From bugzilla at redhat.com Mon Aug 1 16:00:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Aug 2011 16:00:21 +0000 Subject: [RHSA-2011:1109-01] Moderate: foomatic security update Message-ID: <201108011558.p71FwaZG006881@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: foomatic security update Advisory ID: RHSA-2011:1109-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1109.html Issue date: 2011-08-01 CVE Names: CVE-2011-2697 ===================================================================== 1. Summary: An updated foomatic package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user. (CVE-2011-2697) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 721001 - CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/foomatic-3.0.2-3.2.el4.src.rpm i386: foomatic-3.0.2-3.2.el4.i386.rpm foomatic-debuginfo-3.0.2-3.2.el4.i386.rpm ia64: foomatic-3.0.2-3.2.el4.ia64.rpm foomatic-debuginfo-3.0.2-3.2.el4.ia64.rpm ppc: foomatic-3.0.2-3.2.el4.ppc.rpm foomatic-debuginfo-3.0.2-3.2.el4.ppc.rpm s390: foomatic-3.0.2-3.2.el4.s390.rpm foomatic-debuginfo-3.0.2-3.2.el4.s390.rpm s390x: foomatic-3.0.2-3.2.el4.s390x.rpm foomatic-debuginfo-3.0.2-3.2.el4.s390x.rpm x86_64: foomatic-3.0.2-3.2.el4.x86_64.rpm foomatic-debuginfo-3.0.2-3.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/foomatic-3.0.2-3.2.el4.src.rpm i386: foomatic-3.0.2-3.2.el4.i386.rpm foomatic-debuginfo-3.0.2-3.2.el4.i386.rpm x86_64: foomatic-3.0.2-3.2.el4.x86_64.rpm foomatic-debuginfo-3.0.2-3.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/foomatic-3.0.2-3.2.el4.src.rpm i386: foomatic-3.0.2-3.2.el4.i386.rpm foomatic-debuginfo-3.0.2-3.2.el4.i386.rpm ia64: foomatic-3.0.2-3.2.el4.ia64.rpm foomatic-debuginfo-3.0.2-3.2.el4.ia64.rpm x86_64: foomatic-3.0.2-3.2.el4.x86_64.rpm foomatic-debuginfo-3.0.2-3.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/foomatic-3.0.2-3.2.el4.src.rpm i386: foomatic-3.0.2-3.2.el4.i386.rpm foomatic-debuginfo-3.0.2-3.2.el4.i386.rpm ia64: foomatic-3.0.2-3.2.el4.ia64.rpm foomatic-debuginfo-3.0.2-3.2.el4.ia64.rpm x86_64: foomatic-3.0.2-3.2.el4.x86_64.rpm foomatic-debuginfo-3.0.2-3.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/foomatic-3.0.2-38.3.el5_7.1.src.rpm i386: foomatic-3.0.2-38.3.el5_7.1.i386.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.i386.rpm x86_64: foomatic-3.0.2-38.3.el5_7.1.x86_64.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/foomatic-3.0.2-38.3.el5_7.1.src.rpm i386: foomatic-3.0.2-38.3.el5_7.1.i386.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.i386.rpm ia64: foomatic-3.0.2-38.3.el5_7.1.ia64.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.ia64.rpm ppc: foomatic-3.0.2-38.3.el5_7.1.ppc.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.ppc.rpm s390x: foomatic-3.0.2-38.3.el5_7.1.s390x.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.s390x.rpm x86_64: foomatic-3.0.2-38.3.el5_7.1.x86_64.rpm foomatic-debuginfo-3.0.2-38.3.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2697.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFONszpXlSAg2UNWIIRAmE0AJ4q5rI9jCjDajGtFU74G4jiy/uSCwCfTQIF 1DChAaSq+bEwVioJu13GziM= =+/8E -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 1 16:01:07 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Aug 2011 16:01:07 +0000 Subject: [RHSA-2011:1110-01] Moderate: foomatic security update Message-ID: <201108011559.p71FxNm8007082@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: foomatic security update Advisory ID: RHSA-2011:1110-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1110.html Issue date: 2011-08-01 CVE Names: CVE-2011-2964 ===================================================================== 1. Summary: An updated foomatic package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user. (CVE-2011-2964) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 727016 - CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/foomatic-4.0.4-1.el6_1.1.src.rpm i386: foomatic-4.0.4-1.el6_1.1.i686.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm x86_64: foomatic-4.0.4-1.el6_1.1.x86_64.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/foomatic-4.0.4-1.el6_1.1.src.rpm x86_64: foomatic-4.0.4-1.el6_1.1.x86_64.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/foomatic-4.0.4-1.el6_1.1.src.rpm i386: foomatic-4.0.4-1.el6_1.1.i686.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm ppc64: foomatic-4.0.4-1.el6_1.1.ppc64.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.ppc64.rpm s390x: foomatic-4.0.4-1.el6_1.1.s390x.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.s390x.rpm x86_64: foomatic-4.0.4-1.el6_1.1.x86_64.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/foomatic-4.0.4-1.el6_1.1.src.rpm i386: foomatic-4.0.4-1.el6_1.1.i686.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.i686.rpm x86_64: foomatic-4.0.4-1.el6_1.1.x86_64.rpm foomatic-debuginfo-4.0.4-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2964.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFONs05XlSAg2UNWIIRAgE/AJsGGKR1uIQ+GzkjlmcfItGwez5r0gCfcE0I sJD4vwC0vmSxKkcT47domB4= =OGdu -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 1 16:01:48 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 1 Aug 2011 16:01:48 +0000 Subject: [RHSA-2011:1111-01] Low: Red Hat Enterprise Linux Extended Update Support 5.4 - End Of Life Message-ID: <201108011600.p71G03aM019542@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 5.4 - End Of Life Advisory ID: RHSA-2011:1111-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1111.html Issue date: 2011-08-01 ===================================================================== 1. Summary: This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 5.4. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 5 Update 4 has ended. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.4. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux (v. 5.4.z server): Source: redhat-release-5Server-5.4.0.7.src.rpm i386: redhat-release-5Server-5.4.0.7.i386.rpm ia64: redhat-release-5Server-5.4.0.7.ia64.rpm ppc: redhat-release-5Server-5.4.0.7.ppc.rpm s390x: redhat-release-5Server-5.4.0.7.s390x.rpm x86_64: redhat-release-5Server-5.4.0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFONs1kXlSAg2UNWIIRAsJcAJ9/6Nh5+8fmcnzAdmQ3KiYaSETBGgCgtvF1 N5XQ+SEPdoFFet4WuYVM55I= =1G6b -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 2 16:55:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Aug 2011 16:55:56 +0000 Subject: [RHSA-2011:1106-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201108021655.p72Gtv2f014325@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1106-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1106.html Issue date: 2011-08-02 CVE Names: CVE-2011-1576 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate) Red Hat would like to thank Ryan Sweat for reporting this issue. This update also fixes the following bugs: * The LSI SAS2 controller firmware issued an 0x620f fault while performing I/O operations and with a Task Manager running, causing possible data corruption. This update corrects this issue. (BZ#710625) * The crashkernel memory region can overlap the RunTime Abstraction Services (RTAS) memory region. If the crashkernel memory region was freed, the RTAS memory region was freed as well and the system would crash. With this update, the crash_free_reserved_phys_range() function is overridden and overlaps with the RTAS memory region are checked so that system crashes no longer occur. (BZ#710626) * If the microcode module was loaded, saving and restoring a Xen guest returned a warning message and a backtrace error. With this update, backtrace errors are no longer returned, and saving and restoring a Xen guest works as expected. (BZ#710632) * When the Distributed Lock Manager (DLM) queued three callbacks for a lock in the following sequence: blocking - completion - blocking, it would consider the final blocking callback redundant and skip it. Because the callback was skipped, GFS would not release the lock, causing processes on other nodes to wait indefinitely for it. With this update, the DLM does not skip the necessary blocking callback. (BZ#710642) * The XFRM_SUB_POLICY feature causes all bundles to be at the finest granularity possible. As a result of the data structure used to implement this, the system performance would drop considerably. This update disables a part of XFRM_SUB_POLICY, eliminating the poor performance at the cost of sub-IP address selection granularity in the policy. (BZ#710645) * A kernel panic in the mpt2sas driver could occur on an IBM system using a drive with SMART (Self-Monitoring, Analysis and Reporting Technology) issues. This was because the driver was sending an SEP request while the kernel was in the interrupt context, causing the driver to enter the sleep state. With this update, a fake event is now executed from the interrupt context, assuring the SEP request is properly issued. (BZ#714189) Finally, this update provides the following enhancements: * This update introduces a kernel module option that allows the Flow Director to be disabled. (BZ#711549) * This update introduces parallel port printer support for Red Hat Enterprise Linux 6. (BZ#713825) * This update restricts access to the /proc/kcore file to ELF headers only. (BZ#710638) Users should upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 710632 - xen microcode WARN on save-restore 710638 - kernel: restrict access to /proc/kcore to just elf headers [rhel-6.0.z] 710642 - GFS2: inode glock stuck without holder 710645 - Big performance regression found on connect/request/response test through IPSEC (openswan) transport 713825 - Parallel port issue in RHEL 6.0 server 714189 - System Hang when there is smart error on IBM platform 6. Package List: Red Hat Enterprise Linux Server (v. 6.0.z): Source: kernel-2.6.32-71.34.1.el6.src.rpm i386: kernel-2.6.32-71.34.1.el6.i686.rpm kernel-debug-2.6.32-71.34.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.34.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.34.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.34.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.34.1.el6.i686.rpm kernel-devel-2.6.32-71.34.1.el6.i686.rpm kernel-headers-2.6.32-71.34.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.34.1.el6.noarch.rpm kernel-firmware-2.6.32-71.34.1.el6.noarch.rpm perf-2.6.32-71.34.1.el6.noarch.rpm ppc64: kernel-2.6.32-71.34.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.34.1.el6.ppc64.rpm kernel-debug-2.6.32-71.34.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.34.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.34.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.34.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-71.34.1.el6.ppc64.rpm kernel-devel-2.6.32-71.34.1.el6.ppc64.rpm kernel-headers-2.6.32-71.34.1.el6.ppc64.rpm s390x: kernel-2.6.32-71.34.1.el6.s390x.rpm kernel-debug-2.6.32-71.34.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.34.1.el6.s390x.rpm kernel-debug-devel-2.6.32-71.34.1.el6.s390x.rpm kernel-debuginfo-2.6.32-71.34.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-71.34.1.el6.s390x.rpm kernel-devel-2.6.32-71.34.1.el6.s390x.rpm kernel-headers-2.6.32-71.34.1.el6.s390x.rpm kernel-kdump-2.6.32-71.34.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.34.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.34.1.el6.s390x.rpm x86_64: kernel-2.6.32-71.34.1.el6.x86_64.rpm kernel-debug-2.6.32-71.34.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.34.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.34.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.34.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.34.1.el6.x86_64.rpm kernel-devel-2.6.32-71.34.1.el6.x86_64.rpm kernel-headers-2.6.32-71.34.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOOCwPXlSAg2UNWIIRAuBoAJ9vXfMQq8itAFEPwFs17afnKo9lgQCgn5G+ LAKqawnjemBkRPBM9lYRdVM= =6vdu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 17:07:55 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2011 17:07:55 +0000 Subject: [RHSA-2011:1132-01] Moderate: dbus security update Message-ID: <201108091707.p79H7tlo009241@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dbus security update Advisory ID: RHSA-2011:1132-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1132.html Issue date: 2011-08-09 CVE Names: CVE-2011-2200 ===================================================================== 1. Summary: Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 712676 - CVE-2011-2200 dbus: Local DoS via messages with non-native byte order 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-16.el5_7.src.rpm i386: dbus-1.1.2-16.el5_7.i386.rpm dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-libs-1.1.2-16.el5_7.i386.rpm dbus-x11-1.1.2-16.el5_7.i386.rpm x86_64: dbus-1.1.2-16.el5_7.i386.rpm dbus-1.1.2-16.el5_7.x86_64.rpm dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-debuginfo-1.1.2-16.el5_7.x86_64.rpm dbus-libs-1.1.2-16.el5_7.i386.rpm dbus-libs-1.1.2-16.el5_7.x86_64.rpm dbus-x11-1.1.2-16.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-16.el5_7.src.rpm i386: dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-devel-1.1.2-16.el5_7.i386.rpm x86_64: dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-debuginfo-1.1.2-16.el5_7.x86_64.rpm dbus-devel-1.1.2-16.el5_7.i386.rpm dbus-devel-1.1.2-16.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dbus-1.1.2-16.el5_7.src.rpm i386: dbus-1.1.2-16.el5_7.i386.rpm dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-devel-1.1.2-16.el5_7.i386.rpm dbus-libs-1.1.2-16.el5_7.i386.rpm dbus-x11-1.1.2-16.el5_7.i386.rpm ia64: dbus-1.1.2-16.el5_7.ia64.rpm dbus-debuginfo-1.1.2-16.el5_7.ia64.rpm dbus-devel-1.1.2-16.el5_7.ia64.rpm dbus-libs-1.1.2-16.el5_7.ia64.rpm dbus-x11-1.1.2-16.el5_7.ia64.rpm ppc: dbus-1.1.2-16.el5_7.ppc.rpm dbus-1.1.2-16.el5_7.ppc64.rpm dbus-debuginfo-1.1.2-16.el5_7.ppc.rpm dbus-debuginfo-1.1.2-16.el5_7.ppc64.rpm dbus-devel-1.1.2-16.el5_7.ppc.rpm dbus-devel-1.1.2-16.el5_7.ppc64.rpm dbus-libs-1.1.2-16.el5_7.ppc.rpm dbus-libs-1.1.2-16.el5_7.ppc64.rpm dbus-x11-1.1.2-16.el5_7.ppc.rpm s390x: dbus-1.1.2-16.el5_7.s390.rpm dbus-1.1.2-16.el5_7.s390x.rpm dbus-debuginfo-1.1.2-16.el5_7.s390.rpm dbus-debuginfo-1.1.2-16.el5_7.s390x.rpm dbus-devel-1.1.2-16.el5_7.s390.rpm dbus-devel-1.1.2-16.el5_7.s390x.rpm dbus-libs-1.1.2-16.el5_7.s390.rpm dbus-libs-1.1.2-16.el5_7.s390x.rpm dbus-x11-1.1.2-16.el5_7.s390x.rpm x86_64: dbus-1.1.2-16.el5_7.i386.rpm dbus-1.1.2-16.el5_7.x86_64.rpm dbus-debuginfo-1.1.2-16.el5_7.i386.rpm dbus-debuginfo-1.1.2-16.el5_7.x86_64.rpm dbus-devel-1.1.2-16.el5_7.i386.rpm dbus-devel-1.1.2-16.el5_7.x86_64.rpm dbus-libs-1.1.2-16.el5_7.i386.rpm dbus-libs-1.1.2-16.el5_7.x86_64.rpm dbus-x11-1.1.2-16.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm i386: dbus-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-x11-1.2.24-5.el6_1.i686.rpm x86_64: dbus-1.2.24-5.el6_1.x86_64.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.x86_64.rpm dbus-x11-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm i386: dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm noarch: dbus-doc-1.2.24-5.el6_1.noarch.rpm x86_64: dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm x86_64: dbus-1.2.24-5.el6_1.x86_64.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.x86_64.rpm dbus-x11-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm noarch: dbus-doc-1.2.24-5.el6_1.noarch.rpm x86_64: dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm i386: dbus-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-x11-1.2.24-5.el6_1.i686.rpm ppc64: dbus-1.2.24-5.el6_1.ppc64.rpm dbus-debuginfo-1.2.24-5.el6_1.ppc.rpm dbus-debuginfo-1.2.24-5.el6_1.ppc64.rpm dbus-devel-1.2.24-5.el6_1.ppc.rpm dbus-devel-1.2.24-5.el6_1.ppc64.rpm dbus-libs-1.2.24-5.el6_1.ppc.rpm dbus-libs-1.2.24-5.el6_1.ppc64.rpm dbus-x11-1.2.24-5.el6_1.ppc64.rpm s390x: dbus-1.2.24-5.el6_1.s390x.rpm dbus-debuginfo-1.2.24-5.el6_1.s390.rpm dbus-debuginfo-1.2.24-5.el6_1.s390x.rpm dbus-devel-1.2.24-5.el6_1.s390.rpm dbus-devel-1.2.24-5.el6_1.s390x.rpm dbus-libs-1.2.24-5.el6_1.s390.rpm dbus-libs-1.2.24-5.el6_1.s390x.rpm dbus-x11-1.2.24-5.el6_1.s390x.rpm x86_64: dbus-1.2.24-5.el6_1.x86_64.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.x86_64.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.x86_64.rpm dbus-x11-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm noarch: dbus-doc-1.2.24-5.el6_1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm i386: dbus-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-x11-1.2.24-5.el6_1.i686.rpm x86_64: dbus-1.2.24-5.el6_1.x86_64.rpm dbus-debuginfo-1.2.24-5.el6_1.i686.rpm dbus-debuginfo-1.2.24-5.el6_1.x86_64.rpm dbus-devel-1.2.24-5.el6_1.i686.rpm dbus-devel-1.2.24-5.el6_1.x86_64.rpm dbus-libs-1.2.24-5.el6_1.i686.rpm dbus-libs-1.2.24-5.el6_1.x86_64.rpm dbus-x11-1.2.24-5.