From bugzilla at redhat.com Mon May 2 18:31:44 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2011 12:31:44 -0600 Subject: [RHSA-2011:0477-01] Important: gstreamer-plugins security update Message-ID: <201105021831.p42IViPk003377@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gstreamer-plugins security update Advisory ID: RHSA-2011:0477-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0477.html Issue date: 2011-05-02 CVE Names: CVE-2006-4192 CVE-2011-1574 ===================================================================== 1. Summary: Updated gstreamer-plugins packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 497154 - CVE-2006-4192 libmodplug: Integer overflow when reading samples of AMF files 695420 - CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.3.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.ia64.rpm ppc: gstreamer-plugins-0.8.5-1.EL.3.ppc.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.ppc.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.ppc.rpm s390: gstreamer-plugins-0.8.5-1.EL.3.s390.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.s390.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.s390.rpm s390x: gstreamer-plugins-0.8.5-1.EL.3.s390x.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.s390x.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.s390x.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.3.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.3.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.3.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2006-4192.html https://www.redhat.com/security/data/cve/CVE-2011-1574.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNvvh+XlSAg2UNWIIRAmhlAJ99l6EEytkePysciwdc1csu/wu5eACgnRF/ b4sWbKJD1LyYvcOt9xj8H6o= =29JH -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 2 18:32:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2011 12:32:10 -0600 Subject: [RHSA-2011:0478-01] Moderate: libvirt security update Message-ID: <201105021832.p42IWA1R005735@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security update Advisory ID: RHSA-2011:0478-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0478.html Issue date: 2011-05-02 CVE Names: CVE-2011-1486 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.8.2-15.el5_6.4.src.rpm i386: libvirt-0.8.2-15.el5_6.4.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.i386.rpm libvirt-devel-0.8.2-15.el5_6.4.i386.rpm libvirt-python-0.8.2-15.el5_6.4.i386.rpm x86_64: libvirt-0.8.2-15.el5_6.4.i386.rpm libvirt-0.8.2-15.el5_6.4.x86_64.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.x86_64.rpm libvirt-devel-0.8.2-15.el5_6.4.i386.rpm libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.8.2-15.el5_6.4.src.rpm i386: libvirt-0.8.2-15.el5_6.4.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.i386.rpm libvirt-devel-0.8.2-15.el5_6.4.i386.rpm libvirt-python-0.8.2-15.el5_6.4.i386.rpm ia64: libvirt-0.8.2-15.el5_6.4.ia64.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.ia64.rpm libvirt-devel-0.8.2-15.el5_6.4.ia64.rpm libvirt-python-0.8.2-15.el5_6.4.ia64.rpm x86_64: libvirt-0.8.2-15.el5_6.4.i386.rpm libvirt-0.8.2-15.el5_6.4.x86_64.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.i386.rpm libvirt-debuginfo-0.8.2-15.el5_6.4.x86_64.rpm libvirt-devel-0.8.2-15.el5_6.4.i386.rpm libvirt-devel-0.8.2-15.el5_6.4.x86_64.rpm libvirt-python-0.8.2-15.el5_6.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1486.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNvviaXlSAg2UNWIIRAiGJAJoCWezOPWkeYyNgsb/Jcv9918NOoACcDLKp SaGTCWlNKyWs1QGsB67QMaA= =fbm3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 2 18:32:35 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 May 2011 12:32:35 -0600 Subject: [RHSA-2011:0479-01] Moderate: libvirt security and bug fix update Message-ID: <201105021832.p42IWaXS003718@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2011:0479-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0479.html Issue date: 2011-05-02 CVE Names: CVE-2011-1486 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connections. A remote attacker able to establish read-only connections to libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486) This update also fixes the following bug: * Previously, running qemu under a different UID prevented it from accessing files with mode 0660 permissions that were owned by a different user, but by a group that qemu was a member of. (BZ#668692) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 668692 - qemu process is spawned with no supplementary groups 693391 - CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm i386: libvirt-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-python-0.8.1-27.el6_0.6.i686.rpm x86_64: libvirt-0.8.1-27.el6_0.6.x86_64.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-python-0.8.1-27.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm i386: libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm x86_64: libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm x86_64: libvirt-0.8.1-27.el6_0.6.x86_64.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-python-0.8.1-27.el6_0.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm x86_64: libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm i386: libvirt-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-python-0.8.1-27.el6_0.6.i686.rpm ppc64: libvirt-0.8.1-27.el6_0.6.ppc64.rpm libvirt-client-0.8.1-27.el6_0.6.ppc.rpm libvirt-client-0.8.1-27.el6_0.6.ppc64.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.ppc.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.ppc64.rpm libvirt-devel-0.8.1-27.el6_0.6.ppc.rpm libvirt-devel-0.8.1-27.el6_0.6.ppc64.rpm libvirt-python-0.8.1-27.el6_0.6.ppc64.rpm s390x: libvirt-0.8.1-27.el6_0.6.s390x.rpm libvirt-client-0.8.1-27.el6_0.6.s390.rpm libvirt-client-0.8.1-27.el6_0.6.s390x.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.s390.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.s390x.rpm libvirt-devel-0.8.1-27.el6_0.6.s390.rpm libvirt-devel-0.8.1-27.el6_0.6.s390x.rpm libvirt-python-0.8.1-27.el6_0.6.s390x.rpm x86_64: libvirt-0.8.1-27.el6_0.6.x86_64.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.x86_64.rpm libvirt-python-0.8.1-27.el6_0.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.8.1-27.el6_0.6.src.rpm i386: libvirt-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-python-0.8.1-27.el6_0.6.i686.rpm x86_64: libvirt-0.8.1-27.el6_0.6.x86_64.rpm libvirt-client-0.8.1-27.el6_0.6.i686.rpm libvirt-client-0.8.1-27.el6_0.6.x86_64.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.i686.rpm libvirt-debuginfo-0.8.1-27.el6_0.6.x86_64.rpm libvirt-devel-0.8.1-27.el6_0.6.i686.rpm libvirt-devel-0.8.1-27.el6_0.6.x86_64.rpm libvirt-python-0.8.1-27.el6_0.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1486.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNvvizXlSAg2UNWIIRAkPQAKCZhr7tbb1gQTeDOQY55pfYLIkwigCfbX3x MV7qoo21VImQrDDhrSvYWxQ= =1zS1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 5 00:26:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 May 2011 18:26:47 -0600 Subject: [RHSA-2011:0486-01] Moderate: xmlsec1 security and bug fix update Message-ID: <201105050026.p450QlA7014394@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlsec1 security and bug fix update Advisory ID: RHSA-2011:0486-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0486.html Issue date: 2011-05-04 CVE Names: CVE-2011-1425 ===================================================================== 1. Summary: Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. (CVE-2011-1425) Red Hat would like to thank Nicolas Gr?goire and Aleksey Sanin for reporting this issue. This update also fixes the following bug: * xmlsec1 previously used an incorrect search path when searching for crypto plug-in libraries, possibly trying to access such libraries using a relative path. (BZ#558480, BZ#700467) Users of xmlsec1 should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all running applications that use the xmlsec1 library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 558480 - xmlsec1: bogus lt_dlopen() search path [rhel-4] 692133 - CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures 700467 - xmlsec1: bogus lt_dlopen() search path [rhel-5] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xmlsec1-1.2.6-3.2.src.rpm i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm ppc: xmlsec1-1.2.6-3.2.ppc.rpm xmlsec1-1.2.6-3.2.ppc64.rpm xmlsec1-debuginfo-1.2.6-3.2.ppc.rpm xmlsec1-debuginfo-1.2.6-3.2.ppc64.rpm xmlsec1-devel-1.2.6-3.2.ppc.rpm xmlsec1-openssl-1.2.6-3.2.ppc.rpm xmlsec1-openssl-1.2.6-3.2.ppc64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ppc.rpm s390: xmlsec1-1.2.6-3.2.s390.rpm xmlsec1-debuginfo-1.2.6-3.2.s390.rpm xmlsec1-devel-1.2.6-3.2.s390.rpm xmlsec1-openssl-1.2.6-3.2.s390.rpm xmlsec1-openssl-devel-1.2.6-3.2.s390.rpm s390x: xmlsec1-1.2.6-3.2.s390.rpm xmlsec1-1.2.6-3.2.s390x.rpm xmlsec1-debuginfo-1.2.6-3.2.s390.rpm xmlsec1-debuginfo-1.2.6-3.2.s390x.rpm xmlsec1-devel-1.2.6-3.2.s390x.rpm xmlsec1-openssl-1.2.6-3.2.s390.rpm xmlsec1-openssl-1.2.6-3.2.s390x.rpm xmlsec1-openssl-devel-1.2.6-3.2.s390x.