From bugzilla at redhat.com Tue Jul 5 18:12:09 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jul 2011 18:12:09 +0000 Subject: [RHSA-2011:0918-01] Moderate: curl security update Message-ID: <201107051812.p65IC9ab010233@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2011:0918-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0918.html Issue date: 2011-07-05 CVE Names: CVE-2011-2192 ===================================================================== 1. Summary: Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 711454 - CVE-2011-2192 curl: Improper delegation of client credentials during GSS negotiation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-17.el4.src.rpm i386: curl-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-devel-7.12.1-17.el4.i386.rpm ia64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.ia64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.ia64.rpm curl-devel-7.12.1-17.el4.ia64.rpm ppc: curl-7.12.1-17.el4.ppc.rpm curl-7.12.1-17.el4.ppc64.rpm curl-debuginfo-7.12.1-17.el4.ppc.rpm curl-debuginfo-7.12.1-17.el4.ppc64.rpm curl-devel-7.12.1-17.el4.ppc.rpm s390: curl-7.12.1-17.el4.s390.rpm curl-debuginfo-7.12.1-17.el4.s390.rpm curl-devel-7.12.1-17.el4.s390.rpm s390x: curl-7.12.1-17.el4.s390.rpm curl-7.12.1-17.el4.s390x.rpm curl-debuginfo-7.12.1-17.el4.s390.rpm curl-debuginfo-7.12.1-17.el4.s390x.rpm curl-devel-7.12.1-17.el4.s390x.rpm x86_64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.x86_64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.x86_64.rpm curl-devel-7.12.1-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-17.el4.src.rpm i386: curl-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-devel-7.12.1-17.el4.i386.rpm x86_64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.x86_64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.x86_64.rpm curl-devel-7.12.1-17.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-17.el4.src.rpm i386: curl-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-devel-7.12.1-17.el4.i386.rpm ia64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.ia64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.ia64.rpm curl-devel-7.12.1-17.el4.ia64.rpm x86_64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.x86_64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.x86_64.rpm curl-devel-7.12.1-17.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-17.el4.src.rpm i386: curl-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-devel-7.12.1-17.el4.i386.rpm ia64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.ia64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.ia64.rpm curl-devel-7.12.1-17.el4.ia64.rpm x86_64: curl-7.12.1-17.el4.i386.rpm curl-7.12.1-17.el4.x86_64.rpm curl-debuginfo-7.12.1-17.el4.i386.rpm curl-debuginfo-7.12.1-17.el4.x86_64.rpm curl-devel-7.12.1-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-9.el5_6.3.src.rpm i386: curl-7.15.5-9.el5_6.3.i386.rpm curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm x86_64: curl-7.15.5-9.el5_6.3.i386.rpm curl-7.15.5-9.el5_6.3.x86_64.rpm curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm curl-debuginfo-7.15.5-9.el5_6.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-9.el5_6.3.src.rpm i386: curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm x86_64: curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm curl-debuginfo-7.15.5-9.el5_6.3.x86_64.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/curl-7.15.5-9.el5_6.3.src.rpm i386: curl-7.15.5-9.el5_6.3.i386.rpm curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm ia64: curl-7.15.5-9.el5_6.3.ia64.rpm curl-debuginfo-7.15.5-9.el5_6.3.ia64.rpm curl-devel-7.15.5-9.el5_6.3.ia64.rpm ppc: curl-7.15.5-9.el5_6.3.ppc.rpm curl-7.15.5-9.el5_6.3.ppc64.rpm curl-debuginfo-7.15.5-9.el5_6.3.ppc.rpm curl-debuginfo-7.15.5-9.el5_6.3.ppc64.rpm curl-devel-7.15.5-9.el5_6.3.ppc.rpm curl-devel-7.15.5-9.el5_6.3.ppc64.rpm s390x: curl-7.15.5-9.el5_6.3.s390.rpm curl-7.15.5-9.el5_6.3.s390x.rpm curl-debuginfo-7.15.5-9.el5_6.3.s390.rpm curl-debuginfo-7.15.5-9.el5_6.3.s390x.rpm curl-devel-7.15.5-9.el5_6.3.s390.rpm curl-devel-7.15.5-9.el5_6.3.s390x.rpm x86_64: curl-7.15.5-9.el5_6.3.i386.rpm curl-7.15.5-9.el5_6.3.x86_64.rpm curl-debuginfo-7.15.5-9.el5_6.3.i386.rpm curl-debuginfo-7.15.5-9.el5_6.3.x86_64.rpm curl-devel-7.15.5-9.el5_6.3.i386.rpm curl-devel-7.15.5-9.el5_6.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm i386: curl-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm x86_64: curl-7.19.7-26.el6_1.1.x86_64.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm i386: curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm x86_64: curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm x86_64: curl-7.19.7-26.el6_1.1.x86_64.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm x86_64: curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm i386: curl-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm ppc64: curl-7.19.7-26.el6_1.1.ppc64.rpm curl-debuginfo-7.19.7-26.el6_1.1.ppc.rpm curl-debuginfo-7.19.7-26.el6_1.1.ppc64.rpm libcurl-7.19.7-26.el6_1.1.ppc.rpm libcurl-7.19.7-26.el6_1.1.ppc64.rpm libcurl-devel-7.19.7-26.el6_1.1.ppc.rpm libcurl-devel-7.19.7-26.el6_1.1.ppc64.rpm s390x: curl-7.19.7-26.el6_1.1.s390x.rpm curl-debuginfo-7.19.7-26.el6_1.1.s390.rpm curl-debuginfo-7.19.7-26.el6_1.1.s390x.rpm libcurl-7.19.7-26.el6_1.1.s390.rpm libcurl-7.19.7-26.el6_1.1.s390x.rpm libcurl-devel-7.19.7-26.el6_1.1.s390.rpm libcurl-devel-7.19.7-26.el6_1.1.s390x.rpm x86_64: curl-7.19.7-26.el6_1.1.x86_64.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.x86_64.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/curl-7.19.7-26.el6_1.1.src.rpm i386: curl-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm x86_64: curl-7.19.7-26.el6_1.1.x86_64.rpm curl-debuginfo-7.19.7-26.el6_1.1.i686.rpm curl-debuginfo-7.19.7-26.el6_1.1.x86_64.rpm libcurl-7.19.7-26.el6_1.1.i686.rpm libcurl-7.19.7-26.el6_1.1.x86_64.rpm libcurl-devel-7.19.7-26.el6_1.1.i686.rpm libcurl-devel-7.19.7-26.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2192.html https://access.redhat.com/security/updates/classification/#moderate http://curl.haxx.se/docs/adv_20110623.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOE1PXXlSAg2UNWIIRAnwXAJ9g/rjErfEDe3QRETAj8sNur4SW5QCdFaan oXfQDHj8Bmh5DRFH0OylbsU= =UTAX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 5 18:12:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jul 2011 18:12:56 +0000 Subject: [RHSA-2011:0919-01] Important: qemu-kvm security and bug fix update Message-ID: <201107051812.p65ICuen010386@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2011:0919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0919.html Issue date: 2011-07-05 CVE Names: CVE-2011-2212 CVE-2011-2512 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to trigger a buffer overflow, allowing them to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2212) It was found that the virtio_queue_notify() function in qemu-kvm did not perform sufficient input validation on the value later used as an index into the array of virtqueues. An unprivileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2512) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212. This update also fixes the following bug: * A bug was found in the way vhost (in qemu-kvm) set up mappings with the host kernel's vhost module. This could result in the host kernel's vhost module not having a complete view of a guest system's memory, if that guest had more than 4 GB of memory. Consequently, hot plugging a vhost-net network device and restarting the guest may have resulted in that device no longer working. (BZ#701771) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 713589 - CVE-2011-2212 qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow 717399 - CVE-2011-2512 qemu-kvm: OOB memory access caused by negative vq notifies 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6_1.2.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2212.html https://www.redhat.com/security/data/cve/CVE-2011-2512.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOE1QMXlSAg2UNWIIRAiqyAJ0YZRdZLS/o8v6GpSJVdixf7dqXjQCgoCi6 FdDb471yututyx66yC/Sm1s= =MaoZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 5 18:20:06 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jul 2011 18:20:06 +0000 Subject: [RHSA-2011:0920-01] Important: krb5-appl security update Message-ID: <201107051820.p65IK6d2012019@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: krb5-appl security update Advisory ID: RHSA-2011:0920-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0920.html Issue date: 2011-07-05 CVE Names: CVE-2011-1526 ===================================================================== 1. Summary: Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. (CVE-2011-1526) Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter. All krb5-appl users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 711419 - CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-appl-1.0.1-2.el6_1.1.src.rpm i386: krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-appl-1.0.1-2.el6_1.1.src.rpm x86_64: krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-appl-1.0.1-2.el6_1.1.src.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-appl-1.0.1-2.el6_1.1.src.rpm i386: krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm ppc64: krb5-appl-clients-1.0.1-2.el6_1.1.ppc64.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.ppc64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.ppc64.rpm s390x: krb5-appl-clients-1.0.1-2.el6_1.1.s390x.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.s390x.rpm krb5-appl-servers-1.0.1-2.el6_1.1.s390x.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-appl-1.0.1-2.el6_1.1.src.rpm i386: krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm x86_64: krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1526.html https://access.redhat.com/security/updates/classification/#important http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOE1W1XlSAg2UNWIIRAuD4AJ0VKPkANffFZLhhGNfADj6LzjYlwQCeP0g+ tYGSf8IXA0u9V4xwtLeZBK0= =akJJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 7 21:29:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Jul 2011 21:29:02 +0000 Subject: [RHSA-2011:0926-01] Important: bind security update Message-ID: <201107072129.p67LT21S011250@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2011:0926-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0926.html Issue date: 2011-07-07 CVE Names: CVE-2011-2464 ===================================================================== 1. Summary: Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially-crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 718966 - CVE-2011-2464 bind: Specially constructed packet will cause named to exit 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.3.src.rpm i386: bind97-9.7.0-6.P2.el5_6.3.i386.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.3.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.3.i386.rpm bind97-utils-9.7.0-6.P2.el5_6.3.i386.rpm x86_64: bind97-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_6.3.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_6.3.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_6.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.3.src.rpm i386: bind97-9.7.0-6.P2.el5_6.3.i386.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.3.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.3.i386.rpm bind97-utils-9.7.0-6.P2.el5_6.3.i386.rpm ia64: bind97-9.7.0-6.P2.el5_6.3.ia64.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.ia64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.ia64.rpm bind97-devel-9.7.0-6.P2.el5_6.3.ia64.rpm bind97-libs-9.7.0-6.P2.el5_6.3.ia64.rpm bind97-utils-9.7.0-6.P2.el5_6.3.ia64.rpm ppc: bind97-9.7.0-6.P2.el5_6.3.ppc.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.ppc64.rpm bind97-devel-9.7.0-6.P2.el5_6.3.ppc.rpm bind97-devel-9.7.0-6.P2.el5_6.3.ppc64.rpm bind97-libs-9.7.0-6.P2.el5_6.3.ppc.rpm bind97-libs-9.7.0-6.P2.el5_6.3.ppc64.rpm bind97-utils-9.7.0-6.P2.el5_6.3.ppc.rpm s390x: bind97-9.7.0-6.P2.el5_6.3.s390x.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.s390x.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.s390.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.s390x.rpm bind97-devel-9.7.0-6.P2.el5_6.3.s390.rpm bind97-devel-9.7.0-6.P2.el5_6.3.s390x.rpm bind97-libs-9.7.0-6.P2.el5_6.3.s390.rpm bind97-libs-9.7.0-6.P2.el5_6.3.s390x.rpm bind97-utils-9.7.0-6.P2.el5_6.3.s390x.rpm x86_64: bind97-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_6.3.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_6.3.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.3.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_6.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-utils-9.7.3-2.el6_1.P3.2.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-9.7.3-2.el6_1.P3.2.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.2.i686.rpm x86_64: bind-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm x86_64: bind-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-9.7.3-2.el6_1.P3.2.