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-5.el6_1.src.rpm noarch: dbus-doc-1.2.24-5.el6_1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2200.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOQWlZXlSAg2UNWIIRAosrAJ9sWxO7jROwuIsp1QHivVMXMHFAKQCfTERv el/RJ0tpCqDpS3MB14o3qhY= =AJZ6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 16:01:18 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2011 16:01:18 +0000 Subject: [RHSA-2011:1144-01] Critical: flash-plugin security update Message-ID: <201108101601.p7AG1PW7014569@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:1144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1144.html Issue date: 2011-08-10 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-21, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.5. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.5-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.5-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.5-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.5-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.5-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.5-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.5-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.5-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.5-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.5-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOQqsqXlSAg2UNWIIRAsgDAJ0bw2EEDwl2vU0GHrZ1D2njt6RUCgCePXzn 4kp5je3MwiWdtOXh9cC0hhc= =DD5z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:59:07 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2011 21:59:07 +0000 Subject: [RHSA-2011:1154-01] Important: libXfont security update Message-ID: <201108112159.p7BLx7nC026574@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libXfont security update Advisory ID: RHSA-2011:1154-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1154.html Issue date: 2011-08-11 CVE Names: CVE-2011-2895 ===================================================================== 1. Summary: Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2011-2895) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 725760 - CVE-2011-2895 libXfont: LZW decompression heap corruption / infinite loop 727624 - CVE-2011-2895 BSD compress LZW decoder buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libXfont-1.2.2-1.0.4.el5_7.src.rpm i386: libXfont-1.2.2-1.0.4.el5_7.i386.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm x86_64: libXfont-1.2.2-1.0.4.el5_7.i386.rpm libXfont-1.2.2-1.0.4.el5_7.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libXfont-1.2.2-1.0.4.el5_7.src.rpm i386: libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm libXfont-devel-1.2.2-1.0.4.el5_7.i386.rpm x86_64: libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.x86_64.rpm libXfont-devel-1.2.2-1.0.4.el5_7.i386.rpm libXfont-devel-1.2.2-1.0.4.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.4.el5_7.src.rpm i386: libXfont-1.2.2-1.0.4.el5_7.i386.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm libXfont-devel-1.2.2-1.0.4.el5_7.i386.rpm ia64: libXfont-1.2.2-1.0.4.el5_7.ia64.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.ia64.rpm libXfont-devel-1.2.2-1.0.4.el5_7.ia64.rpm ppc: libXfont-1.2.2-1.0.4.el5_7.ppc.rpm libXfont-1.2.2-1.0.4.el5_7.ppc64.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.ppc.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.ppc64.rpm libXfont-devel-1.2.2-1.0.4.el5_7.ppc.rpm libXfont-devel-1.2.2-1.0.4.el5_7.ppc64.rpm s390x: libXfont-1.2.2-1.0.4.el5_7.s390.rpm libXfont-1.2.2-1.0.4.el5_7.s390x.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.s390.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.s390x.rpm libXfont-devel-1.2.2-1.0.4.el5_7.s390.rpm libXfont-devel-1.2.2-1.0.4.el5_7.s390x.rpm x86_64: libXfont-1.2.2-1.0.4.el5_7.i386.rpm libXfont-1.2.2-1.0.4.el5_7.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.i386.rpm libXfont-debuginfo-1.2.2-1.0.4.el5_7.x86_64.rpm libXfont-devel-1.2.2-1.0.4.el5_7.i386.rpm libXfont-devel-1.2.2-1.0.4.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm x86_64: libXfont-1.4.1-2.el6_1.x86_64.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm x86_64: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm x86_64: libXfont-1.4.1-2.el6_1.x86_64.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm x86_64: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm ppc64: libXfont-1.4.1-2.el6_1.ppc64.rpm libXfont-debuginfo-1.4.1-2.el6_1.ppc64.rpm s390x: libXfont-1.4.1-2.el6_1.s390x.rpm libXfont-debuginfo-1.4.1-2.el6_1.s390x.rpm x86_64: libXfont-1.4.1-2.el6_1.x86_64.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm ppc64: libXfont-1.4.1-2.el6_1.ppc.rpm libXfont-debuginfo-1.4.1-2.el6_1.ppc.rpm libXfont-debuginfo-1.4.1-2.el6_1.ppc64.rpm libXfont-devel-1.4.1-2.el6_1.ppc.rpm libXfont-devel-1.4.1-2.el6_1.ppc64.rpm s390x: libXfont-1.4.1-2.el6_1.s390.rpm libXfont-debuginfo-1.4.1-2.el6_1.s390.rpm libXfont-debuginfo-1.4.1-2.el6_1.s390x.rpm libXfont-devel-1.4.1-2.el6_1.s390.rpm libXfont-devel-1.4.1-2.el6_1.s390x.rpm x86_64: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm x86_64: libXfont-1.4.1-2.el6_1.x86_64.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libXfont-1.4.1-2.el6_1.src.rpm i386: libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm x86_64: libXfont-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.i686.rpm libXfont-debuginfo-1.4.1-2.el6_1.x86_64.rpm libXfont-devel-1.4.1-2.el6_1.i686.rpm libXfont-devel-1.4.1-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2895.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFORFBdXlSAg2UNWIIRAhZZAKCAVD1k1ZMYDVf4KLQumzdnOfEAsQCgjTUZ VxhOKK1Z7ztEDSWDPL0pKd8= =hbkx -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 11 21:59:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Aug 2011 21:59:42 +0000 Subject: [RHSA-2011:1155-01] Important: xorg-x11 security update Message-ID: <201108112159.p7BLxgYG015237@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xorg-x11 security update Advisory ID: RHSA-2011:1155-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1155.html Issue date: 2011-08-11 CVE Names: CVE-2011-2895 ===================================================================== 1. Summary: Updated xorg-x11 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. These xorg-x11 packages also provide the X.Org libXfont runtime library. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2011-2895) Users of xorg-x11 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 725760 - CVE-2011-2895 libXfont: LZW decompression heap corruption / infinite loop 727624 - CVE-2011-2895 BSD compress LZW decoder buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xorg-x11-6.8.2-1.EL.69.src.rpm i386: xorg-x11-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.69.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-doc-6.8.2-1.EL.69.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-sdk-6.8.2-1.EL.69.i386.rpm xorg-x11-tools-6.8.2-1.EL.69.i386.rpm xorg-x11-twm-6.8.2-1.EL.69.i386.rpm xorg-x11-xauth-6.8.2-1.EL.69.i386.rpm xorg-x11-xdm-6.8.2-1.EL.69.i386.rpm xorg-x11-xfs-6.8.2-1.EL.69.i386.rpm ia64: xorg-x11-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-doc-6.8.2-1.EL.69.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.ia64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.69.ia64.rpm xorg-x11-tools-6.8.2-1.EL.69.ia64.rpm xorg-x11-twm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.69.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.69.ia64.rpm ppc: xorg-x11-6.8.2-1.EL.69.ppc.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.ppc.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.ppc64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.ppc.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.ppc64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.ppc.rpm xorg-x11-Xnest-6.8.2-1.EL.69.ppc.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.ppc.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.ppc.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.ppc64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.ppc.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.ppc64.rpm xorg-x11-devel-6.8.2-1.EL.69.ppc.rpm xorg-x11-devel-6.8.2-1.EL.69.ppc64.rpm xorg-x11-doc-6.8.2-1.EL.69.ppc.rpm xorg-x11-font-utils-6.8.2-1.EL.69.ppc.rpm xorg-x11-libs-6.8.2-1.EL.69.ppc.rpm xorg-x11-libs-6.8.2-1.EL.69.ppc64.rpm xorg-x11-sdk-6.8.2-1.EL.69.ppc.rpm xorg-x11-tools-6.8.2-1.EL.69.ppc.rpm xorg-x11-twm-6.8.2-1.EL.69.ppc.rpm xorg-x11-xauth-6.8.2-1.EL.69.ppc.rpm xorg-x11-xdm-6.8.2-1.EL.69.ppc.rpm xorg-x11-xfs-6.8.2-1.EL.69.ppc.rpm s390: xorg-x11-6.8.2-1.EL.69.s390.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.s390.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.s390.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.s390.rpm xorg-x11-Xnest-6.8.2-1.EL.69.s390.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.s390.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.s390.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.s390.rpm xorg-x11-devel-6.8.2-1.EL.69.s390.rpm xorg-x11-font-utils-6.8.2-1.EL.69.s390.rpm xorg-x11-libs-6.8.2-1.EL.69.s390.rpm xorg-x11-tools-6.8.2-1.EL.69.s390.rpm xorg-x11-twm-6.8.2-1.EL.69.s390.rpm xorg-x11-xauth-6.8.2-1.EL.69.s390.rpm xorg-x11-xdm-6.8.2-1.EL.69.s390.rpm xorg-x11-xfs-6.8.2-1.EL.69.s390.rpm s390x: xorg-x11-6.8.2-1.EL.69.s390x.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.s390.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.s390x.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.s390.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.s390x.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.s390x.rpm xorg-x11-Xnest-6.8.2-1.EL.69.s390x.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.s390x.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.s390.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.s390x.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.s390.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.s390x.rpm xorg-x11-devel-6.8.2-1.EL.69.s390.rpm xorg-x11-devel-6.8.2-1.EL.69.s390x.rpm xorg-x11-font-utils-6.8.2-1.EL.69.s390x.rpm xorg-x11-libs-6.8.2-1.EL.69.s390.rpm xorg-x11-libs-6.8.2-1.EL.69.s390x.rpm xorg-x11-tools-6.8.2-1.EL.69.s390x.rpm xorg-x11-twm-6.8.2-1.EL.69.s390x.rpm xorg-x11-xauth-6.8.2-1.EL.69.s390x.rpm xorg-x11-xdm-6.8.2-1.EL.69.s390x.rpm xorg-x11-xfs-6.8.2-1.EL.69.s390x.rpm x86_64: xorg-x11-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.69.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.69.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.69.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.69.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xorg-x11-6.8.2-1.EL.69.src.rpm i386: xorg-x11-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.69.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-doc-6.8.2-1.EL.69.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-sdk-6.8.2-1.EL.69.i386.rpm xorg-x11-tools-6.8.2-1.EL.69.i386.rpm xorg-x11-twm-6.8.2-1.EL.69.i386.rpm xorg-x11-xauth-6.8.2-1.EL.69.i386.rpm xorg-x11-xdm-6.8.2-1.EL.69.i386.rpm xorg-x11-xfs-6.8.2-1.EL.69.i386.rpm x86_64: xorg-x11-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.69.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.69.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.69.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.69.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xorg-x11-6.8.2-1.EL.69.src.rpm i386: xorg-x11-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.69.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-doc-6.8.2-1.EL.69.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-sdk-6.8.2-1.EL.69.i386.rpm xorg-x11-tools-6.8.2-1.EL.69.i386.rpm xorg-x11-twm-6.8.2-1.EL.69.i386.rpm xorg-x11-xauth-6.8.2-1.EL.69.i386.rpm xorg-x11-xdm-6.8.2-1.EL.69.i386.rpm xorg-x11-xfs-6.8.2-1.EL.69.i386.rpm ia64: xorg-x11-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-doc-6.8.2-1.EL.69.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.ia64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.69.ia64.rpm xorg-x11-tools-6.8.2-1.EL.69.ia64.rpm xorg-x11-twm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.69.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.69.ia64.rpm x86_64: xorg-x11-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.69.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.69.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.69.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.69.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xorg-x11-6.8.2-1.EL.69.src.rpm i386: xorg-x11-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.69.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-doc-6.8.2-1.EL.69.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-sdk-6.8.2-1.EL.69.i386.rpm xorg-x11-tools-6.8.2-1.EL.69.i386.rpm xorg-x11-twm-6.8.2-1.EL.69.i386.rpm xorg-x11-xauth-6.8.2-1.EL.69.i386.rpm xorg-x11-xdm-6.8.2-1.EL.69.i386.rpm xorg-x11-xfs-6.8.2-1.EL.69.i386.rpm ia64: xorg-x11-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-devel-6.8.2-1.EL.69.ia64.rpm xorg-x11-doc-6.8.2-1.EL.69.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.ia64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.69.ia64.rpm xorg-x11-tools-6.8.2-1.EL.69.ia64.rpm xorg-x11-twm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.69.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.69.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.69.ia64.rpm x86_64: xorg-x11-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.69.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.69.i386.rpm xorg-x11-devel-6.8.2-1.EL.69.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.69.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.69.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.69.i386.rpm xorg-x11-libs-6.8.2-1.EL.69.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.69.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.69.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.69.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.69.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2895.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFORFC9XlSAg2UNWIIRApEjAJ4rV+23CLKkNOYhHFA+PnPUoeQwDgCeMQTF +zIm5bPGmOaTgYThAMpOGZo= =z+93 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 15 17:53:24 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Aug 2011 17:53:24 +0000 Subject: [RHSA-2011:1159-01] Critical: java-1.4.2-ibm security update Message-ID: <201108151753.p7FHrPbQ025285@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2011:1159-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1159.html Issue date: 2011-08-15 CVE Names: CVE-2011-0311 CVE-2011-0802 CVE-2011-0814 CVE-2011-0862 CVE-2011-0865 CVE-2011-0867 CVE-2011-0871 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-0311, CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871) Note: The RHSA-2011:0490 java-1.4.2-ibm update did not, unlike the erratum text stated, provide a complete fix for the CVE-2011-0311 issue. All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP10 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 702349 - CVE-2011-0311 IBM JDK Class file parsing denial-of-service 706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) 706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) 706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969) 706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) 711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.10-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.10-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0311.html https://www.redhat.com/security/data/cve/CVE-2011-0802.html https://www.redhat.com/security/data/cve/CVE-2011-0814.html https://www.redhat.com/security/data/cve/CVE-2011-0862.html https://www.redhat.com/security/data/cve/CVE-2011-0865.html https://www.redhat.com/security/data/cve/CVE-2011-0867.html https://www.redhat.com/security/data/cve/CVE-2011-0871.