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xmlsec1-1.2.6-3.2.src.rpm i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xmlsec1-1.2.6-3.2.src.rpm i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xmlsec1-1.2.6-3.2.src.rpm i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xmlsec1-1.2.9-8.1.2.src.rpm i386: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm x86_64: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-1.2.9-8.1.2.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xmlsec1-1.2.9-8.1.2.src.rpm i386: xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm x86_64: xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xmlsec1-1.2.9-8.1.2.src.rpm i386: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm ia64: xmlsec1-1.2.9-8.1.2.ia64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ia64.rpm xmlsec1-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-gnutls-1.2.9-8.1.2.ia64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-nss-1.2.9-8.1.2.ia64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-openssl-1.2.9-8.1.2.ia64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ia64.rpm ppc: xmlsec1-1.2.9-8.1.2.ppc.rpm xmlsec1-1.2.9-8.1.2.ppc64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ppc.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ppc64.rpm xmlsec1-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-gnutls-1.2.9-8.1.2.ppc.rpm xmlsec1-gnutls-1.2.9-8.1.2.ppc64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-nss-1.2.9-8.1.2.ppc.rpm xmlsec1-nss-1.2.9-8.1.2.ppc64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-openssl-1.2.9-8.1.2.ppc.rpm xmlsec1-openssl-1.2.9-8.1.2.ppc64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ppc64.rpm s390x: xmlsec1-1.2.9-8.1.2.s390.rpm xmlsec1-1.2.9-8.1.2.s390x.rpm xmlsec1-debuginfo-1.2.9-8.1.2.s390.rpm xmlsec1-debuginfo-1.2.9-8.1.2.s390x.rpm xmlsec1-devel-1.2.9-8.1.2.s390.rpm xmlsec1-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-gnutls-1.2.9-8.1.2.s390.rpm xmlsec1-gnutls-1.2.9-8.1.2.s390x.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.s390.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-nss-1.2.9-8.1.2.s390.rpm xmlsec1-nss-1.2.9-8.1.2.s390x.rpm xmlsec1-nss-devel-1.2.9-8.1.2.s390.rpm xmlsec1-nss-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-openssl-1.2.9-8.1.2.s390.rpm xmlsec1-openssl-1.2.9-8.1.2.s390x.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.s390.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.s390x.rpm x86_64: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-1.2.9-8.1.2.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1425.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNwe6nXlSAg2UNWIIRAt03AJ9kIXZ9pSJD2MQvjEbjQf1frXFAWACgrV8L d75lCKqCYRNa7Kms5qwLLAc= =5V8A -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 5 18:56:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 May 2011 12:56:02 -0600 Subject: [RHSA-2011:0490-01] Critical: java-1.4.2-ibm security update Message-ID: <201105051856.p45Iu2K6001973@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2011:0490-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0490.html Issue date: 2011-05-05 CVE Names: CVE-2010-4447 CVE-2010-4448 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4473 CVE-2010-4475 CVE-2011-0311 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473, CVE-2010-4475, CVE-2011-0311) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 702349 - CVE-2011-0311 IBM JDK Class file parsing denial-of-service 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.9-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.9-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4447.html https://www.redhat.com/security/data/cve/CVE-2010-4448.html https://www.redhat.com/security/data/cve/CVE-2010-4454.html https://www.redhat.com/security/data/cve/CVE-2010-4462.html https://www.redhat.com/security/data/cve/CVE-2010-4465.html https://www.redhat.com/security/data/cve/CVE-2010-4466.html https://www.redhat.com/security/data/cve/CVE-2010-4473.html https://www.redhat.com/security/data/cve/CVE-2010-4475.html https://www.redhat.com/security/data/cve/CVE-2011-0311.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNwvKwXlSAg2UNWIIRAqANAJ9QayCend0Um7Ndo0Hi0znkD3CKYACfdOW3 HPshHkx9MJWjGMXumbaS+E0= =wqD5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 5 18:59:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 May 2011 12:59:01 -0600 Subject: [RHSA-2011:0491-01] Moderate: python security update Message-ID: <201105051859.p45Ix26O006825@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2011:0491-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0491.html Issue date: 2011-05-05 CVE Names: CVE-2009-3720 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks 598197 - CVE-2010-2089 Python: Memory corruption in audioop module 632200 - CVE-2010-3493 Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129) 680094 - CVE-2011-1015 python (CGIHTTPServer): CGI script source code disclosure 690560 - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.10.el4.src.rpm i386: python-2.3.4-14.10.el4.i386.rpm python-debuginfo-2.3.4-14.10.el4.i386.rpm python-devel-2.3.4-14.10.el4.i386.rpm python-docs-2.3.4-14.10.el4.i386.rpm python-tools-2.3.4-14.10.el4.i386.rpm tkinter-2.3.4-14.10.el4.i386.rpm ia64: python-2.3.4-14.10.el4.ia64.rpm python-debuginfo-2.3.4-14.10.el4.ia64.rpm python-devel-2.3.4-14.10.el4.ia64.rpm python-docs-2.3.4-14.10.el4.ia64.rpm python-tools-2.3.4-14.10.el4.ia64.rpm tkinter-2.3.4-14.10.el4.ia64.rpm ppc: python-2.3.4-14.10.el4.ppc.rpm python-debuginfo-2.3.4-14.10.el4.ppc.rpm python-devel-2.3.4-14.10.el4.ppc.rpm python-docs-2.3.4-14.10.el4.ppc.rpm python-tools-2.3.4-14.10.el4.ppc.rpm tkinter-2.3.4-14.10.el4.ppc.rpm s390: python-2.3.4-14.10.el4.s390.rpm python-debuginfo-2.3.4-14.10.el4.s390.rpm python-devel-2.3.4-14.10.el4.s390.rpm python-docs-2.3.4-14.10.el4.s390.rpm python-tools-2.3.4-14.10.el4.s390.rpm tkinter-2.3.4-14.10.el4.s390.rpm s390x: python-2.3.4-14.10.el4.s390x.rpm python-debuginfo-2.3.4-14.10.el4.s390x.rpm python-devel-2.3.4-14.10.el4.s390x.rpm python-docs-2.3.4-14.10.el4.s390x.rpm python-tools-2.3.4-14.10.el4.s390x.rpm tkinter-2.3.4-14.10.el4.s390x.rpm x86_64: python-2.3.4-14.10.el4.x86_64.rpm python-debuginfo-2.3.4-14.10.el4.x86_64.rpm python-devel-2.3.4-14.10.el4.x86_64.rpm python-docs-2.3.4-14.10.el4.x86_64.rpm python-tools-2.3.4-14.10.el4.x86_64.rpm tkinter-2.3.4-14.10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.10.el4.src.rpm i386: python-2.3.4-14.10.el4.i386.rpm python-debuginfo-2.3.4-14.10.el4.i386.rpm python-devel-2.3.4-14.10.el4.i386.rpm python-docs-2.3.4-14.10.el4.i386.rpm python-tools-2.3.4-14.10.el4.i386.rpm tkinter-2.3.4-14.10.el4.i386.rpm x86_64: python-2.3.4-14.10.el4.x86_64.rpm python-debuginfo-2.3.4-14.10.el4.x86_64.rpm python-devel-2.3.4-14.10.el4.x86_64.rpm python-docs-2.3.4-14.10.el4.x86_64.rpm python-tools-2.3.4-14.10.el4.x86_64.rpm tkinter-2.3.4-14.10.