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-utils-9.7.3-2.el6_1.P3.2.i686.rpm ppc64: bind-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-chroot-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-libs-9.7.3-2.el6_1.P3.2.ppc.rpm bind-libs-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-utils-9.7.3-2.el6_1.P3.2.ppc64.rpm s390x: bind-9.7.3-2.el6_1.P3.2.s390x.rpm bind-chroot-9.7.3-2.el6_1.P3.2.s390x.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.s390x.rpm bind-libs-9.7.3-2.el6_1.P3.2.s390.rpm bind-libs-9.7.3-2.el6_1.P3.2.s390x.rpm bind-utils-9.7.3-2.el6_1.P3.2.s390x.rpm x86_64: bind-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.2.i686.rpm ppc64: bind-debuginfo-9.7.3-2.el6_1.P3.2.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-devel-9.7.3-2.el6_1.P3.2.ppc.rpm bind-devel-9.7.3-2.el6_1.P3.2.ppc64.rpm bind-sdb-9.7.3-2.el6_1.P3.2.ppc64.rpm s390x: bind-debuginfo-9.7.3-2.el6_1.P3.2.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.s390x.rpm bind-devel-9.7.3-2.el6_1.P3.2.s390.rpm bind-devel-9.7.3-2.el6_1.P3.2.s390x.rpm bind-sdb-9.7.3-2.el6_1.P3.2.s390x.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-9.7.3-2.el6_1.P3.2.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-utils-9.7.3-2.el6_1.P3.2.i686.rpm x86_64: bind-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.2.i686.rpm bind-libs-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.2.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.2.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.2.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.2.i686.rpm bind-devel-9.7.3-2.el6_1.P3.2.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2464.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2011-2464 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOFiULXlSAg2UNWIIRAo7vAJ9z8LHW/1JgdGAZ5gpo79196RTEwQCgscRn ueh0xTsItJoZlCsrCGwP6G4= =L+e9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 12 21:38:17 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jul 2011 21:38:17 +0000 Subject: [RHSA-2011:0928-01] Moderate: kernel security and bug fix update Message-ID: <201107122138.p6CLcHi3010148@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2011:0928-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0928.html Issue date: 2011-07-12 CVE Names: CVE-2011-1767 CVE-2011-1768 CVE-2011-2479 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the receive hook in the ipip_init() function in the ipip module, and in the ipgre_init() function in the ip_gre module, could be called before network namespaces setup is complete. If packets were received at the time the ipip or ip_gre module was still being loaded into the kernel, it could cause a denial of service. (CVE-2011-1767, CVE-2011-1768, Moderate) * It was found that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2479, Moderate) This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 702303 - CVE-2011-1767 CVE-2011-1768 kernel: netns vs proto registration ordering 711546 - RHEL6.1 x86_64 HVM guest crashes on AMD host when guest memory size is larger than 8G 712413 - Cannot find the extended attribute of #11 inode after remount 712414 - [RHEL6.1] [Kernel] Panic while running testing 713135 - MLS - cgconfigparser cannot search on /cgroup/ dirs 713458 - intel-iommu: missing flush prior to removing domains + avoid broken vm/si domain unlinking 714190 - System Hang when there is smart error on IBM platform 714761 - CVE-2011-2479 kernel: thp: madvise on top of /dev/zero private mapping can lead to panic 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.6.1.el6.src.rpm i386: kernel-2.6.32-131.6.1.el6.i686.rpm kernel-debug-2.6.32-131.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.6.1.el6.i686.rpm kernel-devel-2.6.32-131.6.1.el6.i686.rpm kernel-headers-2.6.32-131.6.1.el6.i686.rpm perf-2.6.32-131.6.1.el6.i686.rpm perf-debuginfo-2.6.32-131.6.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.6.1.el6.noarch.rpm kernel-firmware-2.6.32-131.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.6.1.el6.x86_64.rpm kernel-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-headers-2.6.32-131.6.1.el6.x86_64.rpm perf-2.6.32-131.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.6.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.6.1.el6.noarch.rpm kernel-firmware-2.6.32-131.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.6.1.el6.x86_64.rpm kernel-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-headers-2.6.32-131.6.1.el6.x86_64.rpm perf-2.6.32-131.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.6.1.el6.src.rpm i386: kernel-2.6.32-131.6.1.el6.i686.rpm kernel-debug-2.6.32-131.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.6.1.el6.i686.rpm kernel-devel-2.6.32-131.6.1.el6.i686.rpm kernel-headers-2.6.32-131.6.1.el6.i686.rpm perf-2.6.32-131.6.1.el6.i686.rpm perf-debuginfo-2.6.32-131.6.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.6.1.el6.noarch.rpm kernel-firmware-2.6.32-131.6.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.6.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.6.1.el6.ppc64.rpm kernel-debug-2.6.32-131.6.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.6.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.6.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.6.1.el6.ppc64.rpm kernel-devel-2.6.32-131.6.1.el6.ppc64.rpm kernel-headers-2.6.32-131.6.1.el6.ppc64.rpm perf-2.6.32-131.6.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.6.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.6.1.el6.s390x.rpm kernel-debug-2.6.32-131.6.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.6.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.6.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.6.1.el6.s390x.rpm kernel-devel-2.6.32-131.6.1.el6.s390x.rpm kernel-headers-2.6.32-131.6.1.el6.s390x.rpm kernel-kdump-2.6.32-131.6.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.6.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.6.1.el6.s390x.rpm perf-2.6.32-131.6.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.6.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.6.1.el6.x86_64.rpm kernel-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-headers-2.6.32-131.6.1.el6.x86_64.rpm perf-2.6.32-131.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.6.1.el6.src.rpm i386: kernel-2.6.32-131.6.1.el6.i686.rpm kernel-debug-2.6.32-131.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.6.1.el6.i686.rpm kernel-devel-2.6.32-131.6.1.el6.i686.rpm kernel-headers-2.6.32-131.6.1.el6.i686.rpm perf-2.6.32-131.6.1.el6.i686.rpm perf-debuginfo-2.6.32-131.6.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.6.1.el6.noarch.rpm kernel-firmware-2.6.32-131.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.6.1.el6.x86_64.rpm kernel-devel-2.6.32-131.6.1.el6.x86_64.rpm kernel-headers-2.6.32-131.6.1.el6.x86_64.rpm perf-2.6.32-131.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.6.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1767.html https://www.redhat.com/security/data/cve/CVE-2011-1768.html https://www.redhat.com/security/data/cve/CVE-2011-2479.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-0928 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOHL6kXlSAg2UNWIIRAnzmAJ9ZkgaQb5w8IW0/drAXkmjx4LUHdwCfQmMI S9T6sjLD1cXTCG63cOtD8XI= =QNbC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 12 21:39:07 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jul 2011 21:39:07 +0000 Subject: [RHSA-2011:0930-01] Moderate: NetworkManager security update Message-ID: <201107122139.p6CLd8H8010283@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: NetworkManager security update Advisory ID: RHSA-2011:0930-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0930.html Issue date: 2011-07-12 CVE Names: CVE-2011-2176 ===================================================================== 1. Summary: Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could use this flaw to bypass intended PolicyKit restrictions, allowing them to enable wireless network sharing. (CVE-2011-2176) Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 709662 - CVE-2011-2176 NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.i686.rpm x86_64: NetworkManager-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm x86_64: NetworkManager-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.i686.rpm ppc64: NetworkManager-0.8.1-9.el6_1.1.ppc64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.ppc.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.ppc64.rpm NetworkManager-glib-0.8.1-9.el6_1.1.ppc.rpm NetworkManager-glib-0.8.1-9.el6_1.1.ppc64.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.ppc64.rpm s390x: NetworkManager-0.8.1-9.el6_1.1.s390x.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.s390.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.s390x.rpm NetworkManager-glib-0.8.1-9.el6_1.1.s390.rpm NetworkManager-glib-0.8.1-9.el6_1.1.s390x.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.s390x.rpm x86_64: NetworkManager-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm ppc64: NetworkManager-debuginfo-0.8.1-9.el6_1.1.ppc.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.ppc64.rpm NetworkManager-devel-0.8.1-9.el6_1.1.ppc.rpm NetworkManager-devel-0.8.1-9.el6_1.1.ppc64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.ppc.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.ppc64.rpm s390x: NetworkManager-debuginfo-0.8.1-9.el6_1.1.s390.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.s390x.rpm NetworkManager-devel-0.8.1-9.el6_1.1.s390.rpm NetworkManager-devel-0.8.1-9.el6_1.1.s390x.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.s390.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.s390x.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.i686.rpm x86_64: NetworkManager-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.1.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.1.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.1.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2176.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOHL7ZXlSAg2UNWIIRAuQgAJ97ZXKfg0O6VNnDRhMEGBayP916WwCgsVsR FjtYW9FnOYVKimFhWF2IGN8= =pdtq -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 15 06:01:57 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 15 Jul 2011 06:01:57 +0000 Subject: [RHSA-2011:0938-01] Critical: java-1.6.0-ibm security update Message-ID: <201107150601.p6F61v65002823@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2011:0938-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0938.html Issue date: 2011-07-15 CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862 CVE-2011-0863 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-0873 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP2 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) 706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) 706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969) 706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) 706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495) 706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) 711675 - CVE-2011-0873 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (2D) 711676 - CVE-2011-0863 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (Deployment) 711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.ppc64.rpm s390: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.2-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.2-1jpp.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0802.html https://www.redhat.com/security/data/cve/CVE-2011-0814.html https://www.redhat.com/security/data/cve/CVE-2011-0862.html https://www.redhat.com/security/data/cve/CVE-2011-0863.html https://www.redhat.com/security/data/cve/CVE-2011-0865.html https://www.redhat.com/security/data/cve/CVE-2011-0867.html https://www.redhat.com/security/data/cve/CVE-2011-0868.html https://www.redhat.com/security/data/cve/CVE-2011-0869.html https://www.redhat.com/security/data/cve/CVE-2011-0871.html https://www.redhat.com/security/data/cve/CVE-2011-0873.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOH9fGXlSAg2UNWIIRAkn/AJ47Tz4xLkw3blhzphOhyY1gZbtv8ACguNT6 Rmxu+hLJ2UxmISl0xuMUkLs= =R5Mh -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 15 06:13:54 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 15 Jul 2011 06:13:54 +0000 Subject: [RHSA-2011:0927-01] Important: kernel security and bug fix update Message-ID: <201107150613.p6F6DsWp019784@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:0927-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0927.html Issue date: 2011-07-15 CVE Names: CVE-2010-4649 CVE-2011-0695 CVE-2011-0711 CVE-2011-1044 CVE-2011-1182 CVE-2011-1573 CVE-2011-1576 CVE-2011-1593 CVE-2011-1745 CVE-2011-1746 CVE-2011-1776 CVE-2011-1936 CVE-2011-2022 CVE-2011-2213 CVE-2011-2492 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important) * A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. (CVE-2011-0695, Important) * A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addip_enable" variable was turned on (it is off by default). (CVE-2011-1573, Important) * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate) * An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate) * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate) * A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low) * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low) * A missing validation check was found in the signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially-crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Vasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492. Bug fix documentation will be available shortly from the Technical Notes document linked to in the References. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 653648 - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler 667916 - CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ 677260 - CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 690028 - CVE-2011-1182 kernel signal spoofing issue 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 695383 - CVE-2011-1573 kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set 697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap() 698996 - CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls 698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory() 703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace 703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries 703056 - [RHEL5.5] Panic in iscsi_sw_tcp_data_ready() [rhel-5.6.z] 706323 - CVE-2011-1936 kernel: xen: vmx: insecure cpuid vmexit 707899 - The pci resource for vf is not released after hot-removing Intel 82576 NIC [rhel-5.6.z] 711519 - GFS2: resource group bitmap corruption resulting in panics and withdraws 714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.19.1.el5.src.rpm i386: kernel-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.19.1.el5.i686.rpm kernel-debug-2.6.18-238.19.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.19.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.i686.rpm kernel-devel-2.6.18-238.19.1.el5.i686.rpm kernel-headers-2.6.18-238.19.1.el5.i386.rpm kernel-xen-2.6.18-238.19.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.19.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.19.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.19.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.x86_64.rpm kernel-devel-2.6.18-238.19.1.el5.x86_64.rpm kernel-headers-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.19.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.19.1.el5.src.rpm i386: kernel-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.19.1.el5.i686.rpm kernel-debug-2.6.18-238.19.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.19.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.i686.rpm kernel-devel-2.6.18-238.19.1.el5.i686.rpm kernel-headers-2.6.18-238.19.1.el5.i386.rpm kernel-xen-2.6.18-238.19.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.19.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.19.1.el5.i686.rpm ia64: kernel-2.6.18-238.19.1.el5.ia64.rpm kernel-debug-2.6.18-238.19.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.19.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.19.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.ia64.rpm kernel-devel-2.6.18-238.19.1.el5.ia64.rpm kernel-headers-2.6.18-238.19.1.el5.ia64.rpm kernel-xen-2.6.18-238.19.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.19.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.19.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.19.1.el5.noarch.rpm ppc: kernel-2.6.18-238.19.1.el5.ppc64.rpm kernel-debug-2.6.18-238.19.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.19.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.ppc64.rpm kernel-devel-2.6.18-238.19.1.el5.ppc64.rpm kernel-headers-2.6.18-238.19.1.el5.ppc.rpm kernel-headers-2.6.18-238.19.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.19.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.19.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.19.1.el5.s390x.rpm kernel-debug-2.6.18-238.19.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.19.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.19.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.s390x.rpm kernel-devel-2.6.18-238.19.1.el5.s390x.rpm kernel-headers-2.6.18-238.19.1.el5.s390x.rpm kernel-kdump-2.6.18-238.19.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.19.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.19.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.19.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.19.1.el5.x86_64.rpm kernel-devel-2.6.18-238.19.1.el5.x86_64.rpm kernel-headers-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.19.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4649.html https://www.redhat.com/security/data/cve/CVE-2011-0695.html https://www.redhat.com/security/data/cve/CVE-2011-0711.html https://www.redhat.com/security/data/cve/CVE-2011-1044.html https://www.redhat.com/security/data/cve/CVE-2011-1182.html https://www.redhat.com/security/data/cve/CVE-2011-1573.html https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://www.redhat.com/security/data/cve/CVE-2011-1593.html https://www.redhat.com/security/data/cve/CVE-2011-1745.html https://www.redhat.com/security/data/cve/CVE-2011-1746.html https://www.redhat.com/security/data/cve/CVE-2011-1776.html https://www.redhat.com/security/data/cve/CVE-2011-1936.html https://www.redhat.com/security/data/cve/CVE-2011-2022.html https://www.redhat.com/security/data/cve/CVE-2011-2213.html https://www.redhat.com/security/data/cve/CVE-2011-2492.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0927 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOH9qRXlSAg2UNWIIRAjaUAJ0S0n+vF0EHrw02A8dlf76Pf3I7QQCgi8J5 ssh+iW4lgLvNHcwOjm51IzQ= =E4l0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 18 22:11:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jul 2011 22:11:16 +0000 Subject: [RHSA-2011:0953-01] Moderate: system-config-firewall security update Message-ID: <201107182211.p6IMBG25003273@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: system-config-firewall security update Advisory ID: RHSA-2011:0953-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0953.html Issue date: 2011-07-18 CVE Names: CVE-2011-2520 ===================================================================== 1. Summary: Updated system-config-firewall packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object. (CVE-2011-2520) Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue. This erratum updates system-config-firewall to use JSON (JavaScript Object Notation) for data exchange, instead of pickle. Therefore, an updated version of system-config-printer that uses this new communication data format is also provided in this erratum. Users of system-config-firewall are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-firewall must be restarted before the utility will be able to communicate with its updated back-end. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 717985 - CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm noarch: system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm ppc64: system-config-printer-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.ppc64.rpm s390x: system-config-printer-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-libs-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-udev-1.1.16-17.el6_1.2.s390x.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2520.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJK9mXlSAg2UNWIIRAo0BAJ41WBVD9620jZwW1ac2CkiIn49T4ACdFDbg jMJNzR30MDhT1RH8H5XkcA4= =IXvZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 19 18:05:27 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Jul 2011 18:05:27 +0000 Subject: [RHSA-2011:0959-01] Moderate: mutt security update Message-ID: <201107191805.p6JI5RJN001123@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mutt security update Advisory ID: RHSA-2011:0959-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0959.html Issue date: 2011-07-19 CVE Names: CVE-2011-1429 ===================================================================== 1. Summary: An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. (CVE-2011-1429) All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 688755 - CVE-2011-1429 mutt: SSL host name check may be skipped when verifying certificate chain 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm ppc64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm s390x: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm i386: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm x86_64: mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1429.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJcc/XlSAg2UNWIIRAoQAAKCksJfaSfDF4e41g+4B5D95Bc4M6wCgw+sT +0hWdVwUkjPrrokQOJpVxyw= =97VY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 20 18:25:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jul 2011 18:25:34 +0000 Subject: [RHSA-2011:1083-01] Moderate: fuse security update Message-ID: <201107201825.p6KIPYrC027010@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: fuse security update Advisory ID: RHSA-2011:1083-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1083.html Issue date: 2011-07-20 CVE Names: CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 ===================================================================== 1. Summary: Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: FUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543) Note: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws. All users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 651183 - CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm i386: fuse-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm x86_64: fuse-2.8.3-3.el6_1.x86_64.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm i386: fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm x86_64: fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm x86_64: fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-libs-2.8.3-3.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm x86_64: fuse-2.8.3-3.el6_1.x86_64.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.x86_64.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm i386: fuse-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm ppc64: fuse-2.8.3-3.el6_1.ppc64.rpm fuse-debuginfo-2.8.3-3.el6_1.ppc.rpm fuse-debuginfo-2.8.3-3.el6_1.ppc64.rpm fuse-devel-2.8.3-3.el6_1.ppc.rpm fuse-devel-2.8.3-3.el6_1.ppc64.rpm fuse-libs-2.8.3-3.el6_1.ppc.rpm fuse-libs-2.8.3-3.el6_1.ppc64.rpm s390x: fuse-2.8.3-3.el6_1.s390x.rpm fuse-debuginfo-2.8.3-3.el6_1.s390.rpm fuse-debuginfo-2.8.3-3.el6_1.s390x.rpm fuse-devel-2.8.3-3.el6_1.s390.rpm fuse-devel-2.8.3-3.el6_1.s390x.rpm fuse-libs-2.8.3-3.el6_1.s390.rpm fuse-libs-2.8.3-3.el6_1.s390x.rpm x86_64: fuse-2.8.3-3.el6_1.x86_64.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.x86_64.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/fuse-2.8.3-3.el6_1.src.rpm i386: fuse-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm x86_64: fuse-2.8.3-3.el6_1.x86_64.rpm fuse-debuginfo-2.8.3-3.el6_1.i686.rpm fuse-debuginfo-2.8.3-3.el6_1.x86_64.rpm fuse-devel-2.8.3-3.el6_1.i686.rpm fuse-devel-2.8.3-3.el6_1.x86_64.rpm fuse-libs-2.8.3-3.el6_1.i686.rpm fuse-libs-2.8.3-3.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3879.html https://www.redhat.com/security/data/cve/CVE-2011-0541.html https://www.redhat.com/security/data/cve/CVE-2011-0542.html https://www.redhat.com/security/data/cve/CVE-2011-0543.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHBA-2011-0699.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJx2RXlSAg2UNWIIRAk6bAKCyMvXD1zybttx43g4pOCFNdioBxwCfcnrb Il4ASTA04l2l0QYBfSRG3FE= =u6xH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 20 18:26:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jul 2011 18:26:05 +0000 Subject: [RHSA-2011:1084-01] Moderate: libsndfile security update Message-ID: <201107201826.p6KIQ6Fl000804@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libsndfile security update Advisory ID: RHSA-2011:1084-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1084.html Issue date: 2011-07-20 CVE Names: CVE-2011-2696 ===================================================================== 1. Summary: Updated libsndfile packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format (PAF) audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2696) Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 721234 - CVE-2011-2696 libsndfile: Application crash due integer overflow by processing certain PAF audio files 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm x86_64: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm x86_64: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm x86_64: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm x86_64: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm ppc64: libsndfile-1.0.20-3.el6_1.1.ppc.rpm libsndfile-1.0.20-3.el6_1.1.ppc64.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc64.rpm s390x: libsndfile-1.0.20-3.el6_1.1.s390.rpm libsndfile-1.0.20-3.el6_1.1.s390x.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.s390.