From bugzilla at redhat.com Tue Jan 4 16:57:46 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Jan 2011 09:57:46 -0700 Subject: [RHSA-2011:0004-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201101041657.p04GvlgM026017@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:0004-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0004.html Issue date: 2011-01-04 CVE Names: CVE-2010-3432 CVE-2010-3442 CVE-2010-3699 CVE-2010-3858 CVE-2010-3859 CVE-2010-3865 CVE-2010-3876 CVE-2010-3880 CVE-2010-4083 CVE-2010-4157 CVE-2010-4161 CVE-2010-4242 CVE-2010-4247 CVE-2010-4248 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check was found in snd_ctl_new() in the Linux kernel's sound subsystem. A local, unprivileged user on a 32-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A heap overflow flaw in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3859, Important) * An integer overflow flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important) * A flaw was found in the Xenbus code for the unified block-device I/O interface back end. A privileged guest user could use this flaw to cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-3699, Moderate) * Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate) * A flaw was found in inet_csk_diag_dump() in the Linux kernel's module for monitoring the sockets of INET transport protocols. By sending a netlink message with certain bytecode, a local, unprivileged user could cause a denial of service. (CVE-2010-3880, Moderate) * Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate) * The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243 introduced a regression. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4161, Moderate) * A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate) * It was found that a malicious guest running on the Xen hypervisor could place invalid data in the memory that the guest shared with the blkback and blktap back-end drivers, resulting in a denial of service on the host system. (CVE-2010-4247, Moderate) * A flaw was found in the Linux kernel's CPU time clocks implementation for the POSIX clock interface. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4248, Moderate) * Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3876, CVE-2010-4083, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-4161, and CVE-2010-4083; Thomas Pollet for reporting CVE-2010-3865; Brad Spengler for reporting CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; and Vasiliy Kulikov for reporting CVE-2010-3876. This update also fixes several bugs and adds an enhancement. Documentation for the bug fixes and the enhancement will be available shortly from the Technical Notes document, linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 636411 - CVE-2010-3699 kernel: guest->host denial of service from invalid xenbus transitions 637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config 638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new() 641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open() 643339 - [Intel/Cisco 5.6 Bug] ixgbe: include ability to disable MSI-X [rhel-5.5.z] 643344 - kernel: Problem with execve(2) reintroduced [rhel-5.5.z] 643345 - netback does not properly get to the Connected state after it's been Closed [rhel-5.5.z] 643347 - kernel: security: testing the wrong variable in create_by_name() [rhel-5.5.z] 645222 - CVE-2010-3858 kernel: setup_arg_pages: diagnose excessive argument size 645867 - CVE-2010-3859 kernel: tipc: heap overflow in tipc_msg_build() 646765 - RHEL5.6 Include DL580 G7 in bfsort whitelist [rhel-5.5.z] 647416 - CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c 647681 - bond0 only works in promisc mode [rhel-5.5.z] 648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory 648938 - x86_64 host on Nehalem-EX machines will panic when installing a 4.8 GA kvm guest [rhel-5.5.z] 649255 - bnx2 adapter periodically dropping received packets [rhel-5.5.z] 649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory 651147 - CVE-2010-4157 kernel: gdth: integer overflow in ioc_general() 651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing 651805 - GFS2: stuck in inode wait, no glocks stuck [rhel-5.5.z] 651811 - GFS2: BUG_ON kernel panic in gfs2_glock_hold on 2.6.18-226 [rhel-5.5.z] 651818 - [5.5] Hangs up during booting due to a spinlock problem. [rhel-5.5.z] 652534 - CVE-2010-4161 kernel: rhel5 commit 6865201191 caused deadlock 652561 - Scheduling while atomic when removing slave tg3 interface from bonding [rhel-5.5.z] 653335 - flock performance with DLM in RHEL 5.5 [rhel-5.5.z] 656206 - CVE-2010-4247 xen: request-processing loop is unbounded in blkback 656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec 657028 - [NetApp 5.6 bug] SCSI ALUA handler fails to handle ALUA transitioning properly [rhel-5.5.z] 657029 - [NetApp 5.6 bug] qla2xxx: Kernel panic on qla24xx_queuecommand [rhel-5.5.z] 657319 - [Stratus 5.6 bug] System crashes at uhci_scan_schedule(). [rhel-5.5.z] 658079 - lpfc: set heartbeat timer off by default [rhel-5.5.z] 658378 - lpfc: fix a BUG_ON in lpfc_abort_handler [rhel-5.5.z] 658379 - lpfc: fix panic in lpfc_scsi_cmd_iocb_cmpl [rhel-5.5.z] 658520 - add round_jiffies_up and related routines [rhel-5.5.z] 658857 - dcache unused accounting problem [rhel-5.5.z] 658864 - lpfc: fix crashes on NULL pnode dereference [rhel-5.5.z] 658934 - [NetApp 5.6 bug] regression: allow offlined devs to be set to running [rhel-5.5.z] 663353 - System crashes at .nfs_flush_incompatible [rhel-5.5.z] 663381 - [REG][5.6] kernel panic occurs by writing a file on optional mount "sync/noac" of NFSv4. [rhel-5.5.z] 664416 - [REG][5.6] kernel panic occurs by reading an empty file on optional mount "sync/noac" of NFSv4. [rhel-5.5.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.32.1.el5.src.rpm i386: kernel-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.32.1.el5.i686.rpm kernel-debug-2.6.18-194.32.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.32.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.i686.rpm kernel-devel-2.6.18-194.32.1.el5.i686.rpm kernel-headers-2.6.18-194.32.1.el5.i386.rpm kernel-xen-2.6.18-194.32.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.32.1.el5.i686.rpm noarch: kernel-doc-2.6.18-194.32.1.el5.noarch.rpm x86_64: kernel-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.32.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.x86_64.rpm kernel-devel-2.6.18-194.32.1.el5.x86_64.rpm kernel-headers-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.32.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.32.1.el5.src.rpm i386: kernel-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-PAE-devel-2.6.18-194.32.1.el5.i686.rpm kernel-debug-2.6.18-194.32.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-debug-devel-2.6.18-194.32.1.el5.i686.rpm kernel-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.i686.rpm kernel-devel-2.6.18-194.32.1.el5.i686.rpm kernel-headers-2.6.18-194.32.1.el5.i386.rpm kernel-xen-2.6.18-194.32.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-194.32.1.el5.i686.rpm kernel-xen-devel-2.6.18-194.32.1.el5.i686.rpm ia64: kernel-2.6.18-194.32.1.el5.ia64.rpm kernel-debug-2.6.18-194.32.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.ia64.rpm kernel-debug-devel-2.6.18-194.32.1.el5.ia64.rpm kernel-debuginfo-2.6.18-194.32.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.ia64.rpm kernel-devel-2.6.18-194.32.1.el5.ia64.rpm kernel-headers-2.6.18-194.32.1.el5.ia64.rpm kernel-xen-2.6.18-194.32.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-194.32.1.el5.ia64.rpm kernel-xen-devel-2.6.18-194.32.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-194.32.1.el5.noarch.rpm ppc: kernel-2.6.18-194.32.1.el5.ppc64.rpm kernel-debug-2.6.18-194.32.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-194.32.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-194.32.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.ppc64.rpm kernel-devel-2.6.18-194.32.1.el5.ppc64.rpm kernel-headers-2.6.18-194.32.1.el5.ppc.rpm kernel-headers-2.6.18-194.32.1.el5.ppc64.rpm kernel-kdump-2.6.18-194.32.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-194.32.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-194.32.1.el5.ppc64.rpm s390x: kernel-2.6.18-194.32.1.el5.s390x.rpm kernel-debug-2.6.18-194.32.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.s390x.rpm kernel-debug-devel-2.6.18-194.32.1.el5.s390x.rpm kernel-debuginfo-2.6.18-194.32.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.s390x.rpm kernel-devel-2.6.18-194.32.1.el5.s390x.rpm kernel-headers-2.6.18-194.32.1.el5.s390x.rpm kernel-kdump-2.6.18-194.32.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-194.32.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-194.32.1.el5.s390x.rpm x86_64: kernel-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-194.32.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-194.32.1.el5.x86_64.rpm kernel-devel-2.6.18-194.32.1.el5.x86_64.rpm kernel-headers-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-194.32.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-194.32.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3432.html https://www.redhat.com/security/data/cve/CVE-2010-3442.html https://www.redhat.com/security/data/cve/CVE-2010-3699.html https://www.redhat.com/security/data/cve/CVE-2010-3858.html https://www.redhat.com/security/data/cve/CVE-2010-3859.html https://www.redhat.com/security/data/cve/CVE-2010-3865.html https://www.redhat.com/security/data/cve/CVE-2010-3876.html https://www.redhat.com/security/data/cve/CVE-2010-3880.html https://www.redhat.com/security/data/cve/CVE-2010-4083.html https://www.redhat.com/security/data/cve/CVE-2010-4157.html https://www.redhat.com/security/data/cve/CVE-2010-4161.html https://www.redhat.com/security/data/cve/CVE-2010-4242.html https://www.redhat.com/security/data/cve/CVE-2010-4247.html https://www.redhat.com/security/data/cve/CVE-2010-4248.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#RHSA-2011-0004 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNI1F5XlSAg2UNWIIRAuxcAJ9FgzZ5Oh6aP6XpdwEDDKzJubbGrwCdETvg aQKBoUrl/VhCU9P+EwVwMKU= =92/g -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 6 18:32:29 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Jan 2011 11:32:29 -0700 Subject: [RHSA-2011:0009-01] Moderate: evince security update Message-ID: <201101061832.p06IWTYV023575@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: evince security update Advisory ID: RHSA-2011:0009-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0009.html Issue date: 2011-01-06 CVE Names: CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 ===================================================================== 1. Summary: Updated evince packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Evince is a document viewer. An array index error was found in the DeVice Independent (DVI) renderer's PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2640, CVE-2010-2641) A heap-based buffer overflow flaw was found in the DVI renderer's AFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2642) An integer overflow flaw was found in the DVI renderer's TFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2643) Note: The above issues are not exploitable unless an attacker can trick the user into installing a malicious font file. Red Hat would like to thank the Evince development team for reporting these issues. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 666313 - CVE-2010-2640 evince: Array index errror in DVI file PK font parser 666314 - CVE-2010-2641 evince: Array index errror in DVI file VF font parser 666318 - CVE-2010-2642 evince: Heap based buffer overflow in DVI file AFM font parser 666321 - CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-dvi-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm x86_64: evince-2.28.2-14.el6_0.1.x86_64.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm x86_64: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm x86_64: evince-2.28.2-14.el6_0.1.x86_64.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.x86_64.rpm evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-dvi-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm ppc64: evince-2.28.2-14.el6_0.1.ppc64.rpm evince-debuginfo-2.28.2-14.el6_0.1.ppc.rpm evince-debuginfo-2.28.2-14.el6_0.1.ppc64.rpm evince-dvi-2.28.2-14.el6_0.1.ppc64.rpm evince-libs-2.28.2-14.el6_0.1.ppc.rpm evince-libs-2.28.2-14.el6_0.1.ppc64.rpm s390x: evince-2.28.2-14.el6_0.1.s390x.rpm evince-debuginfo-2.28.2-14.el6_0.1.s390.rpm evince-debuginfo-2.28.2-14.el6_0.1.s390x.rpm evince-dvi-2.28.2-14.el6_0.1.s390x.rpm evince-libs-2.28.2-14.el6_0.1.s390.rpm evince-libs-2.28.2-14.el6_0.1.s390x.rpm x86_64: evince-2.28.2-14.el6_0.1.x86_64.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm ppc64: evince-debuginfo-2.28.2-14.el6_0.1.ppc.rpm evince-debuginfo-2.28.2-14.el6_0.1.ppc64.rpm evince-devel-2.28.2-14.el6_0.1.ppc.rpm evince-devel-2.28.2-14.el6_0.1.ppc64.rpm s390x: evince-debuginfo-2.28.2-14.el6_0.1.s390.rpm evince-debuginfo-2.28.2-14.el6_0.1.s390x.rpm evince-devel-2.28.2-14.el6_0.1.s390.rpm evince-devel-2.28.2-14.el6_0.1.s390x.rpm x86_64: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-dvi-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm x86_64: evince-2.28.2-14.el6_0.1.x86_64.rpm evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evince-2.28.2-14.el6_0.1.src.rpm i386: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm x86_64: evince-debuginfo-2.28.2-14.el6_0.1.i686.rpm evince-debuginfo-2.28.2-14.el6_0.1.x86_64.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2640.html https://www.redhat.com/security/data/cve/CVE-2010-2641.html https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2010-2643.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNJgqlXlSAg2UNWIIRAt/YAKCcQOy+2nYxWfuTyIRHvoa8Q9y4CgCdES4L Bh20RjfkBXiA+SZ7rV/SEl0= =YAJa -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 10 19:48:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jan 2011 12:48:38 -0700 Subject: [RHSA-2011:0013-01] Moderate: wireshark security update Message-ID: <201101101948.p0AJmcfQ023300@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2011:0013-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0013.html Issue date: 2011-01-10 CVE Names: CVE-2010-4538 ===================================================================== 1. Summary: Updated wireshark packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Web Server (v. 6) - x86_64 Red Hat Enterprise Linux Web Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4538) Users of Wireshark should upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 666894 - CVE-2010-4538 Wireshark: Stack-based array index error in ENTTEC dissector (upstream bug #5539) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm i386: wireshark-1.0.15-1.el4_8.3.i386.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.i386.rpm wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm ia64: wireshark-1.0.15-1.el4_8.3.ia64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.ia64.rpm wireshark-gnome-1.0.15-1.el4_8.3.ia64.rpm ppc: wireshark-1.0.15-1.el4_8.3.ppc.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.ppc.rpm wireshark-gnome-1.0.15-1.el4_8.3.ppc.rpm s390: wireshark-1.0.15-1.el4_8.3.s390.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.s390.rpm wireshark-gnome-1.0.15-1.el4_8.3.s390.rpm s390x: wireshark-1.0.15-1.el4_8.3.s390x.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.s390x.rpm wireshark-gnome-1.0.15-1.el4_8.3.s390x.rpm x86_64: wireshark-1.0.15-1.el4_8.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.x86_64.rpm wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm i386: wireshark-1.0.15-1.el4_8.3.i386.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.i386.rpm wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm x86_64: wireshark-1.0.15-1.el4_8.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.x86_64.rpm wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm i386: wireshark-1.0.15-1.el4_8.3.i386.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.i386.rpm wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm ia64: wireshark-1.0.15-1.el4_8.3.ia64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.ia64.rpm wireshark-gnome-1.0.15-1.el4_8.3.ia64.rpm x86_64: wireshark-1.0.15-1.el4_8.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.x86_64.rpm wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-1.0.15-1.el4_8.3.src.rpm i386: wireshark-1.0.15-1.el4_8.3.i386.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.i386.rpm wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm ia64: wireshark-1.0.15-1.el4_8.3.ia64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.ia64.rpm wireshark-gnome-1.0.15-1.el4_8.3.ia64.rpm x86_64: wireshark-1.0.15-1.el4_8.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el4_8.3.x86_64.rpm wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-1.el5_5.3.src.rpm i386: wireshark-1.0.15-1.el5_5.3.i386.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.i386.rpm x86_64: wireshark-1.0.15-1.el5_5.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-1.el5_5.3.src.rpm i386: wireshark-debuginfo-1.0.15-1.el5_5.3.i386.rpm wireshark-gnome-1.0.15-1.el5_5.3.i386.rpm x86_64: wireshark-debuginfo-1.0.15-1.el5_5.3.x86_64.rpm wireshark-gnome-1.0.15-1.el5_5.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-1.0.15-1.el5_5.3.src.rpm i386: wireshark-1.0.15-1.el5_5.3.i386.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.i386.rpm wireshark-gnome-1.0.15-1.el5_5.3.i386.rpm ia64: wireshark-1.0.15-1.el5_5.3.ia64.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.ia64.rpm wireshark-gnome-1.0.15-1.el5_5.3.ia64.rpm ppc: wireshark-1.0.15-1.el5_5.3.ppc.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.ppc.rpm wireshark-gnome-1.0.15-1.el5_5.3.ppc.rpm s390x: wireshark-1.0.15-1.el5_5.3.s390x.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.s390x.rpm wireshark-gnome-1.0.15-1.el5_5.3.s390x.rpm x86_64: wireshark-1.0.15-1.el5_5.3.x86_64.rpm wireshark-debuginfo-1.0.15-1.el5_5.3.x86_64.rpm wireshark-gnome-1.0.15-1.el5_5.