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.10.el4.src.rpm i386: python-2.3.4-14.10.el4.i386.rpm python-debuginfo-2.3.4-14.10.el4.i386.rpm python-devel-2.3.4-14.10.el4.i386.rpm python-docs-2.3.4-14.10.el4.i386.rpm python-tools-2.3.4-14.10.el4.i386.rpm tkinter-2.3.4-14.10.el4.i386.rpm ia64: python-2.3.4-14.10.el4.ia64.rpm python-debuginfo-2.3.4-14.10.el4.ia64.rpm python-devel-2.3.4-14.10.el4.ia64.rpm python-docs-2.3.4-14.10.el4.ia64.rpm python-tools-2.3.4-14.10.el4.ia64.rpm tkinter-2.3.4-14.10.el4.ia64.rpm x86_64: python-2.3.4-14.10.el4.x86_64.rpm python-debuginfo-2.3.4-14.10.el4.x86_64.rpm python-devel-2.3.4-14.10.el4.x86_64.rpm python-docs-2.3.4-14.10.el4.x86_64.rpm python-tools-2.3.4-14.10.el4.x86_64.rpm tkinter-2.3.4-14.10.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.10.el4.src.rpm i386: python-2.3.4-14.10.el4.i386.rpm python-debuginfo-2.3.4-14.10.el4.i386.rpm python-devel-2.3.4-14.10.el4.i386.rpm python-docs-2.3.4-14.10.el4.i386.rpm python-tools-2.3.4-14.10.el4.i386.rpm tkinter-2.3.4-14.10.el4.i386.rpm ia64: python-2.3.4-14.10.el4.ia64.rpm python-debuginfo-2.3.4-14.10.el4.ia64.rpm python-devel-2.3.4-14.10.el4.ia64.rpm python-docs-2.3.4-14.10.el4.ia64.rpm python-tools-2.3.4-14.10.el4.ia64.rpm tkinter-2.3.4-14.10.el4.ia64.rpm x86_64: python-2.3.4-14.10.el4.x86_64.rpm python-debuginfo-2.3.4-14.10.el4.x86_64.rpm python-devel-2.3.4-14.10.el4.x86_64.rpm python-docs-2.3.4-14.10.el4.x86_64.rpm python-tools-2.3.4-14.10.el4.x86_64.rpm tkinter-2.3.4-14.10.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3720.html https://www.redhat.com/security/data/cve/CVE-2010-1634.html https://www.redhat.com/security/data/cve/CVE-2010-2089.html https://www.redhat.com/security/data/cve/CVE-2010-3493.html https://www.redhat.com/security/data/cve/CVE-2011-1015.html https://www.redhat.com/security/data/cve/CVE-2011-1521.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2009-1625.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNwvM+XlSAg2UNWIIRAq7HAKCHohaxsiokdXmRqf1KKB5pY1r2oACgrDFp UiLsKiKxFiUvYxByQkPv/zY= =BOUi -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 5 18:59:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 May 2011 12:59:21 -0600 Subject: [RHSA-2011:0492-01] Moderate: python security update Message-ID: <201105051859.p45IxLtK026537@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2011:0492-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0492.html Issue date: 2011-05-05 CVE Names: CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 632200 - CVE-2010-3493 Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129) 680094 - CVE-2011-1015 python (CGIHTTPServer): CGI script source code disclosure 690560 - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-44.el5.src.rpm i386: python-2.4.3-44.el5.i386.rpm python-debuginfo-2.4.3-44.el5.i386.rpm python-libs-2.4.3-44.el5.i386.rpm python-tools-2.4.3-44.el5.i386.rpm tkinter-2.4.3-44.el5.i386.rpm x86_64: python-2.4.3-44.el5.x86_64.rpm python-debuginfo-2.4.3-44.el5.x86_64.rpm python-libs-2.4.3-44.el5.x86_64.rpm python-tools-2.4.3-44.el5.x86_64.rpm tkinter-2.4.3-44.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-44.el5.src.rpm i386: python-debuginfo-2.4.3-44.el5.i386.rpm python-devel-2.4.3-44.el5.i386.rpm x86_64: python-debuginfo-2.4.3-44.el5.i386.rpm python-debuginfo-2.4.3-44.el5.x86_64.rpm python-devel-2.4.3-44.el5.i386.rpm python-devel-2.4.3-44.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/python-2.4.3-44.el5.src.rpm i386: python-2.4.3-44.el5.i386.rpm python-debuginfo-2.4.3-44.el5.i386.rpm python-devel-2.4.3-44.el5.i386.rpm python-libs-2.4.3-44.el5.i386.rpm python-tools-2.4.3-44.el5.i386.rpm tkinter-2.4.3-44.el5.i386.rpm ia64: python-2.4.3-44.el5.ia64.rpm python-debuginfo-2.4.3-44.el5.i386.rpm python-debuginfo-2.4.3-44.el5.ia64.rpm python-devel-2.4.3-44.el5.ia64.rpm python-libs-2.4.3-44.el5.i386.rpm python-libs-2.4.3-44.el5.ia64.rpm python-tools-2.4.3-44.el5.ia64.rpm tkinter-2.4.3-44.el5.ia64.rpm ppc: python-2.4.3-44.el5.ppc.rpm python-debuginfo-2.4.3-44.el5.ppc.rpm python-debuginfo-2.4.3-44.el5.ppc64.rpm python-devel-2.4.3-44.el5.ppc.rpm python-devel-2.4.3-44.el5.ppc64.rpm python-libs-2.4.3-44.el5.ppc.rpm python-libs-2.4.3-44.el5.ppc64.rpm python-tools-2.4.3-44.el5.ppc.rpm tkinter-2.4.3-44.el5.ppc.rpm s390x: python-2.4.3-44.el5.s390x.rpm python-debuginfo-2.4.3-44.el5.s390.rpm python-debuginfo-2.4.3-44.el5.s390x.rpm python-devel-2.4.3-44.el5.s390.rpm python-devel-2.4.3-44.el5.s390x.rpm python-libs-2.4.3-44.el5.s390x.rpm python-tools-2.4.3-44.el5.s390x.rpm tkinter-2.4.3-44.el5.s390x.rpm x86_64: python-2.4.3-44.el5.x86_64.rpm python-debuginfo-2.4.3-44.el5.i386.rpm python-debuginfo-2.4.3-44.el5.x86_64.rpm python-devel-2.4.3-44.el5.i386.rpm python-devel-2.4.3-44.el5.x86_64.rpm python-libs-2.4.3-44.el5.x86_64.rpm python-tools-2.4.3-44.el5.x86_64.rpm tkinter-2.4.3-44.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3720.html https://www.redhat.com/security/data/cve/CVE-2010-3493.html https://www.redhat.com/security/data/cve/CVE-2011-1015.html https://www.redhat.com/security/data/cve/CVE-2011-1521.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNwvN+XlSAg2UNWIIRAoG3AKCo9/tfGUpgZzr0yWUXA52REQq5XACfaOQe M56lJoO4S4Bvv8hZiCqh2S8= =/pqR -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 9 16:00:56 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 May 2011 10:00:56 -0600 Subject: [RHSA-2011:0496-01] Important: xen security update Message-ID: <201105091600.p49G0ubl001335@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2011:0496-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0496.html Issue date: 2011-05-09 CVE Names: CVE-2011-1583 ===================================================================== 1. Summary: Updated xen packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 696927 - CVE-2011-1583 xen: insufficiencies in pv kernel image validation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-120.el5_6.2.src.rpm i386: xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm x86_64: xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.x86_64.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-120.el5_6.2.src.rpm i386: xen-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm x86_64: xen-3.0.3-120.el5_6.2.x86_64.rpm xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.x86_64.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-120.el5_6.2.src.rpm i386: xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm ia64: xen-debuginfo-3.0.3-120.el5_6.2.ia64.rpm xen-libs-3.0.3-120.el5_6.2.ia64.rpm x86_64: xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.x86_64.rpm xen-libs-3.0.3-120.el5_6.2.i386.rpm xen-libs-3.0.3-120.el5_6.2.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-120.el5_6.2.src.rpm i386: xen-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm ia64: xen-3.0.3-120.el5_6.2.ia64.rpm xen-debuginfo-3.0.3-120.el5_6.2.ia64.rpm xen-devel-3.0.3-120.el5_6.2.ia64.rpm x86_64: xen-3.0.3-120.el5_6.2.x86_64.rpm xen-debuginfo-3.0.3-120.el5_6.2.i386.rpm xen-debuginfo-3.0.3-120.el5_6.2.x86_64.rpm xen-devel-3.0.3-120.el5_6.2.i386.rpm xen-devel-3.0.3-120.el5_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1583.