From bugzilla at redhat.com Tue Mar 1 22:46:11 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 15:46:11 -0700 Subject: [RHSA-2011:0303-01] Moderate: kernel security and bug fix update Message-ID: <201103012246.p21MkBGq021359@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2011:0303-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0303.html Issue date: 2011-03-01 CVE Names: CVE-2010-4249 CVE-2010-4251 CVE-2010-4655 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Linux kernel's garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate) * A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate) * A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low) Red Hat would like to thank Vegard Nossum for reporting CVE-2010-4249, and Kees Cook for reporting CVE-2010-4655. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 656756 - CVE-2010-4249 kernel: unix socket local dos 657303 - CVE-2010-4251 kernel: multicast IPv4 traffic on hipersockets device DoS 668976 - a test unit ready causes a panic on 5.6 (CCISS driver) [rhel-5.6.z] 669300 - Fix shrinking windows with window scaling [rhel-5.6.z] 670797 - panic in kfree() due to race condition in acpi_bus_receive_event() [rhel-5.6.z] 670807 - e1000 driver tracebacks when running under VMware ESX4 [rhel-5.6.z] 672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl 673983 - virtio_console driver never returns from selecting for write when the queue is full [rhel-5.6.z] 674273 - Flapping errors (and panic) with bonding and arp_interval while using be2net included in 2.6.18-238 [rhel-5.6.z] 678613 - vdso gettimeofday causes a segmentation fault [rhel-5.6.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.5.1.el5.src.rpm i386: kernel-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.5.1.el5.i686.rpm kernel-debug-2.6.18-238.5.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.5.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.i686.rpm kernel-devel-2.6.18-238.5.1.el5.i686.rpm kernel-headers-2.6.18-238.5.1.el5.i386.rpm kernel-xen-2.6.18-238.5.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.5.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.5.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.5.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.x86_64.rpm kernel-devel-2.6.18-238.5.1.el5.x86_64.rpm kernel-headers-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.5.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.5.1.el5.src.rpm i386: kernel-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.5.1.el5.i686.rpm kernel-debug-2.6.18-238.5.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.5.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.i686.rpm kernel-devel-2.6.18-238.5.1.el5.i686.rpm kernel-headers-2.6.18-238.5.1.el5.i386.rpm kernel-xen-2.6.18-238.5.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.5.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.5.1.el5.i686.rpm ia64: kernel-2.6.18-238.5.1.el5.ia64.rpm kernel-debug-2.6.18-238.5.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.5.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.5.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.ia64.rpm kernel-devel-2.6.18-238.5.1.el5.ia64.rpm kernel-headers-2.6.18-238.5.1.el5.ia64.rpm kernel-xen-2.6.18-238.5.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.5.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.5.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.5.1.el5.noarch.rpm ppc: kernel-2.6.18-238.5.1.el5.ppc64.rpm kernel-debug-2.6.18-238.5.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.5.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.5.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.ppc64.rpm kernel-devel-2.6.18-238.5.1.el5.ppc64.rpm kernel-headers-2.6.18-238.5.1.el5.ppc.rpm kernel-headers-2.6.18-238.5.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.5.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.5.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.5.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.5.1.el5.s390x.rpm kernel-debug-2.6.18-238.5.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.5.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.5.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.s390x.rpm kernel-devel-2.6.18-238.5.1.el5.s390x.rpm kernel-headers-2.6.18-238.5.1.el5.s390x.rpm kernel-kdump-2.6.18-238.5.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.5.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.5.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.5.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.5.1.el5.x86_64.rpm kernel-devel-2.6.18-238.5.1.el5.x86_64.rpm kernel-headers-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.5.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.5.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4249.html https://www.redhat.com/security/data/cve/CVE-2010-4251.html https://www.redhat.com/security/data/cve/CVE-2010-4655.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0303 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbXcgXlSAg2UNWIIRAr0uAJwKZvZJ4Z6mPXHZNE73+vuJEZtqoQCfR6eq yLEklAnT8uIk2AmSg8uYVEQ= =srAl -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 22:46:57 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 15:46:57 -0700 Subject: [RHSA-2011:0305-01] Important: samba security update Message-ID: <201103012246.p21Mkvgm022414@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security update Advisory ID: RHSA-2011:0305-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0305.html Issue date: 2011-03-01 CVE Names: CVE-2011-0719 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server (smbd) crashing. (CVE-2011-0719) Red Hat would like to thank the Samba team for reporting this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 678328 - CVE-2011-0719 Samba unsafe fd_set usage 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.30.el4.src.rpm i386: samba-3.0.33-0.30.el4.i386.rpm samba-client-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-swat-3.0.33-0.30.el4.i386.rpm ia64: samba-3.0.33-0.30.el4.ia64.rpm samba-client-3.0.33-0.30.el4.ia64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.ia64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.ia64.rpm samba-swat-3.0.33-0.30.el4.ia64.rpm ppc: samba-3.0.33-0.30.el4.ppc.rpm samba-client-3.0.33-0.30.el4.ppc.rpm samba-common-3.0.33-0.30.el4.ppc.rpm samba-common-3.0.33-0.30.el4.ppc64.rpm samba-debuginfo-3.0.33-0.30.el4.ppc.rpm samba-debuginfo-3.0.33-0.30.el4.ppc64.rpm samba-swat-3.0.33-0.30.el4.ppc.rpm s390: samba-3.0.33-0.30.el4.s390.rpm samba-client-3.0.33-0.30.el4.s390.rpm samba-common-3.0.33-0.30.el4.s390.rpm samba-debuginfo-3.0.33-0.30.el4.s390.rpm samba-swat-3.0.33-0.30.el4.s390.rpm s390x: samba-3.0.33-0.30.el4.s390x.rpm samba-client-3.0.33-0.30.el4.s390x.rpm samba-common-3.0.33-0.30.el4.s390.rpm samba-common-3.0.33-0.30.el4.s390x.rpm samba-debuginfo-3.0.33-0.30.el4.s390.rpm samba-debuginfo-3.0.33-0.30.el4.s390x.rpm samba-swat-3.0.33-0.30.el4.s390x.rpm x86_64: samba-3.0.33-0.30.el4.x86_64.rpm samba-client-3.0.33-0.30.el4.x86_64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.x86_64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.x86_64.rpm samba-swat-3.0.33-0.30.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.33-0.30.el4.src.rpm i386: samba-3.0.33-0.30.el4.i386.rpm samba-client-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-swat-3.0.33-0.30.el4.i386.rpm x86_64: samba-3.0.33-0.30.el4.x86_64.rpm samba-client-3.0.33-0.30.el4.x86_64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.x86_64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.x86_64.rpm samba-swat-3.0.33-0.30.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-0.30.el4.src.rpm i386: samba-3.0.33-0.30.el4.i386.rpm samba-client-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-swat-3.0.33-0.30.el4.i386.rpm ia64: samba-3.0.33-0.30.el4.ia64.rpm samba-client-3.0.33-0.30.el4.ia64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.ia64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.ia64.rpm samba-swat-3.0.33-0.30.el4.ia64.rpm x86_64: samba-3.0.33-0.30.el4.x86_64.rpm samba-client-3.0.33-0.30.el4.x86_64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.x86_64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.x86_64.rpm samba-swat-3.0.33-0.30.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.33-0.30.el4.src.rpm i386: samba-3.0.33-0.30.el4.i386.rpm samba-client-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-swat-3.0.33-0.30.el4.i386.rpm ia64: samba-3.0.33-0.30.el4.ia64.rpm samba-client-3.0.33-0.30.el4.ia64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.ia64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.ia64.rpm samba-swat-3.0.33-0.30.el4.ia64.rpm x86_64: samba-3.0.33-0.30.el4.x86_64.rpm samba-client-3.0.33-0.30.el4.x86_64.rpm samba-common-3.0.33-0.30.el4.i386.rpm samba-common-3.0.33-0.30.el4.x86_64.rpm samba-debuginfo-3.0.33-0.30.el4.i386.rpm samba-debuginfo-3.0.33-0.30.el4.x86_64.rpm samba-swat-3.0.33-0.30.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.29.el5_6.2.src.rpm i386: libsmbclient-3.0.33-3.29.el5_6.2.i386.rpm samba-3.0.33-3.29.el5_6.2.i386.rpm samba-client-3.0.33-3.29.el5_6.2.i386.rpm samba-common-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm samba-swat-3.0.33-3.29.el5_6.2.i386.rpm x86_64: libsmbclient-3.0.33-3.29.el5_6.2.i386.rpm libsmbclient-3.0.33-3.29.el5_6.2.x86_64.rpm samba-3.0.33-3.29.el5_6.2.x86_64.rpm samba-client-3.0.33-3.29.el5_6.2.x86_64.rpm samba-common-3.0.33-3.29.el5_6.2.i386.rpm samba-common-3.0.33-3.29.el5_6.2.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.x86_64.rpm samba-swat-3.0.33-3.29.el5_6.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.29.el5_6.2.src.rpm i386: libsmbclient-devel-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm x86_64: libsmbclient-devel-3.0.33-3.29.el5_6.2.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.29.el5_6.2.src.rpm i386: libsmbclient-3.0.33-3.29.el5_6.2.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.i386.rpm samba-3.0.33-3.29.el5_6.2.i386.rpm samba-client-3.0.33-3.29.el5_6.2.i386.rpm samba-common-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm samba-swat-3.0.33-3.29.el5_6.2.i386.rpm ia64: libsmbclient-3.0.33-3.29.el5_6.2.ia64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.ia64.rpm samba-3.0.33-3.29.el5_6.2.ia64.rpm samba-client-3.0.33-3.29.el5_6.2.ia64.rpm samba-common-3.0.33-3.29.el5_6.2.ia64.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.ia64.rpm samba-swat-3.0.33-3.29.el5_6.2.ia64.rpm ppc: libsmbclient-3.0.33-3.29.el5_6.2.ppc.rpm libsmbclient-3.0.33-3.29.el5_6.2.ppc64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.ppc.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.ppc64.rpm samba-3.0.33-3.29.el5_6.2.ppc.rpm samba-client-3.0.33-3.29.el5_6.2.ppc.rpm samba-common-3.0.33-3.29.el5_6.2.ppc.rpm samba-common-3.0.33-3.29.el5_6.2.ppc64.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.ppc.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.ppc64.rpm samba-swat-3.0.33-3.29.el5_6.2.ppc.rpm s390x: libsmbclient-3.0.33-3.29.el5_6.2.s390.rpm libsmbclient-3.0.33-3.29.el5_6.2.s390x.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.s390.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.s390x.rpm samba-3.0.33-3.29.el5_6.2.s390x.rpm samba-client-3.0.33-3.29.el5_6.2.s390x.rpm samba-common-3.0.33-3.29.el5_6.2.s390.rpm samba-common-3.0.33-3.29.el5_6.2.s390x.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.s390.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.s390x.rpm samba-swat-3.0.33-3.29.el5_6.2.s390x.rpm x86_64: libsmbclient-3.0.33-3.29.el5_6.2.i386.rpm libsmbclient-3.0.33-3.29.el5_6.2.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.2.x86_64.rpm samba-3.0.33-3.29.el5_6.2.x86_64.rpm samba-client-3.0.33-3.29.el5_6.2.x86_64.rpm samba-common-3.0.33-3.29.el5_6.2.i386.rpm samba-common-3.0.33-3.29.el5_6.2.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.2.x86_64.rpm samba-swat-3.0.33-3.29.el5_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-3.5.4-68.el6_0.2.i686.rpm samba-client-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-winbind-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm x86_64: libsmbclient-3.5.4-68.el6_0.2.i686.rpm libsmbclient-3.5.4-68.el6_0.2.x86_64.rpm samba-client-3.5.4-68.el6_0.2.x86_64.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm samba-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-doc-3.5.4-68.el6_0.2.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.i686.rpm samba-swat-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.2.x86_64.rpm samba-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-doc-3.5.4-68.el6_0.2.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.x86_64.rpm samba-swat-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm x86_64: samba-client-3.5.4-68.el6_0.2.x86_64.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm x86_64: libsmbclient-3.5.4-68.el6_0.2.i686.rpm libsmbclient-3.5.4-68.el6_0.2.x86_64.rpm libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.2.x86_64.rpm samba-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-doc-3.5.4-68.el6_0.2.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.x86_64.rpm samba-swat-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-3.5.4-68.el6_0.2.i686.rpm samba-3.5.4-68.el6_0.2.i686.rpm samba-client-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-winbind-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm ppc64: libsmbclient-3.5.4-68.el6_0.2.ppc.rpm libsmbclient-3.5.4-68.el6_0.2.ppc64.rpm samba-3.5.4-68.el6_0.2.ppc64.rpm samba-client-3.5.4-68.el6_0.2.ppc64.rpm samba-common-3.5.4-68.el6_0.2.ppc.rpm samba-common-3.5.4-68.el6_0.2.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.2.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.2.ppc64.rpm samba-winbind-3.5.4-68.el6_0.2.ppc64.rpm samba-winbind-clients-3.5.4-68.el6_0.2.ppc.rpm samba-winbind-clients-3.5.4-68.el6_0.2.ppc64.rpm s390x: libsmbclient-3.5.4-68.el6_0.2.s390.rpm libsmbclient-3.5.4-68.el6_0.2.s390x.rpm samba-3.5.4-68.el6_0.2.s390x.rpm samba-client-3.5.4-68.el6_0.2.s390x.rpm samba-common-3.5.4-68.el6_0.2.s390.rpm samba-common-3.5.4-68.el6_0.2.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.2.s390.rpm samba-debuginfo-3.5.4-68.el6_0.2.s390x.rpm samba-winbind-3.5.4-68.el6_0.2.s390x.rpm samba-winbind-clients-3.5.4-68.el6_0.2.s390.rpm samba-winbind-clients-3.5.4-68.el6_0.2.s390x.rpm x86_64: libsmbclient-3.5.4-68.el6_0.2.i686.rpm libsmbclient-3.5.4-68.el6_0.2.x86_64.rpm samba-3.5.4-68.el6_0.2.x86_64.rpm samba-client-3.5.4-68.el6_0.2.x86_64.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-doc-3.5.4-68.el6_0.2.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.i686.rpm samba-swat-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm ppc64: libsmbclient-devel-3.5.4-68.el6_0.2.ppc.rpm libsmbclient-devel-3.5.4-68.el6_0.2.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.2.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.2.ppc64.rpm samba-doc-3.5.4-68.el6_0.2.ppc64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.ppc64.rpm samba-swat-3.5.4-68.el6_0.2.ppc64.rpm samba-winbind-devel-3.5.4-68.el6_0.2.ppc.rpm samba-winbind-devel-3.5.4-68.el6_0.2.ppc64.rpm s390x: libsmbclient-devel-3.5.4-68.el6_0.2.s390.rpm libsmbclient-devel-3.5.4-68.el6_0.2.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.2.s390.rpm samba-debuginfo-3.5.4-68.el6_0.2.s390x.rpm samba-doc-3.5.4-68.el6_0.2.s390x.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.s390x.rpm samba-swat-3.5.4-68.el6_0.2.s390x.rpm samba-winbind-devel-3.5.4-68.el6_0.2.s390.rpm samba-winbind-devel-3.5.4-68.el6_0.2.s390x.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-doc-3.5.4-68.el6_0.2.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.x86_64.rpm samba-swat-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-3.5.4-68.el6_0.2.i686.rpm samba-3.5.4-68.el6_0.2.i686.rpm samba-client-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-winbind-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm x86_64: libsmbclient-3.5.4-68.el6_0.2.i686.rpm libsmbclient-3.5.4-68.el6_0.2.x86_64.rpm samba-3.5.4-68.el6_0.2.x86_64.rpm samba-client-3.5.4-68.el6_0.2.x86_64.rpm samba-common-3.5.4-68.el6_0.2.i686.rpm samba-common-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.2.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.4-68.el6_0.2.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-doc-3.5.4-68.el6_0.2.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.i686.rpm samba-swat-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.2.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.2.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.2.i686.rpm samba-debuginfo-3.5.4-68.el6_0.2.x86_64.rpm samba-doc-3.5.4-68.el6_0.2.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.2.x86_64.rpm samba-swat-3.5.4-68.el6_0.2.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.2.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0719.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbXdUXlSAg2UNWIIRAuo/AJ0Tcz5VlDibO63nGnZCwhV3+ACOiwCdGmUE EF2lqOw3jXtO7QkP6COFacQ= =gMF9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 22:47:55 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 15:47:55 -0700 Subject: [RHSA-2011:0306-01] Important: samba3x security update Message-ID: <201103012247.p21MluPp002755@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba3x security update Advisory ID: RHSA-2011:0306-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0306.html Issue date: 2011-03-01 CVE Names: CVE-2011-0719 ===================================================================== 1. Summary: Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server (smbd) crashing. (CVE-2011-0719) Red Hat would like to thank the Samba team for reporting this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 678328 - CVE-2011-0719 Samba unsafe fd_set usage 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.4-0.70.el5_6.1.src.rpm i386: samba3x-3.5.4-0.70.el5_6.1.i386.rpm samba3x-client-3.5.4-0.70.el5_6.1.i386.rpm samba3x-common-3.5.4-0.70.el5_6.1.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-doc-3.5.4-0.70.el5_6.1.i386.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.i386.rpm samba3x-swat-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm x86_64: samba3x-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-client-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-common-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-doc-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-swat-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.4-0.70.el5_6.1.src.rpm i386: samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm x86_64: samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.4-0.70.el5_6.1.src.rpm i386: samba3x-3.5.4-0.70.el5_6.1.i386.rpm samba3x-client-3.5.4-0.70.el5_6.1.i386.rpm samba3x-common-3.5.4-0.70.el5_6.1.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-doc-3.5.4-0.70.el5_6.1.i386.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.i386.rpm samba3x-swat-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm ia64: samba3x-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-client-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-common-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-doc-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-swat-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.ia64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.ia64.rpm ppc: samba3x-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-client-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-common-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.ppc64.rpm samba3x-doc-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-swat-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.ppc64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.ppc.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.ppc64.rpm s390x: samba3x-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-client-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-common-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.s390.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-doc-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-swat-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.s390.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.s390x.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.s390.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.s390x.rpm x86_64: samba3x-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-client-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-common-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-doc-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-swat-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.1.x86_64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0719.