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm x86_64: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-1.2.13-1.el6_0.2.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-gnome-1.2.13-1.el6_0.2.i686.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm ppc64: wireshark-1.2.13-1.el6_0.2.ppc.rpm wireshark-1.2.13-1.el6_0.2.ppc64.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.ppc.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.ppc64.rpm s390x: wireshark-1.2.13-1.el6_0.2.s390.rpm wireshark-1.2.13-1.el6_0.2.s390x.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.s390.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.s390x.rpm x86_64: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-1.2.13-1.el6_0.2.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-gnome-1.2.13-1.el6_0.2.i686.rpm ppc64: wireshark-debuginfo-1.2.13-1.el6_0.2.ppc.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.ppc64.rpm wireshark-devel-1.2.13-1.el6_0.2.ppc.rpm wireshark-devel-1.2.13-1.el6_0.2.ppc64.rpm wireshark-gnome-1.2.13-1.el6_0.2.ppc64.rpm s390x: wireshark-debuginfo-1.2.13-1.el6_0.2.s390.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.s390x.rpm wireshark-devel-1.2.13-1.el6_0.2.s390.rpm wireshark-devel-1.2.13-1.el6_0.2.s390x.rpm wireshark-gnome-1.2.13-1.el6_0.2.s390x.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Web Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6WebServer/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm x86_64: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-1.2.13-1.el6_0.2.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Web Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6WebServer/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm x86_64: wireshark-1.2.13-1.el6_0.2.i686.rpm wireshark-1.2.13-1.el6_0.2.x86_64.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.13-1.el6_0.2.src.rpm i386: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-gnome-1.2.13-1.el6_0.2.i686.rpm x86_64: wireshark-debuginfo-1.2.13-1.el6_0.2.i686.rpm wireshark-debuginfo-1.2.13-1.el6_0.2.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.2.i686.rpm wireshark-devel-1.2.13-1.el6_0.2.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4538.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNK2JyXlSAg2UNWIIRAkOTAJ9GE0Xkb48Oj7QrMe3WY5dJA+1YZwCcCPmP w2JVrDOQjB+7voH7co7ZbyM= =4Tnh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 11 19:55:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Jan 2011 12:55:25 -0700 Subject: [RHSA-2011:0007-01] Important: kernel security and bug fix update Message-ID: <201101111955.p0BJtQP4005944@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:0007-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0007.html Issue date: 2011-01-11 CVE Names: CVE-2010-2492 CVE-2010-3067 CVE-2010-3078 CVE-2010-3080 CVE-2010-3298 CVE-2010-3477 CVE-2010-3861 CVE-2010-3865 CVE-2010-3874 CVE-2010-3876 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4075 CVE-2010-4077 CVE-2010-4079 CVE-2010-4080 CVE-2010-4081 CVE-2010-4082 CVE-2010-4083 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242 CVE-2010-4248 CVE-2010-4249 CVE-2010-4263 CVE-2010-4525 CVE-2010-4668 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: * Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 6), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important) * Integer overflow in the RDS protocol implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important) * Missing boundary checks in the PPP over L2TP sockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4160, Important) * NULL pointer dereference in the igb driver. If both Single Root I/O Virtualization (SR-IOV) and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important) * Missing initialization flaw in the XFS file system implementation, and in the network traffic policing implementation, could allow a local, unprivileged user to cause an information leak. (CVE-2010-3078, CVE-2010-3477, Moderate) * NULL pointer dereference in the Open Sound System compatible sequencer driver could allow a local, unprivileged user with access to /dev/sequencer to cause a denial of service. /dev/sequencer is only accessible to root and users in the audio group by default. (CVE-2010-3080, Moderate) * Flaw in the ethtool IOCTL handler could allow a local user to cause an information leak. (CVE-2010-3861, Moderate) * Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager. On 64-bit systems, writing the socket address may overflow the procname character array. (CVE-2010-3874, Moderate) * Flaw in the module for monitoring the sockets of INET transport protocols could allow a local, unprivileged user to cause a denial of service. (CVE-2010-3880, Moderate) * Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, Moderate) * NULL pointer dereference in the Bluetooth HCI UART driver could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4242, Moderate) * Flaw in the Linux kernel CPU time clocks implementation for the POSIX clock interface could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4248, Moderate) * Flaw in the garbage collector for AF_UNIX sockets could allow a local, unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate) * Missing upper bound integer check in the AIO implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-3067, Low) * Missing initialization flaws could lead to information leaks. (CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low) * Missing initialization flaw in KVM could allow a privileged host user with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low) Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163, CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and Stephan Mueller of atsec information security for reporting CVE-2010-4525. 4. Solution: Users should upgrade to these updated packages, which contain backported patches to correct these issues. Documentation for the bugs fixed by this update will be available shortly from the Technical Notes document, linked to in the References section. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 611385 - CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow 629441 - CVE-2010-3067 kernel: do_io_submit() infoleak 630551 - CVE-2010-3080 kernel: /dev/sequencer open failure is not handled correctly 630804 - CVE-2010-3078 kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak 633140 - CVE-2010-3298 kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory 636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak 641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open() 646725 - CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL 647391 - kernel BUG at mm/migrate.c:113! [rhel-6.0.z] 647416 - CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c 648408 - Do not mix FMODE_ and O_ flags with break_lease() and may_open() [rhel-6.0.z] 648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory 648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory 648659 - CVE-2010-4074 kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory 648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory 648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory 648666 - CVE-2010-4079 kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory 648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory 648670 - CVE-2010-4081 kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory 648671 - CVE-2010-4082 kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory 648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory 649695 - CVE-2010-3874 kernel: CAN minor heap overflow 649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory 651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing 651698 - CVE-2010-4158 kernel: socket filters infoleak 651892 - CVE-2010-4160 kernel: L2TP send buffer allocation size overflows 652529 - CVE-2010-4162 kernel: bio: integer overflow page count when mapping/copying user data 652957 - CVE-2010-4163 CVE-2010-4668 kernel: panic when submitting certain 0-length I/O requests 653340 - [kvm] VIRT-IO NIC state is reported as 'unknown' on vm running over RHEL6 host [rhel-6.0.z] 656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec 656756 - CVE-2010-4249 kernel: unix socket local dos 658879 - kernel 2.6.32-84.el6 breaks systemtap [rhel-6.0.z] 659611 - lpfc: Fixed crashes for BUG_ONs hit in the lpfc_abort_handler [rhel-6.0.z] 660188 - CVE-2010-4263 kernel: igb panics when receiving tag vlan packet 660244 - lpfc: Set heartbeat timer off by default [rhel-6.0.z] 660591 - neighbour update causes an Oops when using tunnel device [rhel-6.0.z] 665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm i386: kernel-2.6.32-71.14.1.el6.i686.rpm kernel-debug-2.6.32-71.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm kernel-devel-2.6.32-71.14.1.el6.i686.rpm kernel-headers-2.6.32-71.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.14.1.el6.noarch.rpm kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm perf-2.6.32-71.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm noarch: kernel-doc-2.6.32-71.14.1.el6.noarch.rpm kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm perf-2.6.32-71.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm i386: kernel-2.6.32-71.14.1.el6.i686.rpm kernel-debug-2.6.32-71.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm kernel-devel-2.6.32-71.14.1.el6.i686.rpm kernel-headers-2.6.32-71.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.14.1.el6.noarch.rpm kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm perf-2.6.32-71.14.1.el6.noarch.rpm ppc64: kernel-2.6.32-71.14.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.14.1.el6.ppc64.rpm kernel-debug-2.6.32-71.14.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.14.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.14.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-71.14.1.el6.ppc64.rpm kernel-devel-2.6.32-71.14.1.el6.ppc64.rpm kernel-headers-2.6.32-71.14.1.el6.ppc64.rpm s390x: kernel-2.6.32-71.14.1.el6.s390x.rpm kernel-debug-2.6.32-71.14.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.s390x.rpm kernel-debug-devel-2.6.32-71.14.1.el6.s390x.rpm kernel-debuginfo-2.6.32-71.14.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-71.14.1.el6.s390x.rpm kernel-devel-2.6.32-71.14.1.el6.s390x.rpm kernel-headers-2.6.32-71.14.1.el6.s390x.rpm kernel-kdump-2.6.32-71.14.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.14.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.14.1.el6.s390x.rpm x86_64: kernel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm i386: kernel-2.6.32-71.14.1.el6.i686.rpm kernel-debug-2.6.32-71.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm kernel-devel-2.6.32-71.14.1.el6.i686.rpm kernel-headers-2.6.32-71.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.14.1.el6.noarch.rpm kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm perf-2.6.32-71.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2492.html https://www.redhat.com/security/data/cve/CVE-2010-3067.html https://www.redhat.com/security/data/cve/CVE-2010-3078.html https://www.redhat.com/security/data/cve/CVE-2010-3080.html https://www.redhat.com/security/data/cve/CVE-2010-3298.html https://www.redhat.com/security/data/cve/CVE-2010-3477.html https://www.redhat.com/security/data/cve/CVE-2010-3861.html https://www.redhat.com/security/data/cve/CVE-2010-3865.html https://www.redhat.com/security/data/cve/CVE-2010-3874.html https://www.redhat.com/security/data/cve/CVE-2010-3876.html https://www.redhat.com/security/data/cve/CVE-2010-3880.html https://www.redhat.com/security/data/cve/CVE-2010-4072.html https://www.redhat.com/security/data/cve/CVE-2010-4073.html https://www.redhat.com/security/data/cve/CVE-2010-4074.html https://www.redhat.com/security/data/cve/CVE-2010-4075.html https://www.redhat.com/security/data/cve/CVE-2010-4077.html https://www.redhat.com/security/data/cve/CVE-2010-4079.html https://www.redhat.com/security/data/cve/CVE-2010-4080.html https://www.redhat.com/security/data/cve/CVE-2010-4081.html https://www.redhat.com/security/data/cve/CVE-2010-4082.html https://www.redhat.com/security/data/cve/CVE-2010-4083.html https://www.redhat.com/security/data/cve/CVE-2010-4158.html https://www.redhat.com/security/data/cve/CVE-2010-4160.html https://www.redhat.com/security/data/cve/CVE-2010-4162.html https://www.redhat.com/security/data/cve/CVE-2010-4163.html https://www.redhat.com/security/data/cve/CVE-2010-4242.html https://www.redhat.com/security/data/cve/CVE-2010-4248.html https://www.redhat.com/security/data/cve/CVE-2010-4249.html https://www.redhat.com/security/data/cve/CVE-2010-4263.html https://www.redhat.com/security/data/cve/CVE-2010-4525.html https://www.redhat.com/security/data/cve/CVE-2010-4668.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0007 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLLV/XlSAg2UNWIIRAqBDAKCjp1MiP24Cf16Cs+w7fEZHYU5t8ACcDLPD gdl8ty7ia2arkN9LDyAkKEU= =EHqN -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 11:24:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 11:24:21 +0000 Subject: [RHSA-2011:0017-01] Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update Message-ID: <201101131124.p0DBOLcO023746@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update Advisory ID: RHSA-2011:0017-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0017.html Issue date: 2011-01-13 CVE Names: CVE-2010-3296 CVE-2010-3877 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080 CVE-2010-4081 CVE-2010-4158 CVE-2010-4238 CVE-2010-4243 CVE-2010-4255 CVE-2010-4263 CVE-2010-4343 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the sixth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the igb driver in the Linux kernel. If both the Single Root I/O Virtualization (SR-IOV) feature and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important) * A missing sanity check was found in vbd_create() in the Xen hypervisor implementation. As CD-ROM drives are not supported by the blkback back-end driver, attempting to use a virtual CD-ROM drive with blkback could trigger a denial of service (crash) on the host system running the Xen hypervisor. (CVE-2010-4238, Moderate) * A flaw was found in the Linux kernel execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate) * A flaw was found in fixup_page_fault() in the Xen hypervisor implementation. If a 64-bit para-virtualized guest accessed a certain area of memory, it could cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-4255, Moderate) * A missing initialization flaw was found in the bfa driver used by Brocade Fibre Channel Host Bus Adapters. A local, unprivileged user could use this flaw to cause a denial of service by reading a file in the "/sys/class/fc_host/host#/statistics/" directory. (CVE-2010-4343, Moderate) * Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158, Low) Red Hat would like to thank Kosuke Tatsukawa for reporting CVE-2010-4263; Vladymyr Denysov for reporting CVE-2010-4238; Brad Spengler for reporting CVE-2010-4243; Dan Rosenberg for reporting CVE-2010-3296, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, and CVE-2010-4158; Vasiliy Kulikov for reporting CVE-2010-3877; and Kees Cook for reporting CVE-2010-4072. These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.6 Release Notes for information on the most significant of these changes: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html Refer to the kernel chapter in the Red Hat Enterprise Linux 5.6 Technical Notes for further information: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 237372 - Marvell PATA not supported 429102 - Allocations on resume path can cause deadlock due to attempting to swap 441243 - kernel keyring quotas exceeded 455323 - No support for upstream /proc/sys/kernel/nmi_watchdog. 456765 - kabitool blocks custom kernel builds when kernel version > 2.6.18-53.1.21.el5 459901 - race condition between AIO and setresuid() 466088 - dm-snapshot: very slow write to snapshot origin when copy-on-write occurs 466157 - kernel doesn't supply memory fields in getrusage, /usr/bin/time anything shows "... (0avgtext+0avgdata 0maxresident)k ..." 470801 - Read from /proc/xen/xenbus does not honor O_NONBLOCK 479418 - second cifs mount to samba server fails when samba using security=ADS 485903 - [RHEL5] Netfilter modules unloading hangs 488882 - cxgb3 driver very slow under Xen with HW acceleration enabled 493047 - Oprofile - Add Dunnington processors to the list of ppro cores 494400 - TCP: Treason uncloaked! during Network Stress Testing 496127 - [RHEL5.5] e1000e devices fail to initialize interrupts properly 499553 - Cannot generate proper stacktrace on xen-ia64 503864 - The USB storage cannot use >2TB. 504188 - GFS1 vs GFS2 performance issue 506694 - kdump hangs up if INIT is received while kdump is starting 507846 - Balloon driver gives up too easily when ballooning up under memory pressure 513934 - Keyboard LEDs constantly lit 516289 - bonding: backport code to allow user-controlled output slave detection. 516851 - [Stratus 5.6 bug] System crashes at uhci_scan_schedule(). 516985 - When bonding is used and IPV6 is enabled the message of 'kernel: bond0: duplicate address detected!' is output 521878 - Fix instances of #!/usr/bin/env python in kernel-devel-packages 523341 - PCI SR-IOV BAR resources can't be reliably mapped 523920 - [Adaptec/HCL 5.6 bug] Problems with aacraid - File system going into read-only. 529914 - GFS2 fatal: filesystem consistency error on rename 530123 - [Dell 5.5 FEAT] autoload tpm_tis driver 533093 - Certain newer WDC SATA drives identified as SEMB 533391 - Kernel panic: EDAC MC0: INTERNAL ERROR: channel-b out of range 538022 - java.util.concurrent: long delay and intervals drift since kernel update to 164 539560 - tcp_disconnect should clear all of tp->rx_opt .... 