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSVz/XlSAg2UNWIIRAo3/AJ4j+whUn1G3R6UHfxF+Y6Mcw+fE8gCdFJTK zoSiZ27D765ZAk3TF6SeGlc= =6oXM -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 15 17:54:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Aug 2011 17:54:05 +0000 Subject: [RHSA-2011:1160-01] Moderate: dhcp security update Message-ID: <201108151754.p7FHs6q7001078@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dhcp security update Advisory ID: RHSA-2011:1160-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1160.html Issue date: 2011-08-15 CVE Names: CVE-2011-2748 CVE-2011-2749 ===================================================================== 1. Summary: Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certain incomplete request packets. A remote attacker could use these flaws to crash dhcpd via a specially-crafted request. (CVE-2011-2748, CVE-2011-2749) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, all DHCP servers will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729382 - CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dhcp-3.0.1-68.el4.src.rpm i386: dhclient-3.0.1-68.el4.i386.rpm dhcp-3.0.1-68.el4.i386.rpm dhcp-debuginfo-3.0.1-68.el4.i386.rpm dhcp-devel-3.0.1-68.el4.i386.rpm ia64: dhclient-3.0.1-68.el4.ia64.rpm dhcp-3.0.1-68.el4.ia64.rpm dhcp-debuginfo-3.0.1-68.el4.ia64.rpm dhcp-devel-3.0.1-68.el4.ia64.rpm ppc: dhclient-3.0.1-68.el4.ppc.rpm dhcp-3.0.1-68.el4.ppc.rpm dhcp-debuginfo-3.0.1-68.el4.ppc.rpm dhcp-devel-3.0.1-68.el4.ppc.rpm s390: dhclient-3.0.1-68.el4.s390.rpm dhcp-3.0.1-68.el4.s390.rpm dhcp-debuginfo-3.0.1-68.el4.s390.rpm dhcp-devel-3.0.1-68.el4.s390.rpm s390x: dhclient-3.0.1-68.el4.s390x.rpm dhcp-3.0.1-68.el4.s390x.rpm dhcp-debuginfo-3.0.1-68.el4.s390x.rpm dhcp-devel-3.0.1-68.el4.s390x.rpm x86_64: dhclient-3.0.1-68.el4.x86_64.rpm dhcp-3.0.1-68.el4.x86_64.rpm dhcp-debuginfo-3.0.1-68.el4.x86_64.rpm dhcp-devel-3.0.1-68.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dhcp-3.0.1-68.el4.src.rpm i386: dhclient-3.0.1-68.el4.i386.rpm dhcp-3.0.1-68.el4.i386.rpm dhcp-debuginfo-3.0.1-68.el4.i386.rpm dhcp-devel-3.0.1-68.el4.i386.rpm x86_64: dhclient-3.0.1-68.el4.x86_64.rpm dhcp-3.0.1-68.el4.x86_64.rpm dhcp-debuginfo-3.0.1-68.el4.x86_64.rpm dhcp-devel-3.0.1-68.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dhcp-3.0.1-68.el4.src.rpm i386: dhclient-3.0.1-68.el4.i386.rpm dhcp-3.0.1-68.el4.i386.rpm dhcp-debuginfo-3.0.1-68.el4.i386.rpm dhcp-devel-3.0.1-68.el4.i386.rpm ia64: dhclient-3.0.1-68.el4.ia64.rpm dhcp-3.0.1-68.el4.ia64.rpm dhcp-debuginfo-3.0.1-68.el4.ia64.rpm dhcp-devel-3.0.1-68.el4.ia64.rpm x86_64: dhclient-3.0.1-68.el4.x86_64.rpm dhcp-3.0.1-68.el4.x86_64.rpm dhcp-debuginfo-3.0.1-68.el4.x86_64.rpm dhcp-devel-3.0.1-68.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dhcp-3.0.1-68.el4.src.rpm i386: dhclient-3.0.1-68.el4.i386.rpm dhcp-3.0.1-68.el4.i386.rpm dhcp-debuginfo-3.0.1-68.el4.i386.rpm dhcp-devel-3.0.1-68.el4.i386.rpm ia64: dhclient-3.0.1-68.el4.ia64.rpm dhcp-3.0.1-68.el4.ia64.rpm dhcp-debuginfo-3.0.1-68.el4.ia64.rpm dhcp-devel-3.0.1-68.el4.ia64.rpm x86_64: dhclient-3.0.1-68.el4.x86_64.rpm dhcp-3.0.1-68.el4.x86_64.rpm dhcp-debuginfo-3.0.1-68.el4.x86_64.rpm dhcp-devel-3.0.1-68.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dhcp-3.0.5-29.el5_7.1.src.rpm i386: dhclient-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-3.0.5-29.el5_7.1.i386.rpm x86_64: dhclient-3.0.5-29.el5_7.1.x86_64.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.x86_64.rpm libdhcp4client-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-3.0.5-29.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dhcp-3.0.5-29.el5_7.1.src.rpm i386: dhcp-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm dhcp-devel-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.i386.rpm x86_64: dhcp-3.0.5-29.el5_7.1.x86_64.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.x86_64.rpm dhcp-devel-3.0.5-29.el5_7.1.i386.rpm dhcp-devel-3.0.5-29.el5_7.1.x86_64.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dhcp-3.0.5-29.el5_7.1.src.rpm i386: dhclient-3.0.5-29.el5_7.1.i386.rpm dhcp-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm dhcp-devel-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.i386.rpm ia64: dhclient-3.0.5-29.el5_7.1.ia64.rpm dhcp-3.0.5-29.el5_7.1.ia64.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.ia64.rpm dhcp-devel-3.0.5-29.el5_7.1.ia64.rpm libdhcp4client-3.0.5-29.el5_7.1.ia64.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.ia64.rpm ppc: dhclient-3.0.5-29.el5_7.1.ppc.rpm dhcp-3.0.5-29.el5_7.1.ppc.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.ppc.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.ppc64.rpm dhcp-devel-3.0.5-29.el5_7.1.ppc.rpm dhcp-devel-3.0.5-29.el5_7.1.ppc64.rpm libdhcp4client-3.0.5-29.el5_7.1.ppc.rpm libdhcp4client-3.0.5-29.el5_7.1.ppc64.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.ppc.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.ppc64.rpm s390x: dhclient-3.0.5-29.el5_7.1.s390x.rpm dhcp-3.0.5-29.el5_7.1.s390x.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.s390.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.s390x.rpm dhcp-devel-3.0.5-29.el5_7.1.s390.rpm dhcp-devel-3.0.5-29.el5_7.1.s390x.rpm libdhcp4client-3.0.5-29.el5_7.1.s390.rpm libdhcp4client-3.0.5-29.el5_7.1.s390x.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.s390.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.s390x.rpm x86_64: dhclient-3.0.5-29.el5_7.1.x86_64.rpm dhcp-3.0.5-29.el5_7.1.x86_64.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.i386.rpm dhcp-debuginfo-3.0.5-29.el5_7.1.x86_64.rpm dhcp-devel-3.0.5-29.el5_7.1.i386.rpm dhcp-devel-3.0.5-29.el5_7.1.x86_64.rpm libdhcp4client-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-3.0.5-29.el5_7.1.x86_64.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.i386.rpm libdhcp4client-devel-3.0.5-29.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhclient-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm x86_64: dhclient-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhcp-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm x86_64: dhcp-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm x86_64: dhclient-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm x86_64: dhcp-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhclient-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm ppc64: dhclient-4.1.1-19.P1.el6_1.1.ppc64.rpm dhcp-4.1.1-19.P1.el6_1.1.ppc64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.ppc64.rpm s390x: dhclient-4.1.1-19.P1.el6_1.1.s390x.rpm dhcp-4.1.1-19.P1.el6_1.1.s390x.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.s390x.rpm x86_64: dhclient-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm ppc64: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.ppc.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.ppc64.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.ppc.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.s390.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.s390x.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.s390.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhclient-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm x86_64: dhclient-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-19.P1.el6_1.1.src.rpm i386: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm x86_64: dhcp-debuginfo-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-debuginfo-4.1.1-19.P1.el6_1.1.x86_64.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.i686.rpm dhcp-devel-4.1.1-19.P1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2748.html https://www.redhat.com/security/data/cve/CVE-2011-2749.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSV0wXlSAg2UNWIIRAh63AJ9s9NqaItBmC/FujkwiWJCqyUExtQCfdnFn kZDPqMc+tbUwukORS8TKw6U= =+x56 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 15 17:55:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Aug 2011 17:55:01 +0000 Subject: [RHSA-2011:1161-01] Moderate: freetype security update Message-ID: <201108151755.p7FHt1Fs025803@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: freetype security update Advisory ID: RHSA-2011:1161-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1161.html Issue date: 2011-08-15 CVE Names: CVE-2011-2895 ===================================================================== 1. Summary: Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2895) Note: This issue only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 727624 - CVE-2011-2895 BSD compress LZW decoder buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-19.el4.src.rpm i386: freetype-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-demos-2.1.9-19.el4.i386.rpm freetype-devel-2.1.9-19.el4.i386.rpm freetype-utils-2.1.9-19.el4.i386.rpm ia64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.ia64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.ia64.rpm freetype-demos-2.1.9-19.el4.ia64.rpm freetype-devel-2.1.9-19.el4.ia64.rpm freetype-utils-2.1.9-19.el4.ia64.rpm ppc: freetype-2.1.9-19.el4.ppc.rpm freetype-2.1.9-19.el4.ppc64.rpm freetype-debuginfo-2.1.9-19.el4.ppc.rpm freetype-debuginfo-2.1.9-19.el4.ppc64.rpm freetype-demos-2.1.9-19.el4.ppc.rpm freetype-devel-2.1.9-19.el4.ppc.rpm freetype-utils-2.1.9-19.el4.ppc.rpm s390: freetype-2.1.9-19.el4.s390.rpm freetype-debuginfo-2.1.9-19.el4.s390.rpm freetype-demos-2.1.9-19.el4.s390.rpm freetype-devel-2.1.9-19.el4.s390.rpm freetype-utils-2.1.9-19.el4.s390.rpm s390x: freetype-2.1.9-19.el4.s390.rpm freetype-2.1.9-19.el4.s390x.rpm freetype-debuginfo-2.1.9-19.el4.s390.rpm freetype-debuginfo-2.1.9-19.el4.s390x.rpm freetype-demos-2.1.9-19.el4.s390x.rpm freetype-devel-2.1.9-19.el4.s390x.rpm freetype-utils-2.1.9-19.el4.s390x.rpm x86_64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.x86_64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.x86_64.rpm freetype-demos-2.1.9-19.el4.x86_64.rpm freetype-devel-2.1.9-19.el4.x86_64.rpm freetype-utils-2.1.9-19.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-19.el4.src.rpm i386: freetype-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-demos-2.1.9-19.el4.i386.rpm freetype-devel-2.1.9-19.el4.i386.rpm freetype-utils-2.1.9-19.el4.i386.rpm x86_64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.x86_64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.x86_64.rpm freetype-demos-2.1.9-19.el4.x86_64.rpm freetype-devel-2.1.9-19.el4.x86_64.rpm freetype-utils-2.1.9-19.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-19.el4.src.rpm i386: freetype-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-demos-2.1.9-19.el4.i386.rpm freetype-devel-2.1.9-19.el4.i386.rpm freetype-utils-2.1.9-19.el4.i386.rpm ia64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.ia64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.ia64.rpm freetype-demos-2.1.9-19.el4.ia64.rpm freetype-devel-2.1.9-19.el4.ia64.rpm freetype-utils-2.1.9-19.el4.ia64.rpm x86_64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.x86_64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.x86_64.rpm freetype-demos-2.1.9-19.el4.x86_64.rpm freetype-devel-2.1.9-19.el4.x86_64.rpm freetype-utils-2.1.9-19.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-19.el4.src.rpm i386: freetype-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-demos-2.1.9-19.el4.i386.rpm freetype-devel-2.1.9-19.el4.i386.rpm freetype-utils-2.1.9-19.el4.i386.rpm ia64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.ia64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.ia64.rpm freetype-demos-2.1.9-19.el4.ia64.rpm freetype-devel-2.1.9-19.el4.ia64.rpm freetype-utils-2.1.9-19.el4.ia64.rpm x86_64: freetype-2.1.9-19.el4.i386.rpm freetype-2.1.9-19.el4.x86_64.rpm freetype-debuginfo-2.1.9-19.el4.i386.rpm freetype-debuginfo-2.1.9-19.el4.x86_64.rpm freetype-demos-2.1.9-19.el4.x86_64.rpm freetype-devel-2.1.9-19.el4.x86_64.rpm freetype-utils-2.1.9-19.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2895.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSV1NXlSAg2UNWIIRAjE5AJ9LZ1aBY4ucpuy++wQ09f2NHW05/wCffUKW D0ykpp7uqLrSRK2Z5joXM9g= =g8jZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 18:52:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2011 18:52:25 +0000 Subject: [RHSA-2011:1163-01] Important: kernel security and bug fix update Message-ID: <201108161852.p7GIqPsK002449@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:1163-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1163.html Issue date: 2011-08-16 CVE Names: CVE-2011-1780 CVE-2011-2525 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important) * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate) This update also fixes the following bugs: * A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled. (BZ#712884) * A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929) * The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the "sec=krb5" option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored. (BZ#722854) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 702657 - CVE-2011-1780 kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits 712884 - RHEL6.1 32bit xen hvm guest crash randomly 719066 - [RHEL5.7][kernel-xen] HVM guests hang during installation on AMD systems 720552 - CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() 6. Package List: Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-238.21.1.el5.src.rpm i386: kernel-2.6.18-238.21.1.el5.i686.rpm kernel-PAE-2.6.18-238.21.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.21.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.21.1.el5.i686.rpm kernel-debug-2.6.18-238.21.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.21.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.21.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.21.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.21.1.el5.i686.rpm kernel-devel-2.6.18-238.21.1.el5.i686.rpm kernel-headers-2.6.18-238.21.1.el5.i386.rpm kernel-xen-2.6.18-238.21.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.21.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.21.1.el5.i686.rpm ia64: kernel-2.6.18-238.21.1.el5.ia64.rpm kernel-debug-2.6.18-238.21.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.21.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.21.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.21.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.21.1.el5.ia64.rpm kernel-devel-2.6.18-238.21.1.el5.ia64.rpm kernel-headers-2.6.18-238.21.1.el5.ia64.rpm kernel-xen-2.6.18-238.21.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.21.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.21.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.21.1.el5.noarch.rpm ppc: kernel-2.6.18-238.21.1.el5.ppc64.rpm kernel-debug-2.6.18-238.21.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.21.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.21.1.el5.ppc64.rpm kernel-devel-2.6.18-238.21.1.el5.ppc64.rpm kernel-headers-2.6.18-238.21.1.el5.ppc.rpm kernel-headers-2.6.18-238.21.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.21.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.21.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.21.1.el5.s390x.rpm kernel-debug-2.6.18-238.21.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.21.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.21.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.21.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.21.1.el5.s390x.rpm kernel-devel-2.6.18-238.21.1.el5.s390x.rpm kernel-headers-2.6.18-238.21.1.el5.s390x.rpm kernel-kdump-2.6.18-238.21.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.21.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.21.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.21.1.el5.x86_64.rpm kernel-debug-2.6.18-238.21.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.21.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.21.1.el5.x86_64.rpm kernel-devel-2.6.18-238.21.1.el5.x86_64.rpm kernel-headers-2.6.18-238.21.1.el5.x86_64.rpm kernel-xen-2.6.18-238.21.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.21.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1780.html https://www.redhat.com/security/data/cve/CVE-2011-2525.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1065.html https://rhn.redhat.com/errata/RHSA-2009-1243.