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbXdzXlSAg2UNWIIRAjFqAJ4sKPuHnPK5ybMWmiqyEfnLd3olfQCeMWYg CtcUGG3U9J8kiJh+Zvl0eos= =dsew -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 22:48:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 15:48:38 -0700 Subject: [RHSA-2011:0307-01] Moderate: mailman security update Message-ID: <201103012248.p21MmcEf027640@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mailman security update Advisory ID: RHSA-2011:0307-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0307.html Issue date: 2011-03-01 CVE Names: CVE-2008-0564 CVE-2010-3089 CVE-2011-0707 ===================================================================== 1. Summary: An updated mailman package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089) Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 431526 - CVE-2008-0564 mailman: XSS triggerable by list administrator 631881 - CVE-2010-3089 mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks 677375 - CVE-2011-0707 Mailman: Three XSS flaws due improper escaping of the full name of the member 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.7.src.rpm i386: mailman-2.1.5.1-34.rhel4.7.i386.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.i386.rpm ia64: mailman-2.1.5.1-34.rhel4.7.ia64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.ia64.rpm ppc: mailman-2.1.5.1-34.rhel4.7.ppc.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.ppc.rpm s390: mailman-2.1.5.1-34.rhel4.7.s390.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.s390.rpm s390x: mailman-2.1.5.1-34.rhel4.7.s390x.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.s390x.rpm x86_64: mailman-2.1.5.1-34.rhel4.7.x86_64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.7.src.rpm i386: mailman-2.1.5.1-34.rhel4.7.i386.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.i386.rpm x86_64: mailman-2.1.5.1-34.rhel4.7.x86_64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.7.src.rpm i386: mailman-2.1.5.1-34.rhel4.7.i386.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.i386.rpm ia64: mailman-2.1.5.1-34.rhel4.7.ia64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.ia64.rpm x86_64: mailman-2.1.5.1-34.rhel4.7.x86_64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.7.src.rpm i386: mailman-2.1.5.1-34.rhel4.7.i386.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.i386.rpm ia64: mailman-2.1.5.1-34.rhel4.7.ia64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.ia64.rpm x86_64: mailman-2.1.5.1-34.rhel4.7.x86_64.rpm mailman-debuginfo-2.1.5.1-34.rhel4.7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mailman-2.1.9-6.el5_6.1.src.rpm i386: mailman-2.1.9-6.el5_6.1.i386.rpm mailman-debuginfo-2.1.9-6.el5_6.1.i386.rpm x86_64: mailman-2.1.9-6.el5_6.1.x86_64.rpm mailman-debuginfo-2.1.9-6.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mailman-2.1.9-6.el5_6.1.src.rpm i386: mailman-2.1.9-6.el5_6.1.i386.rpm mailman-debuginfo-2.1.9-6.el5_6.1.i386.rpm ia64: mailman-2.1.9-6.el5_6.1.ia64.rpm mailman-debuginfo-2.1.9-6.el5_6.1.ia64.rpm ppc: mailman-2.1.9-6.el5_6.1.ppc.rpm mailman-debuginfo-2.1.9-6.el5_6.1.ppc.rpm s390x: mailman-2.1.9-6.el5_6.1.s390x.rpm mailman-debuginfo-2.1.9-6.el5_6.1.s390x.rpm x86_64: mailman-2.1.9-6.el5_6.1.x86_64.rpm mailman-debuginfo-2.1.9-6.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-0564.html https://www.redhat.com/security/data/cve/CVE-2010-3089.html https://www.redhat.com/security/data/cve/CVE-2011-0707.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbXexXlSAg2UNWIIRAvS/AJ0ShjEGyLzj3q70HFoWnZTFkv8KywCeIJIw ThIqixg5of3x+Yh/+ADnbXM= =uY5D -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 1 22:57:43 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 15:57:43 -0700 Subject: [RHSA-2011:0308-01] Moderate: mailman security update Message-ID: <201103012257.p21MviHc030374@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mailman security update Advisory ID: RHSA-2011:0308-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0308.html Issue date: 2011-03-01 CVE Names: CVE-2010-3089 CVE-2011-0707 ===================================================================== 1. Summary: An updated mailman package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2010-3089) Red Hat would like to thank Mark Sapiro for reporting these issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 631881 - CVE-2010-3089 mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks 677375 - CVE-2011-0707 Mailman: Three XSS flaws due improper escaping of the full name of the member 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mailman-2.1.12-14.el6_0.2.src.rpm i386: mailman-2.1.12-14.el6_0.2.i686.rpm mailman-debuginfo-2.1.12-14.el6_0.2.i686.rpm ppc64: mailman-2.1.12-14.el6_0.2.ppc64.rpm mailman-debuginfo-2.1.12-14.el6_0.2.ppc64.rpm s390x: mailman-2.1.12-14.el6_0.2.s390x.rpm mailman-debuginfo-2.1.12-14.el6_0.2.s390x.rpm x86_64: mailman-2.1.12-14.el6_0.2.x86_64.rpm mailman-debuginfo-2.1.12-14.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mailman-2.1.12-14.el6_0.2.src.rpm i386: mailman-2.1.12-14.el6_0.2.i686.rpm mailman-debuginfo-2.1.12-14.el6_0.2.i686.rpm x86_64: mailman-2.1.12-14.el6_0.2.x86_64.rpm mailman-debuginfo-2.1.12-14.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3089.html https://www.redhat.com/security/data/cve/CVE-2011-0707.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbXnZXlSAg2UNWIIRAqjTAJ0ep858G2I8bGLZ/03WDUQPi/kEdQCglpKd PwUpgHeBNrhVcXbEMrfE/oc= =YFz3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 01:35:13 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 18:35:13 -0700 Subject: [RHSA-2011:0309-01] Critical: pango security update Message-ID: <201103020135.p221ZEv9008066@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: pango security update Advisory ID: RHSA-2011:0309-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0309.html Issue date: 2011-03-01 CVE Names: CVE-2011-0064 ===================================================================== 1. Summary: Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) Red Hat would like to thank the Mozilla Security Team for reporting this issue. All pango users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 678563 - CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm i386: pango-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm x86_64: pango-1.28.1-3.el6_0.5.i686.rpm pango-1.28.1-3.el6_0.5.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm i386: pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm x86_64: pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm x86_64: pango-1.28.1-3.el6_0.5.i686.rpm pango-1.28.1-3.el6_0.5.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm x86_64: pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm i386: pango-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm ppc64: pango-1.28.1-3.el6_0.5.ppc.rpm pango-1.28.1-3.el6_0.5.ppc64.rpm pango-debuginfo-1.28.1-3.el6_0.5.ppc.rpm pango-debuginfo-1.28.1-3.el6_0.5.ppc64.rpm pango-devel-1.28.1-3.el6_0.5.ppc.rpm pango-devel-1.28.1-3.el6_0.5.ppc64.rpm s390x: pango-1.28.1-3.el6_0.5.s390.rpm pango-1.28.1-3.el6_0.5.s390x.rpm pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm pango-devel-1.28.1-3.el6_0.5.s390.rpm pango-devel-1.28.1-3.el6_0.5.s390x.rpm x86_64: pango-1.28.1-3.el6_0.5.i686.rpm pango-1.28.1-3.el6_0.5.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pango-1.28.1-3.el6_0.5.src.rpm i386: pango-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm x86_64: pango-1.28.1-3.el6_0.5.i686.rpm pango-1.28.1-3.el6_0.5.x86_64.rpm pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm pango-devel-1.28.1-3.el6_0.5.i686.rpm pango-devel-1.28.1-3.el6_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0064.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbZ7CXlSAg2UNWIIRAljJAKCmP6EVp6r1Er8nFxNYnRUgehciNgCaA3Ac IaZ8kK0fi0x7bLPDzcfCrnI= =MZYG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 01:36:07 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 18:36:07 -0700 Subject: [RHSA-2011:0310-01] Critical: firefox security and bug fix update Message-ID: <201103020136.p221a7g2027022@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2011:0310-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0310.html Issue date: 2011-03-01 CVE Names: CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-1585) A flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0053, CVE-2011-0055, CVE-2011-0058, CVE-2011-0062) Several flaws were found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-0054, CVE-2011-0056, CVE-2011-0057) A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0061) A flaw was found in the way Firefox handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.14. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * On Red Hat Enterprise Linux 4 and 5, running the "firefox - -setDefaultBrowser" command caused warnings such as the following: libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported. This update disables the "setDefaultBrowser" option. Red Hat Enterprise Linux 4 users wishing to set a default web browser can use Applications -> Preferences -> More Preferences -> Preferred Applications. Red Hat Enterprise Linux 5 users can use System -> Preferences -> Preferred Applications. (BZ#463131, BZ#665031) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 463131 - libgnomevfs-WARNING when making firefox as default browser 665031 - firefox -setDefaultBrowser throws warnings 675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675083 - CVE-2011-0062 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675087 - CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02) 675090 - CVE-2011-0055 Mozilla use-after-free error in JSON.stringify (MFSA2011-03) 675091 - CVE-2011-0054 Mozilla Buffer overflow in JavaScript upvarMap (MFSA 2011-04) 675092 - CVE-2011-0056 Mozilla Buffer overflow in JavaScript atom map (MFSA 2011-05) 675093 - CVE-2011-0057 Mozilla use-after-free error using Web Workers (MFSA 2011-06) 675094 - CVE-2010-1585 Mozilla ParanoidFragmentSink allows javascript: URLs in chrome documents (MFSA 2011-08) 675095 - CVE-2011-0061 Mozilla crash caused by corrupted JPEG image (MFSA 2011-09) 675143 - CVE-2011-0058 Mozilla memory corruption during text run construction (MFSA 2011-07) 681369 - CVE-2011-0059 Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.14-4.el4.src.rpm i386: firefox-3.6.14-4.el4.i386.rpm firefox-debuginfo-3.6.14-4.el4.i386.rpm ia64: firefox-3.6.14-4.el4.ia64.rpm firefox-debuginfo-3.6.14-4.el4.ia64.rpm ppc: firefox-3.6.14-4.el4.ppc.rpm firefox-debuginfo-3.6.14-4.el4.ppc.rpm s390: firefox-3.6.14-4.el4.s390.rpm firefox-debuginfo-3.6.14-4.el4.s390.rpm s390x: firefox-3.6.14-4.el4.s390x.rpm firefox-debuginfo-3.6.14-4.el4.s390x.rpm x86_64: firefox-3.6.14-4.el4.x86_64.rpm firefox-debuginfo-3.6.14-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.14-4.el4.src.rpm i386: firefox-3.6.14-4.el4.i386.rpm firefox-debuginfo-3.6.14-4.el4.i386.rpm x86_64: firefox-3.6.14-4.el4.x86_64.rpm firefox-debuginfo-3.6.14-4.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.14-4.el4.src.rpm i386: firefox-3.6.14-4.el4.i386.rpm firefox-debuginfo-3.6.14-4.el4.i386.rpm ia64: firefox-3.6.14-4.el4.ia64.rpm firefox-debuginfo-3.6.14-4.el4.ia64.rpm x86_64: firefox-3.6.14-4.el4.x86_64.rpm firefox-debuginfo-3.6.14-4.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.14-4.el4.src.rpm i386: firefox-3.6.14-4.el4.i386.rpm firefox-debuginfo-3.6.14-4.el4.i386.rpm ia64: firefox-3.6.14-4.el4.ia64.rpm firefox-debuginfo-3.6.14-4.el4.ia64.rpm x86_64: firefox-3.6.14-4.el4.x86_64.rpm firefox-debuginfo-3.6.14-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm i386: firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm x86_64: firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.x86_64.rpm firefox-3.6.14-4.el5_6.x86_64.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.x86_64.rpm firefox-debuginfo-3.6.14-4.el5_6.x86_64.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm i386: xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-devel-1.9.2.14-4.el5_6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.14-4.el5_6.src.rpm i386: firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm ia64: firefox-3.6.14-4.el5_6.ia64.rpm firefox-3.6.14-4.el5_6.ia64.rpm firefox-debuginfo-3.6.14-4.el5_6.ia64.rpm firefox-debuginfo-3.6.14-4.el5_6.ia64.rpm xulrunner-1.9.2.14-4.el5_6.ia64.rpm xulrunner-1.9.2.14-4.el5_6.ia64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ia64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ia64.rpm xulrunner-devel-1.9.2.14-4.el5_6.ia64.rpm xulrunner-devel-1.9.2.14-4.el5_6.ia64.rpm ppc: firefox-3.6.14-4.el5_6.ppc.rpm firefox-3.6.14-4.el5_6.ppc.rpm firefox-debuginfo-3.6.14-4.el5_6.ppc.rpm firefox-debuginfo-3.6.14-4.el5_6.ppc.rpm xulrunner-1.9.2.14-4.el5_6.ppc.rpm xulrunner-1.9.2.14-4.el5_6.ppc.rpm xulrunner-1.9.2.14-4.el5_6.ppc64.rpm xulrunner-1.9.2.14-4.el5_6.ppc64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ppc.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ppc.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ppc64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.ppc64.rpm xulrunner-devel-1.9.2.14-4.el5_6.ppc.rpm xulrunner-devel-1.9.2.14-4.el5_6.ppc.rpm xulrunner-devel-1.9.2.14-4.el5_6.ppc64.rpm xulrunner-devel-1.9.2.14-4.el5_6.ppc64.rpm s390x: firefox-3.6.14-4.el5_6.s390.rpm firefox-3.6.14-4.el5_6.s390.rpm firefox-3.6.14-4.el5_6.s390x.rpm firefox-3.6.14-4.el5_6.s390x.rpm firefox-debuginfo-3.6.14-4.el5_6.s390.rpm firefox-debuginfo-3.6.14-4.el5_6.s390.rpm firefox-debuginfo-3.6.14-4.el5_6.s390x.rpm firefox-debuginfo-3.6.14-4.el5_6.s390x.rpm xulrunner-1.9.2.14-4.el5_6.s390.rpm xulrunner-1.9.2.14-4.el5_6.s390.rpm xulrunner-1.9.2.14-4.el5_6.s390x.rpm xulrunner-1.9.2.14-4.el5_6.s390x.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.s390.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.s390.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.s390x.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.s390x.rpm xulrunner-devel-1.9.2.14-4.el5_6.s390.rpm xulrunner-devel-1.9.2.14-4.el5_6.s390.rpm xulrunner-devel-1.9.2.14-4.el5_6.s390x.rpm xulrunner-devel-1.9.2.14-4.el5_6.s390x.rpm x86_64: firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.i386.rpm firefox-3.6.14-4.el5_6.x86_64.rpm firefox-3.6.14-4.el5_6.x86_64.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.i386.rpm firefox-debuginfo-3.6.14-4.el5_6.x86_64.rpm firefox-debuginfo-3.6.14-4.el5_6.x86_64.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.i386.rpm xulrunner-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.i386.rpm xulrunner-devel-1.9.2.14-4.el5_6.x86_64.rpm xulrunner-devel-1.9.2.14-4.el5_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: firefox-3.6.14-4.el6_0.i686.rpm firefox-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm x86_64: firefox-3.6.14-4.el6_0.x86_64.rpm firefox-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm x86_64: firefox-3.6.14-4.el6_0.x86_64.rpm firefox-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: firefox-3.6.14-4.el6_0.i686.rpm firefox-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm ppc64: firefox-3.6.14-4.el6_0.ppc64.rpm firefox-3.6.14-4.el6_0.ppc64.rpm firefox-debuginfo-3.6.14-4.el6_0.ppc64.rpm firefox-debuginfo-3.6.14-4.el6_0.ppc64.rpm xulrunner-1.9.2.14-3.el6_0.ppc.rpm xulrunner-1.9.2.14-3.el6_0.ppc64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc64.rpm s390x: firefox-3.6.14-4.el6_0.s390x.rpm firefox-3.6.14-4.el6_0.s390x.rpm firefox-debuginfo-3.6.14-4.el6_0.s390x.rpm firefox-debuginfo-3.6.14-4.el6_0.s390x.rpm xulrunner-1.9.2.14-3.el6_0.s390.rpm xulrunner-1.9.2.14-3.el6_0.s390x.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.s390x.rpm x86_64: firefox-3.6.14-4.el6_0.x86_64.rpm firefox-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.ppc64.rpm xulrunner-devel-1.9.2.14-3.el6_0.ppc.rpm xulrunner-devel-1.9.2.14-3.el6_0.ppc.rpm xulrunner-devel-1.9.2.14-3.el6_0.ppc64.rpm xulrunner-devel-1.9.2.14-3.el6_0.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.14-3.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.s390x.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.s390x.rpm xulrunner-devel-1.9.2.14-3.el6_0.s390.rpm xulrunner-devel-1.9.2.14-3.el6_0.s390.rpm xulrunner-devel-1.9.2.14-3.el6_0.s390x.rpm xulrunner-devel-1.9.2.14-3.el6_0.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.14-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: firefox-3.6.14-4.el6_0.i686.rpm firefox-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm firefox-debuginfo-3.6.14-4.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm x86_64: firefox-3.6.14-4.el6_0.x86_64.rpm firefox-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm firefox-debuginfo-3.6.14-4.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.i686.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.14-3.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.i686.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm xulrunner-devel-1.9.2.14-3.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1585.html https://www.redhat.com/security/data/cve/CVE-2011-0051.html https://www.redhat.com/security/data/cve/CVE-2011-0053.html https://www.redhat.com/security/data/cve/CVE-2011-0054.html https://www.redhat.com/security/data/cve/CVE-2011-0055.html https://www.redhat.com/security/data/cve/CVE-2011-0056.html https://www.redhat.com/security/data/cve/CVE-2011-0057.html https://www.redhat.com/security/data/cve/CVE-2011-0058.html https://www.redhat.com/security/data/cve/CVE-2011-0059.html https://www.redhat.com/security/data/cve/CVE-2011-0061.html https://www.redhat.com/security/data/cve/CVE-2011-0062.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbZ73XlSAg2UNWIIRAmacAJsGS+Q1PWYyoU/xVmoTuvviT7ukSwCfd4Uw NQkxxJLJi4uxUaXVEDkDFX4= =9tQb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 01:36:36 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 18:36:36 -0700 Subject: [RHSA-2011:0311-01] Critical: thunderbird security update Message-ID: <201103020136.p221aaxt024763@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:0311-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0311.html Issue date: 2011-03-01 CVE Names: CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1585, CVE-2011-0053, CVE-2011-0062) A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0061) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675083 - CVE-2011-0062 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675094 - CVE-2010-1585 Mozilla ParanoidFragmentSink allows javascript: URLs in chrome documents (MFSA 2011-08) 675095 - CVE-2011-0061 Mozilla crash caused by corrupted JPEG image (MFSA 2011-09) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.8-4.el6_0.src.rpm i386: thunderbird-3.1.8-4.el6_0.i686.rpm thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm x86_64: thunderbird-3.1.8-4.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.8-4.el6_0.src.rpm i386: thunderbird-3.1.8-4.el6_0.i686.rpm thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm ppc64: thunderbird-3.1.8-4.el6_0.ppc64.rpm thunderbird-debuginfo-3.1.8-4.el6_0.ppc64.rpm s390x: thunderbird-3.1.8-4.el6_0.s390x.rpm thunderbird-debuginfo-3.1.8-4.el6_0.s390x.rpm x86_64: thunderbird-3.1.8-4.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.8-4.el6_0.src.rpm i386: thunderbird-3.1.8-4.el6_0.i686.rpm thunderbird-debuginfo-3.1.8-4.el6_0.i686.rpm x86_64: thunderbird-3.1.8-4.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.8-4.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1585.html https://www.redhat.com/security/data/cve/CVE-2011-0053.html https://www.redhat.com/security/data/cve/CVE-2011-0061.html https://www.redhat.com/security/data/cve/CVE-2011-0062.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbZ8UXlSAg2UNWIIRAjJnAKCDgMOsTPaWpKgqS+3Tkh0oxUa5kgCcDpPj 2qEGCas7kyiUSeXSz+xLKng= =LOmS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 01:37:14 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 18:37:14 -0700 Subject: [RHSA-2011:0312-01] Moderate: thunderbird security update Message-ID: <201103020137.p221bEv0024817@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2011:0312-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0312.html Issue date: 2011-03-01 CVE Names: CVE-2011-0051 CVE-2011-0053 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0051, CVE-2011-0053) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675087 - CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-35.el4.src.rpm i386: thunderbird-1.5.0.12-35.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-35.el4.i386.rpm ia64: thunderbird-1.5.0.12-35.