539626 - default txqueuelen of vif device is too small 540786 - support supplementary groups of tun/tap devices 541224 - net: possible leak of dst_entry (ipv4) 546060 - soft lockup while unmounting a read-only filesystem with errors (As per Redhat Bug #429054) 546455 - kernel bug: quota file size not a multiple of struct gfs2_quota 546554 - kernel: no clue to find what is happening when hitting a lockdep limit 546700 - Deadlock in aio 551028 - nfsv4 hangs -- kernel: decode_op_hdr: reply buffer overflowed in line 2121 552574 - Guest could not join the multicast group with virtio NIC 552886 - [RHEL5] ip_mc_sf_allow() has a lock problem 553407 - nanosleep() is unstable on xen kernel and ntpd with -x option 554706 - Kernel: network: bonding: scheduling while atomic: ifdown-eth/0x00000100/21775 554872 - Periodic ata exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen messages 555197 - dm-raid1: fix data lost at mirror log failure 555708 - kABI whitelist request for Fujitsu modules 555910 - xen migration fails when a full virt guest uses the xen-vnif driver 556476 - Update sfc driver (add SFC9000 support) 557423 - nfs: sys_read sometimes returns -EIO 558999 - [Broadcom 5.6 bug] kABI whitelist request for bnx2i 559815 - ACPI _SDD failed (AE 0x5) messages on boot 560540 - Reserve PNP enumerated system board iomem resources 560870 - Update Neighbor Cache when IPv6 RA is received on a router 562220 - IP PACKET DOES NOT TRANSMIT USING RAW SOCKETS 563271 - ITE it887x chipset serial ports don't work 564249 - [LSI 5.6 feat] update megaraid_sas to version 4.31 565560 - [5.6 FEAT] KVM network performance: Defer skb allocation in virtio-net 565973 - [EMC 5.6 bug] security and PSF update patch for EMC CKD ioctl 565974 - [5.6 FEAT] NFSv4 remove does not wait for close. Silly rename 566104 - route: BUG at include/linux/timer.h:82 (call from rt_secret_rebuild_oneshot) 566144 - Loading NAT module with/without rules affects ping behaviour 566767 - [Emulex 5.6 bug] kABI whitelist request for lpfc 567092 - possible recursive locking of inode by nfsd 567428 - [QLogic 5.6 FEAT] Update qla2xxx driver to version 8.03.01.05.05.06-k 567444 - RHEL5.6: cxgb3i driver update 567462 - [Broadcom 5.6 feat] Update tg3 to version 3.108+ and add 5718 B0, 5719 support 567479 - fasync_helper patch causing problems with GPFS 567604 - [Regression] bonding: 802.3ad problems with link detection 568111 - [Cisco 5.6 FEAT] Update enic driver to version 1.4.1.2 568601 - [Broadcom 5.6 FEAT] Update bnx2 to 2.0.8+ 568606 - [Broadcom 5.6 FEAT] Update bnx2i driver and add 57712 support 569106 - netconsole fails with tg3 569342 - [5.4] nfsd dereferences uninitialized list head on error exit in nfsd4_list_rec_dir() 569643 - [Emulex 5.6 feat] Add be2iscsi driver for BE3 asic 569654 - boot hangs if scsi read capacity fails on faulty non system drive 570044 - kernel panic when rmmod and insmod rpcsec_gss_krb5 module 570091 - cpu flags missing from /proc/cpuinfo 570491 - vmalloc ENOMEM caused by iptables 570604 - X can't get signals with DRI 570610 - [RHEL5]: Add thread_siblings_list to /sys 570645 - [RHEL5] bonding mode 0 doesn't resend IGMP after a failure 570681 - REGRESSION: Fix iscsi failover time 570824 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour 571518 - revalidate dentries provided by LAST_BIND symlinks 571735 - backports of virtio_blk barrier support 571862 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.73.1p and include BE3 asic 571864 - RHEL5: coretemp: fix cpu model output 572004 - [LSI 5.6 FEAT] Update 3w-9xxx driver to v2.26.08.007-2.6.18RH 572011 - [LSI 5.6 FEAT] Add 3w-sas driver and update to v3.26.00.028-2.6.18RH 572285 - Add /sys/devices/system/node/nodeX/cpulist files 572930 - Bad ext4 sync performance on 16 TB GPT partition 573106 - [Stratus 5.6 bug] task md0_resync:18061 blocked for more than 120 seconds 573185 - large storage data corruption on 32 bit 573652 - Regression: AUTH_SYS cannot be requested using the 'sec=sys' export option. 573771 - should set ISVM bit (ECX:31) for CPUID leaf 0x00000001 574285 - 25% performance regression of concurrent O_DIRECT writes. 574557 - [Cisco 5.6 bug] kABI request for fcoe 574913 - memory leak when ipv6 interface disabled in sysctl.conf 575309 - Kernel panic - not syncing: IO-APIC + timer doesn't work! 575817 - nfsv4 hangs -- client/server deadlock between commit and delegation return 576246 - missing power_meter release() function 576709 - [Cisco 5.6 bug] fnic: flush Tx queue bug fix 577182 - vxge: not enough MMIO resources for SR-IOV error 578005 - [Broadcom 5.6 bug] Cannot login to iSCSI target when bnx2i is loaded last 578259 - Network throughput drops seriously on DomU to DomU node traffic on RHEL5.3 Xen when NIC performs RSC. 578261 - [5.5] SCTP: Check if the file structure is valid before checking the non-blocking flag 578492 - e1000_clean_tx_irq: Detected Tx Unit Hang 578531 - [RHEL5.5] soft lockup on vlan with bonding in balance-alb mode 578905 - RHEL 5.3 on DL585 G6: testing NMI watchdog fails on bootup 580699 - hwmon: (coretemp) Get TjMax value from MSR for i series CPUs 581396 - [PATCH][RHEL5.5] Fix Time drift on KVM x86_64 RHEL5.5 Guest using PV clock 581654 - RTL-8169 Gigatit Ethernet network devices mac address changes after soft reboot. 581933 - pci_mmcfg_init() making some of main memory uncacheable 582003 - Enable LED support in iwlagn and iwl3945 drivers (IWLWIFI_LEDS) 582237 - "hung_task" feature port is incomplete 582321 - VFS: Busy inodes after unmount issue. 582367 - implement dev_disable_lro for RHEL5 582435 - [Stratus 5.6 bug] Circular lock dep warning on cfq_exit_lock 582722 - TCP socket premature timeout with FRTO and TSO 582886 - The assigned VF cannot be found in PV guest. 583673 - set-cpu_llc_id-on-amd-cpus patch: undefined variable 'cpu' in in amd_detect_cmp() 583767 - dev_set_name() undefined in net/wireless/cfg80211.ko in some cases 584412 - transmission stops when tap does not consume 584679 - The kvm clock couldn't go back after stop/continue 585431 - Add log message for unhandled sense error REPORTED_LUNS_DATA_CHANGED 586482 - ATIIXP IDE driver reuses ide_lock unsafely 588015 - x86_64 host on Nehalem-EX machines will panic when installing a 4.8 GA kvm guest 588599 - Kernel BUG at fs/ext3/super.c:425 590760 - compiling a xen config produces lots of pud_present warnings 590763 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds 590864 - Unkillable processes 591548 - netback does not properly get to the Connected state after it's been Closed 591674 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.76.1p 592322 - [RHEL 5] Errors when Accessing iSCSI luns via iSER - timing out command 592908 - Memory leak when nfs shares are mounted with option "nolock" 592961 - ext3: fsync() does not flush disk caches 593040 - TCP: avoid to send keepalive probes if receiving data 593801 - [RHEL5.5] TCP bandwidth problems with TPA and bnx2x cards 593862 - [RHEL5.5] Self-test using 'ethtool -t ethX' fails with "Cannot test: Operation not supported" 594404 - [RHEL 5.5] vxge: unable to create VLAN 594546 - [Intel 5.6 Bug] CPU synchronization required when doing MTRR register update 594635 - kernel: security: testing the wrong variable in create_by_name() [rhel-5.6] 595397 - GFS2: stuck in inode wait, no glocks stuck 595548 - [Broadcom 5.6 bug] bnx2i: MTU change does not work 595862 - [Broadcom 5.6 bug] cnic: Panic in cnic_iscsi_nl_msg_recv() 596548 - dcache unused accounting problem 596626 - Create reliable implementation of cancel_(delayed)_work_sync() in RHEL5 597143 - [LSI 5.6 bug] kABI request for mptsas, mpt2sas 597334 - reg_regdb_search_lock calls kmalloc while holding spinlock 598946 - [NetApp 5.6 bug] QLogic FC firmware errors seen on RHEL 5.5 599295 - Significant MSI performance issue due to redundant interrupt masking 600387 - gfs2 kernel - Better error reporting when mounting a gfs fs without enough journals 601692 - RFE virtio balloon driver does not include extended memory statistics 601800 - NFS-over-GFS out-of-order GETATTR Reply causes corruption 602402 - bnx2x panic dumps with multiple interfaces enabled 603706 - cifs: busy file renames across directories should fail with error 603806 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.77 604044 - NFS4 breaks when server returns NFS4ERR_FILE_OPEN 604779 - Page out activity when there is no current VM load 605259 - tcp: sending reset to the already closed socket 605265 - kernel bug in cfq merge logic 605305 - need to backport 2e3219b5c8a2e44e0b83ae6e04f52f20a82ac0f2 605697 - [RHEL 5.5] 32-bit pvhvm guest on 64-bit host crash w/xm mem-set 605720 - [RHEL 5.5] nfs: fix compatibility with hpux clients 605816 - [RHEL 5.6] move Tausworthe net_random generator to lib/random32 606851 - Wrong /proc/cpuinfo for Pentium D reported on RHEL 4.8 (only x86_64) and RHEL 5.5 (both i386 and x86_64) 607443 - soft lockup inside rhel5 guest 608641 - vegas and veno possible division by zero bug 608801 - [Emulex 5.6 bug] be2iscsi: IO stalls if any SGE size=65536 609668 - kswapd hung in D state with fragmented memory and large order allocations 610234 - [5u6] Bonding in ALB mode sends ARP in loop 611938 - [RHEL5u3] System panic at sunrpc xprt_autoclose() 612212 - igb: typo in igb aer code 613134 - [QLogic 5.6 FEAT] Add P3+ AER support to qla2xxx 613187 - xen Windows 2008 guest crashes on RHEL 5.4 613667 - always print the number of triggered NMI during test at boot 613780 - [RHEL 5.5] igb driver re-order UDP packets when multi-queue is enabled 614281 - [QLogic 5.6 FEAT] Feature Updates and Bug Fixes for qlcnic 614957 - ext4: mount error path corrupts slab memory 615227 - fix oops in clusterip_seq_stop when memory allocation fails. 615229 - fix oops in dl_seq_stop when memory allocation fails. 616512 - [Emulex 5.6 feat] Update be2net to version 2.102.404r 617024 - [Broadcom 5.6 FEAT] bnx2: add AER support. 617268 - kernel crash in br_nf_pre_routing_finish 617690 - ext4 and xfs wrong data returned on read after write if file size was changed with ftruncate 618075 - RHEL5.5 boot fail with IDE controller enabled on Cobia 618114 - Kernel panic on reading from /proc/bus/pci/XX/YY while hot-removing the device. 618512 - [QLogic 5.6] kABI whitelist request for qla4xxx 619070 - 802.3ad link aggregation won't work with newer (2.6.194-8.1.el5) kernel and ixgbe driver 619112 - CIFS mount to samba3x share shows differing ownership on sequential stat() calls to same file 619361 - [NetApp 5.6 bug] SCSI ALUA handler fails to handle ALUA transitioning properly 619767 - Update cnic to 2.1.3 619814 - [Qlogic 5.6 bug] qla2xxx: Back port of upstream fixes 619917 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.80 620037 - virtio-serial - need to back port guest driver to RHEL 5 620502 - [NetApp 5.6 bug] RHEL NFS clients disconnected from NetApp NFSv4 shares with: v4 server returned a bad sequence-id error! 620508 - system crashes due to corrupt net_device_wrapper structure 621105 - backport wireless upstream 2.6.32.18 fixes 621280 - [5u5] bonding: fix a race condition in calls to slave MII ioctls 622024 - 64-bit kernel unable to oprofile 32-bit processes 622559 - libata: fix suspend/resume for ATA SEMB devices 623519 - ENOPERM when reading /proc/sys/vm/mmap_min_addr 623595 - move iscsi/iser to passthrough mode, fix functioning and failover time under DM multipath 623675 - [QLogic 5.6 feat] qla4xxx: Update driver to 5.02.03.00.05.06-d1 624598 - Win7 and Windows 2008 R2 xen guests with multiple vcpus can't restart 624710 - [QLogic 5.6 FEAT] qla4xxx: Add PCIe AER support 624862 - [rhel5.6] XFS incorrectly validates inodes 625061 - igb doesn't see link status changes on 82580 NIC 625079 - [QLogic 5.6 bug] netxen: Fix enabling VLAN TSO/LSO 625084 - [QLogic 5.6 bug] qlcnic: Fix netdev features and other fixes 625688 - CVE-2010-4243 kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads 625841 - lpfc ioctl crash in lpfc_nlp_put() 625902 - [Xen] backport NMI injection for HVM guests 625903 - [Xen] backport hardware task switching for HVM guests 626018 - Allow using crc32c hardware accelerated engine on Intel Nehalem processor 626566 - IPR driver needs fixes to support the new Cubic-R adapter 626963 - AIO uses igrab in the submission path, which causes undue lock contention 627612 - [QLogic 5.6 BUG] qla2xxx: Correctly displaying the link state for disconnected port. 627836 - retry rather than fastfail DID_REQUEUE scsi errors with dm-multipath 627974 - Scheduling while atomic when removing slave tg3 interface from bonding 628828 - Fix hot-unplug handling of virtio-console ports 628831 - Enable NAPI for forcedeth driver 629081 - Bug 466441 reintroduced in kernel 2.6.18-194.el5 629176 - kernel: Problem with execve(2) reintroduced [rhel-5.6] 629457 - vlan: control vlan device TSO status with ethtool 629626 - groups_search() cannot handle large gid correctly 629634 - add pr_*(), netdev_*(), netif_*() printk helper macros 629638 - kernel panic in devinet_sysctl_forward when changing the /proc/sys/net/ipv4/conf/eth*/forwarding 629761 - [RHEL 5.5] e100/e1000*/igb*/ixgb*: Add missing read memory barrier 629773 - HVM guest w/ UP and PV driver hangs after live migration or suspend/resume 630124 - Detect and recover from cxgb3 adapter parity errors 630129 - [RHEL5 IA64 XEN] netfront driver: alloc_dev: Private data too big. 630563 - kernel: additional stack guard patches [rhel-5.6] 630680 - [Emulex 5.6 feat] Update be2net to version 2.102.453r 631963 - [Broadcom 5.6 bug] tg3: 5717 / 57765 / 5719 devices leak memory 632057 - [Broadcom 5.6 bug] bnx2: Remove some unnecessary smp_mb() in tx fast path 633149 - CVE-2010-3296 kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory 633388 - sfc: creates too many queues 634320 - [Broadcom 5.6 feat] tg3: Re-enable 5717 B0 support 634325 - [Broadcom 5.6 bug] tg3: Incorrect FW version displayed and FW handshake update 635027 - [RHEL5.6] Verify that driver version strings for updated network drivers 635782 - Add dirty_background_bytes and dirty_bytes sysctls to RHEL 5 636020 - PATCH: virtio_console: Fix poll blocking even though there is data to read 636046 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash) 636053 - read from virtio-serial returns if the host side is not connect to pipe 636100 - TPM driver is not enabled in kernel-xen 636760 - TPM driver complains about IRQ mismatches 637194 - [Qlogic 5.6 bug] qlcnic: fix kernel NULL pointer dereference __qlcnic_shutdown+0xe/0x8a 637764 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover 637826 - belkin usb nic card fails - module catc.ko 638082 - Backport HVMOP_get_time hypercall 639028 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.85 640026 - bnx2 adapter periodically dropping received packets 640586 - sata_sil24 - add support for Adaptec 1225SA RAID eSATA controller 641086 - mpt2sas driver update causes boot failure with Dell PERC H200 SAS HBA 641193 - [NetApp 5.6 bug] regression: allow offlined devs to be set to running 643080 - tasks blocked after putting Nehalem CPU offline 643165 - GFS2: BUG_ON kernel panic in gfs2_glock_hold on 2.6.18-226 643254 - [QLogic 5.6 bug] kdump: netxen_nic doesn't work in network dumping 643426 - Stack size mapping is decreased through mlock/munlock call 643707 - [kdump] soft lockup occurs when nmi watchdog lockup is being triggered 644129 - Kernel build from source leaves kabideps file droppings in _tmppath 644136 - [QLogic 5.6 bug] qla2xxx: Fix incorrect test for zero 644438 - bnx2: Out of order arrival of UDP packets in application 644726 - panic in find_ge_pid() due to race between lseek() and readdir() on /proc 644735 - writing to a virtio serial port while no one is listening on the host side hangs the guest 644863 - [NetApp 5.6 bug] qla2xxx: Kernel panic on qla24xx_queuecommand 644879 - RHEL5.6 Include DL580 G7 in bfsort whitelist 645284 - modprobe igb max_vfs>7(Max support is 7) leads to host reboot in loop 645881 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.86 646708 - regression: bnx2i driver returns garbage in host param callout and could oops 647259 - [Emulex 5.6 bug] Update be2net to version 2.102.512r 647297 - Direct IO write to a file on an nfs mount does not work 648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory 648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory 648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory 648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory 648670 - CVE-2010-4081 kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory 649489 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.87 649717 - CVE-2010-3877 kernel: net/tipc/socket.c: reading uninitialized stack memory 651287 - [Broadcom 5.6 bug] cnic: Panic in uio_release() 651698 - CVE-2010-4158 kernel: socket filters infoleak 651869 - probe-remove loop of i7core_edac module causes oops 652165 - ALSA: fix sysfs related issues (modules cannot be reloaded) and mutex problem in OSS mixer emulation 652279 - [5.6 FEAT] POWER7 added to Aux Vextor 653250 - kernel: restrict unprivileged access to kernel syslog [rhel-5.6] 653262 - [5.6 Regression] network is lost after balloon-up fails 653501 - netback tries to balloon up even if front-end doesn't do flipping 653991 - [Broadcom 5.6 bug] bnx2i: add upstream bug fixes to 2.6.2.2 654420 - [QLogic 5.6 bug] qlge: Update driver to 1.0.0.27 654948 - RHEL5.6 : 10Gb network card (AD144 &AD385)will be missing in installation and can not be drived in system 655119 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.87.1p 655623 - CVE-2010-4238 kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV 656008 - [Qlogic 5.6 bug] qlcnic: Fix kdump issues 657097 - [Broadcom 5.6 bug] tg3: Fix 5719 bugs 658155 - CVE-2010-4255 xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area 658434 - forcedeth driver panics while booting debug kernel 658801 - [REG][5.6] igb never counts up the number of tx packets 659571 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6] 660188 - CVE-2010-4263 kernel: igb panics when receiving tag vlan packet 660506 - [Broadcom 5.6 bug] tg3: Increase tx jumbo bd flag threshold 660580 - [REG][5.6] kernel panic occurs by writing a file on optional mount "sync/noac" of NFSv4. 