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.s390x.rpm x86_64: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm ppc64: libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc64.rpm libsndfile-devel-1.0.20-3.el6_1.1.ppc.rpm libsndfile-devel-1.0.20-3.el6_1.1.ppc64.rpm s390x: libsndfile-debuginfo-1.0.20-3.el6_1.1.s390.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.s390x.rpm libsndfile-devel-1.0.20-3.el6_1.1.s390.rpm libsndfile-devel-1.0.20-3.el6_1.1.s390x.rpm x86_64: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm x86_64: libsndfile-1.0.20-3.el6_1.1.i686.rpm libsndfile-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libsndfile-1.0.20-3.el6_1.1.src.rpm i386: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm x86_64: libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2696.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJx2uXlSAg2UNWIIRAhlrAJ9qvDv8XNRW8+Ziyx+hJwkKMcbIBgCfTMfw rxDbF6ffb/pTfjNcba6DnEg= =3qYM -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:27:14 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:27:14 +0000 Subject: [RHSA-2011:0975-01] Low: sssd security, bug fix, and enhancement update Message-ID: <201107211327.p6LDRFXa019029@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0975-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0975.html Issue date: 2011-07-21 CVE Names: CVE-2010-4341 ===================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech nical_Notes/sssd.html#RHSA-2011-0975 All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640601 - sssd is not escaping correctly LDAP searches 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 675007 - sssd corrupts group cache 676027 - sssd segfault when first entry of ldap_uri is unreachable 678032 - Remove HBAC time rules from SSSD 678092 - SSSD in 5.6 can not locate HBAC rules from FreeIPAv2 678412 - name service caches names, so id command shows recently deleted users 678606 - User information not updated on login for secondary domains 678615 - SSSD needs to look at IPA's compat tree for netgroups 678778 - IPA provider does not update removed group memberships on initgroups 678780 - sssd crashes at the next tgt renewals it tries. 679087 - SSSD IPA provider should honor the krb5_realm option 679097 - Does not read renewable ccache at startup. 682803 - sssd-be segmentation fault - ipa-client on ipa-server 682808 - sssd_nss core dumps with certain lookups 682853 - IPA provider should use realm instead of ipa_domain for base DN 683260 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 688677 - Build SSSD in RHEL 5.7 against openldap24-libs 688694 - authconfig fails when access_provider is set as krb5 in sssd.conf. 688697 - sssd 1.5.1-9 breaks AD authentication 689887 - group memberships are not populated correctly during IPA provider initgroups 690093 - multiple problems with sssd + ldap (Active-Directory) and groups members. 690096 - SSSD should skip over groups with multiple names 690287 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d. 690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 690867 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691900 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692960 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694149 - SSSD consumes GBs of RAM, possible memory leak 694853 - SSSD crashes during getent when anonymous bind is disabled. 695476 - Unable to resolve SRV record when called with _srv_, in ldap_uri 696979 - [REGRESSION] Filters not honoured against fully-qualified users. 701702 - sssd client libraries use select() but should use poll() instead 707340 - latest sssd fails if ldap_default_authtok_type is not mentioned 707574 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sssd-1.5.1-37.el5.src.rpm i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sssd-1.5.1-37.el5.src.rpm i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm ia64: sssd-1.5.1-37.el5.ia64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.ia64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.ia64.rpm sssd-tools-1.5.1-37.el5.ia64.rpm ppc: sssd-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc64.rpm sssd-debuginfo-1.5.1-37.el5.ppc.rpm sssd-debuginfo-1.5.1-37.el5.ppc64.rpm sssd-tools-1.5.1-37.el5.ppc.rpm s390x: sssd-1.5.1-37.el5.s390x.rpm sssd-client-1.5.1-37.el5.s390.rpm sssd-client-1.5.1-37.el5.s390x.rpm sssd-debuginfo-1.5.1-37.el5.s390.rpm sssd-debuginfo-1.5.1-37.el5.s390x.rpm sssd-tools-1.5.1-37.el5.s390x.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4341.html https://access.redhat.com/security/updates/classification/#low https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.1 https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/sssd.html#RHSA-2011-0975 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCjwXlSAg2UNWIIRAp1QAJ48+Zo46ncYENnEBVbZIzUvJIL+WgCgpSjL 85yR3jufQeBeq/Pqee04GX8= =dZbV -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:29:11 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:29:11 +0000 Subject: [RHSA-2011:0999-01] Moderate: rsync security, bug fix, and enhancement update Message-ID: <201107211329.p6LDTBhf013365@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rsync security, bug fix, and enhancement update Advisory ID: RHSA-2011:0999-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0999.html Issue date: 2011-07-21 CVE Names: CVE-2007-6200 ===================================================================== 1. Summary: An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200) Note: This issue only affected users running rsync as a writable daemon: "read only" set to "false" in the rsync configuration file (for example, "/etc/rsyncd.conf"). By default, this option is set to "true". This update also fixes the following bugs: * The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#339971) * When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the "rwrite()" function in the generator. Also, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an "unexpected tag 3" fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected. (BZ#471182) * Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected. (BZ#575022) * When running rsync under a non-root user with the "-A" ("--acls") option and without using the "--numeric-ids" option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the "acl_set_file()" function returned an invalid argument value ("EINVAL"). This was caused by rsync mistakenly mapping the group name to the Group ID "GID_NONE" ("-1"), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected. (BZ#616093) * When creating a sparse file that was zero blocks long, the "rsync - --sparse" command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected. (BZ#530866) * Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message: when the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes. (BZ#690148) * Prior to this update, there were missing deallocations found in the "start_client()" function. This bug has been fixed in this update and no longer occurs. (BZ#700450) All users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 339971 - [RFE] Rebase rsync packages to version 3 407171 - CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks 471182 - rsync errors: unexpected tag 3 [sender] 530866 - rsync --sparse does not properly copy sparse files 575022 - rsyncd gets confused with timezones when logging to syslog 616093 - EINVAL (Invalid argument) setting group --acls 690148 - Rsync instances stay in memory when using in daemon mode 700450 - Resource leaks revealed by Coverity scan. 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rsync-3.0.6-4.el5.src.rpm i386: rsync-3.0.6-4.el5.i386.rpm rsync-debuginfo-3.0.6-4.el5.i386.rpm x86_64: rsync-3.0.6-4.el5.x86_64.rpm rsync-debuginfo-3.0.6-4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rsync-3.0.6-4.el5.src.rpm i386: rsync-3.0.6-4.el5.i386.rpm rsync-debuginfo-3.0.6-4.el5.i386.rpm ia64: rsync-3.0.6-4.el5.ia64.rpm rsync-debuginfo-3.0.6-4.el5.ia64.rpm ppc: rsync-3.0.6-4.el5.ppc.rpm rsync-debuginfo-3.0.6-4.el5.ppc.rpm s390x: rsync-3.0.6-4.el5.s390x.rpm rsync-debuginfo-3.0.6-4.el5.s390x.rpm x86_64: rsync-3.0.6-4.el5.x86_64.rpm rsync-debuginfo-3.0.6-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-6200.html https://access.redhat.com/security/updates/classification/#moderate http://rsync.samba.org/security.html#s3_0_0 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKClrXlSAg2UNWIIRAr/kAJ9EgEdBTcjM1aTFnxp7P5gJ4omnngCguanK eVvtpi4wjNuGa+GHXF5y6Bk= =4Ez/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:31:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:31:05 +0000 Subject: [RHSA-2011:1000-01] Low: rgmanager security, bug fix, and enhancement update Message-ID: <201107211331.p6LDV5cX011274@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: rgmanager security, bug fix, and enhancement update Advisory ID: RHSA-2011:1000-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1000.html Issue date: 2011-07-21 CVE Names: CVE-2010-3389 ===================================================================== 1. Summary: An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting this issue. This update also fixes the following bugs: * The failover domain "nofailback" option was not honored if a service was in the "starting" state. This bug has been fixed. (BZ#669440) * PID files with white spaces in the file name are now handled correctly. (BZ#632704) * The /usr/sbin/rhev-check.sh script can now be used from within Cron. (BZ#634225) * The clustat utility now reports the correct version. (BZ#654160) * The oracledb.sh agent now attempts to try the "shutdown immediate" command instead of using the "shutdown abort" command. (BZ#633992) * The SAPInstance and SAPDatabase scripts now use proper directory name quoting so they no longer collide with directory names like "/u". (BZ#637154) * The clufindhostname utility now returns the correct value in all cases. (BZ#592613) * The nfsclient resource agent now handles paths with trailing slashes correctly. (BZ#592624) * The last owner of a service is now reported correctly after a failover. (BZ#610483) * The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command if quotas were not configured. (BZ#637678) * The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the Apache resource agent is now correct. (BZ#675739) * The tomcat-5 resource agent no longer generates incorrect configurations. (BZ#637802) * The time required to stop an NFS resource when the server is unavailable has been reduced. (BZ#678494) * When using exclusive prioritization, a higher priority service now preempts a lower priority service after status check failures. (BZ#680256) * The postgres-8 resource agent now correctly detects failed start operations. (BZ#663827) * The handling of reference counts passed by rgmanager to resource agents now works properly, as expected. (BZ#692771) As well, this update adds the following enhancements: * It is now possible to disable updates to static routes by the IP resource agent. (BZ#620700) * It is now possible to use XFS as a file system within a cluster service. (BZ#661893) * It is now possible to use the "clustat" command as a non-root user, so long as that user is in the "root" group. (BZ#510300) * It is now possible to migrate virtual machines when central processing is enabled. (BZ#525271) * The rgmanager init script will now delay after stopping services in order to allow time for other nodes to restart them. (BZ#619468) * The handling of failed independent subtrees has been corrected. (BZ#711521) All users of Red Hat Resource Group Manager are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 592613 - clufindhostname -i returns random value 592624 - nfsclient exports doens't work. 610483 - last_owner is not correctly updated on service reallocarion on failover 632704 - If whitespace in mysql resource name then pid file is not found 634225 - rhev-check.sh needs /usr/sbin in path 637154 - SAPInstance and SAPDatabase fail to start/stop/status if /u exists 637678 - service failover hangs at quotaoff in /usr/share/cluster/fs.sh 637802 - Fix problems in generated config file for tomcat-5 639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability 654160 - clustat -v reports "clustat version DEVEL" on release package 661893 - Support/testing of XFS filesystem as part of RHEL Cluster 663827 - postgres-8 resource agent does not detect a failed start of postgres server 669440 - Service will failback on "nofailback" failover domain if service is in "starting" state 675739 - Listen line in generated httpd.conf incorrect 678494 - netfs.sh patch, when network is lost it takes too long to unmount the NFS filesystems 680256 - Service with highest exclusive prio should be relocated to another node with lower exclusive prio 711521 - Dependencies in independent_tree resources does not work as expected 6. Package List: RHEL Clustering (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rgmanager-2.0.52-21.el5.src.rpm i386: rgmanager-2.0.52-21.el5.i386.rpm rgmanager-debuginfo-2.0.52-21.el5.i386.rpm ia64: rgmanager-2.0.52-21.el5.ia64.rpm rgmanager-debuginfo-2.0.52-21.el5.ia64.rpm ppc: rgmanager-2.0.52-21.el5.ppc.rpm rgmanager-debuginfo-2.0.52-21.el5.ppc.rpm x86_64: rgmanager-2.0.52-21.el5.x86_64.rpm rgmanager-debuginfo-2.0.52-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3389.