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSrwpXlSAg2UNWIIRAp5bAJ920IcBt+SqRNn2o6UnJNnjba/PJwCgppgs xaIZq+QiOYjoykX5QxCvnuw= =9uC1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 18:53:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2011 18:53:10 +0000 Subject: [RHSA-2011:1164-01] Critical: firefox security update Message-ID: <201108161853.p7GIrAo1002436@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2011:1164-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1164.html Issue date: 2011-08-16 CVE Names: CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards 730519 - CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition() 730520 - CVE-2011-2981 Mozilla: Privilege escalation using event handlers 730521 - CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild 730522 - CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area 730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm i386: firefox-3.6.20-2.el4.i386.rpm firefox-debuginfo-3.6.20-2.el4.i386.rpm ia64: firefox-3.6.20-2.el4.ia64.rpm firefox-debuginfo-3.6.20-2.el4.ia64.rpm ppc: firefox-3.6.20-2.el4.ppc.rpm firefox-debuginfo-3.6.20-2.el4.ppc.rpm s390: firefox-3.6.20-2.el4.s390.rpm firefox-debuginfo-3.6.20-2.el4.s390.rpm s390x: firefox-3.6.20-2.el4.s390x.rpm firefox-debuginfo-3.6.20-2.el4.s390x.rpm x86_64: firefox-3.6.20-2.el4.x86_64.rpm firefox-debuginfo-3.6.20-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm i386: firefox-3.6.20-2.el4.i386.rpm firefox-debuginfo-3.6.20-2.el4.i386.rpm x86_64: firefox-3.6.20-2.el4.x86_64.rpm firefox-debuginfo-3.6.20-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm i386: firefox-3.6.20-2.el4.i386.rpm firefox-debuginfo-3.6.20-2.el4.i386.rpm ia64: firefox-3.6.20-2.el4.ia64.rpm firefox-debuginfo-3.6.20-2.el4.ia64.rpm x86_64: firefox-3.6.20-2.el4.x86_64.rpm firefox-debuginfo-3.6.20-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.20-2.el4.src.rpm i386: firefox-3.6.20-2.el4.i386.rpm firefox-debuginfo-3.6.20-2.el4.i386.rpm ia64: firefox-3.6.20-2.el4.ia64.rpm firefox-debuginfo-3.6.20-2.el4.ia64.rpm x86_64: firefox-3.6.20-2.el4.x86_64.rpm firefox-debuginfo-3.6.20-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.20-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm i386: firefox-3.6.20-2.el5.i386.rpm firefox-debuginfo-3.6.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm x86_64: firefox-3.6.20-2.el5.i386.rpm firefox-3.6.20-2.el5.x86_64.rpm firefox-debuginfo-3.6.20-2.el5.i386.rpm firefox-debuginfo-3.6.20-2.el5.x86_64.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm i386: xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.20-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el5.src.rpm i386: firefox-3.6.20-2.el5.i386.rpm firefox-debuginfo-3.6.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm ia64: firefox-3.6.20-2.el5.ia64.rpm firefox-debuginfo-3.6.20-2.el5.ia64.rpm xulrunner-1.9.2.20-2.el5.ia64.rpm xulrunner-debuginfo-1.9.2.20-2.el5.ia64.rpm xulrunner-devel-1.9.2.20-2.el5.ia64.rpm ppc: firefox-3.6.20-2.el5.ppc.rpm firefox-debuginfo-3.6.20-2.el5.ppc.rpm xulrunner-1.9.2.20-2.el5.ppc.rpm xulrunner-1.9.2.20-2.el5.ppc64.rpm xulrunner-debuginfo-1.9.2.20-2.el5.ppc.rpm xulrunner-debuginfo-1.9.2.20-2.el5.ppc64.rpm xulrunner-devel-1.9.2.20-2.el5.ppc.rpm xulrunner-devel-1.9.2.20-2.el5.ppc64.rpm s390x: firefox-3.6.20-2.el5.s390.rpm firefox-3.6.20-2.el5.s390x.rpm firefox-debuginfo-3.6.20-2.el5.s390.rpm firefox-debuginfo-3.6.20-2.el5.s390x.rpm xulrunner-1.9.2.20-2.el5.s390.rpm xulrunner-1.9.2.20-2.el5.s390x.rpm xulrunner-debuginfo-1.9.2.20-2.el5.s390.rpm xulrunner-debuginfo-1.9.2.20-2.el5.s390x.rpm xulrunner-devel-1.9.2.20-2.el5.s390.rpm xulrunner-devel-1.9.2.20-2.el5.s390x.rpm x86_64: firefox-3.6.20-2.el5.i386.rpm firefox-3.6.20-2.el5.x86_64.rpm firefox-debuginfo-3.6.20-2.el5.i386.rpm firefox-debuginfo-3.6.20-2.el5.x86_64.rpm xulrunner-1.9.2.20-2.el5.i386.rpm xulrunner-1.9.2.20-2.el5.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el5.i386.rpm xulrunner-debuginfo-1.9.2.20-2.el5.x86_64.rpm xulrunner-devel-1.9.2.20-2.el5.i386.rpm xulrunner-devel-1.9.2.20-2.el5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: firefox-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm x86_64: firefox-3.6.20-2.el6_1.i686.rpm firefox-3.6.20-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm x86_64: firefox-3.6.20-2.el6_1.i686.rpm firefox-3.6.20-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: firefox-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm ppc64: firefox-3.6.20-2.el6_1.ppc.rpm firefox-3.6.20-2.el6_1.ppc64.rpm firefox-debuginfo-3.6.20-2.el6_1.ppc.rpm firefox-debuginfo-3.6.20-2.el6_1.ppc64.rpm xulrunner-1.9.2.20-2.el6_1.ppc.rpm xulrunner-1.9.2.20-2.el6_1.ppc64.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc64.rpm s390x: firefox-3.6.20-2.el6_1.s390.rpm firefox-3.6.20-2.el6_1.s390x.rpm firefox-debuginfo-3.6.20-2.el6_1.s390.rpm firefox-debuginfo-3.6.20-2.el6_1.s390x.rpm xulrunner-1.9.2.20-2.el6_1.s390.rpm xulrunner-1.9.2.20-2.el6_1.s390x.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.s390x.rpm x86_64: firefox-3.6.20-2.el6_1.i686.rpm firefox-3.6.20-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.ppc64.rpm xulrunner-devel-1.9.2.20-2.el6_1.ppc.rpm xulrunner-devel-1.9.2.20-2.el6_1.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.20-2.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.s390x.rpm xulrunner-devel-1.9.2.20-2.el6_1.s390.rpm xulrunner-devel-1.9.2.20-2.el6_1.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.20-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: firefox-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm x86_64: firefox-3.6.20-2.el6_1.i686.rpm firefox-3.6.20-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.20-2.el6_1.i686.rpm firefox-debuginfo-3.6.20-2.el6_1.x86_64.rpm xulrunner-1.9.2.20-2.el6_1.i686.rpm xulrunner-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-2.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.20-2.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-2.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-2.el6_1.i686.rpm xulrunner-devel-1.9.2.20-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0084.html https://www.redhat.com/security/data/cve/CVE-2011-2378.html https://www.redhat.com/security/data/cve/CVE-2011-2981.html https://www.redhat.com/security/data/cve/CVE-2011-2982.html https://www.redhat.com/security/data/cve/CVE-2011-2983.html https://www.redhat.com/security/data/cve/CVE-2011-2984.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.20 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSryHXlSAg2UNWIIRAptPAJ99gZXIjd+9/dVgtYF4rTf8/VInGQCdEvZK 9dBny490Y9V159N9ThVgl64= =bIh+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 18:53:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2011 18:53:50 +0000 Subject: [RHSA-2011:1165-01] Critical: thunderbird security update Message-ID: <201108161853.p7GIroIf002605@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:1165-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1165.html Issue date: 2011-08-16 CVE Names: CVE-2011-2982 CVE-2011-2983 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Red Hat Enterprise Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards 730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-40.el4.src.rpm i386: thunderbird-1.5.0.12-40.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-40.el4.i386.rpm ia64: thunderbird-1.5.0.12-40.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.ia64.rpm ppc: thunderbird-1.5.0.12-40.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-40.el4.ppc.rpm s390: thunderbird-1.5.0.12-40.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-40.el4.s390.rpm s390x: thunderbird-1.5.0.12-40.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-40.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-40.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-40.el4.src.rpm i386: thunderbird-1.5.0.12-40.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-40.el4.i386.rpm x86_64: thunderbird-1.5.0.12-40.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-40.el4.src.rpm i386: thunderbird-1.5.0.12-40.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-40.el4.i386.rpm ia64: thunderbird-1.5.0.12-40.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-40.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-40.el4.src.rpm i386: thunderbird-1.5.0.12-40.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-40.el4.i386.rpm ia64: thunderbird-1.5.0.12-40.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-40.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-40.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-21.el5.src.rpm i386: thunderbird-2.0.0.24-21.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-21.el5.i386.rpm x86_64: thunderbird-2.0.0.24-21.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-21.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-21.el5.src.rpm i386: thunderbird-2.0.0.24-21.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-21.el5.i386.rpm x86_64: thunderbird-2.0.0.24-21.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2982.html https://www.redhat.com/security/data/cve/CVE-2011-2983.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSrylXlSAg2UNWIIRAr+BAJ4wt9eNBQ8G0Rr/eTjU5FNt9AgLagCgw1Qu 2XQEW9uCAxmj3d8tW2i9UyY= =1QMp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 18:54:18 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2011 18:54:18 +0000 Subject: [RHSA-2011:1166-01] Critical: thunderbird security update Message-ID: <201108161854.p7GIsIop022054@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:1166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1166.html Issue date: 2011-08-16 CVE Names: CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics (SVG) text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0084) A dangling pointer flaw was found in the way Thunderbird handled a certain Document Object Model (DOM) element. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2378) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards 730519 - CVE-2011-0084 Mozilla: Crash in SVGTextElement.getCharNumAtPosition() 730521 - CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.12-1.el6_1.src.rpm i386: thunderbird-3.1.12-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm x86_64: thunderbird-3.1.12-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.12-1.el6_1.src.rpm i386: thunderbird-3.1.12-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm ppc64: thunderbird-3.1.12-1.el6_1.ppc64.rpm thunderbird-debuginfo-3.1.12-1.el6_1.ppc64.rpm s390x: thunderbird-3.1.12-1.el6_1.s390x.rpm thunderbird-debuginfo-3.1.12-1.el6_1.s390x.rpm x86_64: thunderbird-3.1.12-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.12-1.el6_1.src.rpm i386: thunderbird-3.1.12-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-1.el6_1.i686.rpm x86_64: thunderbird-3.1.12-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0084.html https://www.redhat.com/security/data/cve/CVE-2011-2378.html https://www.redhat.com/security/data/cve/CVE-2011-2982.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSrzNXlSAg2UNWIIRAvJDAKCGxLPuwXGivmeN+Xl+EEpdZG+mZACeOGAZ eldxZE+zlrUwMUP1DxGVUP4= =7UAu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 18:55:00 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2011 18:55:00 +0000 Subject: [RHSA-2011:1167-01] Critical: seamonkey security update Message-ID: <201108161855.p7GIt0Ka003185@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2011:1167-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1167.html Issue date: 2011-08-16 CVE Names: CVE-2011-2982 CVE-2011-2983 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards 730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-72.el4.src.rpm i386: seamonkey-1.0.9-72.el4.i386.rpm seamonkey-chat-1.0.9-72.el4.i386.rpm seamonkey-debuginfo-1.0.9-72.el4.i386.rpm seamonkey-devel-1.0.9-72.el4.i386.rpm seamonkey-dom-inspector-1.0.9-72.el4.i386.rpm seamonkey-js-debugger-1.0.9-72.el4.i386.rpm seamonkey-mail-1.0.9-72.el4.i386.rpm ia64: seamonkey-1.0.9-72.el4.ia64.rpm seamonkey-chat-1.0.9-72.el4.ia64.rpm seamonkey-debuginfo-1.0.9-72.el4.ia64.rpm seamonkey-devel-1.0.9-72.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-72.el4.ia64.rpm seamonkey-js-debugger-1.0.9-72.el4.ia64.rpm seamonkey-mail-1.0.9-72.el4.ia64.rpm ppc: seamonkey-1.0.9-72.el4.ppc.rpm seamonkey-chat-1.0.9-72.el4.ppc.rpm seamonkey-debuginfo-1.0.9-72.el4.ppc.rpm seamonkey-devel-1.0.9-72.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-72.el4.ppc.rpm seamonkey-js-debugger-1.0.9-72.el4.ppc.rpm seamonkey-mail-1.0.9-72.el4.ppc.rpm s390: seamonkey-1.0.9-72.el4.s390.rpm seamonkey-chat-1.0.9-72.el4.s390.rpm seamonkey-debuginfo-1.0.9-72.el4.s390.rpm seamonkey-devel-1.0.9-72.el4.s390.rpm seamonkey-dom-inspector-1.0.9-72.el4.s390.rpm seamonkey-js-debugger-1.0.9-72.el4.s390.rpm seamonkey-mail-1.0.9-72.el4.s390.rpm s390x: seamonkey-1.0.9-72.el4.s390x.rpm seamonkey-chat-1.0.9-72.el4.s390x.rpm seamonkey-debuginfo-1.0.9-72.el4.s390x.rpm seamonkey-devel-1.0.9-72.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-72.el4.s390x.rpm seamonkey-js-debugger-1.0.9-72.el4.s390x.rpm seamonkey-mail-1.0.9-72.el4.s390x.rpm x86_64: seamonkey-1.0.9-72.el4.x86_64.rpm seamonkey-chat-1.0.9-72.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-72.el4.x86_64.rpm seamonkey-devel-1.0.9-72.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-72.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-72.el4.x86_64.rpm seamonkey-mail-1.0.9-72.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-72.el4.src.rpm i386: seamonkey-1.0.9-72.el4.i386.rpm seamonkey-chat-1.0.9-72.el4.i386.rpm seamonkey-debuginfo-1.0.9-72.el4.i386.rpm seamonkey-devel-1.0.9-72.el4.i386.rpm seamonkey-dom-inspector-1.0.9-72.el4.i386.rpm seamonkey-js-debugger-1.0.9-72.el4.i386.rpm seamonkey-mail-1.0.9-72.el4.i386.rpm x86_64: seamonkey-1.0.9-72.el4.x86_64.rpm seamonkey-chat-1.0.9-72.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-72.el4.x86_64.rpm seamonkey-devel-1.0.9-72.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-72.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-72.el4.x86_64.rpm seamonkey-mail-1.0.9-72.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-72.el4.src.rpm i386: seamonkey-1.0.9-72.el4.i386.rpm seamonkey-chat-1.0.9-72.el4.i386.rpm seamonkey-debuginfo-1.0.9-72.el4.i386.rpm seamonkey-devel-1.0.9-72.el4.i386.rpm seamonkey-dom-inspector-1.0.9-72.el4.i386.rpm seamonkey-js-debugger-1.0.9-72.el4.i386.rpm seamonkey-mail-1.0.9-72.el4.i386.rpm ia64: seamonkey-1.0.9-72.el4.ia64.rpm seamonkey-chat-1.0.9-72.el4.ia64.rpm seamonkey-debuginfo-1.0.9-72.el4.ia64.rpm seamonkey-devel-1.0.9-72.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-72.el4.ia64.rpm seamonkey-js-debugger-1.0.9-72.el4.ia64.rpm seamonkey-mail-1.0.9-72.el4.ia64.rpm x86_64: seamonkey-1.0.9-72.el4.x86_64.rpm seamonkey-chat-1.0.9-72.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-72.el4.x86_64.rpm seamonkey-devel-1.0.9-72.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-72.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-72.el4.x86_64.rpm seamonkey-mail-1.0.9-72.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-72.el4.src.rpm i386: seamonkey-1.0.9-72.el4.i386.rpm seamonkey-chat-1.0.9-72.el4.i386.rpm seamonkey-debuginfo-1.0.9-72.el4.i386.rpm seamonkey-devel-1.0.9-72.el4.i386.rpm seamonkey-dom-inspector-1.0.9-72.el4.i386.rpm seamonkey-js-debugger-1.0.9-72.el4.i386.rpm seamonkey-mail-1.0.9-72.el4.i386.rpm ia64: seamonkey-1.0.9-72.el4.ia64.rpm seamonkey-chat-1.0.9-72.el4.ia64.rpm seamonkey-debuginfo-1.0.9-72.el4.ia64.rpm seamonkey-devel-1.0.9-72.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-72.el4.ia64.rpm seamonkey-js-debugger-1.0.9-72.el4.ia64.rpm seamonkey-mail-1.0.9-72.el4.ia64.rpm x86_64: seamonkey-1.0.9-72.el4.x86_64.rpm seamonkey-chat-1.0.9-72.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-72.el4.x86_64.rpm seamonkey-devel-1.0.9-72.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-72.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-72.el4.x86_64.rpm seamonkey-mail-1.0.9-72.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2982.html https://www.redhat.com/security/data/cve/CVE-2011-2983.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOSrzsXlSAg2UNWIIRAlHXAJ9k0+Q3Bz6hQuzt6AUcQ+rZo9txeQCfQOYy S9Ob5tUTtnA4nLk4IQGn6R8= =qoDJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 18 19:53:55 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Aug 2011 19:53:55 +0000 Subject: [RHSA-2011:1187-01] Moderate: dovecot security update Message-ID: <201108181953.p7IJrtdL006193@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dovecot security update Advisory ID: RHSA-2011:1187-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1187.html Issue date: 2011-08-18 CVE Names: CVE-2011-1929 ===================================================================== 1. Summary: Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. (CVE-2011-1929) Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706286 - CVE-2011-1929 dovecot: potential crash when parsing header names that contain NUL characters 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dovecot-0.99.11-10.EL4.src.rpm i386: dovecot-0.99.11-10.EL4.i386.rpm dovecot-debuginfo-0.99.11-10.EL4.i386.rpm ia64: dovecot-0.99.11-10.EL4.ia64.rpm dovecot-debuginfo-0.99.11-10.EL4.ia64.rpm ppc: dovecot-0.99.11-10.EL4.ppc.rpm dovecot-debuginfo-0.99.11-10.EL4.ppc.rpm s390: dovecot-0.99.11-10.EL4.s390.rpm dovecot-debuginfo-0.99.11-10.EL4.s390.rpm s390x: dovecot-0.99.11-10.EL4.s390x.rpm dovecot-debuginfo-0.99.11-10.EL4.s390x.rpm x86_64: dovecot-0.99.11-10.EL4.x86_64.rpm dovecot-debuginfo-0.99.11-10.EL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dovecot-0.99.11-10.EL4.src.rpm i386: dovecot-0.99.11-10.EL4.i386.rpm dovecot-debuginfo-0.99.11-10.EL4.i386.rpm x86_64: dovecot-0.99.11-10.EL4.x86_64.rpm dovecot-debuginfo-0.99.11-10.EL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dovecot-0.99.11-10.EL4.src.rpm i386: dovecot-0.99.11-10.EL4.i386.rpm dovecot-debuginfo-0.99.11-10.EL4.i386.rpm ia64: dovecot-0.99.11-10.EL4.ia64.rpm dovecot-debuginfo-0.99.11-10.EL4.ia64.rpm x86_64: dovecot-0.99.11-10.EL4.x86_64.rpm dovecot-debuginfo-0.99.11-10.EL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dovecot-0.99.11-10.EL4.src.rpm i386: dovecot-0.99.11-10.EL4.i386.rpm dovecot-debuginfo-0.99.11-10.EL4.i386.rpm ia64: dovecot-0.99.11-10.EL4.ia64.rpm dovecot-debuginfo-0.99.11-10.EL4.ia64.rpm x86_64: dovecot-0.99.11-10.EL4.x86_64.rpm dovecot-debuginfo-0.99.11-10.EL4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dovecot-1.0.7-7.el5_7.1.src.rpm i386: dovecot-1.0.7-7.el5_7.1.i386.