661182 - CVE-2010-4343 kernel: bfa driver sysfs crash 661393 - [IPv6] a specific route is ignored if the default gateway is reachable 663509 - [Broadcom 5.6 bug] bnx2: calling pci_map_page() twice in tx path 663853 - [REG][5.6] kernel panic occurs by reading an empty file on optional mount "sync/noac" of NFSv4. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.el5.src.rpm i386: kernel-2.6.18-238.el5.i686.rpm kernel-PAE-2.6.18-238.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.el5.i686.rpm kernel-PAE-devel-2.6.18-238.el5.i686.rpm kernel-debug-2.6.18-238.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.el5.i686.rpm kernel-debug-devel-2.6.18-238.el5.i686.rpm kernel-debuginfo-2.6.18-238.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.el5.i686.rpm kernel-devel-2.6.18-238.el5.i686.rpm kernel-headers-2.6.18-238.el5.i386.rpm kernel-xen-2.6.18-238.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.el5.i686.rpm kernel-xen-devel-2.6.18-238.el5.i686.rpm noarch: kernel-doc-2.6.18-238.el5.noarch.rpm x86_64: kernel-2.6.18-238.el5.x86_64.rpm kernel-debug-2.6.18-238.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.el5.x86_64.rpm kernel-devel-2.6.18-238.el5.x86_64.rpm kernel-headers-2.6.18-238.el5.x86_64.rpm kernel-xen-2.6.18-238.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.el5.src.rpm i386: kernel-2.6.18-238.el5.i686.rpm kernel-PAE-2.6.18-238.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.el5.i686.rpm kernel-PAE-devel-2.6.18-238.el5.i686.rpm kernel-debug-2.6.18-238.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.el5.i686.rpm kernel-debug-devel-2.6.18-238.el5.i686.rpm kernel-debuginfo-2.6.18-238.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.el5.i686.rpm kernel-devel-2.6.18-238.el5.i686.rpm kernel-headers-2.6.18-238.el5.i386.rpm kernel-xen-2.6.18-238.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.el5.i686.rpm kernel-xen-devel-2.6.18-238.el5.i686.rpm ia64: kernel-2.6.18-238.el5.ia64.rpm kernel-debug-2.6.18-238.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.el5.ia64.rpm kernel-debug-devel-2.6.18-238.el5.ia64.rpm kernel-debuginfo-2.6.18-238.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.el5.ia64.rpm kernel-devel-2.6.18-238.el5.ia64.rpm kernel-headers-2.6.18-238.el5.ia64.rpm kernel-xen-2.6.18-238.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.el5.ia64.rpm kernel-xen-devel-2.6.18-238.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.el5.noarch.rpm ppc: kernel-2.6.18-238.el5.ppc64.rpm kernel-debug-2.6.18-238.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.el5.ppc64.rpm kernel-devel-2.6.18-238.el5.ppc64.rpm kernel-headers-2.6.18-238.el5.ppc.rpm kernel-headers-2.6.18-238.el5.ppc64.rpm kernel-kdump-2.6.18-238.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.el5.ppc64.rpm s390x: kernel-2.6.18-238.el5.s390x.rpm kernel-debug-2.6.18-238.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.el5.s390x.rpm kernel-debug-devel-2.6.18-238.el5.s390x.rpm kernel-debuginfo-2.6.18-238.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.el5.s390x.rpm kernel-devel-2.6.18-238.el5.s390x.rpm kernel-headers-2.6.18-238.el5.s390x.rpm kernel-kdump-2.6.18-238.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.el5.s390x.rpm x86_64: kernel-2.6.18-238.el5.x86_64.rpm kernel-debug-2.6.18-238.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.el5.x86_64.rpm kernel-devel-2.6.18-238.el5.x86_64.rpm kernel-headers-2.6.18-238.el5.x86_64.rpm kernel-xen-2.6.18-238.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3296.html https://www.redhat.com/security/data/cve/CVE-2010-3877.html https://www.redhat.com/security/data/cve/CVE-2010-4072.html https://www.redhat.com/security/data/cve/CVE-2010-4073.html https://www.redhat.com/security/data/cve/CVE-2010-4075.html https://www.redhat.com/security/data/cve/CVE-2010-4080.html https://www.redhat.com/security/data/cve/CVE-2010-4081.html https://www.redhat.com/security/data/cve/CVE-2010-4158.html https://www.redhat.com/security/data/cve/CVE-2010-4238.html https://www.redhat.com/security/data/cve/CVE-2010-4243.html https://www.redhat.com/security/data/cve/CVE-2010-4255.html https://www.redhat.com/security/data/cve/CVE-2010-4263.html https://www.redhat.com/security/data/cve/CVE-2010-4343.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLuDbXlSAg2UNWIIRAogXAKCze/kNJTtMpZJZVaYhLa3cjGxO6gCeM7fv cQhz67MCWO2abHpOkxw/xCI= =Kl9y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 11:24:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 11:24:56 +0000 Subject: [RHSA-2011:0025-01] Low: gcc security and bug fix update Message-ID: <201101131124.p0DBOv1W018465@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: gcc security and bug fix update Advisory ID: RHSA-2011:0025-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0025.html Issue date: 2011-01-13 CVE Names: CVE-2010-0831 CVE-2010-2322 ===================================================================== 1. Summary: Updated gcc packages that fix two security issues and several compiler bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries. The libgcj package provides fastjar, an archive tool for Java Archive (JAR) files. Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322) This update also fixes the following bugs: * The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659) * An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682) * Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510) * PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service. (BZ#578382) * GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM. (BZ#596097) * When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything. (BZ#605803) * There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708) All gcc users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 503565 - libtorrent-rasterbar won't compile, internal compiler error: in make_rtl_for_nonlocal_decl 508735 - internal gcc error 527510 - Internal compiler error from gcc 529659 - Option -print-multi-os-directory is not described in man page gcc(1) 578382 - PrintServiceLookup.lookupPrintServices(DocFlavor.SERVICE_FORMATTED.PAGEABLE, null) in a simple test java program fails to list printers when run with gcj - Any conventional JRE seems to work that I have tested 582682 - internal compiler error: in make_rtl_for_nonlocal_decl 594497 - CVE-2010-0831 CVE-2010-2322 fastjar: directory traversal vulnerabilities 596097 - gcc doesn't build against xulrunner-devel-1.9.2 605803 - gcc gets an internal compiler error when compiling a kernel module 635708 - Huge performance problem with libstdc++ and multithread applications 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gcc-4.1.2-50.el5.src.rpm i386: cpp-4.1.2-50.el5.i386.rpm gcc-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.i386.rpm x86_64: cpp-4.1.2-50.el5.x86_64.rpm gcc-4.1.2-50.el5.x86_64.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.x86_64.rpm libgcc-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.x86_64.rpm libgcj-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.x86_64.rpm libgfortran-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.x86_64.rpm libgnat-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.x86_64.rpm libmudflap-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.x86_64.rpm libobjc-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.x86_64.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gcc-4.1.2-50.el5.src.rpm i386: gcc-c++-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-gfortran-4.1.2-50.el5.i386.rpm gcc-gnat-4.1.2-50.el5.i386.rpm gcc-java-4.1.2-50.el5.i386.rpm gcc-objc++-4.1.2-50.el5.i386.rpm gcc-objc-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-src-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm x86_64: gcc-c++-4.1.2-50.el5.x86_64.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.x86_64.rpm gcc-gfortran-4.1.2-50.el5.x86_64.rpm gcc-gnat-4.1.2-50.el5.x86_64.rpm gcc-java-4.1.2-50.el5.x86_64.rpm gcc-objc++-4.1.2-50.el5.x86_64.rpm gcc-objc-4.1.2-50.el5.x86_64.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.x86_64.rpm libgcj-src-4.1.2-50.el5.x86_64.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.x86_64.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gcc-4.1.2-50.el5.src.rpm i386: cpp-4.1.2-50.el5.i386.rpm gcc-4.1.2-50.el5.i386.rpm gcc-c++-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-gfortran-4.1.2-50.el5.i386.rpm gcc-gnat-4.1.2-50.el5.i386.rpm gcc-java-4.1.2-50.el5.i386.rpm gcc-objc++-4.1.2-50.el5.i386.rpm gcc-objc-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-src-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm ia64: cpp-4.1.2-50.el5.ia64.rpm gcc-4.1.2-50.el5.ia64.rpm gcc-c++-4.1.2-50.el5.ia64.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.ia64.rpm gcc-gfortran-4.1.2-50.el5.ia64.rpm gcc-gnat-4.1.2-50.el5.ia64.rpm gcc-java-4.1.2-50.el5.ia64.rpm gcc-objc++-4.1.2-50.el5.ia64.rpm gcc-objc-4.1.2-50.el5.ia64.rpm libgcc-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.ia64.rpm libgcj-4.1.2-50.el5.ia64.rpm libgcj-devel-4.1.2-50.el5.ia64.rpm libgcj-src-4.1.2-50.el5.ia64.rpm libgfortran-4.1.2-50.el5.ia64.rpm libgnat-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.ia64.rpm libmudflap-4.1.2-50.el5.ia64.rpm libmudflap-devel-4.1.2-50.el5.ia64.rpm libobjc-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.ia64.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.ia64.rpm libstdc++-devel-4.1.2-50.el5.ia64.rpm ppc: cpp-4.1.2-50.el5.ppc.rpm gcc-4.1.2-50.el5.ppc.rpm gcc-c++-4.1.2-50.el5.ppc.rpm gcc-debuginfo-4.1.2-50.el5.ppc.rpm gcc-debuginfo-4.1.2-50.el5.ppc64.rpm gcc-gfortran-4.1.2-50.el5.ppc.rpm gcc-java-4.1.2-50.el5.ppc.rpm gcc-objc++-4.1.2-50.el5.ppc.rpm gcc-objc-4.1.2-50.el5.ppc.rpm libgcc-4.1.2-50.el5.ppc.rpm libgcc-4.1.2-50.el5.ppc64.rpm libgcj-4.1.2-50.el5.ppc.rpm libgcj-4.1.2-50.el5.ppc64.rpm libgcj-devel-4.1.2-50.el5.ppc.rpm libgcj-devel-4.1.2-50.el5.ppc64.rpm libgcj-src-4.1.2-50.el5.ppc.rpm libgfortran-4.1.2-50.el5.ppc.rpm libgfortran-4.1.2-50.el5.ppc64.rpm libmudflap-4.1.2-50.el5.ppc.rpm libmudflap-4.1.2-50.el5.ppc64.rpm libmudflap-devel-4.1.2-50.el5.ppc.rpm libmudflap-devel-4.1.2-50.el5.ppc64.rpm libobjc-4.1.2-50.el5.ppc.rpm libobjc-4.1.2-50.el5.ppc64.rpm libstdc++-4.1.2-50.el5.ppc.rpm libstdc++-4.1.2-50.el5.ppc64.rpm libstdc++-devel-4.1.2-50.el5.ppc.rpm libstdc++-devel-4.1.2-50.el5.ppc64.rpm s390x: cpp-4.1.2-50.el5.s390x.rpm gcc-4.1.2-50.el5.s390x.rpm gcc-c++-4.1.2-50.el5.s390x.rpm gcc-debuginfo-4.1.2-50.el5.s390.rpm gcc-debuginfo-4.1.2-50.el5.s390x.rpm gcc-gfortran-4.1.2-50.el5.s390x.rpm gcc-java-4.1.2-50.el5.s390x.rpm gcc-objc++-4.1.2-50.el5.s390x.rpm gcc-objc-4.1.2-50.el5.s390x.rpm libgcc-4.1.2-50.el5.s390.rpm libgcc-4.1.2-50.el5.s390x.rpm libgcj-4.1.2-50.el5.s390.rpm libgcj-4.1.2-50.el5.s390x.rpm libgcj-devel-4.1.2-50.el5.s390.rpm libgcj-devel-4.1.2-50.el5.s390x.rpm libgcj-src-4.1.2-50.el5.s390x.rpm libgfortran-4.1.2-50.el5.s390.rpm libgfortran-4.1.2-50.el5.s390x.rpm libmudflap-4.1.2-50.el5.s390.rpm libmudflap-4.1.2-50.el5.s390x.rpm libmudflap-devel-4.1.2-50.el5.s390.rpm libmudflap-devel-4.1.2-50.el5.s390x.rpm libobjc-4.1.2-50.el5.s390.rpm libobjc-4.1.2-50.el5.s390x.rpm libstdc++-4.1.2-50.el5.s390.rpm libstdc++-4.1.2-50.el5.s390x.rpm libstdc++-devel-4.1.2-50.el5.s390.rpm libstdc++-devel-4.1.2-50.el5.s390x.rpm x86_64: cpp-4.1.2-50.el5.x86_64.rpm gcc-4.1.2-50.el5.x86_64.rpm gcc-c++-4.1.2-50.el5.x86_64.rpm gcc-debuginfo-4.1.2-50.el5.i386.rpm gcc-debuginfo-4.1.2-50.el5.x86_64.rpm gcc-gfortran-4.1.2-50.el5.x86_64.rpm gcc-gnat-4.1.2-50.el5.x86_64.rpm gcc-java-4.1.2-50.el5.x86_64.rpm gcc-objc++-4.1.2-50.el5.x86_64.rpm gcc-objc-4.1.2-50.el5.x86_64.rpm libgcc-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.x86_64.rpm libgcj-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.x86_64.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.x86_64.rpm libgcj-src-4.1.2-50.el5.x86_64.rpm libgfortran-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.x86_64.rpm libgnat-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.x86_64.rpm libmudflap-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.x86_64.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.x86_64.rpm libobjc-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.x86_64.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.x86_64.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-0831.html https://www.redhat.com/security/data/cve/CVE-2010-2322.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLuECXlSAg2UNWIIRAuMeAKCqukEJPNB03goL4dQwWAoraCwLbACfYuzW KG8veFn1SuGfbJ5DIKqj7+I= =3oBt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 11:25:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 11:25:25 +0000 Subject: [RHSA-2011:0027-01] Low: python security, bug fix, and enhancement update Message-ID: <201101131125.p0DBPPB7024896@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python security, bug fix, and enhancement update Advisory ID: RHSA-2011:0027-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0027.html Issue date: 2011-01-13 CVE Names: CVE-2008-5983 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path. (CVE-2008-5983) Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) This update also fixes the following bugs: * When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017) * Prior to Python 2.7, programs that used "ulimit -n" to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception: ValueError: filedescriptor out of range in select() This was due to the subprocess module using the "select" system call. The module now uses the "poll" system call, removing this limitation. (BZ#609020) * Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401) * The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue. (BZ#644147) * Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The memory usage of a long-running Python process would resemble a "high-water mark". This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093) * The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as "yum" erroneously accessing a proxy server for URLs covered by a "no_proxy" exclusion. This update backports fixes of urllib and urllib2, which respect the "no_proxy" variable, which fixes these issues. (BZ#549372) As well, this update adds the following enhancements: * This update introduces a new python-libs package, subsuming the majority of the content of the core python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems. (BZ#625372) * The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility mode. (BZ#644761) All Python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 482814 - CVE-2008-5983 python: untrusted python modules search path 541698 - CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues 569093 - Python 2.4's arena allocator does not release memory back to the system, leading to "high-water mark" memory usage 590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks 598197 - CVE-2010-2089 Python: Memory corruption in audioop module 609017 - subprocess leaves open fds on construction error 609020 - subprocess fails in select when descriptors are large 625372 - split python-libs subpackage 644147 - Patch for get_filename in email.message when content-disposition is missing 644761 - python-libs conflict on ia64 compatlayer 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-43.el5.src.rpm i386: python-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.i386.rpm python-tools-2.4.3-43.el5.i386.rpm tkinter-2.4.3-43.el5.i386.rpm x86_64: python-2.4.3-43.el5.x86_64.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-libs-2.4.3-43.el5.x86_64.rpm python-tools-2.4.3-43.el5.x86_64.rpm tkinter-2.4.3-43.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-43.el5.src.rpm i386: python-debuginfo-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.i386.rpm x86_64: python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-devel-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/python-2.4.3-43.el5.src.rpm i386: python-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.i386.rpm python-tools-2.4.3-43.el5.i386.rpm tkinter-2.4.3-43.el5.i386.rpm ia64: python-2.4.3-43.el5.ia64.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.ia64.rpm python-devel-2.4.3-43.el5.ia64.rpm python-libs-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.ia64.rpm python-tools-2.4.3-43.el5.ia64.rpm tkinter-2.4.3-43.el5.ia64.rpm ppc: python-2.4.3-43.el5.ppc.rpm python-debuginfo-2.4.3-43.el5.ppc.rpm python-debuginfo-2.4.3-43.el5.ppc64.rpm python-devel-2.4.3-43.el5.ppc.rpm python-devel-2.4.3-43.el5.ppc64.rpm python-libs-2.4.3-43.el5.ppc.rpm python-libs-2.4.3-43.el5.ppc64.rpm python-tools-2.4.3-43.el5.ppc.rpm tkinter-2.4.3-43.el5.ppc.rpm s390x: python-2.4.3-43.el5.s390x.rpm python-debuginfo-2.4.3-43.el5.s390.rpm python-debuginfo-2.4.3-43.el5.s390x.rpm python-devel-2.4.3-43.el5.s390.rpm python-devel-2.4.3-43.el5.s390x.rpm python-libs-2.4.3-43.el5.s390x.rpm python-tools-2.4.3-43.el5.s390x.rpm tkinter-2.4.3-43.el5.s390x.rpm x86_64: python-2.4.3-43.el5.x86_64.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-devel-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.x86_64.rpm python-libs-2.4.3-43.el5.x86_64.rpm python-tools-2.4.3-43.el5.x86_64.rpm tkinter-2.4.3-43.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-5983.html https://www.redhat.com/security/data/cve/CVE-2009-4134.html https://www.redhat.com/security/data/cve/CVE-2010-1449.html https://www.redhat.com/security/data/cve/CVE-2010-1450.html https://www.redhat.com/security/data/cve/CVE-2010-1634.html https://www.redhat.com/security/data/cve/CVE-2010-2089.