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCnlXlSAg2UNWIIRAufKAKC7sejax1sWiGL0AthPm4yWLdD7bgCgsCka lzuPnpDzCO52dNDz+iNi1tg= =M56t -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:32:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:32:50 +0000 Subject: [RHSA-2011:1005-01] Low: sysstat security, bug fix, and enhancement update Message-ID: <201107211332.p6LDWogj006683@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sysstat security, bug fix, and enhancement update Advisory ID: RHSA-2011:1005-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1005.html Issue date: 2011-07-21 CVE Names: CVE-2007-3852 ===================================================================== 1. Summary: An updated sysstat package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. (CVE-2007-3852) This update fixes the following bugs: * On systems under heavy load, the sadc utility would sometimes output the following error message if a write() call was unable to write all of the requested input: "Cannot write data to system activity file: Success." In this updated package, the sadc utility tries to write the remaining input, resolving this issue. (BZ#454617) * On the Itanium architecture, the "sar -I" command provided incorrect information about the interrupt statistics of the system. With this update, the "sar -I" command has been disabled for this architecture, preventing this bug. (BZ#468340) * Previously, the "iostat -n" command used invalid data to create statistics for read and write operations. With this update, the data source for these statistics has been fixed, and the iostat utility now returns correct information. (BZ#484439) * The "sar -d" command used to output invalid data about block devices. With this update, the sar utility recognizes disk registration and disk overflow statistics properly, and only correct and relevant data is now displayed. (BZ#517490) * Previously, the sar utility set the maximum number of days to be logged in one month too high. Consequently, data from a month was appended to data from the preceding month. With this update, the maximum number of days has been set to 25, and data from a month now correctly replaces data from the preceding month. (BZ#578929) * In previous versions of the iostat utility, the number of NFS mount points was hard-coded. Consequently, various issues occurred while iostat was running and NFS mount points were mounted or unmounted; certain values in iostat reports overflowed and some mount points were not reported at all. With this update, iostat properly recognizes when an NFS mount point mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767) * When a device name was longer than 13 characters, the iostat utility printed a redundant new line character, making its output less readable. This bug has been fixed and now, no extra characters are printed if a long device name occurs in iostat output. (BZ#604637) * Previously, if kernel interrupt counters overflowed, the sar utility provided confusing output. This bug has been fixed and the sum of interrupts is now reported correctly. (BZ#622557) * When some processors were disabled on a multi-processor system, the sar utility sometimes failed to provide information about the CPU activity. With this update, the uptime of a single processor is used to compute the statistics, rather than the total uptime of all processors, and this bug no longer occurs. (BZ#630559) * Previously, the mpstat utility wrongly interpreted data about processors in the system. Consequently, it reported a processor that did not exist. This bug has been fixed and non-existent CPUs are no longer reported by mpstat. (BZ#579409) * Previously, there was no easy way to enable the collection of statistics about disks and interrupts. Now, the SADC_OPTIONS variable can be used to set parameters for the sadc utility, fixing this bug. (BZ#598794) * The read_uptime() function failed to close its open file upon exit. A patch has been provided to fix this bug. (BZ#696672) This update also adds the following enhancement: * With this update, the cifsiostat utility has been added to the sysstat package to provide CIFS (Common Internet File System) mount point I/O statistics. (BZ#591530) All sysstat users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 251200 - CVE-2007-3852 sysstat insecure temporary file usage 454617 - [RHEL5] Though function write() executed sucessful, sadc end with an error. 484439 - iostat -n enhancement not report NFS client stats correctly 517490 - The 'sar -d ' command outputs invalid data 578929 - March sar data was appended to February data 579409 - The sysstat's programs such as mpstat shows one extra cpu. 598794 - Enable parametrization of sadc arguments 604637 - extraneous newline in iostat report for long device names 622557 - sar interrupt count goes backward 630559 - 'sar -P ALL -f xxxx ' does not display activity information. 675058 - iostat: bogus value appears when device is unmounted/mounted 694767 - iostat doesn't report statistics for shares with long names 696672 - Resource leak 706095 - iostat -n - values in output overflows 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sysstat-7.0.2-11.el5.src.rpm i386: sysstat-7.0.2-11.el5.i386.rpm sysstat-debuginfo-7.0.2-11.el5.i386.rpm x86_64: sysstat-7.0.2-11.el5.x86_64.rpm sysstat-debuginfo-7.0.2-11.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sysstat-7.0.2-11.el5.src.rpm i386: sysstat-7.0.2-11.el5.i386.rpm sysstat-debuginfo-7.0.2-11.el5.i386.rpm ia64: sysstat-7.0.2-11.el5.ia64.rpm sysstat-debuginfo-7.0.2-11.el5.ia64.rpm ppc: sysstat-7.0.2-11.el5.ppc.rpm sysstat-debuginfo-7.0.2-11.el5.ppc.rpm s390x: sysstat-7.0.2-11.el5.s390x.rpm sysstat-debuginfo-7.0.2-11.el5.s390x.rpm x86_64: sysstat-7.0.2-11.el5.x86_64.rpm sysstat-debuginfo-7.0.2-11.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-3852.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCpOXlSAg2UNWIIRArs4AKDEkbDrwz58M23UNX26ao1/5gmz4QCgprlL hFn31chNrjw6+rDcWl5Xh0o= =kZ3b -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:35:12 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:35:12 +0000 Subject: [RHSA-2011:1019-01] Moderate: libvirt security, bug fix, and enhancement update Message-ID: <201107211335.p6LDZDKP013579@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2011:1019-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1019.html Issue date: 2011-07-21 CVE Names: CVE-2011-2511 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash. (CVE-2011-2511) This update fixes the following bugs: * libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat Enterprise Linux 5.6. A code audit found a minor API change that effected error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 ? 0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2 client saw a "Timed out during operation" message where it should see an "Invalid network filter" error. This update adds a backported patch that allows libvirt 0.8.2 clients to interoperate with the API as used by libvirt 0.7.x servers, ensuring correct error messages are sent. (BZ#665075) * libvirt could crash if the maximum number of open file descriptors (_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed file descriptors outside the bounds of the set. With this update the maximum number of open file descriptors can no longer grow larger than the FD_SETSIZE value. (BZ#665549) * A libvirt race condition was found. An array in the libvirt event handlers was accessed with a lock temporarily released. In rare cases, if one thread attempted to access this array but a second thread reallocated the array before the first thread reacquired a lock, it could lead to the first thread attempting to access freed memory, potentially causing libvirt to crash. With this update libvirt no longer refers to the old array and, consequently, behaves as expected. (BZ#671569) * Guests connected to a passthrough NIC would kernel panic if a system_reset signal was sent through the QEMU monitor. With this update you can reset such guests as expected. (BZ#689880) * When using the Xen kernel, the rpmbuild command failed on the xencapstest test. With this update you can run rpmbuild successfully when using the Xen kernel. (BZ#690459) * When a disk was hot unplugged, "ret >= 0" was passed to the qemuAuditDisk calls in disk hotunplug operations before ret was, in fact, set to 0. As well, the error path jumped to the "cleanup" label prematurely. As a consequence, hotunplug failures were not audited and hotunplug successes were audited as failures. This was corrected and hot unplugging checks now behave as expected. (BZ#710151) * A conflict existed between filter update locking sequences and virtual machine startup locking sequences. When a filter update occurred on one or more virtual machines, a deadlock could consequently occur if a virtual machine referencing a filter was started. This update changes and makes more flexible several qemu locking sequences ensuring this deadlock no longer occurs. (BZ#697749) * qemudDomainSaveImageStartVM closed some incoming file descriptor (fd) arguments without informing the caller. The consequent double-closes could cause Domain restoration failure. This update alters the qemudDomainSaveImageStartVM signature to prevent the double-closes. (BZ#681623) This update also adds the following enhancements: * The libvirt Xen driver now supports more than one serial port. (BZ#670789) * Enabling and disabling the High Precision Event Timer (HPET) in Xen domains is now possible. (BZ#703193) All libvirt users should install this update which addresses this vulnerability, fixes these bugs and adds these enhancements. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 665075 - minor libvirt API break in error reporting 665549 - libvirt crash on src/util/util.c in __virExec 671569 - race condition in libvirt could lead to crash on event handling 681623 - libvirt double-close bug in tight loop of save/restore [5.7] 689880 - guest with passthrough nic got kernel panic when send system_reset signal in QEMU monitor 690459 - rpmbuild failed on xencapstest when running under xen kernel 697749 - Deadlock between VM ops and filter update 703193 - support enabling/disabling xen hpet 710151 - Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect 717199 - CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.8.2-22.el5.src.rpm i386: libvirt-0.8.2-22.el5.i386.rpm libvirt-debuginfo-0.8.2-22.el5.i386.rpm libvirt-devel-0.8.2-22.el5.i386.rpm libvirt-python-0.8.2-22.el5.i386.rpm x86_64: libvirt-0.8.2-22.el5.i386.rpm libvirt-0.8.2-22.el5.x86_64.rpm libvirt-debuginfo-0.8.2-22.el5.i386.rpm libvirt-debuginfo-0.8.2-22.el5.x86_64.rpm libvirt-devel-0.8.2-22.el5.i386.rpm libvirt-devel-0.8.2-22.el5.x86_64.rpm libvirt-python-0.8.2-22.el5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.8.2-22.el5.src.rpm i386: libvirt-0.8.2-22.el5.i386.rpm libvirt-debuginfo-0.8.2-22.el5.i386.rpm libvirt-devel-0.8.2-22.el5.i386.rpm libvirt-python-0.8.2-22.el5.i386.rpm ia64: libvirt-0.8.2-22.el5.ia64.rpm libvirt-debuginfo-0.8.2-22.el5.ia64.rpm libvirt-devel-0.8.2-22.el5.ia64.rpm libvirt-python-0.8.2-22.el5.ia64.rpm x86_64: libvirt-0.8.2-22.el5.i386.rpm libvirt-0.8.2-22.el5.x86_64.rpm libvirt-debuginfo-0.8.2-22.el5.i386.rpm libvirt-debuginfo-0.8.2-22.el5.x86_64.rpm libvirt-devel-0.8.2-22.el5.i386.rpm libvirt-devel-0.8.2-22.el5.x86_64.rpm libvirt-python-0.8.2-22.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2511.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCq3XlSAg2UNWIIRAh+2AKCGGhUYMwzTuqeKUHbY+BhxEYouoACgpqfB b/l7//fSgMwQIA5HVRWMmcI= =wBo1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:39:08 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:39:08 +0000 Subject: [RHSA-2011:1065-01] Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update Message-ID: <201107211339.p6LDd88D016028@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update Advisory ID: RHSA-2011:1065-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1065.html Issue date: 2011-07-21 CVE Names: CVE-2011-1780 CVE-2011-2525 CVE-2011-2689 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important) * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate) * A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) These updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech nical_Notes/kernel.html#RHSA-2011-1065 All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 390451 - Pick up paging performance improvements from upstream Xen 431738 - lsattr doesn't show attributes of ext3 quota files 441730 - [rhts] connectathon nfsidem test failing 452650 - [RHEL5.2]: Blktap is limited to 100 disks total 460821 - pv-on-hvm: disk shows up twice. 