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.ia64.rpm ppc: thunderbird-1.5.0.12-35.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-35.el4.ppc.rpm s390: thunderbird-1.5.0.12-35.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-35.el4.s390.rpm s390x: thunderbird-1.5.0.12-35.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-35.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-35.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-35.el4.src.rpm i386: thunderbird-1.5.0.12-35.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-35.el4.i386.rpm x86_64: thunderbird-1.5.0.12-35.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-35.el4.src.rpm i386: thunderbird-1.5.0.12-35.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-35.el4.i386.rpm ia64: thunderbird-1.5.0.12-35.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-35.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-35.el4.src.rpm i386: thunderbird-1.5.0.12-35.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-35.el4.i386.rpm ia64: thunderbird-1.5.0.12-35.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-35.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-35.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-14.el5_6.src.rpm i386: thunderbird-2.0.0.24-14.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-14.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-14.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-14.el5_6.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-14.el5_6.src.rpm i386: thunderbird-2.0.0.24-14.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-14.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-14.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-14.el5_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0051.html https://www.redhat.com/security/data/cve/CVE-2011-0053.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbZ84XlSAg2UNWIIRAmJQAJ9Na6r/3rjCvGj4RN5fshBk9kbXdACdFQuz q3Yu/eBfzz9kmRFr8f2M1nQ= =f2Hg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 2 01:37:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Mar 2011 18:37:47 -0700 Subject: [RHSA-2011:0313-01] Critical: seamonkey security update Message-ID: <201103020137.p221blSn025169@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2011:0313-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0313.html Issue date: 2011-03-01 CVE Names: CVE-2011-0051 CVE-2011-0053 CVE-2011-0059 ===================================================================== 1. Summary: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0053) A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675082 - CVE-2011-0053 Mozilla miscellaneous memory safety hazards (MFSA 2011-01) 675087 - CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02) 681369 - CVE-2011-0059 Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-67.el4_8.src.rpm i386: seamonkey-1.0.9-67.el4_8.i386.rpm seamonkey-chat-1.0.9-67.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-67.el4_8.i386.rpm seamonkey-devel-1.0.9-67.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-67.el4_8.i386.rpm seamonkey-mail-1.0.9-67.el4_8.i386.rpm ia64: seamonkey-1.0.9-67.el4_8.ia64.rpm seamonkey-chat-1.0.9-67.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.ia64.rpm seamonkey-devel-1.0.9-67.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.ia64.rpm seamonkey-mail-1.0.9-67.el4_8.ia64.rpm ppc: seamonkey-1.0.9-67.el4_8.ppc.rpm seamonkey-chat-1.0.9-67.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-67.el4_8.ppc.rpm seamonkey-devel-1.0.9-67.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-67.el4_8.ppc.rpm seamonkey-mail-1.0.9-67.el4_8.ppc.rpm s390: seamonkey-1.0.9-67.el4_8.s390.rpm seamonkey-chat-1.0.9-67.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-67.el4_8.s390.rpm seamonkey-devel-1.0.9-67.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-67.el4_8.s390.rpm seamonkey-mail-1.0.9-67.el4_8.s390.rpm s390x: seamonkey-1.0.9-67.el4_8.s390x.rpm seamonkey-chat-1.0.9-67.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-67.el4_8.s390x.rpm seamonkey-devel-1.0.9-67.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-67.el4_8.s390x.rpm seamonkey-mail-1.0.9-67.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-67.el4_8.x86_64.rpm seamonkey-chat-1.0.9-67.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.x86_64.rpm seamonkey-devel-1.0.9-67.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.x86_64.rpm seamonkey-mail-1.0.9-67.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-67.el4_8.src.rpm i386: seamonkey-1.0.9-67.el4_8.i386.rpm seamonkey-chat-1.0.9-67.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-67.el4_8.i386.rpm seamonkey-devel-1.0.9-67.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-67.el4_8.i386.rpm seamonkey-mail-1.0.9-67.el4_8.i386.rpm x86_64: seamonkey-1.0.9-67.el4_8.x86_64.rpm seamonkey-chat-1.0.9-67.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.x86_64.rpm seamonkey-devel-1.0.9-67.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.x86_64.rpm seamonkey-mail-1.0.9-67.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-67.el4_8.src.rpm i386: seamonkey-1.0.9-67.el4_8.i386.rpm seamonkey-chat-1.0.9-67.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-67.el4_8.i386.rpm seamonkey-devel-1.0.9-67.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-67.el4_8.i386.rpm seamonkey-mail-1.0.9-67.el4_8.i386.rpm ia64: seamonkey-1.0.9-67.el4_8.ia64.rpm seamonkey-chat-1.0.9-67.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.ia64.rpm seamonkey-devel-1.0.9-67.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.ia64.rpm seamonkey-mail-1.0.9-67.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-67.el4_8.x86_64.rpm seamonkey-chat-1.0.9-67.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.x86_64.rpm seamonkey-devel-1.0.9-67.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.x86_64.rpm seamonkey-mail-1.0.9-67.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-67.el4_8.src.rpm i386: seamonkey-1.0.9-67.el4_8.i386.rpm seamonkey-chat-1.0.9-67.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-67.el4_8.i386.rpm seamonkey-devel-1.0.9-67.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-67.el4_8.i386.rpm seamonkey-mail-1.0.9-67.el4_8.i386.rpm ia64: seamonkey-1.0.9-67.el4_8.ia64.rpm seamonkey-chat-1.0.9-67.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.ia64.rpm seamonkey-devel-1.0.9-67.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.ia64.rpm seamonkey-mail-1.0.9-67.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-67.el4_8.x86_64.rpm seamonkey-chat-1.0.9-67.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-67.el4_8.x86_64.rpm seamonkey-devel-1.0.9-67.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-67.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-67.el4_8.x86_64.rpm seamonkey-mail-1.0.9-67.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0051.html https://www.redhat.com/security/data/cve/CVE-2011-0053.html https://www.redhat.com/security/data/cve/CVE-2011-0059.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbZ9dXlSAg2UNWIIRAkI0AJwL3t4328J6ZnXFVPPkpRYnOoxSrACfdf2p pcAvnhIGk9lSWUcZmNUDH4M= =oFBz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 3 01:26:35 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Mar 2011 18:26:35 -0700 Subject: [RHSA-2011:0318-01] Important: libtiff security update Message-ID: <201103030126.p231QZUu026446@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2011:0318-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0318.html Issue date: 2011-03-02 CVE Names: CVE-2011-0192 ===================================================================== 1. Summary: Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 678635 - CVE-2011-0192 libtiff: buffer overflow in Fax4Decode 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-17.el4.src.rpm i386: libtiff-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-devel-3.6.1-17.el4.i386.rpm ia64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.ia64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.ia64.rpm libtiff-devel-3.6.1-17.el4.ia64.rpm ppc: libtiff-3.6.1-17.el4.ppc.rpm libtiff-3.6.1-17.el4.ppc64.rpm libtiff-debuginfo-3.6.1-17.el4.ppc.rpm libtiff-debuginfo-3.6.1-17.el4.ppc64.rpm libtiff-devel-3.6.1-17.el4.ppc.rpm s390: libtiff-3.6.1-17.el4.s390.rpm libtiff-debuginfo-3.6.1-17.el4.s390.rpm libtiff-devel-3.6.1-17.el4.s390.rpm s390x: libtiff-3.6.1-17.el4.s390.rpm libtiff-3.6.1-17.el4.s390x.rpm libtiff-debuginfo-3.6.1-17.el4.s390.rpm libtiff-debuginfo-3.6.1-17.el4.s390x.rpm libtiff-devel-3.6.1-17.el4.s390x.rpm x86_64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.x86_64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.x86_64.rpm libtiff-devel-3.6.1-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-17.el4.src.rpm i386: libtiff-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-devel-3.6.1-17.el4.i386.rpm x86_64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.x86_64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.x86_64.rpm libtiff-devel-3.6.1-17.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-17.el4.src.rpm i386: libtiff-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-devel-3.6.1-17.el4.i386.rpm ia64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.ia64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.ia64.rpm libtiff-devel-3.6.1-17.el4.ia64.rpm x86_64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.x86_64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.x86_64.rpm libtiff-devel-3.6.1-17.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-17.el4.src.rpm i386: libtiff-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-devel-3.6.1-17.el4.i386.rpm ia64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.ia64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.ia64.rpm libtiff-devel-3.6.1-17.el4.ia64.rpm x86_64: libtiff-3.6.1-17.el4.i386.rpm libtiff-3.6.1-17.el4.x86_64.rpm libtiff-debuginfo-3.6.1-17.el4.i386.rpm libtiff-debuginfo-3.6.1-17.el4.x86_64.rpm libtiff-devel-3.6.1-17.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_6.6.src.rpm i386: libtiff-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm x86_64: libtiff-3.8.2-7.el5_6.6.i386.rpm libtiff-3.8.2-7.el5_6.6.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_6.6.src.rpm i386: libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-devel-3.8.2-7.el5_6.6.i386.rpm x86_64: libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.x86_64.rpm libtiff-devel-3.8.2-7.el5_6.6.i386.rpm libtiff-devel-3.8.2-7.el5_6.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-7.el5_6.6.src.rpm i386: libtiff-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-devel-3.8.2-7.el5_6.6.i386.rpm ia64: libtiff-3.8.2-7.el5_6.6.i386.rpm libtiff-3.8.2-7.el5_6.6.ia64.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.ia64.rpm libtiff-devel-3.8.2-7.el5_6.6.ia64.rpm ppc: libtiff-3.8.2-7.el5_6.6.ppc.rpm libtiff-3.8.2-7.el5_6.6.ppc64.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.ppc.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.ppc64.rpm libtiff-devel-3.8.2-7.el5_6.6.ppc.rpm libtiff-devel-3.8.2-7.el5_6.6.ppc64.rpm s390x: libtiff-3.8.2-7.el5_6.6.s390.rpm libtiff-3.8.2-7.el5_6.6.s390x.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.s390.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.s390x.rpm libtiff-devel-3.8.2-7.el5_6.6.s390.rpm libtiff-devel-3.8.2-7.el5_6.6.s390x.rpm x86_64: libtiff-3.8.2-7.el5_6.6.i386.rpm libtiff-3.8.2-7.el5_6.6.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.6.x86_64.rpm libtiff-devel-3.8.2-7.el5_6.6.i386.rpm libtiff-devel-3.8.2-7.el5_6.6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm x86_64: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-3.9.4-1.el6_0.1.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm libtiff-static-3.9.4-1.el6_0.1.i686.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.x86_64.rpm libtiff-static-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm x86_64: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-3.9.4-1.el6_0.1.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.x86_64.rpm libtiff-static-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm ppc64: libtiff-3.9.4-1.el6_0.1.ppc.rpm libtiff-3.9.4-1.el6_0.1.ppc64.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.ppc.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.ppc64.rpm libtiff-devel-3.9.4-1.el6_0.1.ppc.rpm libtiff-devel-3.9.4-1.el6_0.1.ppc64.rpm s390x: libtiff-3.9.4-1.el6_0.1.s390.rpm libtiff-3.9.4-1.el6_0.1.s390x.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.s390.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.s390x.rpm libtiff-devel-3.9.4-1.el6_0.1.s390.rpm libtiff-devel-3.9.4-1.el6_0.1.s390x.rpm x86_64: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-3.9.4-1.el6_0.1.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-static-3.9.4-1.el6_0.1.i686.rpm ppc64: libtiff-debuginfo-3.9.4-1.el6_0.1.ppc64.rpm libtiff-static-3.9.4-1.el6_0.1.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-1.el6_0.1.s390x.rpm libtiff-static-3.9.4-1.el6_0.1.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-static-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm x86_64: libtiff-3.9.4-1.el6_0.1.i686.rpm libtiff-3.9.4-1.el6_0.1.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.1.i686.rpm libtiff-devel-3.9.4-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-1.el6_0.1.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.1.i686.rpm libtiff-static-3.9.4-1.el6_0.1.i686.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.1.x86_64.rpm libtiff-static-3.9.4-1.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNbu40XlSAg2UNWIIRAtOjAJ4r0DxXwzfvgLHfuv7VpCoP5f2BFgCgjAzt pKegHK4xXboF1xn/IYFmuCA= =Mj8O -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 3 23:18:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Mar 2011 16:18:50 -0700 Subject: [RHSA-2011:0320-01] Important: libcgroup security update Message-ID: <201103032318.p23NIoY4013836@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libcgroup security update Advisory ID: RHSA-2011:0320-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0320.html Issue date: 2011-03-03 CVE Names: CVE-2011-1006 CVE-2011-1022 ===================================================================== 1. Summary: Updated libcgroup packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the way libcgroup converted a list of user-provided controllers for a particular task into an array of strings. A local attacker could use this flaw to escalate their privileges via a specially-crafted list of controllers. (CVE-2011-1006) It was discovered that libcgroup did not properly check the origin of Netlink messages. A local attacker could use this flaw to send crafted Netlink messages to the cgrulesengd daemon, causing it to put processes into one or more existing control groups, based on the attacker's choosing, possibly allowing the particular tasks to run with more resources (memory, CPU, etc.) than originally intended. (CVE-2011-1022) Red Hat would like to thank Nelson Elhage for reporting the CVE-2011-1006 issue. All libcgroup users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 678107 - CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings 680409 - CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm x86_64: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm x86_64: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm x86_64: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm x86_64: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm ppc64: libcgroup-0.36.1-6.el6_0.1.ppc.rpm libcgroup-0.36.1-6.el6_0.1.ppc64.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.ppc.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.ppc64.rpm libcgroup-devel-0.36.1-6.el6_0.1.ppc.rpm libcgroup-devel-0.36.1-6.el6_0.1.ppc64.rpm s390x: libcgroup-0.36.1-6.el6_0.1.s390.rpm libcgroup-0.36.1-6.el6_0.1.s390x.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.s390.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.s390x.rpm libcgroup-devel-0.36.1-6.el6_0.1.s390.rpm libcgroup-devel-0.36.1-6.el6_0.1.s390x.rpm x86_64: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm ppc64: libcgroup-debuginfo-0.36.1-6.el6_0.1.ppc.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.ppc64.rpm libcgroup-pam-0.36.1-6.el6_0.1.ppc.rpm libcgroup-pam-0.36.1-6.el6_0.1.ppc64.rpm s390x: libcgroup-debuginfo-0.36.1-6.el6_0.1.s390.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.s390x.rpm libcgroup-pam-0.36.1-6.el6_0.1.s390.rpm libcgroup-pam-0.36.1-6.el6_0.1.s390x.rpm x86_64: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm x86_64: libcgroup-0.36.1-6.el6_0.1.i686.rpm libcgroup-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libcgroup-0.36.1-6.el6_0.1.src.rpm i386: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm x86_64: libcgroup-debuginfo-0.36.1-6.el6_0.1.i686.rpm libcgroup-debuginfo-0.36.1-6.el6_0.1.x86_64.rpm libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1006.html https://www.redhat.com/security/data/cve/CVE-2011-1022.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNcCHMXlSAg2UNWIIRAlJHAJ4jdJHFgOdID5ClOoqYG5km7wbejACgo8dC Cck1v3Bb6tDhS5DZwM412k4= =Ljik -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 7 21:06:08 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Mar 2011 14:06:08 -0700 Subject: [RHSA-2011:0324-01] Important: logwatch security update Message-ID: <201103072106.p27L68rG018136@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: logwatch security update Advisory ID: RHSA-2011:0324-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0324.html Issue date: 2011-03-07 CVE Names: CVE-2011-1018 ===================================================================== 1. Summary: An updated logwatch package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018) Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680237 - CVE-2011-1018 logwatch: Privilege escalation due improper sanitization of special characters in log file names 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/logwatch-7.3-9.el5_6.src.rpm noarch: logwatch-7.3-9.el5_6.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/logwatch-7.3-9.el5_6.src.rpm noarch: logwatch-7.3-9.el5_6.noarch.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/logwatch-7.3.6-49.el6.src.rpm noarch: logwatch-7.3.6-49.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/logwatch-7.3.6-49.el6.src.rpm noarch: logwatch-7.3.6-49.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/logwatch-7.3.6-49.el6.src.rpm noarch: logwatch-7.3.6-49.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/logwatch-7.3.6-49.el6.src.rpm noarch: logwatch-7.3.6-49.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1018.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNdUimXlSAg2UNWIIRAvYjAJ9S1NDxAt1YlKBZUNIYLzBVQxm/dQCgpBV2 w8N5eQd5a4Kg0BzXKeUxIu8= =yO0n -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 18:10:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2011 11:10:10 -0700 Subject: [RHSA-2011:0327-01] Moderate: subversion security and bug fix update Message-ID: <201103081810.p28IAAiV025618@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security and bug fix update Advisory ID: RHSA-2011:0327-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0327.html Issue date: 2011-03-08 CVE Names: CVE-2011-0715 ===================================================================== 1. Summary: Updated subversion packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. (CVE-2011-0715) Red Hat would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter. This update also fixes the following bug: * A regression was found in the handling of repositories which do not have a "db/fsfs.conf" file. The "svnadmin hotcopy" command would fail when trying to produce a copy of such a repository. This command has been fixed to ignore the absence of the "fsfs.conf" file. The "svnadmin hotcopy" command will now succeed for this type of repository. (BZ#681522) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680755 - CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client 681522 - Regression: svnadmin hotcopy throws error 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.3.src.rpm i386: mod_dav_svn-1.6.11-7.el5_6.3.i386.rpm subversion-1.6.11-7.el5_6.3.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.3.i386.rpm subversion-devel-1.6.11-7.el5_6.3.i386.rpm subversion-javahl-1.6.11-7.el5_6.3.i386.rpm subversion-perl-1.6.11-7.el5_6.3.i386.rpm subversion-ruby-1.6.11-7.el5_6.3.i386.rpm x86_64: mod_dav_svn-1.6.11-7.el5_6.3.x86_64.rpm subversion-1.6.11-7.el5_6.3.i386.rpm subversion-1.6.11-7.el5_6.3.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.3.