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNyA+jXlSAg2UNWIIRAt6QAJ9mabE0BcI5xfVHglu2b30qGXXGnwCdGo39 l0tqwYfwbVoZY/lsmH4RAvY= =YCAR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:17:04 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2011 12:17:04 -0600 Subject: [RHSA-2011:0498-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201105101817.p4AIH4Br022784@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:0498-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0498.html Issue date: 2011-05-10 CVE Names: CVE-2010-4250 CVE-2010-4565 CVE-2010-4649 CVE-2011-0006 CVE-2011-0711 CVE-2011-0712 CVE-2011-0726 CVE-2011-1013 CVE-2011-1016 CVE-2011-1019 CVE-2011-1044 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1573 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important) * An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1013, Important) * The Radeon GPU drivers in the Linux kernel were missing sanity checks for the Anti Aliasing (AA) resolve register values which could allow a local, unprivileged user to cause a denial of service or escalate their privileges on systems using a graphics card from the ATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016, Important) * A flaw in dccp_rcv_state_process() could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addip_enable" and "auth_enable" variables were turned on (they are off by default). (CVE-2011-1573, Important) * A memory leak in the inotify_init() system call. In some cases, it could leak a group, which could allow a local, unprivileged user to eventually cause a denial of service. (CVE-2010-4250, Moderate) * A missing validation of a null-terminated string data structure element in bnep_sock_ioctl() could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * An information leak in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager implementation could allow a local, unprivileged user to leak kernel mode addresses in "/proc/net/can-bcm". (CVE-2010-4565, Low) * A flaw was found in the Linux kernel's Integrity Measurement Architecture (IMA) implementation. When SELinux was disabled, adding an IMA rule which was supposed to be processed by SELinux would cause ima_match_rules() to always succeed, ignoring any remaining rules. (CVE-2011-0006, Low) * A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low) * Buffer overflow flaws in snd_usb_caiaq_audio_init() and snd_usb_caiaq_midi_init() could allow a local, unprivileged user with access to a Native Instruments USB audio device to cause a denial of service or escalate their privileges. (CVE-2011-0712, Low) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules. (CVE-2011-1019, Low) * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low) * A missing validation of a null-terminated string data structure element in do_replace() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) Red Hat would like to thank Vegard Nossum for reporting CVE-2010-4250; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and CVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and CVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and Kees Cook for reporting CVE-2011-0726. This update also fixes various bugs and adds an enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 656830 - CVE-2010-4250 kernel: inotify memory leak 664544 - CVE-2010-4565 kernel: CAN info leak 667912 - CVE-2011-0006 kernel: ima: fix add LSM rule bug 667916 - CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ 670850 - [6.0] System reset when changing EFI variable on large memory system [rhel-6.0.z] 677260 - CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 677881 - CVE-2011-0712 kernel: ALSA: caiaq - Fix possible string-buffer overflow 679925 - CVE-2011-1013 kernel: drm_modeset_ctl signedness issue 680000 - CVE-2011-1016 kernel: drm/radeon/kms: check AA resolve registers on r300 680360 - CVE-2011-1019 kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 683810 - [6.1] Common code infrastructure for VLAN null tagging [rhel-6.0.z] 684275 - kernel: BUG: warning at drivers/char/tty_audit.c:55/tty_audit_buf_free() [rhel-6.0.z] 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 691777 - Bonded and vlan tagged network does not work in KVM guest [rhel-6.0.z] 694073 - 82576 stuck after PCI AER error [rhel-6.0.z] 694186 - kswapd0 100% [rhel-6.0.z] 695383 - CVE-2011-1573 kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set 696889 - emc_clariion error handler panics with multiple failures [rhel-6.0.z] 698109 - Bond interface flapping and increasing rx_missed_errors [rhel-6.0.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.29.1.el6.src.rpm i386: kernel-2.6.32-71.29.1.el6.i686.rpm kernel-debug-2.6.32-71.29.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.29.1.el6.i686.rpm kernel-devel-2.6.32-71.29.1.el6.i686.rpm kernel-headers-2.6.32-71.29.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.29.1.el6.noarch.rpm kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm perf-2.6.32-71.29.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6.x86_64.rpm kernel-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-headers-2.6.32-71.29.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.29.1.el6.src.rpm noarch: kernel-doc-2.6.32-71.29.1.el6.noarch.rpm kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm perf-2.6.32-71.29.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6.x86_64.rpm kernel-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-headers-2.6.32-71.29.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.29.1.el6.src.rpm i386: kernel-2.6.32-71.29.1.el6.i686.rpm kernel-debug-2.6.32-71.29.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.29.1.el6.i686.rpm kernel-devel-2.6.32-71.29.1.el6.i686.rpm kernel-headers-2.6.32-71.29.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.29.1.el6.noarch.rpm kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm perf-2.6.32-71.29.1.el6.noarch.rpm ppc64: kernel-2.6.32-71.29.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.29.1.el6.ppc64.rpm kernel-debug-2.6.32-71.29.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.29.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.29.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-71.29.1.el6.ppc64.rpm kernel-devel-2.6.32-71.29.1.el6.ppc64.rpm kernel-headers-2.6.32-71.29.1.el6.ppc64.rpm s390x: kernel-2.6.32-71.29.1.el6.s390x.rpm kernel-debug-2.6.32-71.29.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.s390x.rpm kernel-debug-devel-2.6.32-71.29.1.el6.s390x.rpm kernel-debuginfo-2.6.32-71.29.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-71.29.1.el6.s390x.rpm kernel-devel-2.6.32-71.29.1.el6.s390x.rpm kernel-headers-2.6.32-71.29.1.el6.s390x.rpm kernel-kdump-2.6.32-71.29.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.29.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.29.1.el6.s390x.rpm x86_64: kernel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6.x86_64.rpm kernel-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-headers-2.6.32-71.29.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.29.1.el6.src.rpm i386: kernel-2.6.32-71.29.1.el6.i686.rpm kernel-debug-2.6.32-71.29.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.29.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.29.1.el6.i686.rpm kernel-devel-2.6.32-71.29.1.el6.i686.rpm kernel-headers-2.6.32-71.29.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.29.1.el6.noarch.rpm kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm perf-2.6.32-71.29.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.29.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.29.1.el6.x86_64.rpm kernel-devel-2.6.32-71.29.1.el6.x86_64.rpm kernel-headers-2.6.32-71.29.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4250.html https://www.redhat.com/security/data/cve/CVE-2010-4565.html https://www.redhat.com/security/data/cve/CVE-2010-4649.html https://www.redhat.com/security/data/cve/CVE-2011-0006.html https://www.redhat.com/security/data/cve/CVE-2011-0711.html https://www.redhat.com/security/data/cve/CVE-2011-0712.html https://www.redhat.com/security/data/cve/CVE-2011-0726.html https://www.redhat.com/security/data/cve/CVE-2011-1013.html https://www.redhat.com/security/data/cve/CVE-2011-1016.html https://www.redhat.com/security/data/cve/CVE-2011-1019.html https://www.redhat.com/security/data/cve/CVE-2011-1044.html https://www.redhat.com/security/data/cve/CVE-2011-1079.html https://www.redhat.com/security/data/cve/CVE-2011-1080.html https://www.redhat.com/security/data/cve/CVE-2011-1093.html https://www.redhat.com/security/data/cve/CVE-2011-1573.