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.i386.rpm x86_64: dovecot-1.0.7-7.el5_7.1.x86_64.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dovecot-1.0.7-7.el5_7.1.src.rpm i386: dovecot-1.0.7-7.el5_7.1.i386.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.i386.rpm ia64: dovecot-1.0.7-7.el5_7.1.ia64.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.ia64.rpm ppc: dovecot-1.0.7-7.el5_7.1.ppc.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.ppc.rpm s390x: dovecot-1.0.7-7.el5_7.1.s390x.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.s390x.rpm x86_64: dovecot-1.0.7-7.el5_7.1.x86_64.rpm dovecot-debuginfo-1.0.7-7.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6_1.1.src.rpm i386: dovecot-2.0.9-2.el6_1.1.i686.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-mysql-2.0.9-2.el6_1.1.i686.rpm dovecot-pgsql-2.0.9-2.el6_1.1.i686.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.i686.rpm ppc64: dovecot-2.0.9-2.el6_1.1.ppc.rpm dovecot-2.0.9-2.el6_1.1.ppc64.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.ppc.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.ppc64.rpm dovecot-mysql-2.0.9-2.el6_1.1.ppc64.rpm dovecot-pgsql-2.0.9-2.el6_1.1.ppc64.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.ppc64.rpm s390x: dovecot-2.0.9-2.el6_1.1.s390.rpm dovecot-2.0.9-2.el6_1.1.s390x.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.s390.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.s390x.rpm dovecot-mysql-2.0.9-2.el6_1.1.s390x.rpm dovecot-pgsql-2.0.9-2.el6_1.1.s390x.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.s390x.rpm x86_64: dovecot-2.0.9-2.el6_1.1.i686.rpm dovecot-2.0.9-2.el6_1.1.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.x86_64.rpm dovecot-mysql-2.0.9-2.el6_1.1.x86_64.rpm dovecot-pgsql-2.0.9-2.el6_1.1.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6_1.1.src.rpm i386: dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-devel-2.0.9-2.el6_1.1.i686.rpm ppc64: dovecot-debuginfo-2.0.9-2.el6_1.1.ppc64.rpm dovecot-devel-2.0.9-2.el6_1.1.ppc64.rpm s390x: dovecot-debuginfo-2.0.9-2.el6_1.1.s390x.rpm dovecot-devel-2.0.9-2.el6_1.1.s390x.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6_1.1.x86_64.rpm dovecot-devel-2.0.9-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6_1.1.src.rpm i386: dovecot-2.0.9-2.el6_1.1.i686.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-mysql-2.0.9-2.el6_1.1.i686.rpm dovecot-pgsql-2.0.9-2.el6_1.1.i686.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.i686.rpm x86_64: dovecot-2.0.9-2.el6_1.1.i686.rpm dovecot-2.0.9-2.el6_1.1.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-debuginfo-2.0.9-2.el6_1.1.x86_64.rpm dovecot-mysql-2.0.9-2.el6_1.1.x86_64.rpm dovecot-pgsql-2.0.9-2.el6_1.1.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6_1.1.src.rpm i386: dovecot-debuginfo-2.0.9-2.el6_1.1.i686.rpm dovecot-devel-2.0.9-2.el6_1.1.i686.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6_1.1.x86_64.rpm dovecot-devel-2.0.9-2.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1929.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOTW29XlSAg2UNWIIRAr8LAKCu85vT3BXBKZ1SRebWK7B9nG6OFQCfYR3k P3AdaDf2BpXnEhk2OL5DTpo= =eG31 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 14:48:18 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2011 14:48:18 +0000 Subject: [RHSA-2011:1189-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201108231448.p7NEmI9U017784@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1189.html Issue date: 2011-08-23 CVE Names: CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 CVE-2011-1898 CVE-2011-2183 CVE-2011-2213 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2497 CVE-2011-2517 CVE-2011-2689 CVE-2011-2695 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially-crafted request to a target system via Bluetooth. (CVE-2011-2497, Important) * Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate) * Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate) * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate) * Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) * Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. 4. Solution: Refer to the Technical Notes, available shortly from the link in the References, for bug fix and enhancement details. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 690028 - CVE-2011-1182 kernel signal spoofing issue 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap() 703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace 703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task 713827 - Parallel port issue in RHEL 6.0 server 714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation 714982 - GFS2: Update to rhel6.1 broke dovecot writing to a gfs2 filesystem 715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection 716539 - bump domain memory limits [6.1.z] 716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize 722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.12.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.12.1.el6.ppc64.rpm kernel-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-headers-2.6.32-131.12.1.el6.ppc64.rpm perf-2.6.32-131.12.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6.s390x.rpm kernel-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-headers-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.12.1.el6.s390x.rpm perf-2.6.32-131.12.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.12.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1182.html https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://www.redhat.com/security/data/cve/CVE-2011-1593.html https://www.redhat.com/security/data/cve/CVE-2011-1776.html https://www.redhat.com/security/data/cve/CVE-2011-1898.html https://www.redhat.com/security/data/cve/CVE-2011-2183.html https://www.redhat.com/security/data/cve/CVE-2011-2213.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2492.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2497.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2689.html https://www.redhat.com/security/data/cve/CVE-2011-2695.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1189 https://bugzilla.redhat.com/show_bug.cgi?id=715555 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOU72NXlSAg2UNWIIRAvuvAJ0XW+pjVB73eYV6dyMHJAKRZqTyygCeIAtM +72YbSFubpSk5fCdBrnH5XY= =wVAB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 14:49:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2011 14:49:05 +0000 Subject: [RHSA-2011:1196-01] Moderate: system-config-printer security update Message-ID: <201108231449.p7NEn6KW005278@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: system-config-printer security update Advisory ID: RHSA-2011:1196-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1196.html Issue date: 2011-08-23 CVE Names: CVE-2011-2899 ===================================================================== 1. Summary: Updated system-config-printer packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privileges of the user running system-config-printer. (CVE-2011-2899) All users of system-config-printer are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-printer must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 728348 - CVE-2011-2899 system-config-printer: possible arbitrary code execution in pysmb.py due to improper escaping of hostnames 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm ppc: system-config-printer-0.6.116.10-1.6.el4.ppc.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ppc.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ppc.rpm s390: system-config-printer-0.6.116.10-1.6.el4.s390.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.s390.rpm system-config-printer-gui-0.6.116.10-1.6.el4.s390.rpm s390x: system-config-printer-0.6.116.10-1.6.el4.s390x.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.s390x.rpm system-config-printer-gui-0.6.116.10-1.6.el4.s390x.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/system-config-printer-0.7.32.10-1.el5_7.1.src.rpm i386: system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm x86_64: system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/system-config-printer-0.7.32.10-1.el5_7.1.src.rpm i386: system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm ia64: system-config-printer-0.7.32.10-1.el5_7.1.ia64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.ia64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.ia64.rpm ppc: system-config-printer-0.7.32.10-1.el5_7.1.ppc.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.ppc.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.ppc.rpm s390x: system-config-printer-0.7.32.10-1.el5_7.1.s390x.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.s390x.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.s390x.rpm x86_64: system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2899.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOU73QXlSAg2UNWIIRAtaOAJ4oVWJE3+Im60upiHPtmPVeJkRb0QCfc8tF stTz73xLpDfC+ZVI/tlNOsA= =up1e -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 14:49:31 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2011 14:49:31 +0000 Subject: [RHSA-2011:1197-01] Moderate: libvirt security and bug fix update Message-ID: <201108231449.p7NEnWDj031027@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2011:1197-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1197.html Issue date: 2011-08-23 CVE Names: CVE-2011-2511 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash. (CVE-2011-2511) This update also fixes the following bugs: * Previously, when the "virsh vol-create-from" command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time. This bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs. * Due to a regression, libvirt used undocumented command line options, instead of the recommended ones. Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected. (BZ#726617) * Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected. (BZ#728516) * Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check. Consequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario. (BZ#728546) * The libvirt library uses the "boot=on" option to mark which disk is bootable but it only uses that option if Qemu advertises its support. The qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the "No bootable disk" error message returned, or the system booted whatever operating system was on the IDE disk. With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug. All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 717199 - CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus 726617 - libvirt regression with creating encrypted volume 728516 - Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect 728546 - [libvirt] [logs] null dereference while preparing libvirt logs 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm i386: libvirt-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-python-0.8.7-18.el6_1.1.i686.rpm x86_64: libvirt-0.8.7-18.el6_1.1.x86_64.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.x86_64.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-python-0.8.7-18.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm i386: libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm x86_64: libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm x86_64: libvirt-0.8.7-18.el6_1.1.x86_64.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.x86_64.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-python-0.8.7-18.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm x86_64: libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm i386: libvirt-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-python-0.8.7-18.el6_1.1.i686.rpm ppc64: libvirt-0.8.7-18.el6_1.1.ppc64.rpm libvirt-client-0.8.7-18.el6_1.1.ppc.rpm libvirt-client-0.8.7-18.el6_1.1.ppc64.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.ppc.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.ppc64.rpm libvirt-devel-0.8.7-18.el6_1.1.ppc.rpm libvirt-devel-0.8.7-18.el6_1.1.ppc64.rpm libvirt-python-0.8.7-18.el6_1.1.ppc64.rpm s390x: libvirt-0.8.7-18.el6_1.1.s390x.rpm libvirt-client-0.8.7-18.el6_1.1.s390.rpm libvirt-client-0.8.7-18.el6_1.1.s390x.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.s390.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.s390x.rpm libvirt-devel-0.8.7-18.el6_1.1.s390.rpm libvirt-devel-0.8.7-18.el6_1.1.s390x.rpm libvirt-python-0.8.7-18.el6_1.1.s390x.rpm x86_64: libvirt-0.8.7-18.el6_1.1.x86_64.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.x86_64.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.x86_64.rpm libvirt-python-0.8.7-18.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.8.7-18.el6_1.1.src.rpm i386: libvirt-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-python-0.8.7-18.el6_1.1.i686.rpm x86_64: libvirt-0.8.7-18.el6_1.1.x86_64.rpm libvirt-client-0.8.7-18.el6_1.1.i686.rpm libvirt-client-0.8.7-18.el6_1.1.x86_64.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.i686.rpm libvirt-debuginfo-0.8.7-18.el6_1.1.x86_64.rpm libvirt-devel-0.8.7-18.el6_1.1.i686.rpm libvirt-devel-0.8.7-18.el6_1.1.x86_64.rpm libvirt-python-0.8.7-18.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2511.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFOU730XlSAg2UNWIIRAsorAJiH2nLKrFKzE6Nipl948A/sMkwQAJ4sME1x aG3oAPAIDOjm2bf+/TwzdA== =zho7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 29 17:48:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Aug 2011 17:48:25 +0000 Subject: [RHSA-2011:1219-01] Moderate: samba security update Message-ID: <201108291748.p7THmPHe002031@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2011:1219-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1219.html Issue date: 2011-08-29 CVE Names: CVE-2010-0547 CVE-2010-0787 CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 ===================================================================== 1. Summary: Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) A race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787) It was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS share mount request. (CVE-2010-0547) It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787; and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers as the original reporter of CVE-2010-0787. Users of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 562156 - CVE-2010-0547 samba: mount.cifs improper device name and mountpoint strings sanitization 577277 - CVE-2010-0787 samba: Race condition by mount (mount.cifs) operations 695925 - CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE 721348 - CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars 722537 - CVE-2011-2694 samba (SWAT): XSS flaw in Change Password page 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.34.el4.src.rpm i386: samba-3.0.33-0.34.el4.i386.rpm samba-client-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-swat-3.0.33-0.34.el4.i386.rpm ia64: samba-3.0.33-0.34.el4.ia64.rpm samba-client-3.0.33-0.34.el4.ia64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.ia64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.ia64.rpm samba-swat-3.0.33-0.34.el4.ia64.rpm ppc: samba-3.0.33-0.34.el4.ppc.rpm samba-client-3.0.33-0.34.el4.ppc.rpm samba-common-3.0.33-0.34.el4.ppc.rpm samba-common-3.0.33-0.34.el4.ppc64.rpm samba-debuginfo-3.0.33-0.34.el4.ppc.rpm samba-debuginfo-3.0.33-0.34.el4.ppc64.rpm samba-swat-3.0.33-0.34.el4.ppc.rpm s390: samba-3.0.33-0.34.el4.s390.rpm samba-client-3.0.33-0.34.el4.s390.rpm samba-common-3.0.33-0.34.el4.s390.rpm samba-debuginfo-3.0.33-0.34.el4.s390.rpm samba-swat-3.0.33-0.34.el4.s390.rpm s390x: samba-3.0.33-0.34.el4.s390x.rpm samba-client-3.0.33-0.34.el4.s390x.rpm samba-common-3.0.33-0.34.el4.s390.rpm samba-common-3.0.33-0.34.el4.s390x.rpm samba-debuginfo-3.0.33-0.34.el4.s390.rpm samba-debuginfo-3.0.33-0.34.el4.s390x.rpm samba-swat-3.0.33-0.34.el4.s390x.rpm x86_64: samba-3.0.33-0.34.el4.x86_64.rpm samba-client-3.0.33-0.34.el4.x86_64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.x86_64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.x86_64.rpm samba-swat-3.0.33-0.34.