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.3.x86_64.rpm subversion-devel-1.6.11-7.el5_6.3.i386.rpm subversion-devel-1.6.11-7.el5_6.3.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.3.x86_64.rpm subversion-perl-1.6.11-7.el5_6.3.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.3.src.rpm i386: mod_dav_svn-1.6.11-7.el5_6.3.i386.rpm subversion-1.6.11-7.el5_6.3.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.3.i386.rpm subversion-devel-1.6.11-7.el5_6.3.i386.rpm subversion-javahl-1.6.11-7.el5_6.3.i386.rpm subversion-perl-1.6.11-7.el5_6.3.i386.rpm subversion-ruby-1.6.11-7.el5_6.3.i386.rpm ia64: mod_dav_svn-1.6.11-7.el5_6.3.ia64.rpm subversion-1.6.11-7.el5_6.3.ia64.rpm subversion-debuginfo-1.6.11-7.el5_6.3.ia64.rpm subversion-devel-1.6.11-7.el5_6.3.ia64.rpm subversion-javahl-1.6.11-7.el5_6.3.ia64.rpm subversion-perl-1.6.11-7.el5_6.3.ia64.rpm subversion-ruby-1.6.11-7.el5_6.3.ia64.rpm ppc: mod_dav_svn-1.6.11-7.el5_6.3.ppc.rpm subversion-1.6.11-7.el5_6.3.ppc.rpm subversion-1.6.11-7.el5_6.3.ppc64.rpm subversion-debuginfo-1.6.11-7.el5_6.3.ppc.rpm subversion-debuginfo-1.6.11-7.el5_6.3.ppc64.rpm subversion-devel-1.6.11-7.el5_6.3.ppc.rpm subversion-devel-1.6.11-7.el5_6.3.ppc64.rpm subversion-javahl-1.6.11-7.el5_6.3.ppc.rpm subversion-perl-1.6.11-7.el5_6.3.ppc.rpm subversion-ruby-1.6.11-7.el5_6.3.ppc.rpm s390x: mod_dav_svn-1.6.11-7.el5_6.3.s390x.rpm subversion-1.6.11-7.el5_6.3.s390.rpm subversion-1.6.11-7.el5_6.3.s390x.rpm subversion-debuginfo-1.6.11-7.el5_6.3.s390.rpm subversion-debuginfo-1.6.11-7.el5_6.3.s390x.rpm subversion-devel-1.6.11-7.el5_6.3.s390.rpm subversion-devel-1.6.11-7.el5_6.3.s390x.rpm subversion-javahl-1.6.11-7.el5_6.3.s390x.rpm subversion-perl-1.6.11-7.el5_6.3.s390x.rpm subversion-ruby-1.6.11-7.el5_6.3.s390x.rpm x86_64: mod_dav_svn-1.6.11-7.el5_6.3.x86_64.rpm subversion-1.6.11-7.el5_6.3.i386.rpm subversion-1.6.11-7.el5_6.3.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.3.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.3.x86_64.rpm subversion-devel-1.6.11-7.el5_6.3.i386.rpm subversion-devel-1.6.11-7.el5_6.3.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.3.x86_64.rpm subversion-perl-1.6.11-7.el5_6.3.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0715.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNdnCoXlSAg2UNWIIRAi8VAKCNaIGUCbnfpwCcDcAVe+5m3KENMwCfYLRe MpkF4K5bibL0OT0JGJaaSh8= =srrz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 18:10:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2011 11:10:56 -0700 Subject: [RHSA-2011:0328-01] Moderate: subversion security update Message-ID: <201103081810.p28IAunY017343@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2011:0328-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0328.html Issue date: 2011-03-08 CVE Names: CVE-2011-0715 ===================================================================== 1. Summary: Updated subversion packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. (CVE-2011-0715) Red Hat would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter. All Subversion users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680755 - CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm i386: mod_dav_svn-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.3.x86_64.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.x86_64.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.x86_64.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.3.x86_64.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.x86_64.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.x86_64.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm i386: mod_dav_svn-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm ppc64: mod_dav_svn-1.6.11-2.el6_0.3.ppc64.rpm subversion-1.6.11-2.el6_0.3.ppc.rpm subversion-1.6.11-2.el6_0.3.ppc64.rpm subversion-debuginfo-1.6.11-2.el6_0.3.ppc.rpm subversion-debuginfo-1.6.11-2.el6_0.3.ppc64.rpm s390x: mod_dav_svn-1.6.11-2.el6_0.3.s390x.rpm subversion-1.6.11-2.el6_0.3.s390.rpm subversion-1.6.11-2.el6_0.3.s390x.rpm subversion-debuginfo-1.6.11-2.el6_0.3.s390.rpm subversion-debuginfo-1.6.11-2.el6_0.3.s390x.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.3.x86_64.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm i386: subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm ppc64: subversion-debuginfo-1.6.11-2.el6_0.3.ppc.rpm subversion-debuginfo-1.6.11-2.el6_0.3.ppc64.rpm subversion-devel-1.6.11-2.el6_0.3.ppc.rpm subversion-devel-1.6.11-2.el6_0.3.ppc64.rpm subversion-gnome-1.6.11-2.el6_0.3.ppc.rpm subversion-gnome-1.6.11-2.el6_0.3.ppc64.rpm subversion-javahl-1.6.11-2.el6_0.3.ppc.rpm subversion-javahl-1.6.11-2.el6_0.3.ppc64.rpm subversion-kde-1.6.11-2.el6_0.3.ppc.rpm subversion-kde-1.6.11-2.el6_0.3.ppc64.rpm subversion-perl-1.6.11-2.el6_0.3.ppc.rpm subversion-perl-1.6.11-2.el6_0.3.ppc64.rpm subversion-ruby-1.6.11-2.el6_0.3.ppc.rpm subversion-ruby-1.6.11-2.el6_0.3.ppc64.rpm s390x: subversion-debuginfo-1.6.11-2.el6_0.3.s390.rpm subversion-debuginfo-1.6.11-2.el6_0.3.s390x.rpm subversion-devel-1.6.11-2.el6_0.3.s390.rpm subversion-devel-1.6.11-2.el6_0.3.s390x.rpm subversion-gnome-1.6.11-2.el6_0.3.s390.rpm subversion-gnome-1.6.11-2.el6_0.3.s390x.rpm subversion-javahl-1.6.11-2.el6_0.3.s390.rpm subversion-javahl-1.6.11-2.el6_0.3.s390x.rpm subversion-kde-1.6.11-2.el6_0.3.s390.rpm subversion-kde-1.6.11-2.el6_0.3.s390x.rpm subversion-perl-1.6.11-2.el6_0.3.s390.rpm subversion-perl-1.6.11-2.el6_0.3.s390x.rpm subversion-ruby-1.6.11-2.el6_0.3.s390.rpm subversion-ruby-1.6.11-2.el6_0.3.s390x.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.x86_64.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.x86_64.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm i386: mod_dav_svn-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.3.x86_64.rpm subversion-1.6.11-2.el6_0.3.i686.rpm subversion-1.6.11-2.el6_0.3.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.3.i686.rpm subversion-javahl-1.6.11-2.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_0.3.src.rpm i386: subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.3.noarch.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_0.3.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.3.x86_64.rpm subversion-devel-1.6.11-2.el6_0.3.i686.rpm subversion-devel-1.6.11-2.el6_0.3.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.3.i686.rpm subversion-gnome-1.6.11-2.el6_0.3.x86_64.rpm subversion-kde-1.6.11-2.el6_0.3.i686.rpm subversion-kde-1.6.11-2.el6_0.3.x86_64.rpm subversion-perl-1.6.11-2.el6_0.3.i686.rpm subversion-perl-1.6.11-2.el6_0.3.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.3.i686.rpm subversion-ruby-1.6.11-2.el6_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0715.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNdnEUXlSAg2UNWIIRAgjGAKCsYzlkxTzndnEZBDs1OIWwTRSvZgCdEg52 B9tN8vSPY9BIq0QJqy/slRw= =XCQH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 8 19:50:27 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Mar 2011 12:50:27 -0700 Subject: [RHSA-2011:0329-01] Important: kernel security update Message-ID: <201103081950.p28JoSQC016827@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2011:0329-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0329.html Issue date: 2011-03-08 CVE Names: CVE-2011-0714 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A use-after-free flaw was found in the Linux kernel's RPC server sockets implementation. A remote attacker could use this flaw to trigger a denial of service by sending a corrupted packet to a target system. (CVE-2011-0714, Important) Red Hat would like to thank Adam Prince for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 678144 - CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.18.2.el6.src.rpm i386: kernel-2.6.32-71.18.2.el6.i686.rpm kernel-debug-2.6.32-71.18.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debug-devel-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.18.2.el6.i686.rpm kernel-devel-2.6.32-71.18.2.el6.i686.rpm kernel-headers-2.6.32-71.18.2.el6.i686.rpm noarch: kernel-doc-2.6.32-71.18.2.el6.noarch.rpm kernel-firmware-2.6.32-71.18.2.el6.noarch.rpm perf-2.6.32-71.18.2.el6.noarch.rpm x86_64: kernel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.18.2.el6.x86_64.rpm kernel-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-headers-2.6.32-71.18.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.18.2.el6.src.rpm noarch: kernel-doc-2.6.32-71.18.2.el6.noarch.rpm kernel-firmware-2.6.32-71.18.2.el6.noarch.rpm perf-2.6.32-71.18.2.el6.noarch.rpm x86_64: kernel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.18.2.el6.x86_64.rpm kernel-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-headers-2.6.32-71.18.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.18.2.el6.src.rpm i386: kernel-2.6.32-71.18.2.el6.i686.rpm kernel-debug-2.6.32-71.18.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debug-devel-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.18.2.el6.i686.rpm kernel-devel-2.6.32-71.18.2.el6.i686.rpm kernel-headers-2.6.32-71.18.2.el6.i686.rpm noarch: kernel-doc-2.6.32-71.18.2.el6.noarch.rpm kernel-firmware-2.6.32-71.18.2.el6.noarch.rpm perf-2.6.32-71.18.2.el6.noarch.rpm ppc64: kernel-2.6.32-71.18.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.18.2.el6.ppc64.rpm kernel-debug-2.6.32-71.18.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.18.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.18.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-71.18.2.el6.ppc64.rpm kernel-devel-2.6.32-71.18.2.el6.ppc64.rpm kernel-headers-2.6.32-71.18.2.el6.ppc64.rpm s390x: kernel-2.6.32-71.18.2.el6.s390x.rpm kernel-debug-2.6.32-71.18.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.s390x.rpm kernel-debug-devel-2.6.32-71.18.2.el6.s390x.rpm kernel-debuginfo-2.6.32-71.18.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-71.18.2.el6.s390x.rpm kernel-devel-2.6.32-71.18.2.el6.s390x.rpm kernel-headers-2.6.32-71.18.2.el6.s390x.rpm kernel-kdump-2.6.32-71.18.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.18.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.18.2.el6.s390x.rpm x86_64: kernel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.18.2.el6.x86_64.rpm kernel-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-headers-2.6.32-71.18.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.18.2.el6.src.rpm i386: kernel-2.6.32-71.18.2.el6.i686.rpm kernel-debug-2.6.32-71.18.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debug-devel-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-2.6.32-71.18.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.18.2.el6.i686.rpm kernel-devel-2.6.32-71.18.2.el6.i686.rpm kernel-headers-2.6.32-71.18.2.el6.i686.rpm noarch: kernel-doc-2.6.32-71.18.2.el6.noarch.rpm kernel-firmware-2.6.32-71.18.2.el6.noarch.rpm perf-2.6.32-71.18.2.el6.noarch.rpm x86_64: kernel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.18.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.18.2.el6.x86_64.rpm kernel-devel-2.6.32-71.18.2.el6.x86_64.rpm kernel-headers-2.6.32-71.18.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0714.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNdohqXlSAg2UNWIIRAvTrAKCPjoRfoWTul5UZcmDXlli/61hkcgCeJrwU C9NBVENlrooMmnlSp5eFSd4= =W/Hk -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 18:51:46 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 11:51:46 -0700 Subject: [RHSA-2011:0332-01] Important: scsi-target-utils security update Message-ID: <201103091851.p29IpkU7022530@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: scsi-target-utils security update Advisory ID: RHSA-2011:0332-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0332.html Issue date: 2011-03-09 CVE Names: CVE-2011-0001 ===================================================================== 1. Summary: An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Cluster-Storage (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 667261 - CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash 6. Package List: RHEL Cluster-Storage (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/scsi-target-utils-1.0.8-0.el5_6.1.src.rpm i386: scsi-target-utils-1.0.8-0.el5_6.1.i386.rpm scsi-target-utils-debuginfo-1.0.8-0.el5_6.1.i386.rpm ia64: scsi-target-utils-1.0.8-0.el5_6.1.ia64.rpm scsi-target-utils-debuginfo-1.0.8-0.el5_6.1.ia64.rpm ppc: scsi-target-utils-1.0.8-0.el5_6.1.ppc.rpm scsi-target-utils-debuginfo-1.0.8-0.el5_6.1.ppc.rpm x86_64: scsi-target-utils-1.0.8-0.el5_6.1.x86_64.rpm scsi-target-utils-debuginfo-1.0.8-0.el5_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/scsi-target-utils-1.0.4-3.el6_0.1.src.rpm i386: scsi-target-utils-1.0.4-3.el6_0.1.i686.rpm scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.i686.rpm ppc64: scsi-target-utils-1.0.4-3.el6_0.1.ppc64.rpm scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.ppc64.rpm x86_64: scsi-target-utils-1.0.4-3.el6_0.1.x86_64.rpm scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/scsi-target-utils-1.0.4-3.el6_0.1.src.rpm i386: scsi-target-utils-1.0.4-3.el6_0.1.i686.rpm scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.i686.rpm x86_64: scsi-target-utils-1.0.4-3.el6_0.1.x86_64.rpm scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0001.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd8wxXlSAg2UNWIIRAkHjAJwOKV6a0RqbEFsu3vAh3+q0ng/GEACdFfFz P+zkZoreXCMWFLSV1fTeUBA= =F+Xq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 22:09:45 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 15:09:45 -0700 Subject: [RHSA-2011:0335-01] Important: tomcat6 security and bug fix update Message-ID: <201103092209.p29M9jp8010483@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security and bug fix update Advisory ID: RHSA-2011:0335-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0335.html Issue date: 2011-03-09 CVE Names: CVE-2010-4476 CVE-2011-0534 ===================================================================== 1. Summary: Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug: * A bug in the "tomcat6" init script prevented additional Tomcat instances from starting. As well, running "service tomcat6 start" caused configuration options applied from "/etc/sysconfig/tomcat6" to be overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675338 - CVE-2011-0534 tomcat: remote DoS via NIO connector 676922 - Additionally Created Instances of Tomcat are broken / don't work 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-6.0.24-24.el6_0.noarch.rpm tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-lib-6.0.24-24.el6_0.noarch.rpm tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-6.0.24-24.el6_0.noarch.rpm tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-lib-6.0.24-24.el6_0.noarch.rpm tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-6.0.24-24.el6_0.noarch.rpm tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-lib-6.0.24-24.el6_0.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-6.0.24-24.el6_0.noarch.rpm tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm tomcat6-lib-6.0.24-24.el6_0.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-24.el6_0.src.rpm noarch: tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://www.redhat.com/security/data/cve/CVE-2011-0534.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd/qaXlSAg2UNWIIRAsViAJ9irCjwwZ51sOxXIlASgxEmBjYNigCcDpjq WWvEFsdw6vC3sxp2ZlmQeiw= =isKs -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 22:10:29 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 15:10:29 -0700 Subject: [RHSA-2011:0336-01] Important: tomcat5 security update Message-ID: <201103092210.p29MAUvc019511@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat5 security update Advisory ID: RHSA-2011:0336-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0336.html Issue date: 2011-03-09 CVE Names: CVE-2010-4476 ===================================================================== 1. Summary: Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.17.el5_6.src.rpm i386: tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.17.el5_6.src.rpm i386: tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm x86_64: tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.17.el5_6.src.rpm i386: tomcat5-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.i386.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.i386.rpm ia64: tomcat5-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.ia64.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.ia64.rpm ppc: tomcat5-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-5.5.23-0jpp.17.el5_6.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.ppc.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.ppc.rpm s390x: tomcat5-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.s390x.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.17.el5_6.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.17.el5_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-5.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd/q3XlSAg2UNWIIRAoTWAJ44er893rgbe+HNkA3P8vS7bLmyYACgtaCN DtqJoWx0iR2Udl7ua3wPD/8= =jgZV -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 9 22:11:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Mar 2011 15:11:01 -0700 Subject: [RHSA-2011:0337-01] Important: vsftpd security update Message-ID: <201103092211.p29MB2SF019649@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: vsftpd security update Advisory ID: RHSA-2011:0337-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0337.html Issue date: 2011-03-09 CVE Names: CVE-2011-0762 ===================================================================== 1. Summary: An updated vsftpd package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 681667 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vsftpd-2.0.1-9.el4.src.rpm i386: vsftpd-2.0.1-9.el4.i386.rpm vsftpd-debuginfo-2.0.1-9.el4.i386.rpm ia64: vsftpd-2.0.1-9.el4.ia64.rpm vsftpd-debuginfo-2.0.1-9.el4.ia64.rpm ppc: vsftpd-2.0.1-9.el4.ppc.rpm vsftpd-debuginfo-2.0.1-9.el4.ppc.rpm s390: vsftpd-2.0.1-9.el4.s390.rpm vsftpd-debuginfo-2.0.1-9.el4.s390.rpm s390x: vsftpd-2.0.1-9.el4.s390x.rpm vsftpd-debuginfo-2.0.1-9.el4.s390x.rpm x86_64: vsftpd-2.0.1-9.el4.x86_64.rpm vsftpd-debuginfo-2.0.1-9.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vsftpd-2.0.1-9.el4.src.rpm i386: vsftpd-2.0.1-9.el4.i386.rpm vsftpd-debuginfo-2.0.1-9.el4.i386.rpm ia64: vsftpd-2.0.1-9.el4.ia64.rpm vsftpd-debuginfo-2.0.1-9.el4.ia64.rpm x86_64: vsftpd-2.0.1-9.el4.x86_64.rpm vsftpd-debuginfo-2.0.1-9.el4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vsftpd-2.0.5-16.el5_6.1.src.rpm i386: vsftpd-2.0.5-16.el5_6.1.i386.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.i386.rpm x86_64: vsftpd-2.0.5-16.el5_6.1.x86_64.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vsftpd-2.0.5-16.el5_6.1.src.rpm i386: vsftpd-2.0.5-16.el5_6.1.i386.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.i386.rpm ia64: vsftpd-2.0.5-16.el5_6.1.ia64.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.ia64.rpm ppc: vsftpd-2.0.5-16.el5_6.1.ppc.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.ppc.rpm s390x: vsftpd-2.0.5-16.el5_6.1.s390x.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.s390x.rpm x86_64: vsftpd-2.0.5-16.el5_6.1.x86_64.rpm vsftpd-debuginfo-2.0.5-16.el5_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/vsftpd-2.2.2-6.el6_0.1.src.rpm i386: vsftpd-2.2.2-6.el6_0.1.i686.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm ppc64: vsftpd-2.2.2-6.el6_0.1.ppc64.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.ppc64.rpm s390x: vsftpd-2.2.2-6.el6_0.1.s390x.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.s390x.rpm x86_64: vsftpd-2.2.2-6.el6_0.1.x86_64.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/vsftpd-2.2.2-6.el6_0.1.src.rpm i386: vsftpd-2.2.2-6.el6_0.1.i686.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm x86_64: vsftpd-2.2.2-6.el6_0.1.x86_64.rpm vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0762.