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0498 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNyYEIXlSAg2UNWIIRApOPAJ9d2GxxFDJ3540hXC1DkGSR/w1uaACgxDSg CYFkRIX8d97QT3PFWn9Hjao= =hZyP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 10 18:18:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 May 2011 12:18:16 -0600 Subject: [RHSA-2011:0500-01] Important: kernel-rt security and bug fix update Message-ID: <201105101818.p4AIIGA7023128@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2011:0500-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0500.html Issue date: 2011-05-10 CVE Names: CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1013 CVE-2011-1019 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1082 CVE-2011-1093 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 5 Server - i386, noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A race condition in the way the Linux kernel's InfiniBand implementation set up new connections could allow a remote user to cause a denial of service. (CVE-2011-0695, Important) * An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1013, Important) * A flaw in dccp_rcv_state_process() could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * A missing validation of a null-terminated string data structure element in bnep_sock_ioctl() could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1082, Moderate) * A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A missing validation check in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems, could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low) * A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules. (CVE-2011-1019, Low) * A missing initialization flaw in sco_sock_getsockopt_old() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1080, Low) Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, CVE-2011-1078, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, and CVE-2011-1080; Nelson Elhage for reporting CVE-2011-1082; Dan Rosenberg for reporting CVE-2011-0711; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163. This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version 2.6.33.9-rt31, and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 653648 - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler 677260 - CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables 679925 - CVE-2011-1013 kernel: drm_modeset_ctl signedness issue 680360 - CVE-2011-1019 kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN 681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 692665 - bnx2x NICs occassionally do not come up on boot 6. Package List: MRG Realtime for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.9-rt31.64.el5rt.src.rpm i386: kernel-rt-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-debug-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-debug-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-debug-devel-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-debuginfo-common-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-devel-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-trace-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-trace-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-trace-devel-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-vanilla-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm kernel-rt-vanilla-devel-2.6.33.9-rt31.64.el5rt.i686.rpm perf-2.6.33.9-rt31.64.el5rt.i686.rpm perf-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm noarch: kernel-rt-doc-2.6.33.9-rt31.64.el5rt.noarch.rpm x86_64: kernel-rt-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-debug-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-debug-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-debuginfo-common-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-trace-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-trace-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-vanilla-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm perf-2.6.33.9-rt31.64.el5rt.x86_64.rpm perf-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0695.html https://www.redhat.com/security/data/cve/CVE-2011-0711.html https://www.redhat.com/security/data/cve/CVE-2011-0726.html https://www.redhat.com/security/data/cve/CVE-2011-1010.html https://www.redhat.com/security/data/cve/CVE-2011-1013.html https://www.redhat.com/security/data/cve/CVE-2011-1019.html https://www.redhat.com/security/data/cve/CVE-2011-1078.html https://www.redhat.com/security/data/cve/CVE-2011-1079.html https://www.redhat.com/security/data/cve/CVE-2011-1080.html https://www.redhat.com/security/data/cve/CVE-2011-1082.html https://www.redhat.com/security/data/cve/CVE-2011-1093.html https://www.redhat.com/security/data/cve/CVE-2011-1163.html https://www.redhat.com/security/data/cve/CVE-2011-1170.html https://www.redhat.com/security/data/cve/CVE-2011-1171.html https://www.redhat.com/security/data/cve/CVE-2011-1172.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.3/html/Technical_Notes/RHSA-2011-0500.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNyYEtXlSAg2UNWIIRAmxmAJ9ywz4C0KHUJDhJSC4IuM7d+EnC0ACePY1/ DCsJ+Fm6hnIhdDmh0lcD1uI= =xL/Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 23:15:09 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2011 17:15:09 -0600 Subject: [RHSA-2011:0506-01] Moderate: rdesktop security update Message-ID: <201105112315.p4BNF9xa028176@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rdesktop security update Advisory ID: RHSA-2011:0506-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0506.html Issue date: 2011-05-11 CVE Names: CVE-2011-1595 ===================================================================== 1. Summary: An updated rdesktop package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: rdesktop is a client for the Remote Desktop Server (previously, Terminal Server) in Microsoft Windows. It uses the Remote Desktop Protocol (RDP) to remotely present a user's desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdesktop, the server could use this flaw to cause rdesktop to read and write to arbitrary, local files accessible to the user running rdesktop. (CVE-2011-1595) Red Hat would like to thank Cendio AB for reporting this issue. Cendio AB acknowledges an anonymous contributor working with the SecuriTeam Secure Disclosure program as the original reporter. Users of rdesktop should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 676252 - CVE-2011-1595 rdesktop remote file access 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rdesktop-1.6.0-3.el5_6.2.src.rpm i386: rdesktop-1.6.0-3.el5_6.2.i386.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.i386.rpm x86_64: rdesktop-1.6.0-3.el5_6.2.x86_64.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rdesktop-1.6.0-3.el5_6.2.src.rpm i386: rdesktop-1.6.0-3.el5_6.2.i386.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.i386.rpm ia64: rdesktop-1.6.0-3.el5_6.2.ia64.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.ia64.rpm ppc: rdesktop-1.6.0-3.el5_6.2.ppc.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.ppc.rpm s390x: rdesktop-1.6.0-3.el5_6.2.s390x.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.s390x.rpm x86_64: rdesktop-1.6.0-3.el5_6.2.x86_64.rpm rdesktop-debuginfo-1.6.0-3.el5_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rdesktop-1.6.0-8.el6_0.1.src.rpm i386: rdesktop-1.6.0-8.el6_0.1.i686.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm x86_64: rdesktop-1.6.0-8.el6_0.1.x86_64.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rdesktop-1.6.0-8.el6_0.1.src.rpm i386: rdesktop-1.6.0-8.el6_0.1.i686.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm ppc64: rdesktop-1.6.0-8.el6_0.1.ppc64.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.ppc64.rpm s390x: rdesktop-1.6.0-8.el6_0.1.s390x.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.s390x.rpm x86_64: rdesktop-1.6.0-8.el6_0.1.x86_64.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rdesktop-1.6.0-8.el6_0.1.src.rpm i386: rdesktop-1.6.0-8.el6_0.1.i686.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm x86_64: rdesktop-1.6.0-8.el6_0.1.x86_64.rpm rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1595.