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLuEeXlSAg2UNWIIRAnsvAJ4u14+FXfrlN6U+GhB+QE9j4u/ljgCfdfMY GImamCsc46O7oiqsjceWlkc= =iAA8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 11:26:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 11:26:05 +0000 Subject: [RHSA-2011:0028-01] Low: kvm security and bug fix update Message-ID: <201101131126.p0DBQ5Jk026672@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kvm security and bug fix update Advisory ID: RHSA-2011:0028-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0028.html Issue date: 2011-01-13 CVE Names: CVE-2010-4525 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-4525) Red Hat would like to thank Stephan Mueller of atsec information security for reporting this issue. These updated packages also fix several bugs. Documentation for these bug fixes will be available shortly in the "kvm" section of the Red Hat Enterprise Linux 5.6 Technical Notes, linked to in the References. All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 503118 - kvm doesn't run with older libgcrypt, but doesn't have a RPM dependency for it 510630 - -drive arg has no way to request a read only disk 513765 - Large guest ( 256G RAM + 16 vcpu ) hang during live migration 514578 - kvm-qemu-img subpackage has dependency on qspice-libs 517565 - build KVM modules for kernel-debug too 517814 - Caps Lock the key's appearance of guest is not synchronous as host's --view kvm with vnc 520572 - SR-IOV -- Guest exit and host hang on if boot VM with 8 VFs assigned 521247 - emulated pcnet nic in qemu-kvm has wrong PCI subsystem ID for Windows XP driver 533078 - use native smp_call_function_many/single functions 539642 - use native pci_get_bus_and_slot function 542954 - Guest suffers kernel panic when save snapshot then restart guest 555727 - Time drift in win2k3-64bit and win2k8-64bit smp guest 569743 - Change vnc password caused 'Segmentation fault' 572825 - qcow2 image corruption when using cache=writeback 574621 - Linux pvmmu guests (FC11, FC12, etc) crash on boot on AMD hosts with NPT disabled 575585 - memory reported as used (by SwapCache and by Cache) though no process holds it. 580410 - Failed to install kvm for failed dependencies: ksym 580637 - Incorrect russian vnc keymap 582038 - backport EPT accessed bit emulation 583947 - Guest aborted when make guest stop on write error 587604 - Qcow2 snapshot got corruption after commit using block device 587605 - Failed to re-base qcow2 snapshot 588251 - kvm spinning updating a guest pte, unkillable 588878 - Rebooting a kernel with kvmclock enabled, into a kernel with kvmclock disabled, causes random crashes 589017 - [rhel5.5] [kvm] dead lock in qemu during off-line migration 592021 - race condition in pvclock wallclock calculation 598042 - virtio-blk: Avoid zeroing every request structure 598488 - qcow2 corruption bug in refcount table growth 601494 - qemu-io: No permission to write image 603026 - CPU save version is now 9, but the format is _very_ different from non-RHEL5 version 9 605701 - Backport qcow2 fixes to RHEL 5 606238 - Virtio: Transfer file caused guest in same vlan abnormally quit 606394 - [kvm] debug-info missing from kvm-qemu-img-83-164.el5_5.12 606434 - [kvm] segmentation fault when running qemu-img check on faulty image 606651 - [kvm] qemu image check returns cluster errors when using virtIO block (thinly provisioned) during e_no_space events (along with EIO errors) 606953 - fork causes trouble for vcpu threads 611982 - Monitor doesn't check for 'change' command failure 619268 - rmmod kvm modules cause host kernel panic 627343 - husb: ctrl buffer too small error received for passthrough usb device, fixed upstream 629333 - fix build against kernel-devel-2.6.18-214.el5.x86_64: (cancel_work_sync() conflict) 629334 - use native cancel_work_sync() function 632707 - fix kvm build warnings and enable -Werror 637267 - spec file changes for kmod + kernel-devel build 640949 - Can not commit copy-on-write image's data to raw backing-image 641823 - kmod-kvm has unresolved deps 643272 - unresolved deps in kmod-kvm-debug-83-205.el5 643317 - "sendkey ctrl-alt-delete" don't work via VNC 645798 - Add drive readonly option to help output 648328 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS 651715 - qemu-kvm aborted when installing the driver for the newly hotplugged rtl8139 nic 655990 - clock drift when migrating a guest between mis-matched CPU clock speed 665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-224.el5.src.rpm x86_64: kmod-kvm-83-224.el5.x86_64.rpm kmod-kvm-debug-83-224.el5.x86_64.rpm kvm-83-224.el5.x86_64.rpm kvm-debuginfo-83-224.el5.x86_64.rpm kvm-qemu-img-83-224.el5.x86_64.rpm kvm-tools-83-224.el5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-224.el5.src.rpm x86_64: kmod-kvm-83-224.el5.x86_64.rpm kmod-kvm-debug-83-224.el5.x86_64.rpm kvm-83-224.el5.x86_64.rpm kvm-debuginfo-83-224.el5.x86_64.rpm kvm-qemu-img-83-224.el5.x86_64.rpm kvm-tools-83-224.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4525.html https://access.redhat.com/security/updates/classification/#low http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLuE2XlSAg2UNWIIRAsn7AJ40IjFUF7iIDbPr7wZilUv/MPpT7ACfS7bS MJ8++Td0AJnXtJ2j+YvV4co= =iTwY -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 13:26:46 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 13:26:46 +0000 Subject: [RHSA-2011:0143-01] Low: Red Hat Enterprise Linux Extended Update Support 5.3 - End Of Life Message-ID: <201101131326.p0DDQkfI001068@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 5.3 - End Of Life Advisory ID: RHSA-2011:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0143.html Issue date: 2011-01-13 ===================================================================== 1. Summary: This is the End Of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 5.3. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 5 Update 3 has ended. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.3. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux (v. 5.3.z server): Source: redhat-release-5Server-5.3.0.4.src.rpm i386: redhat-release-5Server-5.3.0.4.i386.rpm redhat-release-debuginfo-5Server-5.3.0.4.i386.rpm ia64: redhat-release-5Server-5.3.0.4.ia64.rpm redhat-release-debuginfo-5Server-5.3.0.4.ia64.rpm ppc: redhat-release-5Server-5.3.0.4.ppc.rpm redhat-release-debuginfo-5Server-5.3.0.4.ppc.rpm s390x: redhat-release-5Server-5.3.0.4.s390x.rpm redhat-release-debuginfo-5Server-5.3.0.4.s390x.rpm x86_64: redhat-release-5Server-5.3.0.4.x86_64.rpm redhat-release-debuginfo-5Server-5.3.0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLv1FXlSAg2UNWIIRAqHRAJ9xh59dyT+UI0OoR7qWipCXcQe1wgCdEWwB MVGOJn2+CTyjfnv5YX+OGFQ= =ca4p -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 13 13:45:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Jan 2011 13:45:56 +0000 Subject: [RHSA-2011:0144-01] Low: Red Hat Enterprise Linux Extended Update Support 5.4 6-Month EOL Notice Message-ID: <201101131345.p0DDjuqQ005442@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 5.4 6-Month EOL Notice Advisory ID: RHSA-2011:0144-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0144.html Issue date: 2011-01-13 ===================================================================== 1. Summary: This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 5.4. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 5 Update 4 will end on July 12, 2011. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.4. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux (v. 5.4.z server): Source: redhat-release-5Server-5.4.0.5.src.rpm i386: redhat-release-5Server-5.4.0.5.i386.rpm ia64: redhat-release-5Server-5.4.0.5.ia64.rpm ppc: redhat-release-5Server-5.4.0.5.ppc.rpm s390x: redhat-release-5Server-5.4.0.5.s390x.rpm x86_64: redhat-release-5Server-5.4.0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLwIIXlSAg2UNWIIRAqXhAJ93xxrIvp4lhFe7S2fqGkn3NuGiswCbBwpb wo7SAJdBdvp74tSWMJ8KEcs= =SXYV -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 17 18:37:06 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Jan 2011 13:37:06 -0500 Subject: [RHSA-2011:0152-01] Moderate: java-1.4.2-ibm security update Message-ID: <201101171837.p0HIbTLq003176@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-ibm security update Advisory ID: RHSA-2011:0152-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0152.html Issue date: 2011-01-17 CVE Names: CVE-2010-1321 CVE-2010-3574 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-1321, CVE-2010-3574) Note: The RHSA-2010:0935 java-1.4.2-ibm update did not, unlike the erratum text stated, provide fixes for the above issues. All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.3.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.3.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.3.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.2.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.8-1jpp.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html https://access.redhat.com/security/updates/classification/#moderate http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNIwHXlSAg2UNWIIRAiopAJ46+/p/esp2WIUAmHlfP5RJ6qRwlQCbBq6j 2TH0RnIsByDXnTvEskt7c7U= =V0pu -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 17 18:40:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Jan 2011 13:40:21 -0500 Subject: [RHSA-2011:0153-01] Moderate: exim security update Message-ID: <201101171840.p0HIej9i028242@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: exim security update Advisory ID: RHSA-2011:0153-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0153.html Issue date: 2011-01-17 CVE Names: CVE-2010-4345 ===================================================================== 1. Summary: Updated exim packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as the root user. (CVE-2010-4345) This update adds a new configuration file, "/etc/exim/trusted-configs". To prevent Exim from running arbitrary commands as root, Exim will now drop privileges when run with a configuration file not listed as trusted. This could break backwards compatibility with some Exim configurations, as the trusted-configs file only trusts "/etc/exim/exim.conf" and "/etc/exim/exim4.conf" by default. If you are using a configuration file not listed in the new trusted-configs file, you will need to add it manually. Additionally, Exim will no longer allow a user to execute exim as root with the -D command line option to override macro definitions. All macro definitions that require root permissions must now reside in a trusted configuration file. Users of Exim are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the exim daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 662012 - CVE-2010-4345 exim privilege escalation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.3.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.ia64.rpm ppc: exim-4.43-1.RHEL4.5.el4_8.3.ppc.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.ppc.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.ppc.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.ppc.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.ppc.rpm s390: exim-4.43-1.RHEL4.5.el4_8.3.s390.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.s390.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.s390.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.s390.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.s390.rpm s390x: exim-4.43-1.RHEL4.5.el4_8.3.s390x.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.s390x.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.s390x.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.s390x.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.s390x.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.3.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.3.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.ia64.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/exim-4.43-1.RHEL4.5.el4_8.3.src.rpm i386: exim-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.i386.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.i386.rpm ia64: exim-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.ia64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.ia64.rpm x86_64: exim-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-debuginfo-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-doc-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-mon-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm exim-sa-4.43-1.RHEL4.5.el4_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/exim-4.63-5.el5_6.2.src.rpm i386: exim-4.63-5.el5_6.2.i386.rpm exim-debuginfo-4.63-5.el5_6.2.i386.rpm exim-mon-4.63-5.el5_6.2.i386.rpm exim-sa-4.63-5.el5_6.2.i386.rpm x86_64: exim-4.63-5.el5_6.2.x86_64.rpm exim-debuginfo-4.63-5.el5_6.2.x86_64.rpm exim-mon-4.63-5.el5_6.2.x86_64.rpm exim-sa-4.63-5.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/exim-4.63-5.el5_6.2.src.rpm i386: exim-4.63-5.el5_6.2.i386.rpm exim-debuginfo-4.63-5.el5_6.2.i386.rpm exim-mon-4.63-5.el5_6.2.i386.rpm exim-sa-4.63-5.el5_6.2.i386.rpm ia64: exim-4.63-5.el5_6.2.ia64.rpm exim-debuginfo-4.63-5.el5_6.2.ia64.rpm exim-mon-4.63-5.el5_6.2.ia64.rpm exim-sa-4.63-5.el5_6.2.ia64.rpm ppc: exim-4.63-5.el5_6.2.ppc.rpm exim-debuginfo-4.63-5.el5_6.2.ppc.rpm exim-mon-4.63-5.el5_6.2.ppc.rpm exim-sa-4.63-5.el5_6.2.ppc.rpm s390x: exim-4.63-5.el5_6.2.s390x.rpm exim-debuginfo-4.63-5.el5_6.2.s390x.rpm exim-mon-4.63-5.el5_6.2.s390x.rpm exim-sa-4.63-5.el5_6.2.s390x.rpm x86_64: exim-4.63-5.el5_6.2.x86_64.rpm exim-debuginfo-4.63-5.el5_6.2.x86_64.rpm exim-mon-4.63-5.el5_6.2.x86_64.rpm exim-sa-4.63-5.el5_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4345.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNIzyXlSAg2UNWIIRAsu1AJwMszLDkFQwpwa/yL4LtJ2Wyt5tgwCgtcNK lKnIVz/svffRBXU4Ydae2/I= =eyjY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 17 18:43:33 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Jan 2011 13:43:33 -0500 Subject: [RHSA-2011:0154-01] Moderate: hplip security update Message-ID: <201101171843.p0HIhvaP006126@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: hplip security update Advisory ID: RHSA-2011:0154-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0154.html Issue date: 2011-01-17 CVE Names: CVE-2010-4267 ===================================================================== 1. Summary: Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them. (CVE-2010-4267) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 662740 - CVE-2010-4267 hplip: remote stack overflow vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-6.el5_6.1.src.rpm i386: hpijs-1.6.7-6.el5_6.1.i386.rpm hplip-1.6.7-6.el5_6.1.i386.rpm hplip-debuginfo-1.6.7-6.el5_6.1.i386.rpm libsane-hpaio-1.6.7-6.el5_6.1.i386.rpm x86_64: hpijs-1.6.7-6.el5_6.1.x86_64.rpm hplip-1.6.7-6.el5_6.1.x86_64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.x86_64.rpm libsane-hpaio-1.6.7-6.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-6.el5_6.1.src.rpm i386: hpijs-1.6.7-6.el5_6.1.i386.rpm hplip-1.6.7-6.el5_6.1.i386.rpm hplip-debuginfo-1.6.7-6.el5_6.1.i386.rpm libsane-hpaio-1.6.7-6.el5_6.1.i386.rpm ia64: hpijs-1.6.7-6.el5_6.1.ia64.rpm hplip-1.6.7-6.el5_6.1.ia64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.ia64.rpm libsane-hpaio-1.6.7-6.el5_6.1.ia64.rpm ppc: hpijs-1.6.7-6.el5_6.1.ppc.rpm hplip-1.6.7-6.el5_6.1.ppc.rpm hplip-debuginfo-1.6.7-6.el5_6.1.ppc.rpm libsane-hpaio-1.6.7-6.el5_6.1.ppc.rpm x86_64: hpijs-1.6.7-6.el5_6.1.x86_64.rpm hplip-1.6.7-6.el5_6.1.x86_64.rpm hplip-debuginfo-1.6.7-6.el5_6.1.x86_64.rpm libsane-hpaio-1.6.7-6.el5_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/hplip-3.9.8-33.el6_0.1.src.rpm i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/hplip-3.9.8-33.el6_0.1.src.rpm i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm ppc64: hpijs-3.9.8-33.el6_0.1.ppc64.rpm hplip-3.9.8-33.el6_0.1.ppc64.rpm hplip-common-3.9.8-33.el6_0.1.ppc64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.ppc.rpm hplip-debuginfo-3.9.8-33.el6_0.1.ppc64.rpm hplip-gui-3.9.8-33.el6_0.1.ppc64.rpm hplip-libs-3.9.8-33.el6_0.1.ppc.rpm hplip-libs-3.9.8-33.el6_0.1.ppc64.rpm libsane-hpaio-3.9.8-33.el6_0.1.ppc64.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/hplip-3.9.8-33.el6_0.1.src.rpm i386: hpijs-3.9.8-33.el6_0.1.i686.rpm hplip-3.9.8-33.el6_0.1.i686.rpm hplip-common-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-gui-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm libsane-hpaio-3.9.8-33.el6_0.1.i686.rpm x86_64: hpijs-3.9.8-33.el6_0.1.x86_64.rpm hplip-3.9.8-33.el6_0.1.x86_64.rpm hplip-common-3.9.8-33.el6_0.1.x86_64.rpm hplip-debuginfo-3.9.8-33.el6_0.1.i686.rpm hplip-debuginfo-3.9.8-33.el6_0.1.x86_64.rpm hplip-gui-3.9.8-33.el6_0.1.x86_64.rpm hplip-libs-3.9.8-33.el6_0.1.i686.rpm hplip-libs-3.9.8-33.el6_0.1.x86_64.rpm libsane-hpaio-3.9.8-33.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4267.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNI25XlSAg2UNWIIRAuWgAJ0ar/frzY7ndVZFepD31dWFNc2KJACfcx/1 pHJgcUHCjgN67MrHKbTFxV4= =cfv1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 18 17:54:31 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Jan 2011 12:54:31 -0500 Subject: [RHSA-2011:0162-01] Important: kernel security and bug fix update Message-ID: <201101181755.p0IHsxYj011319@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:0162-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0162.html Issue date: 2011-01-18 CVE Names: CVE-2010-3859 CVE-2010-3876 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4242 CVE-2010-4249 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A heap overflow flaw was found in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3859, Important) * Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate) * A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate) * A flaw was found in the Linux kernel's garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate) * Missing initialization flaws were found in the Linux kernel. A local, unprivileged user could use these flaws to cause information leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, CVE-2010-4158, Low) Red Hat would like to thank Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; Kees Cook for reporting CVE-2010-4072; and Dan Rosenberg for reporting CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, and CVE-2010-4158. This update also fixes the following bugs: * A flaw was found in the Linux kernel where, if used in conjunction with another flaw that can result in a kernel Oops, could possibly lead to privilege escalation. It does not affect Red Hat Enterprise Linux 4 as the sysctl panic_on_oops variable is turned on by default. However, as a preventive measure if the variable is turned off by an administrator, this update addresses the issue. Red Hat would like to thank Nelson Elhage for reporting this vulnerability. (BZ#659568) * On Intel I/O Controller Hub 9 (ICH9) hardware, jumbo frame support is achieved by using page-based sk_buff buffers without any packet split. The entire frame data is copied to the page(s) rather than some to the skb->data area and some to the page(s) when performing a typical packet-split. This caused problems with the filtering code and frames were getting dropped before they were received by listening applications. This bug could eventually lead to the IP address being released and not being able to be re-acquired from DHCP if the MTU (Maximum Transfer Unit) was changed (for an affected interface using the e1000e driver). With this update, frames are no longer dropped and an IP address is correctly re-acquired after a previous release. (BZ#664667) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open() 645867 - CVE-2010-3859 kernel: tipc: heap overflow in tipc_msg_build() 648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory 648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory 648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory 648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory 648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory 649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory 651147 - CVE-2010-4157 kernel: gdth: integer overflow in ioc_general() 651698 - CVE-2010-4158 kernel: socket filters infoleak 656756 - CVE-2010-4249 kernel: unix socket local dos 659568 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm i386: kernel-2.6.9-89.35.