9-89.29.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.29.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.29.1.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMogM3XlSAg2UNWIIRAo3aAKChLS9yxGl6FXFo5y9diqI9zCBvTACfayg6 OaNH/seOgbL61LQ4MpPVPR8= =0hyv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 28 15:04:34 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Sep 2010 17:04:34 +0200 Subject: [RHSA-2010:0719-01] Important: kernel security update Message-ID: <201009281504.o8SF4XL8010576@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0719-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0719.html Issue date: 2010-09-28 CVE Names: CVE-2010-3081 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux AS version 4.7.z: Source: kernel-2.6.9-78.0.33.EL.src.rpm i386: kernel-2.6.9-78.0.33.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.33.EL.i686.rpm kernel-devel-2.6.9-78.0.33.EL.i686.rpm kernel-hugemem-2.6.9-78.0.33.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.33.EL.i686.rpm kernel-smp-2.6.9-78.0.33.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.33.EL.i686.rpm kernel-xenU-2.6.9-78.0.33.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.33.EL.i686.rpm ia64: kernel-2.6.9-78.0.33.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.33.EL.ia64.rpm kernel-devel-2.6.9-78.0.33.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.33.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.33.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.33.EL.noarch.rpm ppc: kernel-2.6.9-78.0.33.EL.ppc64.rpm kernel-2.6.9-78.0.33.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.33.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.33.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.33.EL.ppc64.rpm kernel-devel-2.6.9-78.0.33.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.33.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.33.EL.ppc64.rpm s390: kernel-2.6.9-78.0.33.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.33.EL.s390.rpm kernel-devel-2.6.9-78.0.33.EL.s390.rpm s390x: kernel-2.6.9-78.0.33.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.33.EL.s390x.rpm kernel-devel-2.6.9-78.0.33.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.33.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.33.EL.x86_64.rpm kernel-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.33.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-smp-2.6.9-78.0.33.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.33.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.33.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: Source: kernel-2.6.9-78.0.33.EL.src.rpm i386: kernel-2.6.9-78.0.33.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.33.EL.i686.rpm kernel-devel-2.6.9-78.0.33.EL.i686.rpm kernel-hugemem-2.6.9-78.0.33.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.33.EL.i686.rpm kernel-smp-2.6.9-78.0.33.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.33.EL.i686.rpm kernel-xenU-2.6.9-78.0.33.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.33.EL.i686.rpm ia64: kernel-2.6.9-78.0.33.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.33.EL.ia64.rpm kernel-devel-2.6.9-78.0.33.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.33.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.33.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.33.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.33.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.33.EL.x86_64.rpm kernel-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.33.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-smp-2.6.9-78.0.33.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.33.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.33.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.33.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3081.html http://www.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMogOmXlSAg2UNWIIRAsCGAKCB/3L1nUOLod7R+u+ykaqJJ6oG3gCeIW/v zZNC0/nD9+18EwnFRMiP4mY= =Di5b -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 28 15:06:59 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 Sep 2010 17:06:59 +0200 Subject: [RHSA-2010:0720-02] Moderate: mikmod security update Message-ID: <201009281507.o8SF6xge011419@int-mx03.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mikmod security update Advisory ID: RHSA-2010:0720-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0720.html Issue date: 2010-09-28 CVE Names: CVE-2007-6720 CVE-2009-3995 CVE-2009-3996 ===================================================================== 1. Summary: Updated mikmod packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: MikMod is a MOD music file player for Linux, UNIX, and similar operating systems. It supports various file formats including MOD, STM, S3M, MTM, XM, ULT, and IT. Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially-crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996, CVE-2007-6720) All MikMod users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the MikMod library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 479829 - CVE-2007-6720 mikmod: crash or abort when loading/playing multiple files with different number of channels 614643 - CVE-2009-3995 CVE-2009-3996 libmikmod: arbitrary code execution via crafted Impulse Tracker or Ultratracker files 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mikmod-3.1.6-23.el3.src.rpm i386: mikmod-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-devel-3.1.6-23.el3.i386.rpm ia64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.ia64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.ia64.rpm mikmod-devel-3.1.6-23.el3.ia64.rpm ppc: mikmod-3.1.6-23.el3.ppc.rpm mikmod-3.1.6-23.el3.ppc64.rpm mikmod-debuginfo-3.1.6-23.el3.ppc.rpm mikmod-debuginfo-3.1.6-23.el3.ppc64.rpm mikmod-devel-3.1.6-23.el3.ppc.rpm s390: mikmod-3.1.6-23.el3.s390.rpm mikmod-debuginfo-3.1.6-23.el3.s390.rpm mikmod-devel-3.1.6-23.el3.s390.rpm s390x: mikmod-3.1.6-23.el3.s390.rpm mikmod-3.1.6-23.el3.s390x.rpm mikmod-debuginfo-3.1.6-23.el3.s390.rpm mikmod-debuginfo-3.1.6-23.el3.s390x.rpm mikmod-devel-3.1.6-23.el3.s390x.rpm x86_64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.x86_64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.x86_64.rpm mikmod-devel-3.1.6-23.el3.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mikmod-3.1.6-23.el3.src.rpm i386: mikmod-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-devel-3.1.6-23.el3.i386.rpm x86_64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.x86_64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.x86_64.rpm mikmod-devel-3.1.6-23.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mikmod-3.1.6-23.el3.src.rpm i386: mikmod-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-devel-3.1.6-23.el3.i386.rpm ia64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.ia64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.ia64.rpm mikmod-devel-3.1.6-23.el3.ia64.rpm x86_64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.x86_64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.x86_64.rpm mikmod-devel-3.1.6-23.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mikmod-3.1.6-23.el3.src.rpm i386: mikmod-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-devel-3.1.6-23.el3.i386.rpm ia64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.ia64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.ia64.rpm mikmod-devel-3.1.6-23.el3.ia64.rpm x86_64: mikmod-3.1.6-23.el3.i386.rpm mikmod-3.1.6-23.el3.x86_64.rpm mikmod-debuginfo-3.1.6-23.el3.i386.rpm mikmod-debuginfo-3.1.6-23.el3.x86_64.rpm mikmod-devel-3.1.6-23.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mikmod-3.1.6-33.el4_8.1.src.rpm i386: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-devel-3.1.6-33.el4_8.1.i386.rpm ia64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.ia64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.ia64.rpm mikmod-devel-3.1.6-33.el4_8.1.ia64.rpm ppc: mikmod-3.1.6-33.el4_8.1.ppc.rpm mikmod-3.1.6-33.el4_8.1.ppc64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.ppc.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.ppc64.rpm mikmod-devel-3.1.6-33.el4_8.1.ppc.rpm s390: mikmod-3.1.6-33.el4_8.1.s390.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.s390.rpm mikmod-devel-3.1.6-33.el4_8.1.s390.rpm s390x: mikmod-3.1.6-33.el4_8.1.s390.rpm mikmod-3.1.6-33.el4_8.1.s390x.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.s390.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.s390x.rpm mikmod-devel-3.1.6-33.el4_8.1.s390x.rpm x86_64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.x86_64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.x86_64.rpm mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mikmod-3.1.6-33.el4_8.1.src.rpm i386: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-devel-3.1.6-33.el4_8.1.i386.rpm x86_64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.x86_64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.x86_64.rpm mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mikmod-3.1.6-33.el4_8.1.src.rpm i386: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-devel-3.1.6-33.el4_8.1.i386.rpm ia64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.ia64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.ia64.rpm mikmod-devel-3.1.6-33.el4_8.1.ia64.rpm x86_64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.x86_64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.x86_64.rpm mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mikmod-3.1.6-33.el4_8.1.src.rpm i386: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-devel-3.1.6-33.el4_8.1.i386.rpm ia64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.ia64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.ia64.rpm mikmod-devel-3.1.6-33.el4_8.1.ia64.rpm x86_64: mikmod-3.1.6-33.el4_8.1.i386.rpm mikmod-3.1.6-33.el4_8.1.x86_64.