465876 - NMI Watchdog detected LOCKUP in :sctp:sctp_copy_local_addr_list 477032 - kdump hang on HP xw9400 481546 - HTB qdisc miscalculates bandwidth with TSO enabled 481629 - update myri10g driver from 1.3.2 to 1.5.2 491740 - export of an NFSV3 file system via kerberos requires AUTH_SYS as well 491786 - s2io should check inputs for rx_ring_sz 494927 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors 501314 - No beep when running xen kernel 511901 - [NFS]: silly renamed .nfs0000* files can be left on fs forever 517629 - Sequence id issue with nfs4/kerberos between RHEL kernel and Fedora 11 525898 - soft lockups with kswapd in RHEL 5.4 kernel 2.6.18-164.el5 x86_64 537277 - KERNEL: QLA2XXX 0000:0E:00.0: RISC PAUSED -- HCCR=0, DUMPING FIRMWARE! 553411 - xts crypto module missing from RHEL5 installer runtime 553803 - GFS2: recovery stuck on transaction lock 567449 - RHEL5.6: iw_cxgb4 driver inclusion 567540 - unregister_netdevice: waiting for veth5 to become free when I remove netloop 579000 - [RFE] Support L2 packets under bonding layer 579858 - Wrong RX bytes/packet count on vlan interface with igb driver 589512 - slab corruption after seeing some nfs-related BUG: warning 603345 - i5k_amb does not work for Intel 5000 Chipset (kernel) 607114 - System panic in pskb_expand_head When arp_validate option is specified in bonding ARP monitor mode 611407 - kvm guest unable to kdump without noapic 621916 - Host panic on cross-vendor migration (RHEL 5.5 guest) 622542 - Xorg failures on machines using intel video card driver 622647 - Reading /proc/locks yelds corrupt data 623979 - synch arch/i386/pci/irq-xen.c 626585 - GFS2: [RFE] fallocate support for GFS2 626974 - nfs: too many GETATTR and ACCESS calls after direct i/o 626977 - [nfs] make close(2) asynchronous when closing nfs o_direct files 627496 - Fix shrinking windows with window scaling 631950 - remove FS-Cache code from NFS 632399 - Misleading message from fs/nfs/file.c:do_vfs_lock() 633196 - testing NMI watchdog ... <4>WARNING: CPU#0: NMI appears to be stuck (62->62)! 635992 - Areca driver, arcmsr, update 637970 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere. 642388 - ip_nat_ftp not working if ack for "227 Enter Passive mode" packet is lost 643292 - [netfront] ethtool -i should return proper information for netfront device 643872 - [netback] ethtool -i should return proper information for netback device 645343 - ISCSI/multipath hang - must propagate SCSI device deletion to DM mpath 645528 - SIGPROF keeps a large task from ever completing a fork() 645646 - RFE: Virtio nic should be support "ethtool -i virtio nic" 646513 - HP_GETHOSTINFO ioctl always causes mpt controller reset 648572 - virtio GSO makes IPv6 very slow 648657 - fseek()/NFS performance regression between RHEL4 and RHEL5 648854 - linux-2.6.18: netback: take net_schedule_list_lock when removing entry from net_schedule_list 651333 - RHEL5.6: EHCI: AMD periodic frame list table quirk 651409 - BAD SEQID error messages returned by the NFS server 651512 - e1000 driver tracebacks when running under VMware ESX4 652321 - jbd2_stats_proc_init has wrong location. 652369 - temporary loss of path to SAN results in persistent EIO with msync 653286 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. 653828 - bonding failover in every monitor interval with virtio-net driver 654293 - sunrpc: need a better way to set tcp_slot_table_entries in RHEL 5 656836 - Memory leak in virtio-console driver if driver probe routine fails 657166 - XFS causes kernel panic due to double free of log tickets 658012 - NMI panic during xfs forced shutdown 658418 - Kernel warning at boot: i7core_edac: probe of 0000:80:14.0 failed with error -22 659594 - Kernel panic when restart network on vlan with bonding 659715 - cifs: ia64 kernel unaligned access 659816 - Performance counters don't work on HP Magnycours machines 660368 - dm-crypt: backport changes to support xts crypto mode 660661 - fsck.gfs2 reported statfs error after gfs2_grow 660728 - [LSI 5.7 feat] Update megaraid_sas to 5.34 and Include "Thunderbolt" support 660871 - mpctl module doesn't release fasync_struct at file close 661300 - xfstest 222: filesystem on /dev/loop0 is inconsistent 661306 - [Cisco 5.7 FEAT] Update enic driver to version 2.1.1.9 661904 - GFS2: Kernel changes necessary to allow growing completely full filesystems. 663041 - gfs2 FIEMAP oops 663123 - /proc/partitions not updating after creating LUNs via hpacucli 663563 - [ext4/xfstests] 011 caused filesystem corruption after running many times in a loop 664592 - a test unit ready causes a panic on 5.6 (CCISS driver) 664931 - COW corruption using popen(3). 665197 - WARNING: APIC timer calibration may be wrong 665972 - ISVM bit (ECX:31) for CPUID 0x00000001 is missing for HVM on AMD 666080 - GFS2: Blocks not marked free on delete 666304 - scsi_dh_emc gives "error attaching hardware handler" for EMC active-active SANs 666866 - Heavy load on ath5k wireless device makes system unresponsive 667327 - lib: fix vscnprintf() if @size is == 0 667660 - [NetApp 5.7 Bug] Include new NetApp PID entry to the alua_dev_list array in the ALUA hardware handler 667810 - "modprobe ip_conntrack hashsize=NNNN" panics kernel if /etc/modprobe.conf has hashsize=MMMM 668934 - UDP transmit under VLAN causes guest freeze 669603 - incomplete local port reservation 669961 - [NetApp 5.6 Bug] Erroneous TPG ID check in SCSI ALUA Handler 670367 - scsi_dh_emc get_req function should set REQ_FAILFAST flags same as upstream and other modules 670373 - panic in kfree() due to race condition in acpi_bus_receive_event() 671238 - [bonding] crash when adding/removing slaves with master interface down 671595 - Flapping errors (and panic) with bonding and arp_interval while using be2net included in 2.6.18-238 672619 - transmission stops when tap does not consume 672724 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock 672981 - lseek() over NFS is returning an incorrect file length under some circumstances 673058 - kernel panic in pg_init_done - pgpath already deleted 673242 - Time runs too fast in a VM on processors with > 4GHZ freq 673459 - virtio_console driver never returns from selecting for write when the queue is full 673616 - vdso gettimeofday causes a segmentation fault 674175 - Impossible to load sctp module with ipv6 disable=1 674226 - Panic in selinux_bprm_post_apply_creds() due to an empty tty_files list 674298 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO 674514 - xenctx shows nonsensical values for 32-on-64 and HVM domains 675727 - vdso: missing wall_to_monotomic export 675986 - Fix block based fiemap 677703 - [RHEL5.5] Panic in iscsi_sw_tcp_data_ready() 677893 - [TestOnly] gfs regression testing for 5.7 beta 677902 - Incorrect "Speed" is recorded in the file "/proc/net/bonding/bondX" 678073 - qeth: allow channel path changes in recovery 678074 - [usb-audio] unable to set capture mixer levels 678359 - online disk resizing may cause data corruption 678571 - hap_gva_to_gfn_* do not preserve domain context 678618 - gdbsx hypervisor part backport 679120 - qeth: remove needless IPA-commands in offline 679407 - [5.7] niu: Fix races between up/down and get_stats. 679487 - [5.7] net: Fix netdev_run_todo serialization 680329 - sunrpc: reconnect race can lead to socket read corruption 681303 - backport vzalloc and vzalloc_node in support of drivers needing these functions 681586 - Out of vmalloc space 683155 - gfs2: creating large files suddenly slow to a crawl 683978 - need to backport common vpd infrastructure to rhel 5 684795 - missed unlock_page() in gfs2_write_begin() 688646 - intel_iommu domain id exhaustion 688989 - [5.6] sysctl tcp_syn_retries is not honored 689860 - guest with passthrough nic got kernel panic when send system_reset signal in QEMU monitor 689943 - GFS2 causes kernel panic in spectator mode 690555 - GFS2: resource group bitmap corruption resulting in panics and withdraws 692946 - need to backport debugfs_remove_recursive functionality 695357 - dasd: fix race between open and offline 696411 - Missing patch for full use of tcp_rto_min parameter 698432 - [Emulex 5.7] Update lpfc driver to version 8.2.0.96.1p 698879 - The pci resource for vf is not released after hot-removing Intel 82576 NIC 700546 - RHEL5: apparent file system corruption of snapshot fs with qla2xxx driver 702355 - NFS: Fix build break with CONFIG_NFS_V4=n 702652 - provide option to disable HPET 702657 - CVE-2011-1780 kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits 703213 - GFS2: Add "dlm callback owed" glock flag 703416 - host kernel panic while guest running on 10G public bridge. 704497 - VT-d: Fix resource leaks on error paths in intremap code 705324 - cifs: regression in unicode conversion routines when mounting with -o mapchars 705455 - intel-iommu: missing flush prior to removing domains + avoid broken vm/si domain unlinking 705725 - hvm guest time may go backwards on some hosts 706414 - Adding slave to balance-tlb bond device results in soft lockup 709224 - setfacl does not update ctime when changing file permission on ext3/4 711450 - 12% degradation running IOzone with Outcache testing 717068 - Kernel panics during Veritas SF testing. 717742 - [RHEL5.7][kernel-xen] HVM guests hang during installation on AMD systems 720552 - CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() 720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm i386: kernel-2.6.18-274.el5.i686.rpm kernel-PAE-2.6.18-274.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm kernel-PAE-devel-2.6.18-274.el5.i686.rpm kernel-debug-2.6.18-274.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm kernel-debug-devel-2.6.18-274.el5.i686.rpm kernel-debuginfo-2.6.18-274.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.el5.i686.rpm kernel-devel-2.6.18-274.el5.i686.rpm kernel-headers-2.6.18-274.el5.i386.rpm kernel-xen-2.6.18-274.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm kernel-xen-devel-2.6.18-274.el5.i686.rpm noarch: kernel-doc-2.6.18-274.el5.noarch.rpm x86_64: kernel-2.6.18-274.el5.x86_64.rpm kernel-debug-2.6.18-274.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm kernel-devel-2.6.18-274.el5.x86_64.rpm kernel-headers-2.6.18-274.el5.x86_64.rpm kernel-xen-2.6.18-274.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm i386: kernel-2.6.18-274.el5.i686.rpm kernel-PAE-2.6.18-274.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm kernel-PAE-devel-2.6.18-274.el5.i686.rpm kernel-debug-2.6.18-274.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm kernel-debug-devel-2.6.18-274.el5.i686.rpm kernel-debuginfo-2.6.18-274.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.el5.i686.rpm kernel-devel-2.6.18-274.el5.i686.rpm kernel-headers-2.6.18-274.el5.i386.rpm kernel-xen-2.6.18-274.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm kernel-xen-devel-2.6.18-274.el5.i686.rpm ia64: kernel-2.6.18-274.el5.ia64.rpm kernel-debug-2.6.18-274.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.el5.ia64.rpm kernel-debug-devel-2.6.18-274.el5.ia64.rpm kernel-debuginfo-2.6.18-274.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.el5.ia64.rpm kernel-devel-2.6.18-274.el5.ia64.rpm kernel-headers-2.6.18-274.el5.ia64.rpm kernel-xen-2.6.18-274.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.el5.ia64.rpm kernel-xen-devel-2.6.18-274.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.el5.noarch.rpm ppc: kernel-2.6.18-274.el5.ppc64.rpm kernel-debug-2.6.18-274.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.el5.ppc64.rpm kernel-devel-2.6.18-274.el5.ppc64.rpm kernel-headers-2.6.18-274.el5.ppc.rpm kernel-headers-2.6.18-274.el5.ppc64.rpm kernel-kdump-2.6.18-274.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.el5.ppc64.rpm s390x: kernel-2.6.18-274.el5.s390x.rpm kernel-debug-2.6.18-274.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.el5.s390x.rpm kernel-debug-devel-2.6.18-274.el5.s390x.rpm kernel-debuginfo-2.6.18-274.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.el5.s390x.rpm kernel-devel-2.6.18-274.el5.s390x.rpm kernel-headers-2.6.18-274.el5.s390x.rpm kernel-kdump-2.6.18-274.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.el5.s390x.rpm x86_64: kernel-2.6.18-274.el5.x86_64.rpm kernel-debug-2.6.18-274.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm kernel-devel-2.6.18-274.el5.x86_64.rpm kernel-headers-2.6.18-274.el5.x86_64.rpm kernel-xen-2.6.18-274.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1780.html https://www.redhat.com/security/data/cve/CVE-2011-2525.html https://www.redhat.com/security/data/cve/CVE-2011-2689.