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm kernel-devel-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm kernel-smp-2.6.9-89.35.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm ia64: kernel-2.6.9-89.35.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm kernel-devel-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.35.1.EL.noarch.rpm ppc: kernel-2.6.9-89.35.1.EL.ppc64.rpm kernel-2.6.9-89.35.1.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.35.1.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.35.1.EL.ppc64.rpm kernel-devel-2.6.9-89.35.1.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.35.1.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.ppc64.rpm s390: kernel-2.6.9-89.35.1.EL.s390.rpm kernel-debuginfo-2.6.9-89.35.1.EL.s390.rpm kernel-devel-2.6.9-89.35.1.EL.s390.rpm s390x: kernel-2.6.9-89.35.1.EL.s390x.rpm kernel-debuginfo-2.6.9-89.35.1.EL.s390x.rpm kernel-devel-2.6.9-89.35.1.EL.s390x.rpm x86_64: kernel-2.6.9-89.35.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm i386: kernel-2.6.9-89.35.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm kernel-devel-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm kernel-smp-2.6.9-89.35.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm noarch: kernel-doc-2.6.9-89.35.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.35.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm i386: kernel-2.6.9-89.35.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm kernel-devel-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm kernel-smp-2.6.9-89.35.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm ia64: kernel-2.6.9-89.35.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm kernel-devel-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.35.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.35.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm i386: kernel-2.6.9-89.35.1.EL.i686.rpm kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm kernel-devel-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm kernel-smp-2.6.9-89.35.1.EL.i686.rpm kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-2.6.9-89.35.1.EL.i686.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm ia64: kernel-2.6.9-89.35.1.EL.ia64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm kernel-devel-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.35.1.EL.noarch.rpm x86_64: kernel-2.6.9-89.35.1.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3859.html https://www.redhat.com/security/data/cve/CVE-2010-3876.html https://www.redhat.com/security/data/cve/CVE-2010-4072.html https://www.redhat.com/security/data/cve/CVE-2010-4073.html https://www.redhat.com/security/data/cve/CVE-2010-4075.html https://www.redhat.com/security/data/cve/CVE-2010-4080.html https://www.redhat.com/security/data/cve/CVE-2010-4083.html https://www.redhat.com/security/data/cve/CVE-2010-4157.html https://www.redhat.com/security/data/cve/CVE-2010-4158.html https://www.redhat.com/security/data/cve/CVE-2010-4242.html https://www.redhat.com/security/data/cve/CVE-2010-4249.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNdOqXlSAg2UNWIIRApwIAJoCwExeKiP2yfJmKMsdnMQ430nqqACeMNyS eh801QkyvQ8d/dcT0XD+fus= =ppWw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 18 18:37:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Jan 2011 13:37:38 -0500 Subject: [RHSA-2011:0163-01] Important: kernel security and bug fix update Message-ID: <201101181838.p0IIc6R7016423@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:0163-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0163.html Issue date: 2011-01-18 CVE Names: CVE-2010-4526 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important) This update also fixes the following bugs: * Due to an off-by-one error, gfs2_grow failed to take the very last "rgrp" parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the "statfs" file correctly. (BZ#666792) * Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs. (BZ#667050) * If an error occurred during I/O, the SCSI driver reset the "megaraid_sas" controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the "megaraid_sas" controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset. (BZ#667141) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 664914 - CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() 666792 - fsck.gfs2 reported statfs error after gfs2_grow [rhel-5.6.z] 667050 - COW corruption using popen(3). [rhel-5.6.z] 667141 - [RHEL5.6] megaraid_sas stalls after driver is reset [rhel-5.6.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.1.1.el5.src.rpm i386: kernel-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.1.1.el5.i686.rpm kernel-debug-2.6.18-238.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.i686.rpm kernel-devel-2.6.18-238.1.1.el5.i686.rpm kernel-headers-2.6.18-238.1.1.el5.i386.rpm kernel-xen-2.6.18-238.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.1.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.1.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.x86_64.rpm kernel-devel-2.6.18-238.1.1.el5.x86_64.rpm kernel-headers-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.1.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.1.1.el5.src.rpm i386: kernel-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.1.1.el5.i686.rpm kernel-debug-2.6.18-238.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.i686.rpm kernel-devel-2.6.18-238.1.1.el5.i686.rpm kernel-headers-2.6.18-238.1.1.el5.i386.rpm kernel-xen-2.6.18-238.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.1.1.el5.i686.rpm ia64: kernel-2.6.18-238.1.1.el5.ia64.rpm kernel-debug-2.6.18-238.1.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.1.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.1.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.ia64.rpm kernel-devel-2.6.18-238.1.1.el5.ia64.rpm kernel-headers-2.6.18-238.1.1.el5.ia64.rpm kernel-xen-2.6.18-238.1.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.1.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.1.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.1.1.el5.noarch.rpm ppc: kernel-2.6.18-238.1.1.el5.ppc64.rpm kernel-debug-2.6.18-238.1.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.1.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.ppc64.rpm kernel-devel-2.6.18-238.1.1.el5.ppc64.rpm kernel-headers-2.6.18-238.1.1.el5.ppc.rpm kernel-headers-2.6.18-238.1.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.1.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.1.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.1.1.el5.s390x.rpm kernel-debug-2.6.18-238.1.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.1.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.1.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.s390x.rpm kernel-devel-2.6.18-238.1.1.el5.s390x.rpm kernel-headers-2.6.18-238.1.1.el5.s390x.rpm kernel-kdump-2.6.18-238.1.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.1.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.1.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.1.1.el5.x86_64.rpm kernel-devel-2.6.18-238.1.1.el5.x86_64.rpm kernel-headers-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.1.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4526.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNd3ZXlSAg2UNWIIRAiN+AKC9NqCceOS+FbmFLs36S0K8dRQbMwCfZm2a ET9WD5TN0kO52O7vYSca3BU= =zIP9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 18 19:07:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Jan 2011 14:07:58 -0500 Subject: [RHSA-2011:0164-01] Moderate: mysql security update Message-ID: <201101181908.p0IJ8QvZ020190@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2011:0164-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0164.html Issue date: 2011-01-18 CVE Names: CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 ===================================================================== 1. Summary: Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575) 628062 - CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393) 628172 - CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477) 628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044) 628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711) 628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) 628698 - CVE-2010-3683 MySQL: mysqld DoS (assertion failure) while reading the file back into a table (MySQL bug #52512) 640751 - CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826) 640819 - CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564) 640845 - CVE-2010-3836 MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568) 640856 - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476) 640858 - CVE-2010-3838 MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461) 640861 - CVE-2010-3839 MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544) 640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-server-5.1.52-1.el6_0.1.i686.rpm x86_64: mysql-5.1.52-1.el6_0.1.x86_64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.x86_64.rpm mysql-server-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-bench-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-test-5.1.52-1.el6_0.1.i686.rpm x86_64: mysql-bench-5.1.52-1.el6_0.1.x86_64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-test-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm x86_64: mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm x86_64: mysql-5.1.52-1.el6_0.1.x86_64.rpm mysql-bench-5.1.52-1.el6_0.1.x86_64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-server-5.1.52-1.el6_0.1.x86_64.rpm mysql-test-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-5.1.52-1.el6_0.1.i686.rpm mysql-bench-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-server-5.1.52-1.el6_0.1.i686.rpm mysql-test-5.1.52-1.el6_0.1.i686.rpm ppc64: mysql-5.1.52-1.el6_0.1.ppc64.rpm mysql-bench-5.1.52-1.el6_0.1.ppc64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.ppc.rpm mysql-debuginfo-5.1.52-1.el6_0.1.ppc64.rpm mysql-devel-5.1.52-1.el6_0.1.ppc.rpm mysql-devel-5.1.52-1.el6_0.1.ppc64.rpm mysql-libs-5.1.52-1.el6_0.1.ppc.rpm mysql-libs-5.1.52-1.el6_0.1.ppc64.rpm mysql-server-5.1.52-1.el6_0.1.ppc64.rpm mysql-test-5.1.52-1.el6_0.1.ppc64.rpm s390x: mysql-5.1.52-1.el6_0.1.s390x.rpm mysql-bench-5.1.52-1.el6_0.1.s390x.rpm mysql-debuginfo-5.1.52-1.el6_0.1.s390.rpm mysql-debuginfo-5.1.52-1.el6_0.1.s390x.rpm mysql-devel-5.1.52-1.el6_0.1.s390.rpm mysql-devel-5.1.52-1.el6_0.1.s390x.rpm mysql-libs-5.1.52-1.el6_0.1.s390.rpm mysql-libs-5.1.52-1.el6_0.1.s390x.rpm mysql-server-5.1.52-1.el6_0.1.s390x.rpm mysql-test-5.1.52-1.el6_0.1.s390x.rpm x86_64: mysql-5.1.52-1.el6_0.1.x86_64.rpm mysql-bench-5.1.52-1.el6_0.1.x86_64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.x86_64.rpm mysql-server-5.1.52-1.el6_0.1.x86_64.rpm mysql-test-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm ppc64: mysql-debuginfo-5.1.52-1.el6_0.1.ppc.rpm mysql-debuginfo-5.1.52-1.el6_0.1.ppc64.rpm mysql-embedded-5.1.52-1.el6_0.1.ppc.rpm mysql-embedded-5.1.52-1.el6_0.1.ppc64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.ppc.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.ppc64.rpm s390x: mysql-debuginfo-5.1.52-1.el6_0.1.s390.rpm mysql-debuginfo-5.1.52-1.el6_0.1.s390x.rpm mysql-embedded-5.1.52-1.el6_0.1.s390.rpm mysql-embedded-5.1.52-1.el6_0.1.s390x.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.s390.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.s390x.rpm x86_64: mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-5.1.52-1.el6_0.1.i686.rpm mysql-bench-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-server-5.1.52-1.el6_0.1.i686.rpm mysql-test-5.1.52-1.el6_0.1.i686.rpm x86_64: mysql-5.1.52-1.el6_0.1.x86_64.rpm mysql-bench-5.1.52-1.el6_0.1.x86_64.rpm mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.x86_64.rpm mysql-server-5.1.52-1.el6_0.1.x86_64.rpm mysql-test-5.1.52-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm x86_64: mysql-debuginfo-5.1.52-1.el6_0.1.i686.rpm mysql-debuginfo-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3677.html https://www.redhat.com/security/data/cve/CVE-2010-3678.html https://www.redhat.com/security/data/cve/CVE-2010-3679.html https://www.redhat.com/security/data/cve/CVE-2010-3680.html https://www.redhat.com/security/data/cve/CVE-2010-3681.html https://www.redhat.com/security/data/cve/CVE-2010-3682.html https://www.redhat.com/security/data/cve/CVE-2010-3683.html https://www.redhat.com/security/data/cve/CVE-2010-3833.html https://www.redhat.com/security/data/cve/CVE-2010-3835.html https://www.redhat.com/security/data/cve/CVE-2010-3836.html https://www.redhat.com/security/data/cve/CVE-2010-3837.html https://www.redhat.com/security/data/cve/CVE-2010-3838.html https://www.redhat.com/security/data/cve/CVE-2010-3839.html https://www.redhat.com/security/data/cve/CVE-2010-3840.html https://access.redhat.com/security/updates/classification/#moderate http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNNeTGXlSAg2UNWIIRAtO6AKCaOVsBESqgXd2DThHKZfvn2N+QAACdGpcW 7wmKb21ORpkWLQHWLBEdcoY= =+/5s -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 20 16:39:53 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jan 2011 11:39:53 -0500 Subject: [RHSA-2011:0169-01] Critical: java-1.5.0-ibm security and bug fix update Message-ID: <201101201640.p0KGeOFD020039@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security and bug fix update Advisory ID: RHSA-2011:0169-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0169.html Issue date: 2011-01-20 CVE Names: CVE-2010-3553 CVE-2010-3557 CVE-2010-3571 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-3553, CVE-2010-3557, CVE-2010-3571) This update also fixes the following bug: * An error in the java-1.5.0-ibm RPM spec file caused an incorrect path to be included in HtmlConverter, preventing it from running. (BZ#659710) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component 659710 - IBM Java5 files modified & Missing 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5 server): i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.3-1jpp.2.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.3-1jpp.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3553.html https://www.redhat.com/security/data/cve/CVE-2010-3557.html https://www.redhat.com/security/data/cve/CVE-2010-3571.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNOGUhXlSAg2UNWIIRAuLkAJsFYg3/K+VHI/HlHygXHNgATwUpNQCfbTBY mDP8tFIuOZM9SolkBow7DKw= =WSrZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 20 16:42:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jan 2011 11:42:50 -0500 Subject: [RHSA-2011:0170-01] Moderate: libuser security update Message-ID: <201101201643.p0KGhLKP020447@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libuser security update Advisory ID: RHSA-2011:0170-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0170.html Issue date: 2011-01-20 CVE Names: CVE-2011-0002 ===================================================================== 1. Summary: Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 643227 - CVE-2011-0002 libuser creates LDAP users with a default password 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libuser-0.52.5-1.1.el4_8.1.src.rpm i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm ppc: libuser-0.52.5-1.1.el4_8.1.ppc.rpm libuser-0.52.5-1.1.el4_8.1.ppc64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ppc.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ppc64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ppc.rpm s390: libuser-0.52.5-1.1.el4_8.1.s390.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390.rpm libuser-devel-0.52.5-1.1.el4_8.1.s390.rpm s390x: libuser-0.52.5-1.1.el4_8.1.s390.rpm libuser-0.52.5-1.1.el4_8.1.s390x.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390x.rpm libuser-devel-0.52.5-1.1.el4_8.1.s390x.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libuser-0.52.5-1.1.el4_8.1.src.rpm i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libuser-0.52.5-1.1.el4_8.1.src.rpm i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libuser-0.52.5-1.1.el4_8.1.src.rpm i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libuser-0.54.7-2.1.el5_5.2.src.rpm i386: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm x86_64: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libuser-0.54.7-2.1.el5_5.2.src.rpm i386: libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm x86_64: libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libuser-0.54.7-2.1.el5_5.2.src.rpm i386: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm ia64: libuser-0.54.7-2.1.el5_5.2.ia64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ia64.rpm libuser-devel-0.54.7-2.1.el5_5.2.ia64.rpm ppc: libuser-0.54.7-2.1.el5_5.2.ppc.rpm libuser-0.54.7-2.1.el5_5.2.ppc64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ppc.