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.33-0.34.el4.src.rpm i386: samba-3.0.33-0.34.el4.i386.rpm samba-client-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-swat-3.0.33-0.34.el4.i386.rpm x86_64: samba-3.0.33-0.34.el4.x86_64.rpm samba-client-3.0.33-0.34.el4.x86_64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.x86_64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.x86_64.rpm samba-swat-3.0.33-0.34.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-0.34.el4.src.rpm i386: samba-3.0.33-0.34.el4.i386.rpm samba-client-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-swat-3.0.33-0.34.el4.i386.rpm ia64: samba-3.0.33-0.34.el4.ia64.rpm samba-client-3.0.33-0.34.el4.ia64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.ia64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.ia64.rpm samba-swat-3.0.33-0.34.el4.ia64.rpm x86_64: samba-3.0.33-0.34.el4.x86_64.rpm samba-client-3.0.33-0.34.el4.x86_64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.x86_64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.x86_64.rpm samba-swat-3.0.33-0.34.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.33-0.34.el4.src.rpm i386: samba-3.0.33-0.34.el4.i386.rpm samba-client-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-swat-3.0.33-0.34.el4.i386.rpm ia64: samba-3.0.33-0.34.el4.ia64.rpm samba-client-3.0.33-0.34.el4.ia64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.ia64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.ia64.rpm samba-swat-3.0.33-0.34.el4.ia64.rpm x86_64: samba-3.0.33-0.34.el4.x86_64.rpm samba-client-3.0.33-0.34.el4.x86_64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.x86_64.rpm samba-debuginfo-3.0.33-0.34.el4.i386.rpm samba-debuginfo-3.0.33-0.34.el4.x86_64.rpm samba-swat-3.0.33-0.34.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.29.el5_7.4.src.rpm i386: libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm samba-3.0.33-3.29.el5_7.4.i386.rpm samba-client-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm samba-swat-3.0.33-3.29.el5_7.4.i386.rpm x86_64: libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-3.0.33-3.29.el5_7.4.x86_64.rpm samba-3.0.33-3.29.el5_7.4.x86_64.rpm samba-client-3.0.33-3.29.el5_7.4.x86_64.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.x86_64.rpm samba-swat-3.0.33-3.29.el5_7.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.29.el5_7.4.src.rpm i386: libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm x86_64: libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.29.el5_7.4.src.rpm i386: libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm samba-3.0.33-3.29.el5_7.4.i386.rpm samba-client-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm samba-swat-3.0.33-3.29.el5_7.4.i386.rpm ia64: libsmbclient-3.0.33-3.29.el5_7.4.ia64.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.ia64.rpm samba-3.0.33-3.29.el5_7.4.ia64.rpm samba-client-3.0.33-3.29.el5_7.4.ia64.rpm samba-common-3.0.33-3.29.el5_7.4.ia64.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.ia64.rpm samba-swat-3.0.33-3.29.el5_7.4.ia64.rpm ppc: libsmbclient-3.0.33-3.29.el5_7.4.ppc.rpm libsmbclient-3.0.33-3.29.el5_7.4.ppc64.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.ppc.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.ppc64.rpm samba-3.0.33-3.29.el5_7.4.ppc.rpm samba-client-3.0.33-3.29.el5_7.4.ppc.rpm samba-common-3.0.33-3.29.el5_7.4.ppc.rpm samba-common-3.0.33-3.29.el5_7.4.ppc64.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.ppc.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.ppc64.rpm samba-swat-3.0.33-3.29.el5_7.4.ppc.rpm s390x: libsmbclient-3.0.33-3.29.el5_7.4.s390.rpm libsmbclient-3.0.33-3.29.el5_7.4.s390x.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.s390.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.s390x.rpm samba-3.0.33-3.29.el5_7.4.s390x.rpm samba-client-3.0.33-3.29.el5_7.4.s390x.rpm samba-common-3.0.33-3.29.el5_7.4.s390.rpm samba-common-3.0.33-3.29.el5_7.4.s390x.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.s390.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.s390x.rpm samba-swat-3.0.33-3.29.el5_7.4.s390x.rpm x86_64: libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-3.0.33-3.29.el5_7.4.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.x86_64.rpm samba-3.0.33-3.29.el5_7.4.x86_64.rpm samba-client-3.0.33-3.29.el5_7.4.x86_64.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.i386.rpm samba-debuginfo-3.0.33-3.29.el5_7.4.x86_64.rpm samba-swat-3.0.33-3.29.el5_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0547.html https://www.redhat.com/security/data/cve/CVE-2010-0787.html https://www.redhat.com/security/data/cve/CVE-2011-1678.html https://www.redhat.com/security/data/cve/CVE-2011-2522.html https://www.redhat.com/security/data/cve/CVE-2011-2694.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOW9DUXlSAg2UNWIIRAhJFAJ9tZ/Z6V7GkQso39LEeQWBF9/b8XgCgm+3y 4NAb5sNC6ZrQ3Cuw2iFWDXA= =3GTx -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 29 17:48:52 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Aug 2011 17:48:52 +0000 Subject: [RHSA-2011:1220-01] Moderate: samba3x security update Message-ID: <201108291748.p7THmqjp013782@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba3x security update Advisory ID: RHSA-2011:1220-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1220.html Issue date: 2011-08-29 CVE Names: CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 CVE-2011-2724 ===================================================================== 1. Summary: Updated samba3x packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) It was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724) It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the samba3x packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522. Users of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 695925 - CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE 721348 - CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars 722537 - CVE-2011-2694 samba (SWAT): XSS flaw in Change Password page 726691 - CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.4-0.83.el5_7.2.src.rpm i386: samba3x-3.5.4-0.83.el5_7.2.i386.rpm samba3x-client-3.5.4-0.83.el5_7.2.i386.rpm samba3x-common-3.5.4-0.83.el5_7.2.i386.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-doc-3.5.4-0.83.el5_7.2.i386.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.i386.rpm samba3x-swat-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm x86_64: samba3x-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-client-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-common-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-doc-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-swat-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.4-0.83.el5_7.2.src.rpm i386: samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm x86_64: samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.83.el5_7.2.src.rpm i386: samba3x-3.5.4-0.83.el5_7.2.i386.rpm samba3x-client-3.5.4-0.83.el5_7.2.i386.rpm samba3x-common-3.5.4-0.83.el5_7.2.i386.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-doc-3.5.4-0.83.el5_7.2.i386.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.i386.rpm samba3x-swat-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm ia64: samba3x-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-client-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-common-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-doc-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-swat-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.ia64.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ia64.rpm ppc: samba3x-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-client-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-common-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.ppc64.rpm samba3x-doc-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-swat-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.ppc64.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ppc.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.ppc64.rpm s390x: samba3x-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-client-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-common-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.s390.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-doc-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-swat-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.s390.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.s390x.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.s390.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.s390x.rpm x86_64: samba3x-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-client-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-common-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.i386.rpm samba3x-debuginfo-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-doc-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-swat-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-3.5.4-0.83.el5_7.2.x86_64.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.i386.rpm samba3x-winbind-devel-3.5.4-0.83.el5_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1678.html https://www.redhat.com/security/data/cve/CVE-2011-2522.html https://www.redhat.com/security/data/cve/CVE-2011-2694.html https://www.redhat.com/security/data/cve/CVE-2011-2724.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOW9D3XlSAg2UNWIIRAiBIAJ94bis53lBOuMQhqo71HAjqyqeDxgCfe1RE zE9jl6cqN6/fOI58SZN2Q34= =RDd4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 29 17:49:28 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Aug 2011 17:49:28 +0000 Subject: [RHSA-2011:1221-01] Moderate: samba and cifs-utils security and bug fix update Message-ID: <201108291749.p7THnS2o028403@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba and cifs-utils security and bug fix update Advisory ID: RHSA-2011:1221-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1221.html Issue date: 2011-08-29 CVE Names: CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 CVE-2011-2724 ===================================================================== 1. Summary: Updated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS (Common Internet File System) shares. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) It was found that the fix for CVE-2010-0547, provided in the cifs-utils package included in the GA release of Red Hat Enterprise Linux 6, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724) It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522. This update also fixes the following bug: * If plain text passwords were used ("encrypt passwords = no" in "/etc/samba/smb.conf"), Samba clients running the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing the Microsoft Security Bulletin MS11-043. This update corrects this issue, allowing such clients to use plain text passwords to access Samba shares. (BZ#728517) Users of samba and cifs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 695925 - CVE-2011-1678 samba/cifs-utils: mount.cifs and umount.cifs fail to anticipate RLIMIT_FSIZE 721348 - CVE-2011-2522 samba (SWAT): Absent CSRF protection in various Samba web configuration formulars 722537 - CVE-2011-2694 samba (SWAT): XSS flaw in Change Password page 726691 - CVE-2011-2724 samba, cifs-utils: mount.cifs incorrect fix for CVE-2010-0547 728517 - Windows security patch KB2536276 prevents access to samba shares 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cifs-utils-4.8.1-2.el6_1.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: cifs-utils-4.8.1-2.el6_1.2.i686.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.i686.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm samba-client-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-winbind-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm x86_64: cifs-utils-4.8.1-2.el6_1.2.x86_64.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.x86_64.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm libsmbclient-3.5.6-86.el6_1.4.x86_64.rpm samba-client-3.5.6-86.el6_1.4.x86_64.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm samba-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-doc-3.5.6-86.el6_1.4.i686.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.i686.rpm samba-swat-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.i686.rpm x86_64: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-doc-3.5.6-86.el6_1.4.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.x86_64.rpm samba-swat-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cifs-utils-4.8.1-2.el6_1.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm x86_64: cifs-utils-4.8.1-2.el6_1.2.x86_64.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.x86_64.rpm samba-client-3.5.6-86.el6_1.4.x86_64.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm x86_64: libsmbclient-3.5.6-86.el6_1.4.i686.rpm libsmbclient-3.5.6-86.el6_1.4.x86_64.rpm libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-doc-3.5.6-86.el6_1.4.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.x86_64.rpm samba-swat-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cifs-utils-4.8.1-2.el6_1.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: cifs-utils-4.8.1-2.el6_1.2.i686.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.i686.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm samba-3.5.6-86.el6_1.4.i686.rpm samba-client-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-winbind-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm ppc64: cifs-utils-4.8.1-2.el6_1.2.ppc64.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.ppc64.rpm libsmbclient-3.5.6-86.el6_1.4.ppc.rpm libsmbclient-3.5.6-86.el6_1.4.ppc64.rpm samba-3.5.6-86.el6_1.4.ppc64.rpm samba-client-3.5.6-86.el6_1.4.ppc64.rpm samba-common-3.5.6-86.el6_1.4.ppc.rpm samba-common-3.5.6-86.el6_1.4.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.4.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.4.ppc64.rpm samba-winbind-3.5.6-86.el6_1.4.ppc64.rpm samba-winbind-clients-3.5.6-86.el6_1.4.ppc.rpm samba-winbind-clients-3.5.6-86.el6_1.4.ppc64.rpm s390x: cifs-utils-4.8.1-2.el6_1.2.s390x.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.s390x.rpm libsmbclient-3.5.6-86.el6_1.4.s390.rpm libsmbclient-3.5.6-86.el6_1.4.s390x.rpm samba-3.5.6-86.el6_1.4.s390x.rpm samba-client-3.5.6-86.el6_1.4.s390x.rpm samba-common-3.5.6-86.el6_1.4.s390.rpm samba-common-3.5.6-86.el6_1.4.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.4.s390.rpm samba-debuginfo-3.5.6-86.el6_1.4.s390x.rpm samba-winbind-3.5.6-86.el6_1.4.s390x.rpm samba-winbind-clients-3.5.6-86.el6_1.4.s390.rpm samba-winbind-clients-3.5.6-86.el6_1.4.s390x.rpm x86_64: cifs-utils-4.8.1-2.el6_1.2.x86_64.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.x86_64.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm libsmbclient-3.5.6-86.el6_1.4.x86_64.rpm samba-3.5.6-86.el6_1.4.x86_64.rpm samba-client-3.5.6-86.el6_1.4.x86_64.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-doc-3.5.6-86.el6_1.4.i686.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.i686.rpm samba-swat-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.i686.rpm ppc64: libsmbclient-devel-3.5.6-86.el6_1.4.ppc.rpm libsmbclient-devel-3.5.6-86.el6_1.4.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.4.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.4.ppc64.rpm samba-doc-3.5.6-86.el6_1.4.ppc64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.ppc64.rpm samba-swat-3.5.6-86.el6_1.4.ppc64.rpm samba-winbind-devel-3.5.6-86.el6_1.4.ppc.rpm samba-winbind-devel-3.5.6-86.el6_1.4.ppc64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.ppc64.rpm s390x: libsmbclient-devel-3.5.6-86.el6_1.4.s390.rpm libsmbclient-devel-3.5.6-86.el6_1.4.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.4.s390.rpm samba-debuginfo-3.5.6-86.el6_1.4.s390x.rpm samba-doc-3.5.6-86.el6_1.4.s390x.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.s390x.rpm samba-swat-3.5.6-86.el6_1.4.s390x.rpm samba-winbind-devel-3.5.6-86.el6_1.4.s390.rpm samba-winbind-devel-3.5.6-86.el6_1.4.s390x.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.s390x.rpm x86_64: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-doc-3.5.6-86.el6_1.4.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.x86_64.rpm samba-swat-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cifs-utils-4.8.1-2.el6_1.