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCu+XlSAg2UNWIIRAlAlAKCexozp0JFw4oInZXECEooQ5LGSggCgsJSp H4PN5YvOuAZr/FuANb2zgN8= =OupS -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 13:40:49 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 13:40:49 +0000 Subject: [RHSA-2011:1073-01] Low: bash security, bug fix, and enhancement update Message-ID: <201107211340.p6LDen44016909@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: bash security, bug fix, and enhancement update Advisory ID: RHSA-2011:1073-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1073.html Issue date: 2011-07-21 CVE Names: CVE-2008-5374 ===================================================================== 1. Summary: An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Bash is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374) This update fixes the following bugs: * When using the source builtin at location ".", occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables. This is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508) * When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a "\]". This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880) * Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a "^D: bad ELF interpreter: No such file or directory" message. This is fixed to ensure that the invalid "^D" does not appear in the error message. (BZ#484809) * The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908) * When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters. (BZ#503701) * The bash manual page for "trap" did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that "Signals ignored upon entry to the shell cannot be trapped, reset or listed". (BZ#504904) * Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected. (BZ#525474) * Previously, bash incorrectly displayed "Broken pipe" messages for builtins like "echo" and "printf" when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary "Broken pipe" messages no longer display. (BZ#546529) * Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076) * In some situations, bash incorrectly appended "/" to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends "/" only to directories. (BZ#583919) * Bash had a memory leak in the "read" builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393) * /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656) This update also adds the following enhancement: * The system-wide "/etc/bash.bash_logout" bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979) Users of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 448508 - Parsing of {} broken; breaks startup scripts 463880 - bash completion in UTF8 locale has cursor positioning errors with long $PS1 475474 - CVE-2008-5374 bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack) 484809 - [RHEL5] bash includes Control-D in "bad ELF interpreter" message 492908 - $RANDOM value remains the same 503701 - Cannot process scripts beyond an embedded NULL character when running in 'source' mode 504904 - trap -p not displaying ignored signal when run from child bash 525474 - bash/readline not detecting window resize properly 583919 - tab-completion appends slash to non-directories 592979 - system global bash.bash_logout is diabled in config-top.h 618393 - memory leak in bash reading files 663656 - Unusable loadables in /doc 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bash-3.2-32.el5.src.rpm i386: bash-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.i386.rpm x86_64: bash-3.2-32.el5.x86_64.rpm bash-debuginfo-3.2-32.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bash-3.2-32.el5.src.rpm i386: bash-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.i386.rpm ia64: bash-3.2-32.el5.i386.rpm bash-3.2-32.el5.ia64.rpm bash-debuginfo-3.2-32.el5.i386.rpm bash-debuginfo-3.2-32.el5.ia64.rpm ppc: bash-3.2-32.el5.ppc.rpm bash-debuginfo-3.2-32.el5.ppc.rpm s390x: bash-3.2-32.el5.s390x.rpm bash-debuginfo-3.2-32.el5.s390x.rpm x86_64: bash-3.2-32.el5.x86_64.rpm bash-debuginfo-3.2-32.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-5374.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCw3XlSAg2UNWIIRArwvAJ9JNXfDUEPE4WBoXAl87SjLpXU2NgCgpMxt sjSMOq2nb017SKjNDrKey0U= =hzBD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 21 15:52:44 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jul 2011 15:52:44 +0000 Subject: [RHSA-2011:1085-01] Important: freetype security update Message-ID: <201107211552.p6LFqimH008241@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1085-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1085.html Issue date: 2011-07-21 CVE Names: CVE-2011-0226 ===================================================================== 1. Summary: Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0226) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 722701 - CVE-2011-0226 freetype: postscript type1 font parsing vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm ppc64: freetype-2.3.11-6.el6_1.6.ppc.rpm freetype-2.3.11-6.el6_1.6.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm freetype-devel-2.3.11-6.el6_1.6.ppc.rpm freetype-devel-2.3.11-6.el6_1.6.ppc64.rpm s390x: freetype-2.3.11-6.el6_1.6.s390.rpm freetype-2.3.11-6.el6_1.6.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.6.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm freetype-devel-2.3.11-6.el6_1.6.s390.rpm freetype-devel-2.3.11-6.el6_1.6.s390x.rpm x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm freetype-demos-2.3.11-6.el6_1.6.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm freetype-demos-2.3.11-6.el6_1.6.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0226.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKEs3XlSAg2UNWIIRApFYAKClEeLjn9l2U5arrjouc7fAtKIS6ACfUpiw CWvYkbEwtFsTlSMupeW9Vao= =nc3+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 22 22:58:26 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Jul 2011 22:58:26 +0000 Subject: [RHSA-2011:1087-01] Critical: java-1.5.0-ibm security update Message-ID: <201107222258.p6MMwQw7032070@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2011:1087-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1087.html Issue date: 2011-07-22 CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862 CVE-2011-0865 CVE-2011-0867 CVE-2011-0871 CVE-2011-0873 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-0873) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) 706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) 706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969) 706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) 711675 - CVE-2011-0873 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (2D) 711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.5-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.5-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0802.html https://www.redhat.com/security/data/cve/CVE-2011-0814.html https://www.redhat.com/security/data/cve/CVE-2011-0862.html https://www.redhat.com/security/data/cve/CVE-2011-0865.html https://www.redhat.com/security/data/cve/CVE-2011-0867.html https://www.redhat.com/security/data/cve/CVE-2011-0871.html https://www.redhat.com/security/data/cve/CVE-2011-0873.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKgB+XlSAg2UNWIIRAqFKAJ90ey8Br1dXzujXVjTkgKymko1x2ACgpNMz 4u8+Ayqijm6nSzvSquoGd1A= =GJXl -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 25 22:44:19 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jul 2011 22:44:19 +0000 Subject: [RHSA-2011:1088-01] Moderate: systemtap security update Message-ID: <201107252244.p6PMiJgA027682@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2011:1088-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1088.html Issue date: 2011-07-25 CVE Names: CVE-2011-2502 CVE-2011-2503 ===================================================================== 1. Summary: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes module, used when performing user-space probing ("staprun -u"). A local user who is a member of the stapusr group could use this flaw to bypass intended module-loading restrictions, allowing them to escalate their privileges by loading an arbitrary, unsigned module. (CVE-2011-2502) A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503) SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 716476 - CVE-2011-2502 systemtap: insufficient security check when loading uprobes kernel module 716489 - CVE-2011-2503 systemtap: signed module loading race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm ppc64: systemtap-1.4-6.el6_1.2.ppc64.rpm systemtap-client-1.4-6.el6_1.2.ppc64.rpm systemtap-debuginfo-1.4-6.el6_1.2.ppc.rpm systemtap-debuginfo-1.4-6.el6_1.2.ppc64.rpm systemtap-grapher-1.4-6.el6_1.2.ppc64.rpm systemtap-initscript-1.4-6.el6_1.2.ppc64.rpm systemtap-runtime-1.4-6.el6_1.2.ppc64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.ppc.rpm systemtap-sdt-devel-1.4-6.el6_1.2.ppc64.rpm systemtap-server-1.4-6.el6_1.2.ppc64.rpm s390x: systemtap-1.4-6.el6_1.2.s390x.rpm systemtap-client-1.4-6.el6_1.2.s390x.rpm systemtap-debuginfo-1.4-6.el6_1.2.s390.rpm systemtap-debuginfo-1.4-6.el6_1.2.s390x.rpm systemtap-grapher-1.4-6.el6_1.2.s390x.rpm systemtap-initscript-1.4-6.el6_1.2.s390x.rpm systemtap-runtime-1.4-6.el6_1.2.s390x.rpm systemtap-sdt-devel-1.4-6.el6_1.2.s390.rpm systemtap-sdt-devel-1.4-6.el6_1.2.s390x.rpm systemtap-server-1.4-6.el6_1.2.s390x.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm ppc64: systemtap-debuginfo-1.4-6.el6_1.2.ppc64.rpm systemtap-testsuite-1.4-6.el6_1.2.ppc64.rpm s390x: systemtap-debuginfo-1.4-6.el6_1.2.s390x.rpm systemtap-testsuite-1.4-6.el6_1.2.s390x.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-1.4-6.el6_1.2.i686.rpm systemtap-client-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-grapher-1.4-6.el6_1.2.i686.rpm systemtap-initscript-1.4-6.el6_1.2.i686.rpm systemtap-runtime-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-server-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-1.4-6.el6_1.2.x86_64.rpm systemtap-client-1.4-6.el6_1.2.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-grapher-1.4-6.el6_1.2.x86_64.rpm systemtap-initscript-1.4-6.el6_1.2.x86_64.rpm systemtap-runtime-1.4-6.el6_1.2.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.2.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.2.x86_64.rpm systemtap-server-1.4-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/systemtap-1.4-6.el6_1.2.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.2.i686.rpm systemtap-testsuite-1.4-6.el6_1.2.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.2.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2502.html https://www.redhat.com/security/data/cve/CVE-2011-2503.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOLfG1XlSAg2UNWIIRAoc2AJ9/85u8O9Pj0XUjhmZtVudst/QLTACeLZIl w6H/suHSWRBfEhyx8vsOZRw= =4I/f -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 25 22:44:45 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jul 2011 22:44:45 +0000 Subject: [RHSA-2011:1089-01] Moderate: systemtap security update Message-ID: <201107252244.p6PMik4W027744@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2011:1089-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1089.html Issue date: 2011-07-25 CVE Names: CVE-2011-2503 ===================================================================== 1. Summary: Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 716489 - CVE-2011-2503 systemtap: signed module loading race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-1.3-9.el5.src.rpm i386: systemtap-1.3-9.el5.i386.rpm systemtap-client-1.3-9.el5.i386.rpm systemtap-debuginfo-1.3-9.el5.i386.rpm systemtap-initscript-1.3-9.el5.i386.rpm systemtap-runtime-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-server-1.3-9.el5.i386.rpm systemtap-testsuite-1.3-9.el5.i386.rpm x86_64: systemtap-1.3-9.el5.x86_64.rpm systemtap-client-1.3-9.el5.x86_64.rpm systemtap-debuginfo-1.3-9.el5.i386.rpm systemtap-debuginfo-1.3-9.el5.x86_64.rpm systemtap-initscript-1.3-9.el5.x86_64.rpm systemtap-runtime-1.3-9.el5.x86_64.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.x86_64.rpm systemtap-server-1.3-9.el5.x86_64.rpm systemtap-testsuite-1.3-9.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-1.3-9.el5.src.rpm i386: systemtap-1.3-9.el5.i386.rpm systemtap-client-1.3-9.el5.i386.rpm systemtap-debuginfo-1.3-9.el5.i386.rpm systemtap-initscript-1.3-9.el5.i386.rpm systemtap-runtime-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-server-1.3-9.el5.i386.rpm systemtap-testsuite-1.3-9.el5.i386.rpm ia64: systemtap-1.3-9.el5.ia64.rpm systemtap-client-1.3-9.el5.ia64.rpm systemtap-debuginfo-1.3-9.el5.ia64.rpm systemtap-initscript-1.3-9.el5.ia64.rpm systemtap-runtime-1.3-9.el5.ia64.rpm systemtap-sdt-devel-1.3-9.el5.ia64.rpm systemtap-server-1.3-9.el5.ia64.rpm systemtap-testsuite-1.3-9.el5.ia64.rpm ppc: systemtap-1.3-9.el5.ppc64.rpm systemtap-client-1.3-9.el5.ppc64.rpm systemtap-debuginfo-1.3-9.el5.ppc64.rpm systemtap-initscript-1.3-9.el5.ppc64.rpm systemtap-runtime-1.3-9.el5.ppc64.rpm systemtap-sdt-devel-1.3-9.el5.ppc64.rpm systemtap-server-1.3-9.el5.ppc64.rpm systemtap-testsuite-1.3-9.el5.ppc64.rpm s390x: systemtap-1.3-9.el5.s390x.rpm systemtap-client-1.3-9.el5.s390x.rpm systemtap-debuginfo-1.3-9.el5.s390.rpm systemtap-debuginfo-1.3-9.el5.s390x.rpm systemtap-initscript-1.3-9.el5.s390x.rpm systemtap-runtime-1.3-9.el5.s390x.rpm systemtap-sdt-devel-1.3-9.el5.s390.rpm systemtap-sdt-devel-1.3-9.el5.s390x.rpm systemtap-server-1.3-9.el5.s390x.rpm systemtap-testsuite-1.3-9.el5.s390x.rpm x86_64: systemtap-1.3-9.el5.x86_64.rpm systemtap-client-1.3-9.el5.x86_64.rpm systemtap-debuginfo-1.3-9.el5.i386.rpm systemtap-debuginfo-1.3-9.el5.x86_64.rpm systemtap-initscript-1.3-9.el5.x86_64.rpm systemtap-runtime-1.3-9.el5.x86_64.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.x86_64.rpm systemtap-server-1.3-9.el5.x86_64.rpm systemtap-testsuite-1.3-9.