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNyxhwXlSAg2UNWIIRAtZnAKCSZxShfxoW1UW8KV0oNwgCD6tGTACeP7US mWQMq9HoeVskePR2kWeP0dM= =IUfg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 11 23:15:44 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 May 2011 17:15:44 -0600 Subject: [RHSA-2011:0507-01] Moderate: apr security update Message-ID: <201105112315.p4BNFial032394@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: apr security update Advisory ID: RHSA-2011:0507-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0507.html Issue date: 2011-05-11 CVE Names: CVE-2011-0419 ===================================================================== 1. Summary: Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-0.9.4-25.el4.src.rpm i386: apr-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-devel-0.9.4-25.el4.i386.rpm ia64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.ia64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.ia64.rpm apr-devel-0.9.4-25.el4.ia64.rpm ppc: apr-0.9.4-25.el4.ppc.rpm apr-0.9.4-25.el4.ppc64.rpm apr-debuginfo-0.9.4-25.el4.ppc.rpm apr-debuginfo-0.9.4-25.el4.ppc64.rpm apr-devel-0.9.4-25.el4.ppc.rpm s390: apr-0.9.4-25.el4.s390.rpm apr-debuginfo-0.9.4-25.el4.s390.rpm apr-devel-0.9.4-25.el4.s390.rpm s390x: apr-0.9.4-25.el4.s390.rpm apr-0.9.4-25.el4.s390x.rpm apr-debuginfo-0.9.4-25.el4.s390.rpm apr-debuginfo-0.9.4-25.el4.s390x.rpm apr-devel-0.9.4-25.el4.s390x.rpm x86_64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.x86_64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.x86_64.rpm apr-devel-0.9.4-25.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-0.9.4-25.el4.src.rpm i386: apr-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-devel-0.9.4-25.el4.i386.rpm x86_64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.x86_64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.x86_64.rpm apr-devel-0.9.4-25.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-0.9.4-25.el4.src.rpm i386: apr-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-devel-0.9.4-25.el4.i386.rpm ia64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.ia64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.ia64.rpm apr-devel-0.9.4-25.el4.ia64.rpm x86_64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.x86_64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.x86_64.rpm apr-devel-0.9.4-25.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-0.9.4-25.el4.src.rpm i386: apr-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-devel-0.9.4-25.el4.i386.rpm ia64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.ia64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.ia64.rpm apr-devel-0.9.4-25.el4.ia64.rpm x86_64: apr-0.9.4-25.el4.i386.rpm apr-0.9.4-25.el4.x86_64.rpm apr-debuginfo-0.9.4-25.el4.i386.rpm apr-debuginfo-0.9.4-25.el4.x86_64.rpm apr-devel-0.9.4-25.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.4.src.rpm i386: apr-1.2.7-11.el5_6.4.i386.rpm apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-docs-1.2.7-11.el5_6.4.i386.rpm x86_64: apr-1.2.7-11.el5_6.4.i386.rpm apr-1.2.7-11.el5_6.4.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-debuginfo-1.2.7-11.el5_6.4.x86_64.rpm apr-docs-1.2.7-11.el5_6.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.4.src.rpm i386: apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-devel-1.2.7-11.el5_6.4.i386.rpm x86_64: apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-debuginfo-1.2.7-11.el5_6.4.x86_64.rpm apr-devel-1.2.7-11.el5_6.4.i386.rpm apr-devel-1.2.7-11.el5_6.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-1.2.7-11.el5_6.4.src.rpm i386: apr-1.2.7-11.el5_6.4.i386.rpm apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-devel-1.2.7-11.el5_6.4.i386.rpm apr-docs-1.2.7-11.el5_6.4.i386.rpm ia64: apr-1.2.7-11.el5_6.4.ia64.rpm apr-debuginfo-1.2.7-11.el5_6.4.ia64.rpm apr-devel-1.2.7-11.el5_6.4.ia64.rpm apr-docs-1.2.7-11.el5_6.4.ia64.rpm ppc: apr-1.2.7-11.el5_6.4.ppc.rpm apr-1.2.7-11.el5_6.4.ppc64.rpm apr-debuginfo-1.2.7-11.el5_6.4.ppc.rpm apr-debuginfo-1.2.7-11.el5_6.4.ppc64.rpm apr-devel-1.2.7-11.el5_6.4.ppc.rpm apr-devel-1.2.7-11.el5_6.4.ppc64.rpm apr-docs-1.2.7-11.el5_6.4.ppc.rpm s390x: apr-1.2.7-11.el5_6.4.s390.rpm apr-1.2.7-11.el5_6.4.s390x.rpm apr-debuginfo-1.2.7-11.el5_6.4.s390.rpm apr-debuginfo-1.2.7-11.el5_6.4.s390x.rpm apr-devel-1.2.7-11.el5_6.4.s390.rpm apr-devel-1.2.7-11.el5_6.4.s390x.rpm apr-docs-1.2.7-11.el5_6.4.s390x.rpm x86_64: apr-1.2.7-11.el5_6.4.i386.rpm apr-1.2.7-11.el5_6.4.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.4.i386.rpm apr-debuginfo-1.2.7-11.el5_6.4.x86_64.rpm apr-devel-1.2.7-11.el5_6.4.i386.rpm apr-devel-1.2.7-11.el5_6.4.x86_64.rpm apr-docs-1.2.7-11.el5_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm i386: apr-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-1.3.9-3.el6_0.1.i686.rpm apr-1.3.9-3.el6_0.1.x86_64.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm i386: apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm x86_64: apr-1.3.9-3.el6_0.1.i686.rpm apr-1.3.9-3.el6_0.1.x86_64.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm x86_64: apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm i386: apr-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm ppc64: apr-1.3.9-3.el6_0.1.ppc.rpm apr-1.3.9-3.el6_0.1.ppc64.rpm apr-debuginfo-1.3.9-3.el6_0.1.ppc.rpm apr-debuginfo-1.3.9-3.el6_0.1.ppc64.rpm apr-devel-1.3.9-3.el6_0.1.ppc.rpm apr-devel-1.3.9-3.el6_0.1.ppc64.rpm s390x: apr-1.3.9-3.el6_0.1.s390.rpm apr-1.3.9-3.el6_0.1.s390x.rpm apr-debuginfo-1.3.9-3.el6_0.1.s390.rpm apr-debuginfo-1.3.9-3.el6_0.1.s390x.rpm apr-devel-1.3.9-3.el6_0.1.s390.rpm apr-devel-1.3.9-3.el6_0.1.s390x.rpm x86_64: apr-1.3.9-3.el6_0.1.i686.rpm apr-1.3.9-3.el6_0.1.x86_64.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-1.3.9-3.el6_0.1.src.rpm i386: apr-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm x86_64: apr-1.3.9-3.el6_0.1.i686.rpm apr-1.3.9-3.el6_0.1.x86_64.rpm apr-debuginfo-1.3.9-3.el6_0.1.i686.rpm apr-debuginfo-1.3.9-3.el6_0.1.x86_64.rpm apr-devel-1.3.9-3.el6_0.1.i686.rpm apr-devel-1.3.9-3.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0419.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNyxiLXlSAg2UNWIIRAqMmAJ9N/SemmsZZJN8mp93a5bZo7OD3YwCfUVxg oWnstz3qfiJn7vUvAjUlChw= =OXvL -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri May 13 09:08:59 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 May 2011 14:38:59 +0530 Subject: [RHSA-2011:0511-01] Critical: flash-plugin security update Message-ID: <201105130909.p4D98xGr008389@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:0511-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0511.html Issue date: 2011-05-13 CVE Names: CVE-2011-0579 CVE-2011-0618 CVE-2011-0619 CVE-2011-0620 CVE-2011-0621 CVE-2011-0622 CVE-2011-0623 CVE-2011-0624 CVE-2011-0625 CVE-2011-0626 CVE-2011-0627 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-12, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627) This update also fixes an information disclosure flaw in flash-plugin. (CVE-2011-0579) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.14. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 704368 - CVE-2011-0579 CVE-2011-0618 CVE-2011-0619 CVE-2011-0620 CVE-2011-0621 CVE-2011-0622 CVE-2011-0623 CVE-2011-0624 CVE-2011-0625 CVE-2011-0626 CVE-2011-0627 flash-plugin: crash and potential arbitrary code execution (APSB11-12) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.181.14-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.14-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.181.14-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.14-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.181.14-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.14-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.181.14-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.14-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.181.14-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.14-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0579.html https://www.redhat.com/security/data/cve/CVE-2011-0618.html https://www.redhat.com/security/data/cve/CVE-2011-0619.html https://www.redhat.com/security/data/cve/CVE-2011-0620.html https://www.redhat.com/security/data/cve/CVE-2011-0621.html https://www.redhat.com/security/data/cve/CVE-2011-0622.html https://www.redhat.com/security/data/cve/CVE-2011-0623.html https://www.redhat.com/security/data/cve/CVE-2011-0624.html https://www.redhat.com/security/data/cve/CVE-2011-0625.html https://www.redhat.com/security/data/cve/CVE-2011-0626.html https://www.redhat.com/security/data/cve/CVE-2011-0627.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-12.