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNd/rnXlSAg2UNWIIRAo1gAJ0Rk4cES/amWEjZuhJpmcXndpjxvACeIH5m RsC8TpDCkIA90mPdYwNooBk= =Fk5r -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 20:57:27 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 13:57:27 -0700 Subject: [RHSA-2011:0330-01] Important: kernel-rt security and bug fix update Message-ID: <201103102057.p2AKvRhc018087@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2011:0330-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0330.html Issue date: 2011-03-10 CVE Names: CVE-2010-3477 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4165 CVE-2010-4242 CVE-2010-4248 CVE-2010-4249 CVE-2010-4250 CVE-2010-4346 CVE-2010-4347 CVE-2010-4565 CVE-2010-4648 CVE-2010-4649 CVE-2010-4655 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521 CVE-2011-1044 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * Missing boundary checks in the PPP over L2TP sockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4160, Important) * Integer overflow in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important) * Missing boundary check in dvb_ca_ioctl() in the av7110 module. On systems using old DVB cards requiring the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important) * Flaw in tcf_act_police_dump() in the network traffic policing implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-3477, Moderate) * Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, Moderate) * Divide-by-zero flaw in tcp_select_initial_window() in the Linux kernel's TCP/IP protocol suite implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4165, Moderate) * NULL pointer dereference flaw in the Bluetooth HCI UART driver could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4242, Moderate) * Flaw in the CPU time clocks implementation for the POSIX clock interface could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4248, Moderate) * Flaw in the garbage collector for AF_UNIX sockets could allow a local, unprivileged user to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate) * Memory leak in the inotify_init() system call. In some cases, it could leak a group, which could allow a local, unprivileged user to eventually cause a denial of service. (CVE-2010-4250, Moderate) * /sys/kernel/debug/acpi/custom_method had world-writable permissions, which could allow a local, unprivileged user to escalate their privileges. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2010-4347, Moderate) * Heap overflow in iowarrior_write() could allow a user with access to an IO-Warrior USB device to cause a denial of service or escalate their privileges. (CVE-2010-4656, Moderate) * Missing security check in the Linux kernel's implementation of the install_special_mapping routine could allow a local, unprivileged user to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low) * Information leak in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager implementation could allow a local, unprivileged user to leak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low) * A logic error in orinoco_ioctl_set_auth() in the Linux kernel's ORiNOCO wireless extensions support implementation could render TKIP countermeasures ineffective when it is enabled, as it enabled the card instead of shutting it down. (CVE-2010-4648, Low) * Missing initialization flaw in ethtool_get_regs() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2010-4655, Low) * Flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, and CVE-2010-4565; Steve Chen for reporting CVE-2010-4165; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249 and CVE-2010-4250; Kees Cook for reporting CVE-2010-4656 and CVE-2010-4655; and Tavis Ormandy for reporting CVE-2010-4346. This update also fixes three bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. 4. Solution: Users should upgrade to these updated kernel-rt packages. They are based on upstream version 2.6.33.7.2-rt30 (despite package naming) and correct these issues. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak 641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open() 651892 - CVE-2010-4160 kernel: L2TP send buffer allocation size overflows 652508 - CVE-2010-4165 kernel: possible kernel oops from user MSS 652529 - CVE-2010-4162 kernel: bio: integer overflow page count when mapping/copying user data 652957 - CVE-2010-4163 CVE-2010-4668 kernel: panic when submitting certain 0-length I/O requests 656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec 656756 - CVE-2010-4249 kernel: unix socket local dos 656830 - CVE-2010-4250 kernel: inotify memory leak 659574 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3] 662189 - CVE-2010-4346 kernel: install_special_mapping skips security_file_mmap check 663542 - CVE-2010-4347 kernel: local privilege escalation via /sys/kernel/debug/acpi/custom_method 664544 - CVE-2010-4565 kernel: CAN info leak 667907 - CVE-2010-4648 kernel: orinoco: fix TKIP countermeasure behaviour 667916 - CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ 672398 - CVE-2011-0521 kernel: av7110 negative array offset 672420 - CVE-2010-4656 kernel: iowarrior usb device heap overflow 672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.7-rt29.55.el5rt.src.rpm i386: kernel-rt-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-debug-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-debug-devel-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-devel-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-trace-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-trace-devel-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-vanilla-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.33.7-rt29.55.el5rt.i686.rpm perf-2.6.33.7-rt29.55.el5rt.i686.rpm perf-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.33.7-rt29.55.el5rt.noarch.rpm x86_64: kernel-rt-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-debug-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-trace-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm perf-2.6.33.7-rt29.55.el5rt.x86_64.rpm perf-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3477.html https://www.redhat.com/security/data/cve/CVE-2010-4160.html https://www.redhat.com/security/data/cve/CVE-2010-4162.html https://www.redhat.com/security/data/cve/CVE-2010-4163.html https://www.redhat.com/security/data/cve/CVE-2010-4165.html https://www.redhat.com/security/data/cve/CVE-2010-4242.html https://www.redhat.com/security/data/cve/CVE-2010-4248.html https://www.redhat.com/security/data/cve/CVE-2010-4249.html https://www.redhat.com/security/data/cve/CVE-2010-4250.html https://www.redhat.com/security/data/cve/CVE-2010-4346.html https://www.redhat.com/security/data/cve/CVE-2010-4347.html https://www.redhat.com/security/data/cve/CVE-2010-4565.html https://www.redhat.com/security/data/cve/CVE-2010-4648.html https://www.redhat.com/security/data/cve/CVE-2010-4649.html https://www.redhat.com/security/data/cve/CVE-2010-4655.html https://www.redhat.com/security/data/cve/CVE-2010-4656.html https://www.redhat.com/security/data/cve/CVE-2010-4668.html https://www.redhat.com/security/data/cve/CVE-2011-0521.html https://www.redhat.com/security/data/cve/CVE-2011-1044.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.3/html/Technical_Notes/chap-Package_Updates.html#RHSA-2011-0330 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeTsrXlSAg2UNWIIRAlygAJwN1qWRvHTL0hg3dWJ3Ki2JuOBXdgCfew1i A5AG5zgqnX11kLZiKmQyuTc= =h5c7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 20:57:51 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 13:57:51 -0700 Subject: [RHSA-2011:0345-01] Moderate: qemu-kvm security update Message-ID: <201103102057.p2AKvpIn023685@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security update Advisory ID: RHSA-2011:0345-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0345.html Issue date: 2011-03-10 CVE Names: CVE-2011-0011 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. Virtual Network Computing (VNC) is a remote display system. A flaw was found in the way the VNC "password" option was handled. Clearing a password disabled VNC authentication, allowing a remote user able to connect to the virtual machines' VNC ports to open a VNC session without authentication. (CVE-2011-0011) All users of qemu-kvm should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 668589 - CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm x86_64: qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm x86_64: qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm x86_64: qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm x86_64: qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.8.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0011.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeTtEXlSAg2UNWIIRAoJXAKCjxvTN8uUZsEk8lRPNpGhKHwdFpgCbBklA 09HJCAs0yEMN9TD2tjNns9c= =y8Sr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 20:58:18 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 13:58:18 -0700 Subject: [RHSA-2011:0346-01] Moderate: openldap security and bug fix update Message-ID: <201103102058.p2AKwJSp018326@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security and bug fix update Advisory ID: RHSA-2011:0346-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0346.html Issue date: 2011-03-10 CVE Names: CVE-2011-1024 ===================================================================== 1. Summary: Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) This update also fixes the following bug: * Previously, multiple concurrent connections to an OpenLDAP server could cause the slapd service to terminate unexpectedly with an assertion error. This update adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes. (BZ#677611) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680466 - CVE-2011-1024 openldap: forwarded bind failure messages cause success 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5_6.7.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm openldap-2.3.43-12.el5_6.7.i386.rpm openldap-clients-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm openldap-2.3.43-12.el5_6.7.i386.rpm openldap-2.3.43-12.el5_6.7.x86_64.rpm openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openldap-2.3.43-12.el5_6.7.src.rpm i386: openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-devel-2.3.43-12.el5_6.7.i386.rpm openldap-servers-2.3.43-12.el5_6.7.i386.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.i386.rpm openldap-servers-sql-2.3.43-12.el5_6.7.i386.rpm x86_64: openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.x86_64.rpm openldap-devel-2.3.43-12.el5_6.7.i386.rpm openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openldap-2.3.43-12.el5_6.7.src.rpm i386: compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm openldap-2.3.43-12.el5_6.7.i386.rpm openldap-clients-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-devel-2.3.43-12.el5_6.7.i386.rpm openldap-servers-2.3.43-12.el5_6.7.i386.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.i386.rpm openldap-servers-sql-2.3.43-12.el5_6.7.i386.rpm ia64: compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_6.7.ia64.rpm openldap-2.3.43-12.el5_6.7.i386.rpm openldap-2.3.43-12.el5_6.7.ia64.rpm openldap-clients-2.3.43-12.el5_6.7.ia64.rpm openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.ia64.rpm openldap-devel-2.3.43-12.el5_6.7.ia64.rpm openldap-servers-2.3.43-12.el5_6.7.ia64.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.ia64.rpm openldap-servers-sql-2.3.43-12.el5_6.7.ia64.rpm ppc: compat-openldap-2.3.43_2.2.29-12.el5_6.7.ppc.rpm compat-openldap-2.3.43_2.2.29-12.el5_6.7.ppc64.rpm openldap-2.3.43-12.el5_6.7.ppc.rpm openldap-2.3.43-12.el5_6.7.ppc64.rpm openldap-clients-2.3.43-12.el5_6.7.ppc.rpm openldap-debuginfo-2.3.43-12.el5_6.7.ppc.rpm openldap-debuginfo-2.3.43-12.el5_6.7.ppc64.rpm openldap-devel-2.3.43-12.el5_6.7.ppc.rpm openldap-devel-2.3.43-12.el5_6.7.ppc64.rpm openldap-servers-2.3.43-12.el5_6.7.ppc.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.ppc.rpm openldap-servers-sql-2.3.43-12.el5_6.7.ppc.rpm s390x: compat-openldap-2.3.43_2.2.29-12.el5_6.7.s390.rpm compat-openldap-2.3.43_2.2.29-12.el5_6.7.s390x.rpm openldap-2.3.43-12.el5_6.7.s390.rpm openldap-2.3.43-12.el5_6.7.s390x.rpm openldap-clients-2.3.43-12.el5_6.7.s390x.rpm openldap-debuginfo-2.3.43-12.el5_6.7.s390.rpm openldap-debuginfo-2.3.43-12.el5_6.7.s390x.rpm openldap-devel-2.3.43-12.el5_6.7.s390.rpm openldap-devel-2.3.43-12.el5_6.7.s390x.rpm openldap-servers-2.3.43-12.el5_6.7.s390x.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.s390x.rpm openldap-servers-sql-2.3.43-12.el5_6.7.s390x.rpm x86_64: compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm openldap-2.3.43-12.el5_6.7.i386.rpm openldap-2.3.43-12.el5_6.7.x86_64.rpm openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm openldap-debuginfo-2.3.43-12.el5_6.7.i386.rpm openldap-debuginfo-2.3.43-12.el5_6.7.x86_64.rpm openldap-devel-2.3.43-12.el5_6.7.i386.rpm openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1024.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeTteXlSAg2UNWIIRAo0RAJ9TvlLTfmKfrDOA8HiSF4Mxkdid+gCeNc4Y pEt7d1jzLt3QffVYYOm/e2A= =SVVb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 10 20:59:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Mar 2011 13:59:01 -0700 Subject: [RHSA-2011:0347-01] Moderate: openldap security update Message-ID: <201103102059.p2AKx2Oj013826@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2011:0347-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0347.html Issue date: 2011-03-10 CVE Names: CVE-2011-1024 CVE-2011-1025 CVE-2011-1081 ===================================================================== 1. Summary: Updated openldap packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025) A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680466 - CVE-2011-1024 openldap: forwarded bind failure messages cause success 680472 - CVE-2011-1025 openldap: rootpw not verified via slapd.conf when using the NDB backend 680975 - CVE-2011-1081 openldap: DoS when submitting special MODRDN request 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-clients-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm x86_64: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.x86_64.rpm openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-servers-2.4.19-15.el6_0.2.i686.rpm openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm x86_64: openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm x86_64: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.x86_64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm x86_64: openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-clients-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-servers-2.4.19-15.el6_0.2.i686.rpm ppc64: compat-openldap-2.4.19_2.3.43-15.el6_0.2.ppc.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.ppc64.rpm openldap-2.4.19-15.el6_0.2.ppc.rpm openldap-2.4.19-15.el6_0.2.ppc64.rpm openldap-clients-2.4.19-15.el6_0.2.ppc64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.ppc.rpm openldap-debuginfo-2.4.19-15.el6_0.2.ppc64.rpm openldap-devel-2.4.19-15.el6_0.2.ppc.rpm openldap-devel-2.4.19-15.el6_0.2.ppc64.rpm openldap-servers-2.4.19-15.el6_0.2.ppc64.rpm s390x: compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.s390x.rpm openldap-2.4.19-15.el6_0.2.s390.rpm openldap-2.4.19-15.el6_0.2.s390x.rpm openldap-clients-2.4.19-15.el6_0.2.s390x.rpm openldap-debuginfo-2.4.19-15.el6_0.2.s390.rpm openldap-debuginfo-2.4.19-15.el6_0.2.s390x.rpm openldap-devel-2.4.19-15.el6_0.2.s390.rpm openldap-devel-2.4.19-15.el6_0.2.s390x.rpm openldap-servers-2.4.19-15.el6_0.2.s390x.rpm x86_64: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.x86_64.rpm openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm ppc64: openldap-debuginfo-2.4.19-15.el6_0.2.ppc64.rpm openldap-servers-sql-2.4.19-15.el6_0.2.ppc64.rpm s390x: openldap-debuginfo-2.4.19-15.el6_0.2.s390x.rpm openldap-servers-sql-2.4.19-15.el6_0.2.s390x.rpm x86_64: openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-clients-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-servers-2.4.19-15.el6_0.2.i686.rpm x86_64: compat-openldap-2.4.19_2.3.43-15.el6_0.2.i686.rpm compat-openldap-2.4.19_2.3.43-15.el6_0.2.x86_64.rpm openldap-2.4.19-15.el6_0.2.i686.rpm openldap-2.4.19-15.el6_0.2.x86_64.rpm openldap-clients-2.4.19-15.el6_0.2.x86_64.rpm openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-devel-2.4.19-15.el6_0.2.i686.rpm openldap-devel-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-2.4.19-15.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.19-15.el6_0.2.src.rpm i386: openldap-debuginfo-2.4.19-15.el6_0.2.i686.rpm openldap-servers-sql-2.4.19-15.el6_0.2.i686.rpm x86_64: openldap-debuginfo-2.4.19-15.el6_0.2.x86_64.rpm openldap-servers-sql-2.4.19-15.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1024.html https://www.redhat.com/security/data/cve/CVE-2011-1025.html https://www.redhat.com/security/data/cve/CVE-2011-1081.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNeTuDXlSAg2UNWIIRAo+8AJ0d9JZ5QBUO4ewfQPHX2L/QCjbV+gCguaFS 76PUxSV3LbZSl+Z6a2Kn/1U= =2Q0l -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 16 10:13:09 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Mar 2011 15:43:09 +0530 Subject: [RHSA-2011:0356-01] Important: krb5 security update Message-ID: <201103161013.p2GADAjZ029737@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2011:0356-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0356.html Issue date: 2011-03-16 CVE Names: CVE-2011-0284 ===================================================================== 1. Summary: Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). The Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) capability provides support for using public-key authentication with Kerberos. A double-free flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ), when the KDC was configured to provide the PKINIT capability. A remote attacker could use this flaw to cause the KDC daemon to abort by using a specially-crafted AS-REQ request. (CVE-2011-0284) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 674325 - CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.i686.rpm krb5-workstation-1.8.2-3.el6_0.6.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-server-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.i686.rpm krb5-server-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-workstation-1.8.2-3.el6_0.6.i686.rpm ppc64: krb5-debuginfo-1.8.2-3.el6_0.6.ppc.rpm krb5-debuginfo-1.8.2-3.el6_0.6.ppc64.rpm krb5-devel-1.8.2-3.el6_0.6.ppc.rpm krb5-devel-1.8.2-3.el6_0.6.ppc64.rpm krb5-libs-1.8.2-3.el6_0.6.ppc.rpm krb5-libs-1.8.2-3.el6_0.6.ppc64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.ppc64.rpm krb5-server-1.8.2-3.el6_0.6.ppc64.rpm krb5-server-ldap-1.8.2-3.el6_0.6.ppc.rpm krb5-server-ldap-1.8.2-3.el6_0.6.ppc64.rpm krb5-workstation-1.8.2-3.el6_0.6.ppc64.rpm s390x: krb5-debuginfo-1.8.2-3.el6_0.6.s390.rpm krb5-debuginfo-1.8.2-3.el6_0.6.s390x.rpm krb5-devel-1.8.2-3.el6_0.6.s390.rpm krb5-devel-1.8.2-3.el6_0.6.s390x.rpm krb5-libs-1.8.2-3.el6_0.6.s390.rpm krb5-libs-1.8.2-3.el6_0.6.s390x.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.s390x.rpm krb5-server-1.8.2-3.el6_0.6.s390x.rpm krb5-server-ldap-1.8.2-3.el6_0.6.s390.rpm krb5-server-ldap-1.8.2-3.el6_0.6.s390x.rpm krb5-workstation-1.8.2-3.el6_0.6.s390x.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.x86_64.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.8.2-3.el6_0.6.src.rpm i386: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.i686.rpm krb5-server-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-workstation-1.8.2-3.el6_0.6.i686.rpm x86_64: krb5-debuginfo-1.8.2-3.el6_0.6.i686.rpm krb5-debuginfo-1.8.2-3.el6_0.6.x86_64.rpm krb5-devel-1.8.2-3.el6_0.6.i686.rpm krb5-devel-1.8.2-3.el6_0.6.x86_64.rpm krb5-libs-1.8.2-3.el6_0.6.i686.rpm krb5-libs-1.8.2-3.el6_0.6.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-1.8.2-3.el6_0.6.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.6.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.6.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0284.html https://access.redhat.com/security/updates/classification/#important http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNgI0UXlSAg2UNWIIRAvkLAJ0RX5FeheekKxRHyqpwKtYLf+1/MwCfauSb smbFAuy2gubcwM//Bf7i5Pc= =PRMv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 16 12:43:51 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Mar 2011 18:13:51 +0530 Subject: [RHSA-2011:0357-01] Critical: java-1.6.0-ibm security update Message-ID: <201103161243.p2GChrct024996@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2011:0357-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0357.html Issue date: 2011-03-16 CVE Names: CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4471 CVE-2010-4473 CVE-2010-4475 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475) Note: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were missing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This erratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras as expected. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR9-FP1 Java release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.ppc64.rpm s390: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.9.1-1jpp.1.