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: cifs-utils-4.8.1-2.el6_1.2.i686.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.i686.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm samba-3.5.6-86.el6_1.4.i686.rpm samba-client-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-winbind-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm x86_64: cifs-utils-4.8.1-2.el6_1.2.x86_64.rpm cifs-utils-debuginfo-4.8.1-2.el6_1.2.x86_64.rpm libsmbclient-3.5.6-86.el6_1.4.i686.rpm libsmbclient-3.5.6-86.el6_1.4.x86_64.rpm samba-3.5.6-86.el6_1.4.x86_64.rpm samba-client-3.5.6-86.el6_1.4.x86_64.rpm samba-common-3.5.6-86.el6_1.4.i686.rpm samba-common-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.4.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.6-86.el6_1.4.src.rpm i386: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-doc-3.5.6-86.el6_1.4.i686.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.i686.rpm samba-swat-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.i686.rpm x86_64: libsmbclient-devel-3.5.6-86.el6_1.4.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.4.i686.rpm samba-debuginfo-3.5.6-86.el6_1.4.x86_64.rpm samba-doc-3.5.6-86.el6_1.4.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.4.x86_64.rpm samba-swat-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.4.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.4.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1678.html https://www.redhat.com/security/data/cve/CVE-2011-2522.html https://www.redhat.com/security/data/cve/CVE-2011-2694.html https://www.redhat.com/security/data/cve/CVE-2011-2724.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOW9EVXlSAg2UNWIIRAkpiAJsHTKGVuQ6Zf3EotWLvmBvnTGswdwCgiKJ4 ekWot0wha5ZuC+uXSWymwKg= =Q2Sy -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:31:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:31:10 +0000 Subject: [RHSA-2011:1239-01] Low: Red Hat Enterprise Linux Extended Update Support 4.7 - End Of Life Message-ID: <201108312031.p7VKVB93019257@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 4.7 - End Of Life Advisory ID: RHSA-2011:1239-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1239.html Issue date: 2011-08-31 ===================================================================== 1. Summary: This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 4.7. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 4 Update 7 has ended. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 4.7. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS version 4.7.z: Source: redhat-release-4AS-8.0.el4_7.4.src.rpm i386: redhat-release-4AS-8.0.el4_7.4.i386.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.i386.rpm ia64: redhat-release-4AS-8.0.el4_7.4.ia64.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.ia64.rpm ppc: redhat-release-4AS-8.0.el4_7.4.ppc.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.ppc.rpm s390: redhat-release-4AS-8.0.el4_7.4.s390.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.s390.rpm s390x: redhat-release-4AS-8.0.el4_7.4.s390x.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.s390x.rpm x86_64: redhat-release-4AS-8.0.el4_7.4.x86_64.rpm redhat-release-debuginfo-4AS-8.0.el4_7.4.x86_64.rpm Red Hat Enterprise Linux ES version 4.7.z: Source: redhat-release-4ES-8.0.el4_7.4.src.rpm i386: redhat-release-4ES-8.0.el4_7.4.i386.rpm redhat-release-debuginfo-4ES-8.0.el4_7.4.i386.rpm ia64: redhat-release-4ES-8.0.el4_7.4.ia64.rpm redhat-release-debuginfo-4ES-8.0.el4_7.4.ia64.rpm x86_64: redhat-release-4ES-8.0.el4_7.4.x86_64.rpm redhat-release-debuginfo-4ES-8.0.el4_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXpoBXlSAg2UNWIIRApfzAKCRwncy7CDC+X09RNSRybvm7cNKrwCdFOjR /ZICwBcqhT904+T2mSTmi98= =tJjL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:31:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:31:47 +0000 Subject: [RHSA-2011:1240-01] Low: Red Hat Enterprise Linux 4 - 6-Month End Of Life Notice Message-ID: <201108312031.p7VKVmZC007712@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 - 6-Month End Of Life Notice Advisory ID: RHSA-2011:1240-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1240.html Issue date: 2011-08-31 ===================================================================== 1. Summary: This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 4. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Enterprise Linux Extras 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers still running production workloads on Red Hat Enterprise Linux 4 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5 or 6. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date, Red Hat intends to offer a limited, optional extension program. For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 732722 - Send Out RHEL 4 6-Month EOL Notice 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/redhat-release-4AS-10.2.src.rpm i386: redhat-release-4AS-10.2.i386.rpm ia64: redhat-release-4AS-10.2.ia64.rpm ppc: redhat-release-4AS-10.2.ppc.rpm s390: redhat-release-4AS-10.2.s390.rpm s390x: redhat-release-4AS-10.2.s390x.rpm x86_64: redhat-release-4AS-10.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/redhat-release-4Desktop-10.2.src.rpm i386: redhat-release-4Desktop-10.2.i386.rpm x86_64: redhat-release-4Desktop-10.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/redhat-release-4ES-10.2.src.rpm i386: redhat-release-4ES-10.2.i386.rpm ia64: redhat-release-4ES-10.2.ia64.rpm x86_64: redhat-release-4ES-10.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/redhat-release-4WS-10.2.src.rpm i386: redhat-release-4WS-10.2.i386.rpm ia64: redhat-release-4WS-10.2.ia64.rpm x86_64: redhat-release-4WS-10.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXpolXlSAg2UNWIIRAmoKAJ4sMiI91RAXN/IwVlyaqiv6tEGRdwCdGojf EtQ9vESI8b8Y2NTvAxUgTig= =1+1G -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:32:32 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:32:32 +0000 Subject: [RHSA-2011:1241-01] Moderate: ecryptfs-utils security update Message-ID: <201108312032.p7VKWWqI031544@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ecryptfs-utils security update Advisory ID: RHSA-2011:1241-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1241.html Issue date: 2011-08-31 CVE Names: CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 CVE-2011-3145 ===================================================================== 1. Summary: Updated ecryptfs-utils packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1831, CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the original reporters of CVE-2011-1834; Marc Deslauriers as the original reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original reporter of CVE-2011-1837. Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729465 - CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information 732607 - CVE-2011-3145 ecryptfs-utils: incorrect mtab group ownership 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ecryptfs-utils-75-5.el5_7.2.src.rpm i386: ecryptfs-utils-75-5.el5_7.2.i386.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-gui-75-5.el5_7.2.i386.rpm x86_64: ecryptfs-utils-75-5.el5_7.2.i386.rpm ecryptfs-utils-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-gui-75-5.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ecryptfs-utils-75-5.el5_7.2.src.rpm i386: ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm x86_64: ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm ecryptfs-utils-devel-75-5.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ecryptfs-utils-75-5.el5_7.2.src.rpm i386: ecryptfs-utils-75-5.el5_7.2.i386.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm ecryptfs-utils-gui-75-5.el5_7.2.i386.rpm ia64: ecryptfs-utils-75-5.el5_7.2.ia64.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.ia64.rpm ecryptfs-utils-devel-75-5.el5_7.2.ia64.rpm ecryptfs-utils-gui-75-5.el5_7.2.ia64.rpm ppc: ecryptfs-utils-75-5.el5_7.2.ppc.rpm ecryptfs-utils-75-5.el5_7.2.ppc64.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.ppc.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.ppc64.rpm ecryptfs-utils-devel-75-5.el5_7.2.ppc.rpm ecryptfs-utils-devel-75-5.el5_7.2.ppc64.rpm ecryptfs-utils-gui-75-5.el5_7.2.ppc.rpm s390x: ecryptfs-utils-75-5.el5_7.2.s390.rpm ecryptfs-utils-75-5.el5_7.2.s390x.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.s390.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.s390x.rpm ecryptfs-utils-devel-75-5.el5_7.2.s390.rpm ecryptfs-utils-devel-75-5.el5_7.2.s390x.rpm ecryptfs-utils-gui-75-5.el5_7.2.s390x.rpm x86_64: ecryptfs-utils-75-5.el5_7.2.i386.rpm ecryptfs-utils-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.i386.rpm ecryptfs-utils-debuginfo-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-devel-75-5.el5_7.2.i386.rpm ecryptfs-utils-devel-75-5.el5_7.2.x86_64.rpm ecryptfs-utils-gui-75-5.el5_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm x86_64: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-python-82-6.el6_1.3.i686.rpm x86_64: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-python-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm x86_64: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm x86_64: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-python-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ppc64: ecryptfs-utils-82-6.el6_1.3.ppc.rpm ecryptfs-utils-82-6.el6_1.3.ppc64.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.ppc.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.ppc64.rpm s390x: ecryptfs-utils-82-6.el6_1.3.s390.rpm ecryptfs-utils-82-6.el6_1.3.s390x.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.s390.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.s390x.rpm x86_64: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-python-82-6.el6_1.3.i686.rpm ppc64: ecryptfs-utils-debuginfo-82-6.el6_1.3.ppc.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.ppc64.rpm ecryptfs-utils-devel-82-6.el6_1.3.ppc.rpm ecryptfs-utils-devel-82-6.el6_1.3.ppc64.rpm ecryptfs-utils-python-82-6.el6_1.3.ppc64.rpm s390x: ecryptfs-utils-debuginfo-82-6.el6_1.3.s390.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.s390x.rpm ecryptfs-utils-devel-82-6.el6_1.3.s390.rpm ecryptfs-utils-devel-82-6.el6_1.3.s390x.rpm ecryptfs-utils-python-82-6.el6_1.3.s390x.rpm x86_64: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-python-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm x86_64: ecryptfs-utils-82-6.el6_1.3.i686.rpm ecryptfs-utils-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ecryptfs-utils-82-6.el6_1.3.src.rpm i386: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-python-82-6.el6_1.3.i686.rpm x86_64: ecryptfs-utils-debuginfo-82-6.el6_1.3.i686.rpm ecryptfs-utils-debuginfo-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-devel-82-6.el6_1.3.i686.rpm ecryptfs-utils-devel-82-6.el6_1.3.x86_64.rpm ecryptfs-utils-python-82-6.el6_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1831.html https://www.redhat.com/security/data/cve/CVE-2011-1832.html https://www.redhat.com/security/data/cve/CVE-2011-1834.html https://www.redhat.com/security/data/cve/CVE-2011-1835.html https://www.redhat.com/security/data/cve/CVE-2011-1837.html https://www.redhat.com/security/data/cve/CVE-2011-3145.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXppQXlSAg2UNWIIRArFZAJ0e3ysnei/aGyLQ4iAblas8cDoHSACdE4eY uCcETaxbdGWj+5HyqbGSUv4= =n79D -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:33:28 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:33:28 +0000 Subject: [RHSA-2011:1242-01] Important: firefox security update Message-ID: <201108312033.p7VKXS7e024577@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2011:1242-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1242.html Issue date: 2011-08-31 ===================================================================== 1. Summary: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority (CA) issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. (BZ#734316) All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.20-3.el4.src.rpm i386: firefox-3.6.20-3.el4.i386.rpm firefox-debuginfo-3.6.20-3.el4.i386.rpm ia64: firefox-3.6.20-3.el4.ia64.rpm firefox-debuginfo-3.6.20-3.el4.ia64.rpm ppc: firefox-3.6.20-3.el4.ppc.rpm firefox-debuginfo-3.6.20-3.el4.ppc.rpm s390: firefox-3.6.20-3.el4.s390.rpm firefox-debuginfo-3.6.20-3.el4.s390.rpm s390x: firefox-3.6.20-3.el4.s390x.rpm firefox-debuginfo-3.6.20-3.el4.s390x.rpm x86_64: firefox-3.6.20-3.el4.x86_64.rpm firefox-debuginfo-3.6.20-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.20-3.el4.src.rpm i386: firefox-3.6.20-3.el4.i386.rpm firefox-debuginfo-3.6.20-3.el4.i386.rpm x86_64: firefox-3.6.20-3.el4.x86_64.rpm firefox-debuginfo-3.6.20-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.20-3.el4.src.rpm i386: firefox-3.6.20-3.el4.i386.rpm firefox-debuginfo-3.6.20-3.el4.i386.rpm ia64: firefox-3.6.20-3.el4.ia64.rpm firefox-debuginfo-3.6.20-3.el4.ia64.rpm x86_64: firefox-3.6.20-3.el4.x86_64.rpm firefox-debuginfo-3.6.20-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.20-3.el4.src.rpm i386: firefox-3.6.20-3.el4.i386.rpm firefox-debuginfo-3.6.20-3.el4.i386.rpm ia64: firefox-3.6.20-3.el4.ia64.rpm firefox-debuginfo-3.6.20-3.el4.ia64.rpm x86_64: firefox-3.6.20-3.el4.x86_64.rpm firefox-debuginfo-3.6.20-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-3.el5_7.src.rpm i386: xulrunner-1.9.2.20-3.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm x86_64: xulrunner-1.9.2.20-3.el5_7.i386.rpm xulrunner-1.9.2.20-3.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.20-3.el5_7.src.rpm i386: xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm xulrunner-devel-1.9.2.20-3.el5_7.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.x86_64.rpm xulrunner-devel-1.9.2.20-3.el5_7.i386.rpm xulrunner-devel-1.9.2.20-3.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.20-3.el5_7.src.rpm i386: xulrunner-1.9.2.20-3.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm xulrunner-devel-1.9.2.20-3.el5_7.i386.rpm ia64: xulrunner-1.9.2.20-3.el5_7.ia64.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.ia64.rpm xulrunner-devel-1.9.2.20-3.el5_7.ia64.rpm ppc: xulrunner-1.9.2.20-3.el5_7.ppc.rpm xulrunner-1.9.2.20-3.el5_7.ppc64.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.ppc.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.ppc64.rpm xulrunner-devel-1.9.2.20-3.el5_7.ppc.rpm xulrunner-devel-1.9.2.20-3.el5_7.ppc64.rpm s390x: xulrunner-1.9.2.20-3.el5_7.s390.rpm xulrunner-1.9.2.20-3.el5_7.s390x.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.s390.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.s390x.rpm xulrunner-devel-1.9.2.20-3.el5_7.s390.rpm xulrunner-devel-1.9.2.20-3.el5_7.s390x.rpm x86_64: xulrunner-1.9.2.20-3.el5_7.i386.rpm xulrunner-1.9.2.20-3.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.20-3.el5_7.x86_64.rpm xulrunner-devel-1.9.2.20-3.el5_7.i386.rpm xulrunner-devel-1.9.2.20-3.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm x86_64: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm x86_64: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm ppc64: xulrunner-1.9.2.20-3.el6_1.ppc.rpm xulrunner-1.9.2.20-3.el6_1.ppc64.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.ppc64.rpm s390x: xulrunner-1.9.2.20-3.el6_1.s390.rpm xulrunner-1.9.2.20-3.el6_1.s390x.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.s390x.rpm x86_64: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.20-3.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.ppc64.rpm xulrunner-devel-1.9.2.20-3.el6_1.ppc.rpm xulrunner-devel-1.9.2.20-3.el6_1.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.20-3.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.s390x.rpm xulrunner-devel-1.9.2.20-3.el6_1.s390.rpm xulrunner-devel-1.9.2.20-3.el6_1.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm x86_64: xulrunner-1.9.2.20-3.el6_1.i686.rpm xulrunner-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.20-3.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.20-3.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.20-3.el6_1.x86_64.rpm xulrunner-devel-1.9.2.20-3.el6_1.i686.rpm xulrunner-devel-1.9.2.20-3.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXpqCXlSAg2UNWIIRAmJAAJ93yThpsjFOo85+W4OOyfsxtt6v7gCeKiKi zQuE2mD2TBJkOuX1eARPF0U= =i+1d -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:34:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:34:10 +0000 Subject: [RHSA-2011:1243-01] Important: thunderbird security update Message-ID: <201108312034.p7VKYAFE024771@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2011:1243-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1243.html Issue date: 2011-08-31 ===================================================================== 1. Summary: An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority (CA) issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Thunderbird; however, affected certificates issued after this date cannot be re-enabled or used. (BZ#734316) All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-42.el4.src.rpm i386: thunderbird-1.5.0.12-42.