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ppc64.rpm libuser-devel-0.54.7-2.1.el5_5.2.ppc.rpm libuser-devel-0.54.7-2.1.el5_5.2.ppc64.rpm s390x: libuser-0.54.7-2.1.el5_5.2.s390.rpm libuser-0.54.7-2.1.el5_5.2.s390x.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.s390.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.s390x.rpm libuser-devel-0.54.7-2.1.el5_5.2.s390.rpm libuser-devel-0.54.7-2.1.el5_5.2.s390x.rpm x86_64: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm x86_64: libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm ppc64: libuser-0.56.13-4.el6_0.1.ppc.rpm libuser-0.56.13-4.el6_0.1.ppc64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc64.rpm libuser-python-0.56.13-4.el6_0.1.ppc64.rpm s390x: libuser-0.56.13-4.el6_0.1.s390.rpm libuser-0.56.13-4.el6_0.1.s390x.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390x.rpm libuser-python-0.56.13-4.el6_0.1.s390x.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm ppc64: libuser-debuginfo-0.56.13-4.el6_0.1.ppc.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc64.rpm libuser-devel-0.56.13-4.el6_0.1.ppc.rpm libuser-devel-0.56.13-4.el6_0.1.ppc64.rpm s390x: libuser-debuginfo-0.56.13-4.el6_0.1.s390.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390x.rpm libuser-devel-0.56.13-4.el6_0.1.s390.rpm libuser-devel-0.56.13-4.el6_0.1.s390x.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libuser-0.56.13-4.el6_0.1.src.rpm i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0002.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNOGXgXlSAg2UNWIIRAqP6AJ488LAohz9gAkhLZ5gzY8HAsZARfwCgmkcS IrkC4/av51TwmwmUHwicnXM= =E9JI -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 25 16:55:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Jan 2011 11:55:50 -0500 Subject: [RHSA-2011:0176-01] Moderate: java-1.6.0-openjdk security update Message-ID: <201101251656.p0PGuMEN030360@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:0176-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0176.html Issue date: 2011-01-25 CVE Names: CVE-2010-3860 CVE-2010-4351 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The javaws command can be used to launch Java Web Start applications. A public static field declaration allowed untrusted JNLP (Java Network Launching Protocol) applications to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties, such as "user.name", "user.home", and "java.home", which untrusted applications should not be allowed to read. (CVE-2010-3860) It was found that JNLPSecurityManager could silently return without throwing an exception when permission was denied. If the javaws command was used to launch a Java Web Start application that relies on this exception being thrown, it could result in that application being run with elevated privileges, allowing it to bypass security manager restrictions and gain access to privileged functionality. (CVE-2010-4351) Note: The RHSA-2010:0339 java-1.6.0-openjdk update installed javaws by mistake. As part of the fixes for CVE-2010-3860 and CVE-2010-4351, this update removes javaws. Red Hat would like to thank the TippingPoint Zero Day Initiative project for reporting CVE-2010-4351. The original issue reporter wishes to stay anonymous. This erratum also upgrades the OpenJDK package to IcedTea6 1.7.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 645843 - CVE-2010-3860 IcedTea System property information leak via public static 663680 - CVE-2010-4351 IcedTea jnlp security manager bypass 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3860.html https://www.redhat.com/security/data/cve/CVE-2010-4351.html https://access.redhat.com/security/updates/classification/#moderate http://icedtea.classpath.org/hg/release/icedtea6-1.7/file/af20d64bc8b9/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNPwBPXlSAg2UNWIIRAnGzAJ0Si1Ank3lYzYKcQumU82H9fhMVEACeNxIf 9qEDbogVZXzll/I4DUvAc/8= =An86 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 25 17:12:53 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Jan 2011 12:12:53 -0500 Subject: [RHSA-2011:0177-01] Moderate: webkitgtk security update Message-ID: <201101251713.p0PHDPRw018195@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk security update Advisory ID: RHSA-2011:0177-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0177.html Issue date: 2011-01-25 CVE Names: CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 ===================================================================== 1. Summary: Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812, CVE-2010-4198) Multiple use-after-free flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257, CVE-2010-4197, CVE-2010-4204) Two array index errors, leading to out-of-bounds memory reads, were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577) A flaw in WebKit could allow malicious web content to trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-3115) It was found that WebKit did not correctly restrict read access to images created from the "canvas" element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data. (CVE-2010-3259) A flaw was found in the way WebKit handled DNS prefetching. Even when it was disabled, web content containing certain "link" elements could cause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813) Users of WebKitGTK+ should upgrade to these updated packages, which contain WebKitGTK+ version 1.2.6, and resolve these issues. All running applications that use WebKitGTK+ must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 627366 - CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 WebKit: multiple vulnerabilities in WebKitGTK 627703 - CVE-2010-1807 webkit: input validation error when parsing certain NaN values 628032 - CVE-2010-3113 webkit: memory corruption when handling SVG documents 628035 - CVE-2010-3114 webkit: bad cast with text editing 628071 - CVE-2010-3115 webkit: address bar spoofing with history bug 628076 - CVE-2010-3119 webkit: DoS due to improper Ruby support 631939 - CVE-2010-1812 webkit: use-after-free flaw in handling of selections 631946 - CVE-2010-1814 webkit: memory corruption flaw when handling form menus 631948 - CVE-2010-1815 webkit: use-after-free flaw when handling scrollbars 640353 - CVE-2010-3116 webkit: memory corruption with MIME types 640357 - CVE-2010-3257 webkit: stale pointer issue with focusing 640360 - CVE-2010-3259 webkit: cross-origin image theft 645914 - CVE-2010-3255 webkit: DoS via improper handling of counter nodes 656115 - CVE-2010-4197 WebKit: Use-after-free vulnerabiity related to text editing causes memory corruption 656118 - CVE-2010-4198 WebKit: Memory corruption due to improper handling of large text area 656126 - CVE-2010-4204 WebKit: Use-after-free vulnerability related frame object 656129 - CVE-2010-4206 WebKit: Array index error during processing of an SVG document 667022 - CVE-2010-3812 webkit: Integer overflow in WebKit's handling of Text objects 667024 - CVE-2010-3813 webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting 667025 - CVE-2010-4577 webkit: CSS Font Face Parsing Type Confusion Vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm x86_64: webkitgtk-1.2.6-2.el6_0.x86_64.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-doc-1.2.6-2.el6_0.i686.rpm x86_64: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm x86_64: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-1.2.6-2.el6_0.x86_64.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm ppc64: webkitgtk-1.2.6-2.el6_0.ppc.rpm webkitgtk-1.2.6-2.el6_0.ppc64.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.ppc.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.ppc64.rpm s390x: webkitgtk-1.2.6-2.el6_0.s390.rpm webkitgtk-1.2.6-2.el6_0.s390x.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.s390.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.s390x.rpm x86_64: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-1.2.6-2.el6_0.x86_64.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-doc-1.2.6-2.el6_0.i686.rpm ppc64: webkitgtk-debuginfo-1.2.6-2.el6_0.ppc.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.ppc64.rpm webkitgtk-devel-1.2.6-2.el6_0.ppc.rpm webkitgtk-devel-1.2.6-2.el6_0.ppc64.rpm webkitgtk-doc-1.2.6-2.el6_0.ppc64.rpm s390x: webkitgtk-debuginfo-1.2.6-2.el6_0.s390.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.s390x.rpm webkitgtk-devel-1.2.6-2.el6_0.s390.rpm webkitgtk-devel-1.2.6-2.el6_0.s390x.rpm webkitgtk-doc-1.2.6-2.el6_0.s390x.rpm x86_64: webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm x86_64: webkitgtk-1.2.6-2.el6_0.i686.rpm webkitgtk-1.2.6-2.el6_0.x86_64.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/webkitgtk-1.2.6-2.el6_0.src.rpm i386: webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-doc-1.2.6-2.el6_0.i686.rpm x86_64: webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm webkitgtk-devel-1.2.6-2.el6_0.i686.rpm webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1780.html https://www.redhat.com/security/data/cve/CVE-2010-1782.html https://www.redhat.com/security/data/cve/CVE-2010-1783.html https://www.redhat.com/security/data/cve/CVE-2010-1784.html https://www.redhat.com/security/data/cve/CVE-2010-1785.html https://www.redhat.com/security/data/cve/CVE-2010-1786.html https://www.redhat.com/security/data/cve/CVE-2010-1787.html https://www.redhat.com/security/data/cve/CVE-2010-1788.html https://www.redhat.com/security/data/cve/CVE-2010-1790.html https://www.redhat.com/security/data/cve/CVE-2010-1792.html https://www.redhat.com/security/data/cve/CVE-2010-1793.html https://www.redhat.com/security/data/cve/CVE-2010-1807.html https://www.redhat.com/security/data/cve/CVE-2010-1812.html https://www.redhat.com/security/data/cve/CVE-2010-1814.html https://www.redhat.com/security/data/cve/CVE-2010-1815.html https://www.redhat.com/security/data/cve/CVE-2010-3113.html https://www.redhat.com/security/data/cve/CVE-2010-3114.html https://www.redhat.com/security/data/cve/CVE-2010-3115.html https://www.redhat.com/security/data/cve/CVE-2010-3116.html https://www.redhat.com/security/data/cve/CVE-2010-3119.html https://www.redhat.com/security/data/cve/CVE-2010-3255.html https://www.redhat.com/security/data/cve/CVE-2010-3257.html https://www.redhat.com/security/data/cve/CVE-2010-3259.html https://www.redhat.com/security/data/cve/CVE-2010-3812.html https://www.redhat.com/security/data/cve/CVE-2010-3813.html https://www.redhat.com/security/data/cve/CVE-2010-4197.html https://www.redhat.com/security/data/cve/CVE-2010-4198.html https://www.redhat.com/security/data/cve/CVE-2010-4204.html https://www.redhat.com/security/data/cve/CVE-2010-4206.html https://www.redhat.com/security/data/cve/CVE-2010-4577.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNPwQhXlSAg2UNWIIRAittAKCmuMCHTG4AVX9EL5/T9TLHrTFsVwCgqJMO B22CmAtAYFeTKDLe7+AZ0Ek= =2eYk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 27 18:53:45 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jan 2011 13:53:45 -0500 Subject: [RHSA-2011:0180-01] Moderate: pango security update Message-ID: <201101271854.p0RIsI77024327@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pango security update Advisory ID: RHSA-2011:0180-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0180.html Issue date: 2011-01-27 CVE Names: CVE-2011-0020 ===================================================================== 1. Summary: Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0020) Users of pango and evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, you must restart your system or restart your X session for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 671122 - CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_10.src.rpm i386: evolution28-pango-1.14.9-13.el4_10.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.i386.rpm evolution28-pango-devel-1.14.9-13.el4_10.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_10.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_10.ia64.rpm ppc: evolution28-pango-1.14.9-13.el4_10.ppc.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.ppc.rpm evolution28-pango-devel-1.14.9-13.el4_10.ppc.rpm s390: evolution28-pango-1.14.9-13.el4_10.s390.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.s390.rpm evolution28-pango-devel-1.14.9-13.el4_10.s390.rpm s390x: evolution28-pango-1.14.9-13.el4_10.s390x.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.s390x.rpm evolution28-pango-devel-1.14.9-13.el4_10.s390x.rpm x86_64: evolution28-pango-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_10.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_10.src.rpm i386: evolution28-pango-1.14.9-13.el4_10.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.i386.rpm evolution28-pango-devel-1.14.9-13.el4_10.i386.rpm x86_64: evolution28-pango-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_10.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_10.src.rpm i386: evolution28-pango-1.14.9-13.el4_10.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.i386.rpm evolution28-pango-devel-1.14.9-13.el4_10.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_10.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_10.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_10.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_10.src.rpm i386: evolution28-pango-1.14.9-13.el4_10.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.i386.rpm evolution28-pango-devel-1.14.9-13.el4_10.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_10.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_10.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_10.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5_6.2.src.rpm i386: pango-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm x86_64: pango-1.14.9-8.el5_6.2.i386.rpm pango-1.14.9-8.el5_6.2.x86_64.rpm pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5_6.2.src.rpm i386: pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-devel-1.14.9-8.el5_6.2.i386.rpm x86_64: pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.x86_64.rpm pango-devel-1.14.9-8.el5_6.2.i386.rpm pango-devel-1.14.9-8.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pango-1.14.9-8.el5_6.2.src.rpm i386: pango-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-devel-1.14.9-8.el5_6.2.i386.rpm ia64: pango-1.14.9-8.el5_6.2.i386.rpm pango-1.14.9-8.el5_6.2.ia64.rpm pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.ia64.rpm pango-devel-1.14.9-8.el5_6.2.ia64.rpm ppc: pango-1.14.9-8.el5_6.2.ppc.rpm pango-1.14.9-8.el5_6.2.ppc64.rpm pango-debuginfo-1.14.9-8.el5_6.2.ppc.rpm pango-debuginfo-1.14.9-8.el5_6.2.ppc64.rpm pango-devel-1.14.9-8.el5_6.2.ppc.rpm pango-devel-1.14.9-8.el5_6.2.ppc64.rpm s390x: pango-1.14.9-8.el5_6.2.s390.rpm pango-1.14.9-8.el5_6.2.s390x.rpm pango-debuginfo-1.14.9-8.el5_6.2.s390.rpm pango-debuginfo-1.14.9-8.el5_6.2.s390x.rpm pango-devel-1.14.9-8.el5_6.2.s390.rpm pango-devel-1.14.9-8.el5_6.2.s390x.rpm x86_64: pango-1.14.9-8.el5_6.2.i386.rpm pango-1.14.9-8.el5_6.2.x86_64.rpm pango-debuginfo-1.14.9-8.el5_6.2.i386.rpm pango-debuginfo-1.14.9-8.el5_6.2.x86_64.rpm pango-devel-1.14.9-8.el5_6.2.i386.rpm pango-devel-1.14.9-8.el5_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm i386: pango-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm x86_64: pango-1.28.1-3.el6_0.3.i686.rpm pango-1.28.1-3.el6_0.3.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm i386: pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm x86_64: pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm x86_64: pango-1.28.1-3.el6_0.3.i686.rpm pango-1.28.1-3.el6_0.3.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm x86_64: pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm i386: pango-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm ppc64: pango-1.28.1-3.el6_0.3.ppc.rpm pango-1.28.1-3.el6_0.3.ppc64.rpm pango-debuginfo-1.28.1-3.el6_0.3.ppc.rpm pango-debuginfo-1.28.1-3.el6_0.3.ppc64.rpm pango-devel-1.28.1-3.el6_0.3.ppc.rpm pango-devel-1.28.1-3.el6_0.3.ppc64.rpm s390x: pango-1.28.1-3.el6_0.3.s390.rpm pango-1.28.1-3.el6_0.3.s390x.rpm pango-debuginfo-1.28.1-3.el6_0.3.s390.rpm pango-debuginfo-1.28.1-3.el6_0.3.s390x.rpm pango-devel-1.28.1-3.el6_0.3.s390.rpm pango-devel-1.28.1-3.el6_0.3.s390x.rpm x86_64: pango-1.28.1-3.el6_0.3.i686.rpm pango-1.28.1-3.el6_0.3.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pango-1.28.1-3.el6_0.3.src.rpm i386: pango-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm x86_64: pango-1.28.1-3.el6_0.3.i686.rpm pango-1.28.1-3.el6_0.3.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.3.i686.rpm pango-debuginfo-1.28.1-3.el6_0.3.x86_64.rpm pango-devel-1.28.1-3.el6_0.3.i686.rpm pango-devel-1.28.1-3.el6_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0020.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNQb7XXlSAg2UNWIIRAg50AKCOA8oEFCHB6R5wR2zegrnMlaKRjgCfUkuj YA3JJdJGyX/1IfuXsvpPwmo= =cUyB -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 28 15:29:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 28 Jan 2011 10:29:42 -0500 Subject: [RHSA-2011:0181-01] Important: openoffice.org and openoffice.org2 security update Message-ID: <201101281530.p0SFUF4S010261@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org and openoffice.org2 security update Advisory ID: RHSA-2011:0181-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0181.html Issue date: 2011-01-28 CVE Names: CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-4643 ===================================================================== 1. Summary: Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 602324 - CVE-2010-3450 OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files 640241 - CVE-2010-3452 OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags 640950 - CVE-2010-3453 OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels 640954 - CVE-2010-3454 OpenOffice.org: Array index error by scanning document typography information of certain *.doc files 641282 - CVE-2010-3451 OpenOffice.org: Array index error by insecure parsing of broken rtf tables 667588 - CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.1.el4_8.8.src.rpm i386: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm ppc: openoffice.org-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.ppc.