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.i386.rpm mikmod-debuginfo-3.1.6-33.el4_8.1.x86_64.rpm mikmod-devel-3.1.6-33.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mikmod-3.1.6-39.el5_5.1.src.rpm i386: mikmod-3.1.6-39.el5_5.1.i386.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm x86_64: mikmod-3.1.6-39.el5_5.1.i386.rpm mikmod-3.1.6-39.el5_5.1.x86_64.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mikmod-3.1.6-39.el5_5.1.src.rpm i386: mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm mikmod-devel-3.1.6-39.el5_5.1.i386.rpm x86_64: mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.x86_64.rpm mikmod-devel-3.1.6-39.el5_5.1.i386.rpm mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mikmod-3.1.6-39.el5_5.1.src.rpm i386: mikmod-3.1.6-39.el5_5.1.i386.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm mikmod-devel-3.1.6-39.el5_5.1.i386.rpm ia64: mikmod-3.1.6-39.el5_5.1.ia64.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.ia64.rpm mikmod-devel-3.1.6-39.el5_5.1.ia64.rpm ppc: mikmod-3.1.6-39.el5_5.1.ppc.rpm mikmod-3.1.6-39.el5_5.1.ppc64.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.ppc.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.ppc64.rpm mikmod-devel-3.1.6-39.el5_5.1.ppc.rpm mikmod-devel-3.1.6-39.el5_5.1.ppc64.rpm s390x: mikmod-3.1.6-39.el5_5.1.s390.rpm mikmod-3.1.6-39.el5_5.1.s390x.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.s390.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.s390x.rpm mikmod-devel-3.1.6-39.el5_5.1.s390.rpm mikmod-devel-3.1.6-39.el5_5.1.s390x.rpm x86_64: mikmod-3.1.6-39.el5_5.1.i386.rpm mikmod-3.1.6-39.el5_5.1.x86_64.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.i386.rpm mikmod-debuginfo-3.1.6-39.el5_5.1.x86_64.rpm mikmod-devel-3.1.6-39.el5_5.1.i386.rpm mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-6720.html https://www.redhat.com/security/data/cve/CVE-2009-3995.html https://www.redhat.com/security/data/cve/CVE-2009-3996.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMogRYXlSAg2UNWIIRApxrAJsFXKp84IXXGWJm9bywiZgDkJzVVACeL1SC AyL9AAkSC0qOoPf403u858Q= =BBzu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 29 14:58:00 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 29 Sep 2010 08:58:00 -0600 Subject: [RHSA-2010:0723-01] Important: kernel security and bug fix update Message-ID: <201009291458.o8TEw0q6012387@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0723-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0723.html Issue date: 2010-09-29 CVE Names: CVE-2010-1083 CVE-2010-2492 CVE-2010-2798 CVE-2010-2938 CVE-2010-2942 CVE-2010-2943 CVE-2010-3015 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the ecryptfs_uid_hash() function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport (Red Hat Enterprise Linux 5 does) or where the "/dev/ecryptfs" file has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 5), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important) * A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 (GFS2) implementation. A local, unprivileged user with write access to a GFS2-mounted file system could perform a rename operation on that file system to trigger a NULL pointer dereference, possibly resulting in a denial of service or privilege escalation. (CVE-2010-2798, Important) * A flaw was found in the Xen hypervisor implementation when running a system that has an Intel CPU without Extended Page Tables (EPT) support. While attempting to dump information about a crashing fully-virtualized guest, the flaw could cause the hypervisor to crash the host as well. A user with permissions to configure a fully-virtualized guest system could use this flaw to crash the host. (CVE-2010-2938, Moderate) * Information leak flaws were found in the Linux kernel's Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate) * A flaw was found in the Linux kernel's XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS (Network File System), a local attacker could access stale data or overwrite existing data that reused the inodes. (CVE-2010-2943, Moderate) * An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very large file offset, resulting in a local denial of service. (CVE-2010-3015, Moderate) * An information leak flaw was found in the Linux kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low) Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Grant Diffey of CenITex for reporting CVE-2010-2798; Toshiyuki Okajima for reporting CVE-2010-3015; and Marcus Meissner for reporting CVE-2010-1083. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 566624 - CVE-2010-1083 kernel: information leak via userspace USB interface 611385 - CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow 620300 - CVE-2010-2798 kernel: gfs2: rename causes kernel panic 620490 - CVE-2010-2938 kernel: guest crashes on non-EPT machines may crash the host as well 620661 - ips driver sleeps while holding spin_lock [rhel-5.5.z] 621940 - Significant MSI performance issue due to redundant interrupt masking [rhel-5.5.z] 623141 - High CPU overhead from mapping/unmapping the zero page [rhel-5.5.z] 623143 - [5u6] Bonding in ALB mode sends ARP in loop [rhel-5.5.z] 624327 - CVE-2010-3015 kernel: integer overflow in ext4_ext_get_blocks() 624365 - cpu flags missing from /proc/cpuinfo [rhel-5.5.z] 624369 - need to backport 2e3219b5c8a2e44e0b83ae6e04f52f20a82ac0f2 [rhel-5.5.z] 624903 - CVE-2010-2942 kernel: net sched: fix some kernel memory leaks 624923 - CVE-2010-2943 kernel: xfs: validate inode numbers in file handles correctly 627194 - dasd: force online does not work. [rhel-5.5.z] 627195 - dasd: allocate fallback cqr for reserve/release [rhel-5.5.z] 629219 - [rhel5.6] XFS incorrectly validates inodes [rhel-5.5.z] 630978 - Detect and recover from cxgb3 adapter parity errors [rhel-5.5.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.17.1.el5.src.rpm i386: kernel-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.17.1.el5.i686.rpm kernel-debug-2.6.18-194.17.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.17.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.i686.rpm kernel-devel-2.6.18-194.17.1.el5.i686.rpm kernel-headers-2.6.18-194.17.1.el5.i386.rpm kernel-xen-2.6.18-194.17.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.17.1.el5.i686.rpm noarch: kernel-doc-2.6.18-194.17.1.el5.noarch.rpm x86_64: kernel-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.17.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.x86_64.rpm kernel-devel-2.6.18-194.17.1.el5.x86_64.rpm kernel-headers-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.17.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.17.1.el5.src.rpm i386: kernel-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.17.1.el5.i686.rpm kernel-debug-2.6.18-194.17.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.17.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.i686.rpm kernel-devel-2.6.18-194.17.1.el5.i686.rpm kernel-headers-2.6.18-194.17.1.el5.i386.rpm kernel-xen-2.6.18-194.17.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.17.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.17.1.el5.i686.rpm ia64: kernel-2.6.18-194.17.1.el5.ia64.rpm kernel-debug-2.6.18-194.17.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.ia64.rpm kernel-debug-devel-2.6.18-194.17.1.el5.ia64.rpm kernel-debuginfo-2.6.18-194.17.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.ia64.rpm kernel-devel-2.6.18-194.17.1.el5.ia64.rpm kernel-headers-2.6.18-194.17.1.el5.ia64.rpm kernel-xen-2.6.18-194.17.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.17.1.el5.ia64.rpm kernel-xen-devel-2.6.18-194.17.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.17.1.el5.noarch.rpm ppc: kernel-2.6.18-194.17.1.el5.ppc64.rpm kernel-debug-2.6.18-194.17.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.17.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.ppc64.rpm kernel-devel-2.6.18-194.17.1.el5.ppc64.rpm kernel-headers-2.6.18-194.17.1.el5.ppc.rpm kernel-headers-2.6.18-194.17.1.el5.ppc64.rpm kernel-kdump-2.6.18-194.17.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.17.1.el5.ppc64.rpm s390x: kernel-2.6.18-194.17.1.el5.s390x.rpm kernel-debug-2.6.18-194.17.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.s390x.rpm kernel-debug-devel-2.6.18-194.17.1.el5.s390x.rpm kernel-debuginfo-2.6.18-194.17.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.s390x.rpm kernel-devel-2.6.18-194.17.1.el5.s390x.rpm kernel-headers-2.6.18-194.17.1.el5.s390x.rpm kernel-kdump-2.6.18-194.17.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.17.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.17.1.el5.s390x.rpm x86_64: kernel-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.17.