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-42.el4.i386.rpm ia64: thunderbird-1.5.0.12-42.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.ia64.rpm ppc: thunderbird-1.5.0.12-42.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-42.el4.ppc.rpm s390: thunderbird-1.5.0.12-42.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-42.el4.s390.rpm s390x: thunderbird-1.5.0.12-42.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-42.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-42.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-42.el4.src.rpm i386: thunderbird-1.5.0.12-42.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-42.el4.i386.rpm x86_64: thunderbird-1.5.0.12-42.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-42.el4.src.rpm i386: thunderbird-1.5.0.12-42.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-42.el4.i386.rpm ia64: thunderbird-1.5.0.12-42.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-42.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-42.el4.src.rpm i386: thunderbird-1.5.0.12-42.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-42.el4.i386.rpm ia64: thunderbird-1.5.0.12-42.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-42.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-42.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-24.el5.src.rpm i386: thunderbird-2.0.0.24-24.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-24.el5.i386.rpm x86_64: thunderbird-2.0.0.24-24.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-24.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-24.el5.src.rpm i386: thunderbird-2.0.0.24-24.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-24.el5.i386.rpm x86_64: thunderbird-2.0.0.24-24.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-24.el5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.12-2.el6_1.src.rpm i386: thunderbird-3.1.12-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm x86_64: thunderbird-3.1.12-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.12-2.el6_1.src.rpm i386: thunderbird-3.1.12-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm ppc64: thunderbird-3.1.12-2.el6_1.ppc64.rpm thunderbird-debuginfo-3.1.12-2.el6_1.ppc64.rpm s390x: thunderbird-3.1.12-2.el6_1.s390x.rpm thunderbird-debuginfo-3.1.12-2.el6_1.s390x.rpm x86_64: thunderbird-3.1.12-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.12-2.el6_1.src.rpm i386: thunderbird-3.1.12-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.12-2.el6_1.i686.rpm x86_64: thunderbird-3.1.12-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.12-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXpqxXlSAg2UNWIIRAnCOAJ452mncqanPSdN7EzOG7Rfq9ZER9wCeJaPZ WljPgVJ/6llR2JqzDZn+tJY= =IJwu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 20:34:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 20:34:50 +0000 Subject: [RHSA-2011:1244-01] Important: seamonkey security update Message-ID: <201108312034.p7VKYpAh022674@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: seamonkey security update Advisory ID: RHSA-2011:1244-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1244.html Issue date: 2011-08-31 ===================================================================== 1. Summary: Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. It was found that a Certificate Authority (CA) issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in SeaMonkey; however, affected certificates issued after this date cannot be re-enabled or used. (BZ#734316) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-74.el4.src.rpm i386: seamonkey-1.0.9-74.el4.i386.rpm seamonkey-chat-1.0.9-74.el4.i386.rpm seamonkey-debuginfo-1.0.9-74.el4.i386.rpm seamonkey-devel-1.0.9-74.el4.i386.rpm seamonkey-dom-inspector-1.0.9-74.el4.i386.rpm seamonkey-js-debugger-1.0.9-74.el4.i386.rpm seamonkey-mail-1.0.9-74.el4.i386.rpm ia64: seamonkey-1.0.9-74.el4.ia64.rpm seamonkey-chat-1.0.9-74.el4.ia64.rpm seamonkey-debuginfo-1.0.9-74.el4.ia64.rpm seamonkey-devel-1.0.9-74.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-74.el4.ia64.rpm seamonkey-js-debugger-1.0.9-74.el4.ia64.rpm seamonkey-mail-1.0.9-74.el4.ia64.rpm ppc: seamonkey-1.0.9-74.el4.ppc.rpm seamonkey-chat-1.0.9-74.el4.ppc.rpm seamonkey-debuginfo-1.0.9-74.el4.ppc.rpm seamonkey-devel-1.0.9-74.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-74.el4.ppc.rpm seamonkey-js-debugger-1.0.9-74.el4.ppc.rpm seamonkey-mail-1.0.9-74.el4.ppc.rpm s390: seamonkey-1.0.9-74.el4.s390.rpm seamonkey-chat-1.0.9-74.el4.s390.rpm seamonkey-debuginfo-1.0.9-74.el4.s390.rpm seamonkey-devel-1.0.9-74.el4.s390.rpm seamonkey-dom-inspector-1.0.9-74.el4.s390.rpm seamonkey-js-debugger-1.0.9-74.el4.s390.rpm seamonkey-mail-1.0.9-74.el4.s390.rpm s390x: seamonkey-1.0.9-74.el4.s390x.rpm seamonkey-chat-1.0.9-74.el4.s390x.rpm seamonkey-debuginfo-1.0.9-74.el4.s390x.rpm seamonkey-devel-1.0.9-74.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-74.el4.s390x.rpm seamonkey-js-debugger-1.0.9-74.el4.s390x.rpm seamonkey-mail-1.0.9-74.el4.s390x.rpm x86_64: seamonkey-1.0.9-74.el4.x86_64.rpm seamonkey-chat-1.0.9-74.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-74.el4.x86_64.rpm seamonkey-devel-1.0.9-74.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-74.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-74.el4.x86_64.rpm seamonkey-mail-1.0.9-74.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-74.el4.src.rpm i386: seamonkey-1.0.9-74.el4.i386.rpm seamonkey-chat-1.0.9-74.el4.i386.rpm seamonkey-debuginfo-1.0.9-74.el4.i386.rpm seamonkey-devel-1.0.9-74.el4.i386.rpm seamonkey-dom-inspector-1.0.9-74.el4.i386.rpm seamonkey-js-debugger-1.0.9-74.el4.i386.rpm seamonkey-mail-1.0.9-74.el4.i386.rpm x86_64: seamonkey-1.0.9-74.el4.x86_64.rpm seamonkey-chat-1.0.9-74.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-74.el4.x86_64.rpm seamonkey-devel-1.0.9-74.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-74.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-74.el4.x86_64.rpm seamonkey-mail-1.0.9-74.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-74.el4.src.rpm i386: seamonkey-1.0.9-74.el4.i386.rpm seamonkey-chat-1.0.9-74.el4.i386.rpm seamonkey-debuginfo-1.0.9-74.el4.i386.rpm seamonkey-devel-1.0.9-74.el4.i386.rpm seamonkey-dom-inspector-1.0.9-74.el4.i386.rpm seamonkey-js-debugger-1.0.9-74.el4.i386.rpm seamonkey-mail-1.0.9-74.el4.i386.rpm ia64: seamonkey-1.0.9-74.el4.ia64.rpm seamonkey-chat-1.0.9-74.el4.ia64.rpm seamonkey-debuginfo-1.0.9-74.el4.ia64.rpm seamonkey-devel-1.0.9-74.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-74.el4.ia64.rpm seamonkey-js-debugger-1.0.9-74.el4.ia64.rpm seamonkey-mail-1.0.9-74.el4.ia64.rpm x86_64: seamonkey-1.0.9-74.el4.x86_64.rpm seamonkey-chat-1.0.9-74.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-74.el4.x86_64.rpm seamonkey-devel-1.0.9-74.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-74.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-74.el4.x86_64.rpm seamonkey-mail-1.0.9-74.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-74.el4.src.rpm i386: seamonkey-1.0.9-74.el4.i386.rpm seamonkey-chat-1.0.9-74.el4.i386.rpm seamonkey-debuginfo-1.0.9-74.el4.i386.rpm seamonkey-devel-1.0.9-74.el4.i386.rpm seamonkey-dom-inspector-1.0.9-74.el4.i386.rpm seamonkey-js-debugger-1.0.9-74.el4.i386.rpm seamonkey-mail-1.0.9-74.el4.i386.rpm ia64: seamonkey-1.0.9-74.el4.ia64.rpm seamonkey-chat-1.0.9-74.el4.ia64.rpm seamonkey-debuginfo-1.0.9-74.el4.ia64.rpm seamonkey-devel-1.0.9-74.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-74.el4.ia64.rpm seamonkey-js-debugger-1.0.9-74.el4.ia64.rpm seamonkey-mail-1.0.9-74.el4.ia64.rpm x86_64: seamonkey-1.0.9-74.el4.x86_64.rpm seamonkey-chat-1.0.9-74.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-74.el4.x86_64.rpm seamonkey-devel-1.0.9-74.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-74.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-74.el4.x86_64.rpm seamonkey-mail-1.0.9-74.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXprbXlSAg2UNWIIRAp8tAJ46ji2qxHytmu+J90MFWffAl8pf/wCbB2JF 6mw8q/od2w+Lf48H96BmVRk= =P6/r -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 31 22:50:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Aug 2011 22:50:34 +0000 Subject: [RHSA-2011:1245-01] Important: httpd security update Message-ID: <201108312250.p7VMoY1t002338@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2011:1245-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1245.html Issue date: 2011-08-31 CVE Names: CVE-2011-3192 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 732928 - CVE-2011-3192 httpd: multiple ranges DoS 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-48.ent.src.rpm i386: httpd-2.0.52-48.ent.i386.rpm httpd-debuginfo-2.0.52-48.ent.i386.rpm httpd-devel-2.0.52-48.ent.i386.rpm httpd-manual-2.0.52-48.ent.i386.rpm httpd-suexec-2.0.52-48.ent.i386.rpm mod_ssl-2.0.52-48.ent.i386.rpm ia64: httpd-2.0.52-48.ent.ia64.rpm httpd-debuginfo-2.0.52-48.ent.ia64.rpm httpd-devel-2.0.52-48.ent.ia64.rpm httpd-manual-2.0.52-48.ent.ia64.rpm httpd-suexec-2.0.52-48.ent.ia64.rpm mod_ssl-2.0.52-48.ent.ia64.rpm ppc: httpd-2.0.52-48.ent.ppc.rpm httpd-debuginfo-2.0.52-48.ent.ppc.rpm httpd-devel-2.0.52-48.ent.ppc.rpm httpd-manual-2.0.52-48.ent.ppc.rpm httpd-suexec-2.0.52-48.ent.ppc.rpm mod_ssl-2.0.52-48.ent.ppc.rpm s390: httpd-2.0.52-48.ent.s390.rpm httpd-debuginfo-2.0.52-48.ent.s390.rpm httpd-devel-2.0.52-48.ent.s390.rpm httpd-manual-2.0.52-48.ent.s390.rpm httpd-suexec-2.0.52-48.ent.s390.rpm mod_ssl-2.0.52-48.ent.s390.rpm s390x: httpd-2.0.52-48.ent.s390x.rpm httpd-debuginfo-2.0.52-48.ent.s390x.rpm httpd-devel-2.0.52-48.ent.s390x.rpm httpd-manual-2.0.52-48.ent.s390x.rpm httpd-suexec-2.0.52-48.ent.s390x.rpm mod_ssl-2.0.52-48.ent.s390x.rpm x86_64: httpd-2.0.52-48.ent.x86_64.rpm httpd-debuginfo-2.0.52-48.ent.x86_64.rpm httpd-devel-2.0.52-48.ent.x86_64.rpm httpd-manual-2.0.52-48.ent.x86_64.rpm httpd-suexec-2.0.52-48.ent.x86_64.rpm mod_ssl-2.0.52-48.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-48.ent.src.rpm i386: httpd-2.0.52-48.ent.i386.rpm httpd-debuginfo-2.0.52-48.ent.i386.rpm httpd-devel-2.0.52-48.ent.i386.rpm httpd-manual-2.0.52-48.ent.i386.rpm httpd-suexec-2.0.52-48.ent.i386.rpm mod_ssl-2.0.52-48.ent.i386.rpm x86_64: httpd-2.0.52-48.ent.x86_64.rpm httpd-debuginfo-2.0.52-48.ent.x86_64.rpm httpd-devel-2.0.52-48.ent.x86_64.rpm httpd-manual-2.0.52-48.ent.x86_64.rpm httpd-suexec-2.0.52-48.ent.x86_64.rpm mod_ssl-2.0.52-48.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-48.ent.src.rpm i386: httpd-2.0.52-48.ent.i386.rpm httpd-debuginfo-2.0.52-48.ent.i386.rpm httpd-devel-2.0.52-48.ent.i386.rpm httpd-manual-2.0.52-48.ent.i386.rpm httpd-suexec-2.0.52-48.ent.i386.rpm mod_ssl-2.0.52-48.ent.i386.rpm ia64: httpd-2.0.52-48.ent.ia64.rpm httpd-debuginfo-2.0.52-48.ent.ia64.rpm httpd-devel-2.0.52-48.ent.ia64.rpm httpd-manual-2.0.52-48.ent.ia64.rpm httpd-suexec-2.0.52-48.ent.ia64.rpm mod_ssl-2.0.52-48.ent.ia64.rpm x86_64: httpd-2.0.52-48.ent.x86_64.rpm httpd-debuginfo-2.0.52-48.ent.x86_64.rpm httpd-devel-2.0.52-48.ent.x86_64.rpm httpd-manual-2.0.52-48.ent.x86_64.rpm httpd-suexec-2.0.52-48.ent.x86_64.rpm mod_ssl-2.0.52-48.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-48.ent.src.rpm i386: httpd-2.0.52-48.ent.i386.rpm httpd-debuginfo-2.0.52-48.ent.i386.rpm httpd-devel-2.0.52-48.ent.i386.rpm httpd-manual-2.0.52-48.ent.i386.rpm httpd-suexec-2.0.52-48.ent.i386.rpm mod_ssl-2.0.52-48.ent.i386.rpm ia64: httpd-2.0.52-48.ent.ia64.rpm httpd-debuginfo-2.0.52-48.ent.ia64.rpm httpd-devel-2.0.52-48.ent.ia64.rpm httpd-manual-2.0.52-48.ent.ia64.rpm httpd-suexec-2.0.52-48.ent.ia64.rpm mod_ssl-2.0.52-48.ent.ia64.rpm x86_64: httpd-2.0.52-48.ent.x86_64.rpm httpd-debuginfo-2.0.52-48.ent.x86_64.rpm httpd-devel-2.0.52-48.ent.x86_64.rpm httpd-manual-2.0.52-48.ent.x86_64.rpm httpd-suexec-2.0.52-48.ent.x86_64.rpm mod_ssl-2.0.52-48.ent.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.1.src.rpm i386: httpd-2.2.3-53.el5_7.1.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.1.i386.rpm mod_ssl-2.2.3-53.el5_7.1.i386.rpm x86_64: httpd-2.2.3-53.el5_7.1.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.1.x86_64.rpm mod_ssl-2.2.3-53.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.1.src.rpm i386: httpd-debuginfo-2.2.3-53.el5_7.1.i386.rpm httpd-devel-2.2.3-53.el5_7.1.i386.rpm httpd-manual-2.2.3-53.el5_7.1.i386.rpm x86_64: httpd-debuginfo-2.2.3-53.el5_7.1.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.1.x86_64.rpm httpd-devel-2.2.3-53.el5_7.1.i386.rpm httpd-devel-2.2.3-53.el5_7.1.x86_64.rpm httpd-manual-2.2.3-53.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.1.src.rpm i386: httpd-2.2.3-53.el5_7.1.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.1.i386.rpm httpd-devel-2.2.3-53.el5_7.1.i386.rpm httpd-manual-2.2.3-53.el5_7.1.i386.rpm mod_ssl-2.2.3-53.el5_7.1.i386.rpm ia64: httpd-2.2.3-53.el5_7.1.ia64.rpm httpd-debuginfo-2.2.3-53.el5_7.1.ia64.rpm httpd-devel-2.2.3-53.el5_7.1.ia64.rpm httpd-manual-2.2.3-53.el5_7.1.ia64.rpm mod_ssl-2.2.3-53.el5_7.1.ia64.rpm ppc: httpd-2.2.3-53.el5_7.1.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.1.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.1.ppc64.rpm httpd-devel-2.2.3-53.el5_7.1.ppc.rpm httpd-devel-2.2.3-53.el5_7.1.ppc64.rpm httpd-manual-2.2.3-53.el5_7.1.ppc.rpm mod_ssl-2.2.3-53.el5_7.1.ppc.rpm s390x: httpd-2.2.3-53.el5_7.1.s390x.rpm httpd-debuginfo-2.2.3-53.el5_7.1.s390.rpm httpd-debuginfo-2.2.3-53.el5_7.1.s390x.rpm httpd-devel-2.2.3-53.el5_7.1.s390.rpm httpd-devel-2.2.3-53.el5_7.1.s390x.rpm httpd-manual-2.2.3-53.el5_7.1.s390x.rpm mod_ssl-2.2.3-53.el5_7.1.s390x.rpm x86_64: httpd-2.2.3-53.el5_7.1.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.1.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.1.x86_64.rpm httpd-devel-2.2.3-53.el5_7.1.i386.rpm httpd-devel-2.2.3-53.el5_7.1.x86_64.rpm httpd-manual-2.2.3-53.el5_7.1.x86_64.rpm mod_ssl-2.2.3-53.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm i386: httpd-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-tools-2.2.15-9.el6_1.2.i686.rpm x86_64: httpd-2.2.15-9.el6_1.2.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-tools-2.2.15-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm i386: httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm mod_ssl-2.2.15-9.el6_1.2.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.2.noarch.rpm x86_64: httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.x86_64.rpm mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm x86_64: httpd-2.2.15-9.el6_1.2.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-tools-2.2.15-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm noarch: httpd-manual-2.2.15-9.el6_1.2.noarch.rpm x86_64: httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.x86_64.rpm mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm i386: httpd-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-tools-2.2.15-9.el6_1.2.i686.rpm mod_ssl-2.2.15-9.el6_1.2.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.2.noarch.rpm ppc64: httpd-2.2.15-9.el6_1.2.ppc64.rpm httpd-debuginfo-2.2.15-9.el6_1.2.ppc.rpm httpd-debuginfo-2.2.15-9.el6_1.2.ppc64.rpm httpd-devel-2.2.15-9.el6_1.2.ppc.rpm httpd-devel-2.2.15-9.el6_1.2.ppc64.rpm httpd-tools-2.2.15-9.el6_1.2.ppc64.rpm mod_ssl-2.2.15-9.el6_1.2.ppc64.rpm s390x: httpd-2.2.15-9.el6_1.2.s390x.rpm httpd-debuginfo-2.2.15-9.el6_1.2.s390.rpm httpd-debuginfo-2.2.15-9.el6_1.2.s390x.rpm httpd-devel-2.2.15-9.el6_1.2.s390.rpm httpd-devel-2.2.15-9.el6_1.2.s390x.rpm httpd-tools-2.2.15-9.el6_1.2.s390x.rpm mod_ssl-2.2.15-9.el6_1.2.s390x.rpm x86_64: httpd-2.2.15-9.el6_1.2.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.x86_64.rpm httpd-tools-2.2.15-9.el6_1.2.x86_64.rpm mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-9.el6_1.2.src.rpm i386: httpd-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-tools-2.2.15-9.el6_1.2.i686.rpm mod_ssl-2.2.15-9.el6_1.2.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.2.noarch.rpm x86_64: httpd-2.2.15-9.el6_1.2.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.2.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.2.x86_64.rpm httpd-devel-2.2.15-9.el6_1.2.i686.rpm httpd-devel-2.2.15-9.el6_1.2.x86_64.rpm httpd-tools-2.2.15-9.el6_1.2.x86_64.rpm mod_ssl-2.2.15-9.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOXrquXlSAg2UNWIIRAhCLAKCItpMGXPG+Qj9sCBaugV7zW/0QngCgmlIN ofB71UVqXan/YvWLkNO+XYw= =DqLG -----END PGP SIGNATURE-----