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.9.1-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4422.html https://www.redhat.com/security/data/cve/CVE-2010-4447.html https://www.redhat.com/security/data/cve/CVE-2010-4448.html https://www.redhat.com/security/data/cve/CVE-2010-4452.html https://www.redhat.com/security/data/cve/CVE-2010-4454.html https://www.redhat.com/security/data/cve/CVE-2010-4462.html https://www.redhat.com/security/data/cve/CVE-2010-4463.html https://www.redhat.com/security/data/cve/CVE-2010-4465.html https://www.redhat.com/security/data/cve/CVE-2010-4466.html https://www.redhat.com/security/data/cve/CVE-2010-4467.html https://www.redhat.com/security/data/cve/CVE-2010-4468.html https://www.redhat.com/security/data/cve/CVE-2010-4471.html https://www.redhat.com/security/data/cve/CVE-2010-4473.html https://www.redhat.com/security/data/cve/CVE-2010-4475.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ https://rhn.redhat.com/errata/RHSA-2010-0987.html https://rhn.redhat.com/errata/RHSA-2011-0290.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNgLBlXlSAg2UNWIIRAjISAJ44GAtOwI/hsD7NqtC0aZBY3Rm20wCeK21H wd8rfn3RmFZZjtzYgUk+3BU= =tdnq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 17 19:24:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Mar 2011 13:24:02 -0600 Subject: [RHSA-2011:0364-01] Critical: java-1.5.0-ibm security update Message-ID: <201103171924.p2HJO2vD016025@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2011:0364-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0364.html Issue date: 2011-03-17 CVE Names: CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4471 CVE-2010-4473 CVE-2010-4475 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 676026 - CVE-2010-4450 OpenJDK Launcher incorrect processing of empty library path entries (6983554) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.12.4-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.12.4-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4447.html https://www.redhat.com/security/data/cve/CVE-2010-4448.html https://www.redhat.com/security/data/cve/CVE-2010-4450.html https://www.redhat.com/security/data/cve/CVE-2010-4454.html https://www.redhat.com/security/data/cve/CVE-2010-4462.html https://www.redhat.com/security/data/cve/CVE-2010-4465.html https://www.redhat.com/security/data/cve/CVE-2010-4466.html https://www.redhat.com/security/data/cve/CVE-2010-4468.html https://www.redhat.com/security/data/cve/CVE-2010-4471.html https://www.redhat.com/security/data/cve/CVE-2010-4473.html https://www.redhat.com/security/data/cve/CVE-2010-4475.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNgl9FXlSAg2UNWIIRAnK/AJwPsxt6OWUcEE7I2x5UmRzkdS/xMwCfXPXC wOffNxSyehiZ1Tjh4e0jKJM= =Fycv -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 21 17:37:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Mar 2011 13:37:42 -0400 Subject: [RHSA-2011:0368-01] Critical: flash-plugin - End Of Life Message-ID: <201103211737.p2LHbg4x011512@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin - End Of Life Advisory ID: RHSA-2011:0368-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0368.html Issue date: 2011-03-21 CVE Names: CVE-2011-0558 CVE-2011-0559 CVE-2011-0560 CVE-2011-0561 CVE-2011-0571 CVE-2011-0572 CVE-2011-0573 CVE-2011-0574 CVE-2011-0575 CVE-2011-0577 CVE-2011-0578 CVE-2011-0607 CVE-2011-0608 ===================================================================== 1. Summary: This update disables Adobe Flash Player 9 on Red Hat Enterprise Linux 4, as it contains multiple security flaws and should no longer be used. The Red Hat Security Response Team has rated this update as having critical security impact. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Adobe Flash Player 9 is vulnerable to critical security flaws and should no longer be used. A remote attacker could use these flaws to execute arbitrary code with the privileges of the user running Flash Player 9. (CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608) Adobe is no longer providing security updates for Adobe Flash Player 9, and is not providing a replacement Flash Player version compatible with Red Hat Enterprise Linux 4. This erratum disables Adobe Flash Player 9 to prevent it from functioning. User wishing to continue using Flash Player 9, despite the vulnerabilities, can add the flash-plugin package to the up2date skip list. Refer to the following Red Hat Knowledgebase article for instructions on adding a package to the up2date skip list: https://access.redhat.com/kb/docs/DOC-1639 4. Solution: This update disables the flash-plugin package due to its known security vulnerabilities. 5. Bugs fixed (http://bugzilla.redhat.com/): 676226 - CVE-2011-0558 CVE-2011-0559 CVE-2011-0560 CVE-2011-0561 CVE-2011-0571 CVE-2011-0572 CVE-2011-0573 CVE-2011-0574 CVE-2011-0575 CVE-2011-0577 CVE-2011-0578 CVE-2011-0607 CVE-2011-0608 flash-plugin: multiple code execution flaws (APSB11-02) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: flash-plugin-9.0.289.0-3.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: flash-plugin-9.0.289.0-3.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: flash-plugin-9.0.289.0-3.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: flash-plugin-9.0.289.0-3.el4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0558.html https://www.redhat.com/security/data/cve/CVE-2011-0559.html https://www.redhat.com/security/data/cve/CVE-2011-0560.html https://www.redhat.com/security/data/cve/CVE-2011-0561.html https://www.redhat.com/security/data/cve/CVE-2011-0571.html https://www.redhat.com/security/data/cve/CVE-2011-0572.html https://www.redhat.com/security/data/cve/CVE-2011-0573.html https://www.redhat.com/security/data/cve/CVE-2011-0574.html https://www.redhat.com/security/data/cve/CVE-2011-0575.html https://www.redhat.com/security/data/cve/CVE-2011-0577.html https://www.redhat.com/security/data/cve/CVE-2011-0578.html https://www.redhat.com/security/data/cve/CVE-2011-0607.html https://www.redhat.com/security/data/cve/CVE-2011-0608.html https://access.redhat.com/security/updates/classification/#critical http://kb2.adobe.com/cps/406/kb406791.html https://access.redhat.com/kb/docs/DOC-1639 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNh4yzXlSAg2UNWIIRAgTUAJ9NM0sg5xjXNhVZas+IV5mIeTMlFQCeLPJU IFWKWpb5COIy5PQofYYj6kM= =MYUn -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 21 17:40:14 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Mar 2011 13:40:14 -0400 Subject: [RHSA-2011:0369-01] Moderate: wireshark security update Message-ID: <201103211740.p2LHeE3s020013@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2011:0369-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0369.html Issue date: 2011-03-21 CVE Names: CVE-2011-0444 CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141 ===================================================================== 1. Summary: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0444) A heap-based buffer overflow flaw was found in the way Wireshark processed signaling traces generated by the Gammu utility on Nokia DCT3 phones running in Netmonitor mode. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0713) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 669441 - CVE-2011-0444 wireshark: buffer overflow in MAC-LTE disector (upstream bug #5530) 676232 - CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652) 678198 - CVE-2011-0713 Wireshark: heap-based buffer overflow when reading malformed Nokia DCT3 phone signalling traces 681748 - CVE-2011-1139 Wireshark: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field 681754 - CVE-2011-1140 Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet 681756 - CVE-2011-1141 Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm x86_64: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-1.2.15-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-gnome-1.2.15-1.el6_0.1.i686.rpm x86_64: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.15-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm ppc64: wireshark-1.2.15-1.el6_0.1.ppc.rpm wireshark-1.2.15-1.el6_0.1.ppc64.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.ppc.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.ppc64.rpm s390x: wireshark-1.2.15-1.el6_0.1.s390.rpm wireshark-1.2.15-1.el6_0.1.s390x.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.s390.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.s390x.rpm x86_64: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-1.2.15-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-gnome-1.2.15-1.el6_0.1.i686.rpm ppc64: wireshark-debuginfo-1.2.15-1.el6_0.1.ppc.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.ppc64.rpm wireshark-devel-1.2.15-1.el6_0.1.ppc.rpm wireshark-devel-1.2.15-1.el6_0.1.ppc64.rpm wireshark-gnome-1.2.15-1.el6_0.1.ppc64.rpm s390x: wireshark-debuginfo-1.2.15-1.el6_0.1.s390.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.s390x.rpm wireshark-devel-1.2.15-1.el6_0.1.s390.rpm wireshark-devel-1.2.15-1.el6_0.1.s390x.rpm wireshark-gnome-1.2.15-1.el6_0.1.s390x.rpm x86_64: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.15-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm x86_64: wireshark-1.2.15-1.el6_0.1.i686.rpm wireshark-1.2.15-1.el6_0.1.x86_64.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.15-1.el6_0.1.src.rpm i386: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-gnome-1.2.15-1.el6_0.1.i686.rpm x86_64: wireshark-debuginfo-1.2.15-1.el6_0.1.i686.rpm wireshark-debuginfo-1.2.15-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.15-1.el6_0.1.i686.rpm wireshark-devel-1.2.15-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.15-1.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0444.html https://www.redhat.com/security/data/cve/CVE-2011-0538.html https://www.redhat.com/security/data/cve/CVE-2011-0713.html https://www.redhat.com/security/data/cve/CVE-2011-1139.html https://www.redhat.com/security/data/cve/CVE-2011-1140.html https://www.redhat.com/security/data/cve/CVE-2011-1141.html https://access.redhat.com/security/updates/classification/#moderate http://www.wireshark.org/security/wnpa-sec-2011-01.html http://www.wireshark.org/security/wnpa-sec-2011-03.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNh41VXlSAg2UNWIIRAn8xAJ9dnLBi06MEYAyNOEXmAucSrKlzkgCeOyc1 iCzcaHu+V17scXRoEANjBO4= =apSU -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 21 19:54:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Mar 2011 15:54:50 -0400 Subject: [RHSA-2011:0370-01] Moderate: wireshark security update Message-ID: <201103211954.p2LJsnPu030653@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2011:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0370.html Issue date: 2011-03-21 CVE Names: CVE-2010-3445 CVE-2011-0024 CVE-2011-0538 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141 CVE-2011-1143 ===================================================================== 1. Summary: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 639486 - CVE-2010-3445 wireshark: stack overflow in BER dissector 671331 - CVE-2011-0024 heap-based buffer overflow in wireshark < 1.2 when reading malformed capture files 676232 - CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652) 681748 - CVE-2011-1139 Wireshark: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field 681754 - CVE-2011-1140 Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet 681756 - CVE-2011-1141 Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption 681760 - CVE-2011-1143 Wireshark: Null pointer dereference causing application crash when reading malformed pcap file 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-1.0.15-2.el4.src.rpm i386: wireshark-1.0.15-2.el4.i386.rpm wireshark-debuginfo-1.0.15-2.el4.i386.rpm wireshark-gnome-1.0.15-2.el4.i386.rpm ia64: wireshark-1.0.15-2.el4.ia64.rpm wireshark-debuginfo-1.0.15-2.el4.ia64.rpm wireshark-gnome-1.0.15-2.el4.ia64.rpm ppc: wireshark-1.0.15-2.el4.ppc.rpm wireshark-debuginfo-1.0.15-2.el4.ppc.rpm wireshark-gnome-1.0.15-2.el4.ppc.rpm s390: wireshark-1.0.15-2.el4.s390.rpm wireshark-debuginfo-1.0.15-2.el4.s390.rpm wireshark-gnome-1.0.15-2.el4.s390.rpm s390x: wireshark-1.0.15-2.el4.s390x.rpm wireshark-debuginfo-1.0.15-2.el4.s390x.rpm wireshark-gnome-1.0.15-2.el4.s390x.rpm x86_64: wireshark-1.0.15-2.el4.x86_64.rpm wireshark-debuginfo-1.0.15-2.el4.x86_64.rpm wireshark-gnome-1.0.15-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-1.0.15-2.el4.src.rpm i386: wireshark-1.0.15-2.el4.i386.rpm wireshark-debuginfo-1.0.15-2.el4.i386.rpm wireshark-gnome-1.0.15-2.el4.i386.rpm x86_64: wireshark-1.0.15-2.el4.x86_64.rpm wireshark-debuginfo-1.0.15-2.el4.x86_64.rpm wireshark-gnome-1.0.15-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-1.0.15-2.el4.src.rpm i386: wireshark-1.0.15-2.el4.i386.rpm wireshark-debuginfo-1.0.15-2.el4.i386.rpm wireshark-gnome-1.0.15-2.el4.i386.rpm ia64: wireshark-1.0.15-2.el4.ia64.rpm wireshark-debuginfo-1.0.15-2.el4.ia64.rpm wireshark-gnome-1.0.15-2.el4.ia64.rpm x86_64: wireshark-1.0.15-2.el4.x86_64.rpm wireshark-debuginfo-1.0.15-2.el4.x86_64.rpm wireshark-gnome-1.0.15-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-1.0.15-2.el4.src.rpm i386: wireshark-1.0.15-2.el4.i386.rpm wireshark-debuginfo-1.0.15-2.el4.i386.rpm wireshark-gnome-1.0.15-2.el4.i386.rpm ia64: wireshark-1.0.15-2.el4.ia64.rpm wireshark-debuginfo-1.0.15-2.el4.ia64.rpm wireshark-gnome-1.0.15-2.el4.ia64.rpm x86_64: wireshark-1.0.15-2.el4.x86_64.rpm wireshark-debuginfo-1.0.15-2.el4.x86_64.rpm wireshark-gnome-1.0.15-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-1.el5_6.4.src.rpm i386: wireshark-1.0.15-1.el5_6.4.i386.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.i386.rpm x86_64: wireshark-1.0.15-1.el5_6.4.x86_64.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-1.el5_6.4.src.rpm i386: wireshark-debuginfo-1.0.15-1.el5_6.4.i386.rpm wireshark-gnome-1.0.15-1.el5_6.4.i386.rpm x86_64: wireshark-debuginfo-1.0.15-1.el5_6.4.x86_64.rpm wireshark-gnome-1.0.15-1.el5_6.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-1.0.15-1.el5_6.4.src.rpm i386: wireshark-1.0.15-1.el5_6.4.i386.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.i386.rpm wireshark-gnome-1.0.15-1.el5_6.4.i386.rpm ia64: wireshark-1.0.15-1.el5_6.4.ia64.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.ia64.rpm wireshark-gnome-1.0.15-1.el5_6.4.ia64.rpm ppc: wireshark-1.0.15-1.el5_6.4.ppc.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.ppc.rpm wireshark-gnome-1.0.15-1.el5_6.4.ppc.rpm s390x: wireshark-1.0.15-1.el5_6.4.s390x.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.s390x.rpm wireshark-gnome-1.0.15-1.el5_6.4.s390x.rpm x86_64: wireshark-1.0.15-1.el5_6.4.x86_64.rpm wireshark-debuginfo-1.0.15-1.el5_6.4.x86_64.rpm wireshark-gnome-1.0.15-1.el5_6.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3445.html https://www.redhat.com/security/data/cve/CVE-2011-0024.html https://www.redhat.com/security/data/cve/CVE-2011-0538.html https://www.redhat.com/security/data/cve/CVE-2011-1139.html https://www.redhat.com/security/data/cve/CVE-2011-1140.html https://www.redhat.com/security/data/cve/CVE-2011-1141.html https://www.redhat.com/security/data/cve/CVE-2011-1143.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNh6zUXlSAg2UNWIIRAgRUAJ90r5qBTJgyVE48yVuLiR/jpRsuRgCeJYFr VKHArBIO4ojxINOGnrocaPw= =XoNF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:30:37 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2011 17:30:37 -0400 Subject: [RHSA-2011:0372-01] Critical: flash-plugin security update Message-ID: <201103222130.p2MLUUa9003795@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:0372-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0372.html Issue date: 2011-03-22 CVE Names: CVE-2011-0609 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-0609) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.153.1. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 684988 - CVE-2011-0609 flash-plugin: crash and potential arbitrary code execution (APSB11-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.2.153.1-1.el5.i386.rpm x86_64: flash-plugin-10.2.153.1-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.2.153.1-1.el5.i386.rpm x86_64: flash-plugin-10.2.153.1-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.2.153.1-1.el6.i686.rpm x86_64: flash-plugin-10.2.153.1-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.2.153.1-1.el6.i686.rpm x86_64: flash-plugin-10.2.153.1-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.2.153.1-1.el6.i686.rpm x86_64: flash-plugin-10.2.153.1-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0609.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-05.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNiRTYXlSAg2UNWIIRAn+hAKCruo5PLFxTbY0QzyyabkNxMvTAgwCdGDGT rEMQkJMDH+MvIWIwLtdbiJ0= =bd2I -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:33:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2011 17:33:25 -0400 Subject: [RHSA-2011:0373-01] Important: firefox security update Message-ID: <201103222133.p2MLXI5q004239@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2011:0373-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0373.html Issue date: 2011-03-22 ===================================================================== 1. Summary: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. (BZ#689430) All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 689430 - Compromised certificates 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.15-2.el4.src.rpm i386: firefox-3.6.15-2.el4.i386.rpm firefox-debuginfo-3.6.15-2.el4.i386.rpm ia64: firefox-3.6.15-2.el4.ia64.rpm firefox-debuginfo-3.6.15-2.el4.ia64.rpm ppc: firefox-3.6.15-2.el4.ppc.rpm firefox-debuginfo-3.6.15-2.el4.ppc.rpm s390: firefox-3.6.15-2.el4.s390.rpm firefox-debuginfo-3.6.15-2.el4.s390.rpm s390x: firefox-3.6.15-2.el4.s390x.rpm firefox-debuginfo-3.6.15-2.el4.s390x.rpm x86_64: firefox-3.6.15-2.el4.x86_64.rpm firefox-debuginfo-3.6.15-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.15-2.el4.src.rpm i386: firefox-3.6.15-2.el4.i386.rpm firefox-debuginfo-3.6.15-2.el4.i386.rpm x86_64: firefox-3.6.15-2.el4.x86_64.rpm firefox-debuginfo-3.6.15-2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.15-2.el4.src.rpm i386: firefox-3.6.15-2.el4.i386.rpm firefox-debuginfo-3.6.15-2.el4.i386.rpm ia64: firefox-3.6.15-2.el4.ia64.rpm firefox-debuginfo-3.6.15-2.el4.ia64.rpm x86_64: firefox-3.6.15-2.el4.x86_64.rpm firefox-debuginfo-3.6.15-2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.15-2.el4.src.rpm i386: firefox-3.6.15-2.el4.i386.rpm firefox-debuginfo-3.6.15-2.el4.i386.rpm ia64: firefox-3.6.15-2.el4.ia64.rpm firefox-debuginfo-3.6.15-2.el4.ia64.rpm x86_64: firefox-3.6.15-2.el4.x86_64.rpm firefox-debuginfo-3.6.15-2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.15-2.el5_6.src.rpm i386: xulrunner-1.9.2.15-2.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm x86_64: xulrunner-1.9.2.15-2.el5_6.i386.rpm xulrunner-1.9.2.15-2.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.15-2.el5_6.src.rpm i386: xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm xulrunner-devel-1.9.2.15-2.el5_6.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.x86_64.rpm xulrunner-devel-1.9.2.15-2.el5_6.i386.rpm xulrunner-devel-1.9.2.15-2.el5_6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.15-2.el5_6.src.rpm i386: xulrunner-1.9.2.15-2.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm xulrunner-devel-1.9.2.15-2.el5_6.i386.rpm ia64: xulrunner-1.9.2.15-2.el5_6.ia64.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.ia64.rpm xulrunner-devel-1.9.2.15-2.el5_6.ia64.rpm ppc: xulrunner-1.9.2.15-2.el5_6.ppc.rpm xulrunner-1.9.2.15-2.el5_6.ppc64.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.ppc.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.ppc64.rpm xulrunner-devel-1.9.2.15-2.el5_6.ppc.rpm xulrunner-devel-1.9.2.15-2.el5_6.ppc64.rpm s390x: xulrunner-1.9.2.15-2.el5_6.s390.rpm xulrunner-1.9.2.15-2.el5_6.s390x.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.s390.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.s390x.rpm xulrunner-devel-1.9.2.15-2.el5_6.s390.rpm xulrunner-devel-1.9.2.15-2.el5_6.s390x.rpm x86_64: xulrunner-1.9.2.15-2.el5_6.i386.rpm xulrunner-1.9.2.15-2.el5_6.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.i386.rpm xulrunner-debuginfo-1.9.2.15-2.el5_6.x86_64.rpm xulrunner-devel-1.9.2.15-2.el5_6.i386.rpm xulrunner-devel-1.9.2.15-2.el5_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm x86_64: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm x86_64: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm ppc64: xulrunner-1.9.2.15-2.el6_0.ppc.rpm xulrunner-1.9.2.15-2.el6_0.ppc64.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.ppc64.rpm s390x: xulrunner-1.9.2.15-2.el6_0.s390.rpm xulrunner-1.9.2.15-2.el6_0.s390x.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.s390x.rpm x86_64: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.15-2.el6_0.ppc.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.ppc64.rpm xulrunner-devel-1.9.2.15-2.el6_0.ppc.rpm xulrunner-devel-1.9.2.15-2.el6_0.