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNzPUaXlSAg2UNWIIRAuB9AKCvB2Gk5cexADLUDxRPKAOK4dO4+QCeJhDA 0ApVp3JJ5sV1f32q0hR2hwg= =5ODc -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:11:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:11:58 +0000 Subject: [RHSA-2011:0534-01] Important: qemu-kvm security, bug fix, and enhancement update Message-ID: <201105191211.p4JCBx25002201@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2011:0534-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0534.html Issue date: 2011-05-19 CVE Names: CVE-2011-1750 CVE-2011-1751 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on the host. (CVE-2011-1750) It was found that the PIIX4 Power Management emulation layer in qemu-kvm did not properly check for hot plug eligibility during device removals. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on the host. (CVE-2011-1751) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs and add the enhancements noted in the Technical Notes. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 482427 - support high resolutions 581750 - Vhost: Segfault when assigning a none vhostfd 596610 - "Guest moved used index from 0 to 61440" if remove virtio serial device before virtserialport 599307 - info snapshot return "bdrv_snapshot_list: error -95" 602205 - Could not ping guest successfully after changing e1000 MTU 603413 - RHEL3.9 guest netdump hung with e1000 604992 - index is empty in qemu-doc.html 607598 - Incorrect & misleading error reporting when failing to open a drive due to block driver whitelist denial 608548 - QEMU doesn't respect hardware sector size of underlying block device when doing O_DIRECT 609016 - incorrect committed memory on idle host 613893 - [RFE] qemu-io enable truncate function for qcow2. 615947 - RFE QMP: support of query spice for guest 616187 - vmware device emulation enabled but not supported 616659 - mrg buffers: migration breaks between systems with/without vhost 616703 - qemu-kvm core dump with virtio-serial-pci max-port greater than 31 617119 - Qemu becomes unresponsive during unattended_installation 619168 - qemu should more clearly indicate internal detection of this host out-of-memory condition at startup.. 619259 - qemu "-cpu [check | enforce ]" should work even when a model name is not specified on the command line 623552 - SCP image fails from host to guest with vhost on when do migration 623735 - hot unplug of vhost net virtio NIC causes qemu segfault 624396 - migration failed after hot-unplug virtserialport - Unknown savevm section or instance '0000:00:07.0/virtio-console' 0 624572 - time drift after guest running for more than 12 hours 624607 - [qemu] [rhel6] guest installation stop (pause) on 'eother' event over COW disks (thin-provisioning) 624721 - [qemu] [rhel6] bad error handling when qemu has no 'read' permissions over {kernel,initrd} files [pass boot options] 624767 - Replace virtio-net TX timer mitigation with bottom half handler 624790 - pass through fails with KVM using Neterion Inc's X3100 Series 10GbE PCIe I/O Virtualized Server Adapter in Multifunction mode. 625319 - Failed to update the media in floppy device 625333 - qemu treatment of -nodefconfig and -readconfig problematic for debug 625681 - RFE QMP: should have command to disconnect and connect network card for whql testing 625948 - qemu exits when hot adding rtl8139 nic to win2k8 guest 628634 - vhost_net: untested error handling in vhost_net_start 631522 - spice: prepare qxl for 6.1 update. 632257 - Duplicate CPU fea.tures in cpu-x86_64.conf 632458 - Guest may core dump when booting with spice and qxl. 632722 - [6.1 FEAT] QEMU static tracing framework 633394 - [6.1 FEAT] virtio-blk ioeventfd support 633699 - Cannot hot-plug nic in windows VM when the vmem is larger 634153 - coredumped when enable qxl without spice 635354 - Can not commit copy-on-write image's data to raw backing-image 635418 - Allow enable/disable ksm per VM 635527 - KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk 635954 - RFE: Assigned device should block migration 636494 - -cpu check does not correctly enforce CPUID items 637180 - watchdog timer isn't reset when qemu resets 637976 - ksmtuned: give a nicer message if retune is called while ksmtuned is off 638468 - [qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug 639437 - Incorrect russian vnc keymap 641127 - qemu-img ignores close() errors 642131 - qemu-kvm aborts of 'qemu_spice_display_create_update: unhandled depth: 0 bits' 643681 - Do not advertise boot=on capability to libvirt 643687 - Allow to specify boot order on qemu command line. 643970 - guest migration turns failed by the end (16G + stress load) 645342 - Implement QEMU driver for modern sound device like Intel HDA 647307 - Support slow mapping of PCI Bars 647308 - Support Westmere as a CPU model or included within existing models.. 647447 - QMP: provide a hmp_passthrough command to allow execution of non-converted commands 647865 - support 2560x1440 in qxl 648333 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS 653582 - Changing media with -snapshot deletes image file 653972 - qcow2: Backport performance related patches 655735 - qemu-kvm (or libvirt?) permission denied errors when exporting readonly IDE disk to guest 656198 - Can only see 16 virtio ports while assigned 30 virtio serial ports on commandLine 658288 - Include (disabled by default) -fake-machine patch on qemu-kvm RPM spec 662633 - Fix build problem with recent compilers 662701 - Option -enable-kvm should exit when KVM is unavailable 665025 - lost double clicks on slow connections 665299 - load vhost-net by default 667188 - device-assignment leaks option ROM memory 669268 - WinXP hang when reboot after setup copies files to the installation folders 670539 - Block devices don't implement correct flush error handling 670787 - Hot plug the 14st VF to guest causes guest shut down 671100 - possible migration failure due to erroneous interpretation of subsection 672187 - Improper responsive message when shrinking qcow2 image 672191 - spicevmc: flow control on the spice agent channel is missing in both directions 672229 - romfile memory leak 672441 - Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path 672720 - getting 'ctrl buffer too small' error on USB passthrough 674539 - slow guests block other guests on the same lan 674562 - disable vhost-net for rhel5 and older guests 675229 - Install of cpu-x86_64.conf bombs for an out of tree build.. 676015 - set_link off not working with vhost-net 676529 - core dumped when save snapshot to non-exist disk 677222 - segment fault happens after hot drive add then drive delete 677712 - disabling vmware device emulation breaks old->new migration 678208 - qemu-kvm hangs when installing guest with -spice option 678524 - Exec based migration randomly fails, particularly under high load 680058 - can't hotplug second vf successful with message "Too many open files" 681777 - floppy I/O error after live migration while floppy in use 683295 - qemu-kvm: Invalid parameter 'vhostforce' 684076 - Segfault occurred during migration 685147 - guest with assigned nic got kernel panic when send system_reset signal in QEMU monitor 688058 - Drive serial number gets truncated 688119 - qcow2: qcow2_open doesn't return useful errors 688146 - qcow2: Some paths fail to handle I/O errors 688147 - qcow2: Reads fail with backing file smaller than snapshot 688428 - qemu-kvm -no-kvm segfaults on pci_add 688572 - spice-server does not switch back to server mouse mode if guest spice-agent dies. 690267 - Backport qemu_get_ram_ptr() performance improvement 693741 - qemu-img re-base fail with read-only new backing file 694095 - Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version 694196 - RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration 698906 - CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests 699773 - CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.160.el6.src.rpm x86_64: qemu-img-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.160.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.160.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1750.html https://www.redhat.com/security/data/cve/CVE-2011-1751.