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.17.1.el5.x86_64.rpm kernel-devel-2.6.18-194.17.1.el5.x86_64.rpm kernel-headers-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.17.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1083.html https://www.redhat.com/security/data/cve/CVE-2010-2492.html https://www.redhat.com/security/data/cve/CVE-2010-2798.html https://www.redhat.com/security/data/cve/CVE-2010-2938.html https://www.redhat.com/security/data/cve/CVE-2010-2942.html https://www.redhat.com/security/data/cve/CVE-2010-2943.html https://www.redhat.com/security/data/cve/CVE-2010-3015.html http://www.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#id3512212 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMo1PlXlSAg2UNWIIRAru4AKDDneLpnqm1NmKpeex587DG+Kv0dQCaAm3q IzNefLs41/QIrZpu4RGazlg= =tYAt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 30 15:39:09 2010 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Sep 2010 09:39:09 -0600 Subject: [RHSA-2010:0734-01] Low: Red Hat Enterprise Linux 3 - 1-Month End Of Life Notice Message-ID: <201009301539.o8UFd9Gi008849@int-mx08.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 - 1-Month End Of Life Notice Advisory ID: RHSA-2010:0734-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0734.html Issue date: 2010-09-30 ===================================================================== 1. Summary: This is the 1-month notification of the End Of Life plans for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 3 will end on October 31, 2010. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 3. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 3 * Red Hat Enterprise Linux ES 3 * Red Hat Enterprise Linux WS 3 * Red Hat Enterprise Linux Extras 3 * Red Hat Desktop 3 * Red Hat Global File System 3 * Red Hat Cluster Suite 3 Customers still running production workloads on Red Hat Enterprise Linux 3 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 3 before its end-of-life date, Red Hat is offering a limited, optional extension program referred to as RHEL 3 ELS. For more information, contact your Red Hat sales representative or channel partner on this program. Once you are eligible for subscribing to the RHEL 3 ELS channels, read the Red Hat Knowledgebase article DOC-40489 at https://access.redhat.com/kb/docs/DOC-40489 for detailed information on how to subscribe to the RHEL 3 ELS channels. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: http://www.redhat.com/security/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 635632 - Send Out RHEL 3 1-Month EOL Notice 6. Package List: Red Hat Enterprise Linux AS version 3: Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/redhat-release-3AS-13.9.10.src.rpm i386: redhat-release-3AS-13.9.10.i386.rpm redhat-release-debuginfo-3AS-13.9.10.i386.rpm ia64: redhat-release-3AS-13.9.10.ia64.rpm redhat-release-debuginfo-3AS-13.9.10.ia64.rpm ppc: redhat-release-3AS-13.9.10.ppc.rpm redhat-release-debuginfo-3AS-13.9.10.ppc.rpm s390: redhat-release-3AS-13.9.10.s390.rpm redhat-release-debuginfo-3AS-13.9.10.s390.rpm s390x: redhat-release-3AS-13.9.10.s390x.rpm redhat-release-debuginfo-3AS-13.9.10.s390x.rpm x86_64: redhat-release-3AS-13.9.10.x86_64.rpm redhat-release-debuginfo-3AS-13.9.10.x86_64.rpm Red Hat Desktop version 3: Source: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/redhat-release-3Desktop-13.9.10.src.rpm i386: redhat-release-3Desktop-13.9.10.i386.rpm redhat-release-debuginfo-3Desktop-13.9.10.i386.rpm x86_64: redhat-release-3Desktop-13.9.10.x86_64.rpm redhat-release-debuginfo-3Desktop-13.9.10.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/redhat-release-3ES-13.9.10.src.rpm i386: redhat-release-3ES-13.9.10.i386.rpm redhat-release-debuginfo-3ES-13.9.10.i386.rpm ia64: redhat-release-3ES-13.9.10.ia64.rpm redhat-release-debuginfo-3ES-13.9.10.ia64.rpm x86_64: redhat-release-3ES-13.9.10.x86_64.rpm redhat-release-debuginfo-3ES-13.9.10.x86_64.rpm Red Hat Enterprise Linux WS version 3: Source: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/redhat-release-3WS-13.9.10.src.rpm i386: redhat-release-3WS-13.9.10.i386.rpm redhat-release-debuginfo-3WS-13.9.10.i386.rpm ia64: redhat-release-3WS-13.9.10.ia64.rpm redhat-release-debuginfo-3WS-13.9.10.ia64.rpm x86_64: redhat-release-3WS-13.9.10.x86_64.rpm redhat-release-debuginfo-3WS-13.9.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/security/updates/classification/#low https://access.redhat.com/kb/docs/DOC-40489 http://www.redhat.com/security/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMpK8JXlSAg2UNWIIRAlAxAJ4l0Rzr/eVhyJMjkUNN8HjjywuV1wCeMAvs 0sWb4u2ave7Naa9ZtA8/XwU= =fJLT -----END PGP SIGNATURE-----