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.15-2.el6_0.s390.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.s390x.rpm xulrunner-devel-1.9.2.15-2.el6_0.s390.rpm xulrunner-devel-1.9.2.15-2.el6_0.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm x86_64: xulrunner-1.9.2.15-2.el6_0.i686.rpm xulrunner-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.15-2.el6_0.src.rpm i386: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.15-2.el6_0.i686.rpm xulrunner-debuginfo-1.9.2.15-2.el6_0.x86_64.rpm xulrunner-devel-1.9.2.15-2.el6_0.i686.rpm xulrunner-devel-1.9.2.15-2.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNiRV6XlSAg2UNWIIRAhdMAKC0KXVVhbkzFZnlXXffW8FJ+YUZ6ACeKuLr cvAas9zJHrCPXN8aY9zlhik= =4EUK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:35:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2011 17:35:42 -0400 Subject: [RHSA-2011:0374-01] Important: thunderbird security and bug fix update Message-ID: <201103222135.p2MLZZo7005068@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security and bug fix update Advisory ID: RHSA-2011:0374-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0374.html Issue date: 2011-03-22 ===================================================================== 1. Summary: An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. (BZ#689430) This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java from loading. With this update, the Java content and plug-ins work as expected. (BZ#683076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 683076 - Mozilla 3.6.14 regression [rhel-6.1] 689430 - Compromised certificates 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-36.el4.src.rpm i386: thunderbird-1.5.0.12-36.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-36.el4.i386.rpm ia64: thunderbird-1.5.0.12-36.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.ia64.rpm ppc: thunderbird-1.5.0.12-36.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-36.el4.ppc.rpm s390: thunderbird-1.5.0.12-36.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-36.el4.s390.rpm s390x: thunderbird-1.5.0.12-36.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-36.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-36.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-36.el4.src.rpm i386: thunderbird-1.5.0.12-36.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-36.el4.i386.rpm x86_64: thunderbird-1.5.0.12-36.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-36.el4.src.rpm i386: thunderbird-1.5.0.12-36.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-36.el4.i386.rpm ia64: thunderbird-1.5.0.12-36.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-36.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-36.el4.src.rpm i386: thunderbird-1.5.0.12-36.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-36.el4.i386.rpm ia64: thunderbird-1.5.0.12-36.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-36.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-36.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-15.el5_6.src.rpm i386: thunderbird-2.0.0.24-15.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-15.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-15.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-15.el5_6.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-15.el5_6.src.rpm i386: thunderbird-2.0.0.24-15.el5_6.i386.rpm thunderbird-debuginfo-2.0.0.24-15.el5_6.i386.rpm x86_64: thunderbird-2.0.0.24-15.el5_6.x86_64.rpm thunderbird-debuginfo-2.0.0.24-15.el5_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.9-3.el6_0.src.rpm i386: thunderbird-3.1.9-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.9-3.el6_0.i686.rpm x86_64: thunderbird-3.1.9-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.9-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.9-3.el6_0.src.rpm i386: thunderbird-3.1.9-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.9-3.el6_0.i686.rpm ppc64: thunderbird-3.1.9-3.el6_0.ppc64.rpm thunderbird-debuginfo-3.1.9-3.el6_0.ppc64.rpm s390x: thunderbird-3.1.9-3.el6_0.s390x.rpm thunderbird-debuginfo-3.1.9-3.el6_0.s390x.rpm x86_64: thunderbird-3.1.9-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.9-3.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.9-3.el6_0.src.rpm i386: thunderbird-3.1.9-3.el6_0.i686.rpm thunderbird-debuginfo-3.1.9-3.el6_0.i686.rpm x86_64: thunderbird-3.1.9-3.el6_0.x86_64.rpm thunderbird-debuginfo-3.1.9-3.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-0312.html https://rhn.redhat.com/errata/RHSA-2011-0311.html 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNiRX/XlSAg2UNWIIRAnhwAKCL6zy3xwkxYNHNDiJ8jm+7qmwjYQCgpfqP g95Lf/vVvH77RSqPVtEHGhg= =qcNy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:37:40 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2011 17:37:40 -0400 Subject: [RHSA-2011:0375-01] Important: seamonkey security update Message-ID: <201103222137.p2MLbX8G006252@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: seamonkey security update Advisory ID: RHSA-2011:0375-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0375.html Issue date: 2011-03-22 ===================================================================== 1. Summary: Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. This erratum blacklists a small number of HTTPS certificates. (BZ#689430) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 689430 - Compromised certificates 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-68.el4_8.src.rpm i386: seamonkey-1.0.9-68.el4_8.i386.rpm seamonkey-chat-1.0.9-68.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-68.el4_8.i386.rpm seamonkey-devel-1.0.9-68.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-68.el4_8.i386.rpm seamonkey-mail-1.0.9-68.el4_8.i386.rpm ia64: seamonkey-1.0.9-68.el4_8.ia64.rpm seamonkey-chat-1.0.9-68.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.ia64.rpm seamonkey-devel-1.0.9-68.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.ia64.rpm seamonkey-mail-1.0.9-68.el4_8.ia64.rpm ppc: seamonkey-1.0.9-68.el4_8.ppc.rpm seamonkey-chat-1.0.9-68.el4_8.ppc.rpm seamonkey-debuginfo-1.0.9-68.el4_8.ppc.rpm seamonkey-devel-1.0.9-68.el4_8.ppc.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.ppc.rpm seamonkey-js-debugger-1.0.9-68.el4_8.ppc.rpm seamonkey-mail-1.0.9-68.el4_8.ppc.rpm s390: seamonkey-1.0.9-68.el4_8.s390.rpm seamonkey-chat-1.0.9-68.el4_8.s390.rpm seamonkey-debuginfo-1.0.9-68.el4_8.s390.rpm seamonkey-devel-1.0.9-68.el4_8.s390.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.s390.rpm seamonkey-js-debugger-1.0.9-68.el4_8.s390.rpm seamonkey-mail-1.0.9-68.el4_8.s390.rpm s390x: seamonkey-1.0.9-68.el4_8.s390x.rpm seamonkey-chat-1.0.9-68.el4_8.s390x.rpm seamonkey-debuginfo-1.0.9-68.el4_8.s390x.rpm seamonkey-devel-1.0.9-68.el4_8.s390x.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.s390x.rpm seamonkey-js-debugger-1.0.9-68.el4_8.s390x.rpm seamonkey-mail-1.0.9-68.el4_8.s390x.rpm x86_64: seamonkey-1.0.9-68.el4_8.x86_64.rpm seamonkey-chat-1.0.9-68.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.x86_64.rpm seamonkey-devel-1.0.9-68.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.x86_64.rpm seamonkey-mail-1.0.9-68.el4_8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-68.el4_8.src.rpm i386: seamonkey-1.0.9-68.el4_8.i386.rpm seamonkey-chat-1.0.9-68.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-68.el4_8.i386.rpm seamonkey-devel-1.0.9-68.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-68.el4_8.i386.rpm seamonkey-mail-1.0.9-68.el4_8.i386.rpm x86_64: seamonkey-1.0.9-68.el4_8.x86_64.rpm seamonkey-chat-1.0.9-68.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.x86_64.rpm seamonkey-devel-1.0.9-68.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.x86_64.rpm seamonkey-mail-1.0.9-68.el4_8.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-68.el4_8.src.rpm i386: seamonkey-1.0.9-68.el4_8.i386.rpm seamonkey-chat-1.0.9-68.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-68.el4_8.i386.rpm seamonkey-devel-1.0.9-68.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-68.el4_8.i386.rpm seamonkey-mail-1.0.9-68.el4_8.i386.rpm ia64: seamonkey-1.0.9-68.el4_8.ia64.rpm seamonkey-chat-1.0.9-68.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.ia64.rpm seamonkey-devel-1.0.9-68.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.ia64.rpm seamonkey-mail-1.0.9-68.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-68.el4_8.x86_64.rpm seamonkey-chat-1.0.9-68.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.x86_64.rpm seamonkey-devel-1.0.9-68.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.x86_64.rpm seamonkey-mail-1.0.9-68.el4_8.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-68.el4_8.src.rpm i386: seamonkey-1.0.9-68.el4_8.i386.rpm seamonkey-chat-1.0.9-68.el4_8.i386.rpm seamonkey-debuginfo-1.0.9-68.el4_8.i386.rpm seamonkey-devel-1.0.9-68.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-68.el4_8.i386.rpm seamonkey-mail-1.0.9-68.el4_8.i386.rpm ia64: seamonkey-1.0.9-68.el4_8.ia64.rpm seamonkey-chat-1.0.9-68.el4_8.ia64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.ia64.rpm seamonkey-devel-1.0.9-68.el4_8.ia64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.ia64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.ia64.rpm seamonkey-mail-1.0.9-68.el4_8.ia64.rpm x86_64: seamonkey-1.0.9-68.el4_8.x86_64.rpm seamonkey-chat-1.0.9-68.el4_8.x86_64.rpm seamonkey-debuginfo-1.0.9-68.el4_8.x86_64.rpm seamonkey-devel-1.0.9-68.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-68.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-68.el4_8.x86_64.rpm seamonkey-mail-1.0.9-68.el4_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNiRZ+XlSAg2UNWIIRAk4sAKC60M7v4XDPnZcjOdalhe0tUdSIkwCgkXyx 4P5yFERsjyJ3QMTkis3hvjw= =1DkN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 22 21:40:44 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Mar 2011 17:40:44 -0400 Subject: [RHSA-2011:0376-01] Moderate: dbus security update Message-ID: <201103222140.p2MLecjl007768@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dbus security update Advisory ID: RHSA-2011:0376-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0376.html Issue date: 2011-03-22 CVE Names: CVE-2010-4352 ===================================================================== 1. Summary: Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2010-4352) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 663673 - CVE-2010-4352 D-BUS: Stack overflow by validating message with excessive number of nested variants 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-15.el5_6.src.rpm i386: dbus-1.1.2-15.el5_6.i386.rpm dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-libs-1.1.2-15.el5_6.i386.rpm dbus-x11-1.1.2-15.el5_6.i386.rpm x86_64: dbus-1.1.2-15.el5_6.i386.rpm dbus-1.1.2-15.el5_6.x86_64.rpm dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-debuginfo-1.1.2-15.el5_6.x86_64.rpm dbus-libs-1.1.2-15.el5_6.i386.rpm dbus-libs-1.1.2-15.el5_6.x86_64.rpm dbus-x11-1.1.2-15.el5_6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-1.1.2-15.el5_6.src.rpm i386: dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-devel-1.1.2-15.el5_6.i386.rpm x86_64: dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-debuginfo-1.1.2-15.el5_6.x86_64.rpm dbus-devel-1.1.2-15.el5_6.i386.rpm dbus-devel-1.1.2-15.el5_6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dbus-1.1.2-15.el5_6.src.rpm i386: dbus-1.1.2-15.el5_6.i386.rpm dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-devel-1.1.2-15.el5_6.i386.rpm dbus-libs-1.1.2-15.el5_6.i386.rpm dbus-x11-1.1.2-15.el5_6.i386.rpm ia64: dbus-1.1.2-15.el5_6.ia64.rpm dbus-debuginfo-1.1.2-15.el5_6.ia64.rpm dbus-devel-1.1.2-15.el5_6.ia64.rpm dbus-libs-1.1.2-15.el5_6.ia64.rpm dbus-x11-1.1.2-15.el5_6.ia64.rpm ppc: dbus-1.1.2-15.el5_6.ppc.rpm dbus-1.1.2-15.el5_6.ppc64.rpm dbus-debuginfo-1.1.2-15.el5_6.ppc.rpm dbus-debuginfo-1.1.2-15.el5_6.ppc64.rpm dbus-devel-1.1.2-15.el5_6.ppc.rpm dbus-devel-1.1.2-15.el5_6.ppc64.rpm dbus-libs-1.1.2-15.el5_6.ppc.rpm dbus-libs-1.1.2-15.el5_6.ppc64.rpm dbus-x11-1.1.2-15.el5_6.ppc.rpm s390x: dbus-1.1.2-15.el5_6.s390.rpm dbus-1.1.2-15.el5_6.s390x.rpm dbus-debuginfo-1.1.2-15.el5_6.s390.rpm dbus-debuginfo-1.1.2-15.el5_6.s390x.rpm dbus-devel-1.1.2-15.el5_6.s390.rpm dbus-devel-1.1.2-15.el5_6.s390x.rpm dbus-libs-1.1.2-15.el5_6.s390.rpm dbus-libs-1.1.2-15.el5_6.s390x.rpm dbus-x11-1.1.2-15.el5_6.s390x.rpm x86_64: dbus-1.1.2-15.el5_6.i386.rpm dbus-1.1.2-15.el5_6.x86_64.rpm dbus-debuginfo-1.1.2-15.el5_6.i386.rpm dbus-debuginfo-1.1.2-15.el5_6.x86_64.rpm dbus-devel-1.1.2-15.el5_6.i386.rpm dbus-devel-1.1.2-15.el5_6.x86_64.rpm dbus-libs-1.1.2-15.el5_6.i386.rpm dbus-libs-1.1.2-15.el5_6.x86_64.rpm dbus-x11-1.1.2-15.el5_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm i386: dbus-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-x11-1.2.24-4.el6_0.i686.rpm x86_64: dbus-1.2.24-4.el6_0.x86_64.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.x86_64.rpm dbus-x11-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm i386: dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm noarch: dbus-doc-1.2.24-4.el6_0.noarch.rpm x86_64: dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm x86_64: dbus-1.2.24-4.el6_0.x86_64.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.x86_64.rpm dbus-x11-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm noarch: dbus-doc-1.2.24-4.el6_0.noarch.rpm x86_64: dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm i386: dbus-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-x11-1.2.24-4.el6_0.i686.rpm ppc64: dbus-1.2.24-4.el6_0.ppc64.rpm dbus-debuginfo-1.2.24-4.el6_0.ppc.rpm dbus-debuginfo-1.2.24-4.el6_0.ppc64.rpm dbus-devel-1.2.24-4.el6_0.ppc.rpm dbus-devel-1.2.24-4.el6_0.ppc64.rpm dbus-libs-1.2.24-4.el6_0.ppc.rpm dbus-libs-1.2.24-4.el6_0.ppc64.rpm dbus-x11-1.2.24-4.el6_0.ppc64.rpm s390x: dbus-1.2.24-4.el6_0.s390x.rpm dbus-debuginfo-1.2.24-4.el6_0.s390.rpm dbus-debuginfo-1.2.24-4.el6_0.s390x.rpm dbus-devel-1.2.24-4.el6_0.s390.rpm dbus-devel-1.2.24-4.el6_0.s390x.rpm dbus-libs-1.2.24-4.el6_0.s390.rpm dbus-libs-1.2.24-4.el6_0.s390x.rpm dbus-x11-1.2.24-4.el6_0.s390x.rpm x86_64: dbus-1.2.24-4.el6_0.x86_64.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.x86_64.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.x86_64.rpm dbus-x11-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm noarch: dbus-doc-1.2.24-4.el6_0.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm i386: dbus-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-x11-1.2.24-4.el6_0.i686.rpm x86_64: dbus-1.2.24-4.el6_0.x86_64.rpm dbus-debuginfo-1.2.24-4.el6_0.i686.rpm dbus-debuginfo-1.2.24-4.el6_0.x86_64.rpm dbus-devel-1.2.24-4.el6_0.i686.rpm dbus-devel-1.2.24-4.el6_0.x86_64.rpm dbus-libs-1.2.24-4.el6_0.i686.rpm dbus-libs-1.2.24-4.el6_0.x86_64.rpm dbus-x11-1.2.24-4.el6_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-4.el6_0.src.rpm noarch: dbus-doc-1.2.24-4.el6_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4352.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNiRbdXlSAg2UNWIIRAv1tAJ48O+uPbhq0s+TNLSzZPWCfyM0kOgCffayY Y8EscV31xiE9aEZssZBLbmY= =D0uB -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 18:36:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 14:36:34 -0400 Subject: [RHSA-2011:0390-01] Moderate: rsync security update Message-ID: <201103281836.p2SIaZAB029522@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rsync security update Advisory ID: RHSA-2011:0390-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0390.html Issue date: 2011-03-28 CVE Names: CVE-2011-1097 ===================================================================== 1. Summary: An updated rsync package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: rsync is a program for synchronizing files over a network. A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to a malicious rsync server, the malicious server could cause rsync on the client system to crash or, possibly, execute arbitrary code with the privileges of the user running rsync. (CVE-2011-1097) Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting this issue. Users of rsync should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675036 - CVE-2011-1097 rsync: Incremental file-list corruption due to temporary file_extra_cnt increments 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rsync-3.0.6-5.el6_0.1.src.rpm i386: rsync-3.0.6-5.el6_0.1.i686.rpm rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm x86_64: rsync-3.0.6-5.el6_0.1.x86_64.rpm rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rsync-3.0.6-5.el6_0.1.src.rpm x86_64: rsync-3.0.6-5.el6_0.1.x86_64.rpm rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rsync-3.0.6-5.el6_0.1.src.rpm i386: rsync-3.0.6-5.el6_0.1.i686.rpm rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm ppc64: rsync-3.0.6-5.el6_0.1.ppc64.rpm rsync-debuginfo-3.0.6-5.el6_0.1.ppc64.rpm s390x: rsync-3.0.6-5.el6_0.1.s390x.rpm rsync-debuginfo-3.0.6-5.el6_0.1.s390x.rpm x86_64: rsync-3.0.6-5.el6_0.1.x86_64.rpm rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rsync-3.0.6-5.el6_0.1.src.rpm i386: rsync-3.0.6-5.el6_0.1.i686.rpm rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm x86_64: rsync-3.0.6-5.el6_0.1.x86_64.rpm rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1097.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNUVXlSAg2UNWIIRAqPZAKCBsYniD5AOg31xXofY4wREt6YRxQCfcWSQ SQCKJqI+DYNQ2eFq1WPxxLI= =v4Qw -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 18:38:23 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 14:38:23 -0400 Subject: [RHSA-2011:0391-01] Important: libvirt security update Message-ID: <201103281838.p2SIcNBt009976@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2011:0391-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0391.html Issue date: 2011-03-28 CVE Names: CVE-2011-1146 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a denial of service or privilege escalation. (CVE-2011-1146) Note: Previously, using rpmbuild without the '--define "rhel 5"' option to build the libvirt source RPM on Red Hat Enterprise Linux 5 failed with a "Failed build dependencies" error for the device-mapper-devel package, as this -devel sub-package is not available on Red Hat Enterprise Linux 5. With this update, the -devel sub-package is no longer checked by default as a dependency when building on Red Hat Enterprise Linux 5, allowing the libvirt source RPM to build as expected. All libvirt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 683650 - CVE-2011-1146 libvirt: several API calls do not honour read-only connection 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.8.2-15.el5_6.3.src.rpm i386: libvirt-0.8.2-15.el5_6.3.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.i386.rpm libvirt-devel-0.8.2-15.el5_6.3.i386.rpm libvirt-python-0.8.2-15.el5_6.3.i386.rpm x86_64: libvirt-0.8.2-15.el5_6.3.i386.rpm libvirt-0.8.2-15.el5_6.3.x86_64.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.x86_64.rpm libvirt-devel-0.8.2-15.el5_6.3.i386.rpm libvirt-devel-0.8.2-15.el5_6.3.x86_64.rpm libvirt-python-0.8.2-15.el5_6.3.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.8.2-15.el5_6.3.src.rpm i386: libvirt-0.8.2-15.el5_6.3.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.i386.rpm libvirt-devel-0.8.2-15.el5_6.3.i386.rpm libvirt-python-0.8.2-15.el5_6.3.i386.rpm ia64: libvirt-0.8.2-15.el5_6.3.ia64.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.ia64.rpm libvirt-devel-0.8.2-15.el5_6.3.ia64.rpm libvirt-python-0.8.2-15.el5_6.3.ia64.rpm x86_64: libvirt-0.8.2-15.el5_6.3.i386.rpm libvirt-0.8.2-15.el5_6.3.x86_64.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.3.x86_64.rpm libvirt-devel-0.8.2-15.el5_6.3.i386.rpm libvirt-devel-0.8.2-15.el5_6.3.x86_64.rpm libvirt-python-0.8.2-15.el5_6.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm i386: libvirt-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-python-0.8.1-27.el6_0.5.i686.rpm x86_64: libvirt-0.8.1-27.el6_0.5.x86_64.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-python-0.8.1-27.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm i386: libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm x86_64: libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm x86_64: libvirt-0.8.1-27.el6_0.5.x86_64.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-python-0.8.1-27.el6_0.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm x86_64: libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm i386: libvirt-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-python-0.8.1-27.el6_0.5.i686.rpm ppc64: libvirt-0.8.1-27.el6_0.5.ppc64.rpm libvirt-client-0.8.1-27.el6_0.5.ppc.rpm libvirt-client-0.8.1-27.el6_0.5.ppc64.