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2503.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOLfHUXlSAg2UNWIIRApeZAJwLnnuCjwpSJWXbD2UL+MykDnOPwQCgiSb3 HOf6huhiSMlDLTIZL5qRbL0= =KfQT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 27 14:55:12 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jul 2011 14:55:12 +0000 Subject: [RHSA-2011:1100-01] Moderate: icedtea-web security update Message-ID: <201107271455.p6REtCFH004863@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: icedtea-web security update Advisory ID: RHSA-2011:1100-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1100.html Issue date: 2011-07-27 CVE Names: CVE-2011-2513 CVE-2011-2514 ===================================================================== 1. Summary: Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files. (CVE-2011-2514) An information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. (CVE-2011-2513) All icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 718164 - CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications 718170 - CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-1.0.4-2.el6_1.i686.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-1.0.4-2.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm icedtea-web-javadoc-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm x86_64: icedtea-web-1.0.4-2.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm x86_64: icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-1.0.4-2.el6_1.i686.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-1.0.4-2.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm icedtea-web-javadoc-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-1.0.4-2.el6_1.i686.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-1.0.4-2.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.0.4-2.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm icedtea-web-javadoc-1.0.4-2.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2513.html https://www.redhat.com/security/data/cve/CVE-2011-2514.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOMCa6XlSAg2UNWIIRAtHxAJ9PmxLDMus2636/Sonm7GSPgVrvSwCfROyk hIM2bjIx51lcT+gx5Bfig0U= =/ELF -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 28 18:24:54 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Jul 2011 18:24:54 +0000 Subject: [RHSA-2011:1102-01] Moderate: libsoup security update Message-ID: <201107281824.p6SIOsbY031115@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libsoup security update Advisory ID: RHSA-2011:1102-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1102.html Issue date: 2011-07-28 CVE Names: CVE-2011-2524 ===================================================================== 1. Summary: Updated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. (CVE-2011-2524) All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 720509 - CVE-2011-2524 libsoup: SoupServer directory traversal flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libsoup-2.28.2-1.el6_1.1.src.rpm i386: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm x86_64: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-2.28.2-1.el6_1.1.x86_64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libsoup-2.28.2-1.el6_1.1.src.rpm i386: libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm x86_64: libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libsoup-2.28.2-1.el6_1.1.src.rpm x86_64: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-2.28.2-1.el6_1.1.x86_64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libsoup-2.28.2-1.el6_1.1.src.rpm i386: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm ppc64: libsoup-2.28.2-1.el6_1.1.ppc.rpm libsoup-2.28.2-1.el6_1.1.ppc64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm s390x: libsoup-2.28.2-1.el6_1.1.s390.rpm libsoup-2.28.2-1.el6_1.1.s390x.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm libsoup-devel-2.28.2-1.el6_1.1.s390.rpm libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm x86_64: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-2.28.2-1.el6_1.1.x86_64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libsoup-2.28.2-1.el6_1.1.src.rpm i386: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm x86_64: libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-2.28.2-1.el6_1.1.x86_64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2524.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOMalkXlSAg2UNWIIRAjf3AKDA1P53T/QMLDBLzWG/1c4V7CpZ5QCfVAIy hEtM1YnroQ7gdQPu30xbzl8= =UeCX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 28 18:25:28 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Jul 2011 18:25:28 +0000 Subject: [RHSA-2011:1103-01] Moderate: libpng security update Message-ID: <201107281825.p6SIPSMQ017894@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2011:1103-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1103.html Issue date: 2011-07-28 CVE Names: CVE-2011-2692 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 720612 - CVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-8.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-9.el4.src.rpm i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm ppc: libpng-1.2.7-8.el4.ppc.rpm libpng-1.2.7-8.el4.ppc64.rpm libpng-debuginfo-1.2.7-8.el4.ppc.rpm libpng-debuginfo-1.2.7-8.el4.ppc64.rpm libpng-devel-1.2.7-8.el4.ppc.rpm libpng10-1.0.16-9.el4.ppc.rpm libpng10-1.0.16-9.el4.ppc64.rpm libpng10-debuginfo-1.0.16-9.el4.ppc.rpm libpng10-debuginfo-1.0.16-9.el4.ppc64.rpm libpng10-devel-1.0.16-9.el4.ppc.rpm s390: libpng-1.2.7-8.el4.s390.rpm libpng-debuginfo-1.2.7-8.el4.s390.rpm libpng-devel-1.2.7-8.el4.s390.rpm libpng10-1.0.16-9.el4.s390.rpm libpng10-debuginfo-1.0.16-9.el4.s390.rpm libpng10-devel-1.0.16-9.el4.s390.rpm s390x: libpng-1.2.7-8.el4.s390.rpm libpng-1.2.7-8.el4.s390x.rpm libpng-debuginfo-1.2.7-8.el4.s390.rpm libpng-debuginfo-1.2.7-8.el4.s390x.rpm libpng-devel-1.2.7-8.el4.s390x.rpm libpng10-1.0.16-9.el4.s390.rpm libpng10-1.0.16-9.el4.s390x.rpm libpng10-debuginfo-1.0.16-9.el4.s390.rpm libpng10-debuginfo-1.0.16-9.el4.s390x.rpm libpng10-devel-1.0.16-9.el4.s390x.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-8.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-9.el4.src.rpm i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-8.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-9.el4.src.rpm i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-8.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-9.el4.src.rpm i386: libpng-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-devel-1.2.7-8.el4.i386.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-devel-1.0.16-9.el4.i386.rpm ia64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.ia64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.ia64.rpm libpng-devel-1.2.7-8.el4.ia64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.ia64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.ia64.rpm libpng10-devel-1.0.16-9.el4.ia64.rpm x86_64: libpng-1.2.7-8.el4.i386.rpm libpng-1.2.7-8.el4.x86_64.rpm libpng-debuginfo-1.2.7-8.el4.i386.rpm libpng-debuginfo-1.2.7-8.el4.x86_64.rpm libpng-devel-1.2.7-8.el4.x86_64.rpm libpng10-1.0.16-9.el4.i386.rpm libpng10-1.0.16-9.el4.x86_64.rpm libpng10-debuginfo-1.0.16-9.el4.i386.rpm libpng10-debuginfo-1.0.16-9.el4.x86_64.rpm libpng10-devel-1.0.16-9.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2692.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOMamHXlSAg2UNWIIRAhn5AKDDT/GzTFyFxzVNykH6OtP5/hnYcwCeNFBW QtBcCi5n9hbtLOvLu93W/nc= =7tmH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 28 18:26:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Jul 2011 18:26:02 +0000 Subject: [RHSA-2011:1104-01] Moderate: libpng security update Message-ID: <201107281826.p6SIQ2d3009488@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2011:1104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1104.html Issue date: 2011-07-28 CVE Names: CVE-2011-2690 CVE-2011-2692 ===================================================================== 1. Summary: Updated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 720607 - CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray 720612 - CVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_7.5.src.rpm i386: libpng-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm x86_64: libpng-1.2.10-7.1.el5_7.5.i386.rpm libpng-1.2.10-7.1.el5_7.5.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-7.1.el5_7.5.src.rpm i386: libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-devel-1.2.10-7.1.el5_7.5.i386.rpm x86_64: libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.x86_64.rpm libpng-devel-1.2.10-7.1.el5_7.5.i386.rpm libpng-devel-1.2.10-7.1.el5_7.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-7.1.el5_7.5.src.rpm i386: libpng-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-devel-1.2.10-7.1.el5_7.5.i386.rpm ia64: libpng-1.2.10-7.1.el5_7.5.i386.rpm libpng-1.2.10-7.1.el5_7.5.ia64.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.ia64.rpm libpng-devel-1.2.10-7.1.el5_7.5.ia64.rpm ppc: libpng-1.2.10-7.1.el5_7.5.ppc.rpm libpng-1.2.10-7.1.el5_7.5.ppc64.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.ppc.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.ppc64.rpm libpng-devel-1.2.10-7.1.el5_7.5.ppc.rpm libpng-devel-1.2.10-7.1.el5_7.5.ppc64.rpm s390x: libpng-1.2.10-7.1.el5_7.5.s390.rpm libpng-1.2.10-7.1.el5_7.5.s390x.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.s390.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.s390x.rpm libpng-devel-1.2.10-7.1.el5_7.5.s390.rpm libpng-devel-1.2.10-7.1.el5_7.5.s390x.rpm x86_64: libpng-1.2.10-7.1.el5_7.5.i386.rpm libpng-1.2.10-7.1.el5_7.5.x86_64.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.i386.rpm libpng-debuginfo-1.2.10-7.1.el5_7.5.x86_64.rpm libpng-devel-1.2.10-7.1.el5_7.5.i386.rpm libpng-devel-1.2.10-7.1.el5_7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2690.html https://www.redhat.com/security/data/cve/CVE-2011-2692.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOMammXlSAg2UNWIIRAjFdAKC4L/bXokPguH16s26YIR260frz8wCffg6z G3vJRfACKElY4HC+0FiuJB0= =v/eS -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 28 18:26:57 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Jul 2011 18:26:57 +0000 Subject: [RHSA-2011:1105-01] Moderate: libpng security update Message-ID: <201107281826.p6SIQv1i018259@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2011:1105-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1105.html Issue date: 2011-07-28 CVE Names: CVE-2011-2501 CVE-2011-2690 CVE-2011-2692 ===================================================================== 1. Summary: Updated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501) An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 717084 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ 720607 - CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray 720612 - CVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm x86_64: libpng-1.2.46-1.el6_1.i686.rpm libpng-1.2.46-1.el6_1.x86_64.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm libpng-static-1.2.46-1.el6_1.i686.rpm x86_64: libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.x86_64.rpm libpng-static-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm x86_64: libpng-1.2.46-1.el6_1.i686.rpm libpng-1.2.46-1.el6_1.x86_64.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm x86_64: libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.x86_64.rpm libpng-static-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm ppc64: libpng-1.2.46-1.el6_1.ppc.rpm libpng-1.2.46-1.el6_1.ppc64.rpm libpng-debuginfo-1.2.46-1.el6_1.ppc.rpm libpng-debuginfo-1.2.46-1.el6_1.ppc64.rpm libpng-devel-1.2.46-1.el6_1.ppc.rpm libpng-devel-1.2.46-1.el6_1.ppc64.rpm s390x: libpng-1.2.46-1.el6_1.s390.rpm libpng-1.2.46-1.el6_1.s390x.rpm libpng-debuginfo-1.2.46-1.el6_1.s390.rpm libpng-debuginfo-1.2.46-1.el6_1.s390x.rpm libpng-devel-1.2.46-1.el6_1.s390.rpm libpng-devel-1.2.46-1.el6_1.s390x.rpm x86_64: libpng-1.2.46-1.el6_1.i686.rpm libpng-1.2.46-1.el6_1.x86_64.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-static-1.2.46-1.el6_1.i686.rpm ppc64: libpng-debuginfo-1.2.46-1.el6_1.ppc64.rpm libpng-static-1.2.46-1.el6_1.ppc64.rpm s390x: libpng-debuginfo-1.2.46-1.el6_1.s390x.rpm libpng-static-1.2.46-1.el6_1.s390x.rpm x86_64: libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-static-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm x86_64: libpng-1.2.46-1.el6_1.i686.rpm libpng-1.2.46-1.el6_1.x86_64.rpm libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-devel-1.2.46-1.el6_1.i686.rpm libpng-devel-1.2.46-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-1.el6_1.src.rpm i386: libpng-debuginfo-1.2.46-1.el6_1.i686.rpm libpng-static-1.2.46-1.el6_1.i686.rpm x86_64: libpng-debuginfo-1.2.46-1.el6_1.x86_64.rpm libpng-static-1.2.46-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2501.html https://www.redhat.com/security/data/cve/CVE-2011-2690.html https://www.redhat.com/security/data/cve/CVE-2011-2692.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOManQXlSAg2UNWIIRAuaqAJ0Sn+1OeUAX7QhB2Kk/SKNByAhTugCgofrB 950xRIwxHo1aClHvqeU93+Y= =APX+ -----END PGP SIGNATURE-----