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.ppc.rpm x86_64: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.1.el4_8.8.src.rpm i386: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm x86_64: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.1.el4_8.8.src.rpm i386: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm x86_64: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.7.el4_8.10.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.6.1.el4_8.8.src.rpm i386: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-kde-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm x86_64: openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-debuginfo-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-i18n-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org-libs-1.1.5-10.7.el4_8.10.i386.rpm openoffice.org2-base-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-calc-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-core-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-debuginfo-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-draw-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-impress-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-javafilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-math-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-pyuno-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-testtools-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-writer-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.el4_8.8.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3450.html https://www.redhat.com/security/data/cve/CVE-2010-3451.html https://www.redhat.com/security/data/cve/CVE-2010-3452.html https://www.redhat.com/security/data/cve/CVE-2010-3453.html https://www.redhat.com/security/data/cve/CVE-2010-3454.html https://www.redhat.com/security/data/cve/CVE-2010-4643.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNQuB2XlSAg2UNWIIRAqEGAJ9hmaErbAGkLFP7QNTmeYMvZv+tCQCfbMPE T64i6MSsiJXm8HMIlPr2TCE= =heZV -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 28 15:34:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 28 Jan 2011 10:34:47 -0500 Subject: [RHSA-2011:0182-01] Important: openoffice.org security update Message-ID: <201101281535.p0SFZKwH007744@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2011:0182-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0182.html Issue date: 2011-01-28 CVE Names: CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643 ===================================================================== 1. Summary: Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a "." character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory. (CVE-2010-3689) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 602324 - CVE-2010-3450 OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files 640241 - CVE-2010-3452 OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags 640950 - CVE-2010-3453 OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels 640954 - CVE-2010-3454 OpenOffice.org: Array index error by scanning document typography information of certain *.doc files 641224 - CVE-2010-3689 OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting 641282 - CVE-2010-3451 OpenOffice.org: Array index error by insecure parsing of broken rtf tables 658259 - CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import 667588 - CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.5.el5_5.6.src.rpm i386: openoffice.org-base-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-calc-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-core-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-draw-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-emailmerge-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-graphicfilter-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-headless-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-impress-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-javafilter-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ar-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-bn-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-de-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-es-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-fr-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-it-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nl-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ru-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sv-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ur-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-math-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-pyuno-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-testtools-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-ure-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-writer-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-xsltfilter-3.1.1-19.5.el5_5.6.i386.rpm x86_64: openoffice.org-base-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-calc-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-core-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-draw-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-headless-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-impress-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-javafilter-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-math-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-pyuno-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-testtools-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-ure-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-writer-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.5.el5_5.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.5.el5_5.6.src.rpm i386: openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-sdk-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-sdk-doc-3.1.1-19.5.el5_5.6.i386.rpm x86_64: openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-sdk-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.5.el5_5.6.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-3.1.1-19.5.el5_5.6.src.rpm i386: openoffice.org-base-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-calc-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-core-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-draw-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-emailmerge-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-graphicfilter-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-headless-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-impress-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-javafilter-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ar-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-bn-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-de-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-es-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-fr-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-it-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nl-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ru-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-sv-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ur-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-math-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-pyuno-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-sdk-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-sdk-doc-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-testtools-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-ure-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-writer-3.1.1-19.5.el5_5.6.i386.rpm openoffice.org-xsltfilter-3.1.1-19.5.el5_5.6.i386.rpm x86_64: openoffice.org-base-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-calc-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-core-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-draw-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-headless-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-impress-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-javafilter-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-math-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-pyuno-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-sdk-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-testtools-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-ure-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-writer-3.1.1-19.5.el5_5.6.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.5.el5_5.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3450.html https://www.redhat.com/security/data/cve/CVE-2010-3451.html https://www.redhat.com/security/data/cve/CVE-2010-3452.html https://www.redhat.com/security/data/cve/CVE-2010-3453.html https://www.redhat.com/security/data/cve/CVE-2010-3454.html https://www.redhat.com/security/data/cve/CVE-2010-3689.html https://www.redhat.com/security/data/cve/CVE-2010-4253.html https://www.redhat.com/security/data/cve/CVE-2010-4643.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNQuGhXlSAg2UNWIIRAlxEAJ9GRVWDcnqmMfy4rUwuGy8eNTSFGgCeJ+YP gnxKxeoJ0By3UnwZNggVVhA= =9Sly -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 28 16:06:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 28 Jan 2011 11:06:42 -0500 Subject: [RHSA-2011:0183-01] Important: openoffice.org security and bug fix update Message-ID: <201101281607.p0SG7FKf017815@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security and bug fix update Advisory ID: RHSA-2011:0183-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0183.html Issue date: 2011-01-28 CVE Names: CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643 ===================================================================== 1. Summary: Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a "." character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory. (CVE-2010-3689) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. This update also fixes the following bug: * OpenOffice.org did not create a lock file when opening a file that was on a share mounted via SFTP. Additionally, if there was a lock file, it was ignored. This could result in data loss if a file in this situation was opened simultaneously by another user. (BZ#671087) All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 602324 - CVE-2010-3450 OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files 640241 - CVE-2010-3452 OpenOffice.org: Integer signedness error (crash) by processing certain RTF tags 640950 - CVE-2010-3453 OpenOffice.org: Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels 640954 - CVE-2010-3454 OpenOffice.org: Array index error by scanning document typography information of certain *.doc files 641224 - CVE-2010-3689 OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting 641282 - CVE-2010-3451 OpenOffice.org: Array index error by insecure parsing of broken rtf tables 658259 - CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import 667588 - CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files 671087 - [fix available] file locks are not created with gvfs-sftp volumes with OpenOffice.org 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_0.5.src.rpm i386: openoffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-bg-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-cs-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-da-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-de-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-en-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-es-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-eu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fa-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ga-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-hu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-it-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ja-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ko-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lb-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-mn-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-nl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ru-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sk-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sv-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-tr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-vi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-zh-3.2.1-19.6.el6_0.5.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_0.5.noarch.rpm x86_64: openoffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_0.5.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.i686.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_0.5.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-bg-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-cs-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-da-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-de-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-en-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-es-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-eu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fa-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ga-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-hu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-it-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ja-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ko-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lb-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-mn-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-nl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ru-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sk-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sv-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-tr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-vi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-zh-3.2.1-19.6.el6_0.5.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_0.5.noarch.rpm ppc64: broffice.org-base-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-math-3.2.1-19.6.el6_0.5.ppc64.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-base-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.ppc.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.ppc.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.ppc64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.ppc64.rpm s390x: broffice.org-base-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-math-3.2.1-19.6.el6_0.5.s390x.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-base-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.s390.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.s390.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.s390x.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.s390x.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_0.5.src.rpm i386: openoffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-bg-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-cs-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-da-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-de-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-en-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-es-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-eu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fa-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-fr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ga-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-hu-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-it-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ja-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ko-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lb-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-lt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-mn-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-nl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-pt-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-ru-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sk-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sl-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-sv-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-tr-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-vi-3.2.1-19.6.el6_0.5.noarch.rpm autocorr-zh-3.2.1-19.6.el6_0.5.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_0.5.noarch.rpm x86_64: openoffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_0.5.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-math-3.2.1-19.6.el6_0.5.i686.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.i686.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_0.5.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_0.5.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3450.html https://www.redhat.com/security/data/cve/CVE-2010-3451.html https://www.redhat.com/security/data/cve/CVE-2010-3452.html https://www.redhat.com/security/data/cve/CVE-2010-3453.html https://www.redhat.com/security/data/cve/CVE-2010-3454.html https://www.redhat.com/security/data/cve/CVE-2010-3689.html https://www.redhat.com/security/data/cve/CVE-2010-4253.html https://www.redhat.com/security/data/cve/CVE-2010-4643.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNQukZXlSAg2UNWIIRAjV7AKCIZvfWrMZFfQdJ64oBrTL2RNA1xwCfVumL 5j1TPwvVz92BlzoYu5O9DVM= =YKeJ -----END PGP SIGNATURE-----