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.ppc.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.ppc64.rpm libvirt-devel-0.8.1-27.el6_0.5.ppc.rpm libvirt-devel-0.8.1-27.el6_0.5.ppc64.rpm libvirt-python-0.8.1-27.el6_0.5.ppc64.rpm s390x: libvirt-0.8.1-27.el6_0.5.s390x.rpm libvirt-client-0.8.1-27.el6_0.5.s390.rpm libvirt-client-0.8.1-27.el6_0.5.s390x.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.s390.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.s390x.rpm libvirt-devel-0.8.1-27.el6_0.5.s390.rpm libvirt-devel-0.8.1-27.el6_0.5.s390x.rpm libvirt-python-0.8.1-27.el6_0.5.s390x.rpm x86_64: libvirt-0.8.1-27.el6_0.5.x86_64.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.x86_64.rpm libvirt-python-0.8.1-27.el6_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.8.1-27.el6_0.5.src.rpm i386: libvirt-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-python-0.8.1-27.el6_0.5.i686.rpm x86_64: libvirt-0.8.1-27.el6_0.5.x86_64.rpm libvirt-client-0.8.1-27.el6_0.5.i686.rpm libvirt-client-0.8.1-27.el6_0.5.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.5.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.5.i686.rpm libvirt-devel-0.8.1-27.el6_0.5.x86_64.rpm libvirt-python-0.8.1-27.el6_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1146.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNV9XlSAg2UNWIIRAqMoAKCv0yYhncIJFP89HIyaU0wQPDZGXgCePxM5 AroDoqKeJZYxKpxi2jPCInQ= =ZjXZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 18:44:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 14:44:42 -0400 Subject: [RHSA-2011:0392-01] Important: libtiff security and bug fix update Message-ID: <201103281844.p2SIigMY008135@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security and bug fix update Advisory ID: RHSA-2011:0392-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0392.html Issue date: 2011-03-28 CVE Names: CVE-2011-1167 ===================================================================== 1. Summary: Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug: * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 684939 - CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107) 688825 - Regression in libtiff due to CVE-2011-0192 fix 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-18.el4.src.rpm i386: libtiff-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-devel-3.6.1-18.el4.i386.rpm ia64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.ia64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.ia64.rpm libtiff-devel-3.6.1-18.el4.ia64.rpm ppc: libtiff-3.6.1-18.el4.ppc.rpm libtiff-3.6.1-18.el4.ppc64.rpm libtiff-debuginfo-3.6.1-18.el4.ppc.rpm libtiff-debuginfo-3.6.1-18.el4.ppc64.rpm libtiff-devel-3.6.1-18.el4.ppc.rpm s390: libtiff-3.6.1-18.el4.s390.rpm libtiff-debuginfo-3.6.1-18.el4.s390.rpm libtiff-devel-3.6.1-18.el4.s390.rpm s390x: libtiff-3.6.1-18.el4.s390.rpm libtiff-3.6.1-18.el4.s390x.rpm libtiff-debuginfo-3.6.1-18.el4.s390.rpm libtiff-debuginfo-3.6.1-18.el4.s390x.rpm libtiff-devel-3.6.1-18.el4.s390x.rpm x86_64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.x86_64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.x86_64.rpm libtiff-devel-3.6.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-18.el4.src.rpm i386: libtiff-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-devel-3.6.1-18.el4.i386.rpm x86_64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.x86_64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.x86_64.rpm libtiff-devel-3.6.1-18.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-18.el4.src.rpm i386: libtiff-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-devel-3.6.1-18.el4.i386.rpm ia64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.ia64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.ia64.rpm libtiff-devel-3.6.1-18.el4.ia64.rpm x86_64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.x86_64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.x86_64.rpm libtiff-devel-3.6.1-18.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-18.el4.src.rpm i386: libtiff-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-devel-3.6.1-18.el4.i386.rpm ia64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.ia64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.ia64.rpm libtiff-devel-3.6.1-18.el4.ia64.rpm x86_64: libtiff-3.6.1-18.el4.i386.rpm libtiff-3.6.1-18.el4.x86_64.rpm libtiff-debuginfo-3.6.1-18.el4.i386.rpm libtiff-debuginfo-3.6.1-18.el4.x86_64.rpm libtiff-devel-3.6.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_6.7.src.rpm i386: libtiff-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm x86_64: libtiff-3.8.2-7.el5_6.7.i386.rpm libtiff-3.8.2-7.el5_6.7.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-7.el5_6.7.src.rpm i386: libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-devel-3.8.2-7.el5_6.7.i386.rpm x86_64: libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.x86_64.rpm libtiff-devel-3.8.2-7.el5_6.7.i386.rpm libtiff-devel-3.8.2-7.el5_6.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-7.el5_6.7.src.rpm i386: libtiff-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-devel-3.8.2-7.el5_6.7.i386.rpm ia64: libtiff-3.8.2-7.el5_6.7.i386.rpm libtiff-3.8.2-7.el5_6.7.ia64.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.ia64.rpm libtiff-devel-3.8.2-7.el5_6.7.ia64.rpm ppc: libtiff-3.8.2-7.el5_6.7.ppc.rpm libtiff-3.8.2-7.el5_6.7.ppc64.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.ppc.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.ppc64.rpm libtiff-devel-3.8.2-7.el5_6.7.ppc.rpm libtiff-devel-3.8.2-7.el5_6.7.ppc64.rpm s390x: libtiff-3.8.2-7.el5_6.7.s390.rpm libtiff-3.8.2-7.el5_6.7.s390x.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.s390.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.s390x.rpm libtiff-devel-3.8.2-7.el5_6.7.s390.rpm libtiff-devel-3.8.2-7.el5_6.7.s390x.rpm x86_64: libtiff-3.8.2-7.el5_6.7.i386.rpm libtiff-3.8.2-7.el5_6.7.x86_64.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.i386.rpm libtiff-debuginfo-3.8.2-7.el5_6.7.x86_64.rpm libtiff-devel-3.8.2-7.el5_6.7.i386.rpm libtiff-devel-3.8.2-7.el5_6.7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm x86_64: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-3.9.4-1.el6_0.2.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm libtiff-static-3.9.4-1.el6_0.2.i686.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.x86_64.rpm libtiff-static-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm x86_64: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-3.9.4-1.el6_0.2.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.x86_64.rpm libtiff-static-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm ppc64: libtiff-3.9.4-1.el6_0.2.ppc.rpm libtiff-3.9.4-1.el6_0.2.ppc64.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.ppc.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.ppc64.rpm libtiff-devel-3.9.4-1.el6_0.2.ppc.rpm libtiff-devel-3.9.4-1.el6_0.2.ppc64.rpm s390x: libtiff-3.9.4-1.el6_0.2.s390.rpm libtiff-3.9.4-1.el6_0.2.s390x.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.s390.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.s390x.rpm libtiff-devel-3.9.4-1.el6_0.2.s390.rpm libtiff-devel-3.9.4-1.el6_0.2.s390x.rpm x86_64: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-3.9.4-1.el6_0.2.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-static-3.9.4-1.el6_0.2.i686.rpm ppc64: libtiff-debuginfo-3.9.4-1.el6_0.2.ppc64.rpm libtiff-static-3.9.4-1.el6_0.2.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-1.el6_0.2.s390x.rpm libtiff-static-3.9.4-1.el6_0.2.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-static-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm x86_64: libtiff-3.9.4-1.el6_0.2.i686.rpm libtiff-3.9.4-1.el6_0.2.x86_64.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-devel-3.9.4-1.el6_0.2.i686.rpm libtiff-devel-3.9.4-1.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-1.el6_0.2.src.rpm i386: libtiff-debuginfo-3.9.4-1.el6_0.2.i686.rpm libtiff-static-3.9.4-1.el6_0.2.i686.rpm x86_64: libtiff-debuginfo-3.9.4-1.el6_0.2.x86_64.rpm libtiff-static-3.9.4-1.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1167.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNb2XlSAg2UNWIIRAinoAJ9KXf5r/QRl0EnnOaxnVLwsrPX29QCgifeq bdvYMIDIbbvdBMdsJyIpQZQ= =L26C -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 18:56:30 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 14:56:30 -0400 Subject: [RHSA-2011:0393-01] Important: conga security update Message-ID: <201103281856.p2SIuVAm005135@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: conga security update Advisory ID: RHSA-2011:0393-01 Product: Red Hat Cluster Suite Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0393.html Issue date: 2011-03-28 CVE Names: CVE-2011-0720 ===================================================================== 1. Summary: Updated conga packages that fix one security issue are now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Cluster Suite 4AS - i386, ia64, ppc, x86_64 Red Hat Cluster Suite 4ES - i386, ia64, x86_64 Red Hat Cluster Suite 4WS - i386, ia64, x86_64 3. Description: The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ("service luci restart") for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 676961 - CVE-2011-0720 plone: unauthorized remote administrative access 6. Package List: Red Hat Cluster Suite 4AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/RHCS/SRPMS/conga-0.11.2-4.el4.2.src.rpm i386: conga-debuginfo-0.11.2-4.el4.2.i386.rpm luci-0.11.2-4.el4.2.i386.rpm ricci-0.11.2-4.el4.2.i386.rpm ia64: conga-debuginfo-0.11.2-4.el4.2.ia64.rpm luci-0.11.2-4.el4.2.ia64.rpm ricci-0.11.2-4.el4.2.ia64.rpm ppc: conga-debuginfo-0.11.2-4.el4.2.ppc.rpm luci-0.11.2-4.el4.2.ppc.rpm ricci-0.11.2-4.el4.2.ppc.rpm x86_64: conga-debuginfo-0.11.2-4.el4.2.x86_64.rpm luci-0.11.2-4.el4.2.x86_64.rpm ricci-0.11.2-4.el4.2.x86_64.rpm Red Hat Cluster Suite 4ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/RHCS/SRPMS/conga-0.11.2-4.el4.2.src.rpm i386: conga-debuginfo-0.11.2-4.el4.2.i386.rpm luci-0.11.2-4.el4.2.i386.rpm ricci-0.11.2-4.el4.2.i386.rpm ia64: conga-debuginfo-0.11.2-4.el4.2.ia64.rpm luci-0.11.2-4.el4.2.ia64.rpm ricci-0.11.2-4.el4.2.ia64.rpm x86_64: conga-debuginfo-0.11.2-4.el4.2.x86_64.rpm luci-0.11.2-4.el4.2.x86_64.rpm ricci-0.11.2-4.el4.2.x86_64.rpm Red Hat Cluster Suite 4WS: Source: ftp://updates.redhat.com/enterprise/4WS/en/RHCS/SRPMS/conga-0.11.2-4.el4.2.src.rpm i386: conga-debuginfo-0.11.2-4.el4.2.i386.rpm luci-0.11.2-4.el4.2.i386.rpm ricci-0.11.2-4.el4.2.i386.rpm ia64: conga-debuginfo-0.11.2-4.el4.2.ia64.rpm luci-0.11.2-4.el4.2.ia64.rpm ricci-0.11.2-4.el4.2.ia64.rpm x86_64: conga-debuginfo-0.11.2-4.el4.2.x86_64.rpm luci-0.11.2-4.el4.2.x86_64.rpm ricci-0.11.2-4.el4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0720.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNmvXlSAg2UNWIIRAgeyAKCgOH3wSagKxjv6pvmeHwc5nFOVEACfVOke GH7o0OQ4UoVg1EWdZpYW5dw= =hK2c -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 18:58:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 14:58:50 -0400 Subject: [RHSA-2011:0394-01] Important: conga security update Message-ID: <201103281858.p2SIwoe5013568@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: conga security update Advisory ID: RHSA-2011:0394-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0394.html Issue date: 2011-03-28 CVE Names: CVE-2011-0720 ===================================================================== 1. Summary: Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ("service luci restart") for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 676961 - CVE-2011-0720 plone: unauthorized remote administrative access 6. Package List: RHEL Clustering (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/conga-0.12.2-24.el5_6.1.src.rpm i386: conga-debuginfo-0.12.2-24.el5_6.1.i386.rpm luci-0.12.2-24.el5_6.1.i386.rpm ricci-0.12.2-24.el5_6.1.i386.rpm ia64: conga-debuginfo-0.12.2-24.el5_6.1.ia64.rpm luci-0.12.2-24.el5_6.1.ia64.rpm ricci-0.12.2-24.el5_6.1.ia64.rpm ppc: conga-debuginfo-0.12.2-24.el5_6.1.ppc.rpm luci-0.12.2-24.el5_6.1.ppc.rpm ricci-0.12.2-24.el5_6.1.ppc.rpm x86_64: conga-debuginfo-0.12.2-24.el5_6.1.x86_64.rpm luci-0.12.2-24.el5_6.1.x86_64.rpm ricci-0.12.2-24.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0720.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNoWXlSAg2UNWIIRAntxAJ9usx8PMZLO2m9PGTjRHNzown+WmwCgsXXk eBsshme4M//m5UnaU0QVNks= =GW5q -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 28 19:00:19 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Mar 2011 15:00:19 -0400 Subject: [RHSA-2011:0395-01] Moderate: gdm security update Message-ID: <201103281900.p2SJ0JDb006586@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gdm security update Advisory ID: RHSA-2011:0395-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0395.html Issue date: 2011-03-28 CVE Names: CVE-2011-0727 ===================================================================== 1. Summary: Updated gdm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All users should upgrade to these updated packages, which contain a backported patch to correct this issue. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 688323 - CVE-2011-0727 gdm: privilege escalation vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gdm-2.30.4-21.el6_0.1.src.rpm i386: gdm-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm x86_64: gdm-2.30.4-21.el6_0.1.x86_64.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.x86_64.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gdm-2.30.4-21.el6_0.1.src.rpm x86_64: gdm-2.30.4-21.el6_0.1.x86_64.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.x86_64.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gdm-2.30.4-21.el6_0.1.src.rpm i386: gdm-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm ppc64: gdm-2.30.4-21.el6_0.1.ppc64.rpm gdm-debuginfo-2.30.4-21.el6_0.1.ppc.rpm gdm-debuginfo-2.30.4-21.el6_0.1.ppc64.rpm gdm-libs-2.30.4-21.el6_0.1.ppc.rpm gdm-libs-2.30.4-21.el6_0.1.ppc64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.ppc64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.ppc64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.ppc64.rpm s390x: gdm-2.30.4-21.el6_0.1.s390x.rpm gdm-debuginfo-2.30.4-21.el6_0.1.s390.rpm gdm-debuginfo-2.30.4-21.el6_0.1.s390x.rpm gdm-libs-2.30.4-21.el6_0.1.s390.rpm gdm-libs-2.30.4-21.el6_0.1.s390x.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.s390x.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.s390x.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.s390x.rpm x86_64: gdm-2.30.4-21.el6_0.1.x86_64.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.x86_64.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gdm-2.30.4-21.el6_0.1.src.rpm i386: gdm-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.i686.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.i686.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.i686.rpm x86_64: gdm-2.30.4-21.el6_0.1.x86_64.rpm gdm-debuginfo-2.30.4-21.el6_0.1.i686.rpm gdm-debuginfo-2.30.4-21.el6_0.1.x86_64.rpm gdm-libs-2.30.4-21.el6_0.1.i686.rpm gdm-libs-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-fingerprint-2.30.4-21.el6_0.1.x86_64.rpm gdm-plugin-smartcard-2.30.4-21.el6_0.1.x86_64.rpm gdm-user-switch-applet-2.30.4-21.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0727.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNkNqpXlSAg2UNWIIRAupyAJ9lGy1RnJtrvIfDbtq5sIVnDoCFWwCghg6l KmqpHchv0ZlUfoHIk6SsTFQ= =jd2G -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 15:42:33 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2011 11:42:33 -0400 Subject: [RHSA-2011:0406-01] Moderate: quagga security update Message-ID: <201103311542.p2VFgXtU016908@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2011:0406-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0406.html Issue date: 2011-03-31 CVE Names: CVE-2010-1674 CVE-2010-1675 ===================================================================== 1. Summary: Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the bgpd daemon to reset its session with the peer through which this message was received. (CVE-2010-1675) A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon processed malformed route extended communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route 654614 - CVE-2010-1675 quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-5.el6_0.2.src.rpm i386: quagga-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm ppc64: quagga-0.99.15-5.el6_0.2.ppc64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.ppc64.rpm s390x: quagga-0.99.15-5.el6_0.2.s390x.rpm quagga-debuginfo-0.99.15-5.el6_0.2.s390x.rpm x86_64: quagga-0.99.15-5.el6_0.2.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-5.el6_0.2.src.rpm i386: quagga-contrib-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm ppc64: quagga-contrib-0.99.15-5.el6_0.2.ppc64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.ppc.rpm quagga-debuginfo-0.99.15-5.el6_0.2.ppc64.rpm quagga-devel-0.99.15-5.el6_0.2.ppc.rpm quagga-devel-0.99.15-5.el6_0.2.ppc64.rpm s390x: quagga-contrib-0.99.15-5.el6_0.2.s390x.rpm quagga-debuginfo-0.99.15-5.el6_0.2.s390.rpm quagga-debuginfo-0.99.15-5.el6_0.2.s390x.rpm quagga-devel-0.99.15-5.el6_0.2.s390.rpm quagga-devel-0.99.15-5.el6_0.2.s390x.rpm x86_64: quagga-contrib-0.99.15-5.el6_0.2.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.x86_64.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-5.el6_0.2.src.rpm i386: quagga-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm x86_64: quagga-0.99.15-5.el6_0.2.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-5.el6_0.2.src.rpm i386: quagga-contrib-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm x86_64: quagga-contrib-0.99.15-5.el6_0.2.x86_64.rpm quagga-debuginfo-0.99.15-5.el6_0.2.i686.rpm quagga-debuginfo-0.99.15-5.el6_0.2.x86_64.rpm quagga-devel-0.99.15-5.el6_0.2.i686.rpm quagga-devel-0.99.15-5.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1674.html https://www.redhat.com/security/data/cve/CVE-2010-1675.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNlKC2XlSAg2UNWIIRAqamAJ0TX4HxowgEpkFhhDT/pRIq0e/fIACfaeHb UOYhmV2+cSor3EQ00ZJew94= =7LRS -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 31 15:44:39 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Mar 2011 11:44:39 -0400 Subject: [RHSA-2011:0407-01] Moderate: logrotate security update Message-ID: <201103311544.p2VFidbu023079@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: logrotate security update Advisory ID: RHSA-2011:0407-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0407.html Issue date: 2011-03-31 CVE Names: CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 ===================================================================== 1. Summary: An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially-crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). Note: The shred directive is not enabled by default. (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially-crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155) All logrotate users should upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680796 - CVE-2011-1154 logrotate: Shell command injection by using the shred configuration directive 680797 - CVE-2011-1155 logrotate: DoS due improper escaping of file names within 'write state' action 680798 - CVE-2011-1098 logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/logrotate-3.7.8-12.el6_0.1.src.rpm i386: logrotate-3.7.8-12.el6_0.1.i686.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.i686.rpm x86_64: logrotate-3.7.8-12.el6_0.1.x86_64.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/logrotate-3.7.8-12.el6_0.1.src.rpm x86_64: logrotate-3.7.8-12.el6_0.1.x86_64.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/logrotate-3.7.8-12.el6_0.1.src.rpm i386: logrotate-3.7.8-12.el6_0.1.i686.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.i686.rpm ppc64: logrotate-3.7.8-12.el6_0.1.ppc64.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.ppc64.rpm s390x: logrotate-3.7.8-12.el6_0.1.s390x.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.s390x.rpm x86_64: logrotate-3.7.8-12.el6_0.1.x86_64.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/logrotate-3.7.8-12.el6_0.1.src.rpm i386: logrotate-3.7.8-12.el6_0.1.i686.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.i686.rpm x86_64: logrotate-3.7.8-12.el6_0.1.x86_64.rpm logrotate-debuginfo-3.7.8-12.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1098.html https://www.redhat.com/security/data/cve/CVE-2011-1154.html https://www.redhat.com/security/data/cve/CVE-2011-1155.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNlKFGXlSAg2UNWIIRAjApAJ97Bd2AGAvK6wNwN4MFaomxvDdDgQCgtUBR U0Sk/eBSz/ZKmoKDV5MhDqU= =H81B -----END PGP SIGNATURE-----