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qj/XlSAg2UNWIIRAqafAKCbkaKWoKm2p7+5J7MktEREE47vWQCdEtt0 2pENBq7h9GybHcXQfnXA2Gc= =GToj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:13:59 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:13:59 +0000 Subject: [RHSA-2011:0542-01] Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update Message-ID: <201105191214.p4JCE0Fl030781@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update Advisory ID: RHSA-2011:0542-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0542.html Issue date: 2011-05-19 CVE Names: CVE-2010-4251 CVE-2011-0999 CVE-2011-1010 CVE-2011-1023 CVE-2011-1082 CVE-2011-1090 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1581 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the first regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * A flaw was found in the Linux kernel's Ethernet bonding driver implementation. Packets coming in from network devices that have more than 16 receive queues to a bonding interface could cause a denial of service. (CVE-2011-1581, Important) * A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate) * A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. (CVE-2011-0999, Moderate) * A flaw was found in the transmit methods (xmit) for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS) implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1023, Moderate) * A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1082, Moderate) * An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate) * A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.1 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.1 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 463842 - [LTC 6.0 FEAT] 201227:NFS over RDMA support 519467 - new ext4 ioctls, tunables etc undocumented 550724 - xen PV guest kernel 2.6.32 processes lock up in D state 583064 - Virtio Net/Disk block devices get wrong parent in node device info 588638 - [abrt] crash in kernel: Your BIOS is broken; DMAR reported at address fed90000 returns all ones! 590404 - Garbled image with zc3xx-based webcam 591335 - IPv6 tproxy support is not present in RHEL 6 Beta 591466 - [abrt] WARNING: at fs/buffer.c:1159 mark_buffer_dirty+0x82/0xa0() 593766 - ACPI Error: Illegal I/O port address/length above 64K 597333 - CDTRDSR missing from 601849 - bonding: backport code to allow user-controlled output slave detection. 607262 - Read from /proc/xen/xenbus does not honor O_NONBLOCK 610237 - [6u0] Bonding in ALB mode sends ARP in loop 612436 - udevd report unexpected exit when guest boot up with nmi_watchdog = 1 and using debugfs tracing KVM (AMD) 616105 - problems with 64b division on 32b platforms. 616296 - guest kernel panic when boot with nmi_watchdog=1 616660 - mrg buffers: migration breaks between systems with/without vhost 617199 - make exclusively owned pages belong to the local anon_vma on swapin 618175 - cifs: NT_STATUS_MEDIA_WRITE_PROTECTED not being mapped appropriately to POSIX error 618440 - jbd2/ocfs2: Fix block checksumming when a buffer is used in several transactions 618602 - core_pattern handler truncates parameters 619426 - RHEL UV: kernel patch for kexec 619430 - Intel HDA audio: popping/clicking sound distortion 619455 - Host kernel oops after a series of virsh {attach,detach}-device 621103 - backport wireless 2.6.32-longterm fixes 622575 - networking may go away after migration due to missing arp update 623199 - Bonded and vlan tagged network does not work in KVM guest 623201 - [RHEL6][Kernel] BUG: spinlock wrong CPU on CPU#2, modprobe/713 (Not tainted) 623968 - K10 temp support in lm_sensors 624069 - Upgrading NFS client to 2.6.36 release. 624628 - read from virtio-serial returns if the host side is not connect to pipe 625173 - [RHEL6][Kernel] FATAL: Error inserting ipv6, Cannot allocate memory, causes panic 626561 - GFS2: [RFE] fallocate support for GFS2 626989 - block IO controller: Pull in Group idle tunable patches from upstream 627926 - [RHEL6.0] e1000e devices fail to initialize interrupts properly 627958 - be2net: A bad assert in processing async messages from NIC 628805 - Fix hot-unplug handling of virtio-console ports 629178 - kernel: Problem with execve(2) reintroduced [rhel-6.1] 629197 - i8259 state is corrupted during migration 629418 - modpost segmentation fault 629423 - module signing failing on cross-builds due to linker misuse 629629 - groups_search() cannot handle large gid correctly 629715 - kernel ABI whitelist request for kspice-usb driver [Red Hat] 629920 - GFS1 vs GFS2 performance issue 630562 - kernel: additional stack guard patches [rhel-6.1] 631833 - Big performance regression found on connect/request/response test through IPSEC (openswan) transport 632021 - Cannot unplug emulated ide and rtl8139 devices in RHEL6 HVM xen guest 632631 - block: fix s390 tape block driver crash that occurs when it switches the IO scheduler 632745 - [6.1 FEAT] KVM Network Performance: mergeable rx buffers support in vhost-net 633825 - kswapd0 100% 634100 - migrate_cancel under STRESS caused guest to hang 634232 - PATCH: virtio_console: Fix poll blocking even though there is data to read 634303 - audit filtering on selinux label of userspace audit messages 634316 - tg3: Disable TSS 635041 - GFS2: inode glock stuck without holder 635535 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash) 635537 - Disable lseek(2) for virtio ports 635539 - WinXP BSOD when boot up with -cpu Penryn 635853 - ptrace: the tracee can get the extra trap after PTRACE_DETACH 636291 - [LSI 6.1 bug] RHEL 6.0 iSCSI offload (cxgb3i) sessions do not log back in after several controller reset cycles [LSI CR184419] 636906 - 32bit compat vectored aio routines are broken 636994 - [NetApp 6.1 bug] SCSI ALUA handler fails to handle ALUA transitioning properly 637278 - Bug fixes to the 2.6.36 NFS Client 637279 - Bug fixes to the 2.6.36 NFS Server 637972 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere. 638133 - Panic when inserting tcrypt in fips mode 638176 - Replies to broadcast SNMP and NetBIOS queries are dropped 638269 - NFS4 clients cannot reclaim locks after server reboot 638657 - GFS2 fatal: filesystem consistency error on rename 639815 - Ensure we detect removed symbols in check-kabi 640690 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover 641315 - Backport upstream cacheing fix for optimizing reads from /proc/vmcore 642206 - /proc/bus/usb/devices formatting error 643236 - iscsi: get nopout and conn errors. 643237 - [NetApp 6.1 bug] regression: allow offlined devs to be set to running 643290 - sysctl: bad user of proc_doulongvec_minmax() can oops the kernel 643750 - virtio_console driver never returns from selecting for write when the queue is full 643751 - writing to a virtio serial port while no one is listening on the host side hangs the guest 644903 - Kernel divide by zero in find_busiest_group 644987 - Enable extraction of hugepage pfn(s) from /proc//pagemap 645287 - [PATCH] fix size checks for mmap() on /proc/bus/pci files 645793 - Backport support for TCP thin-streams 645800 - Expose hw packet timestamps to network packet capture utilities - backport from 2.6.36 645824 - ext4: Don't error out the fs if the user tries to make a file too big 645898 - [6.1 FEAT] Port KVM bug fixes for cr_access to RHEL 6 646223 - cifs: multiuser mount support 646369 - [kvm] VIRT-IO NIC state is reported as 'unknown' on vm running over RHEL6 host 646384 - kernel BUG at mm/migrate.c:113! 646498 - [6.0] write system call returns with 0 when it should return with EFBIG. 646505 - Kernel warning at boot: i7core_edac: probe of 0000:80:14.0 failed with error -22 647334 - Allow KSM to split hugepages 647367 - kvm: guest stale memory after migration 647440 - install_process_keyring() may return wrong error code 648632 - ext4: writeback performance fixes 649248 - ethtool: Provide a default implementation of ethtool_ops::get_drvinfo 651005 - Excessive fpu swap entering and exiting kvm from host userspace 651021 - Enable discard/UNMAP/WRITE_SAME for enterprise class arrays 651332 - RHEL6.1: EHCI: AMD periodic frame list table quirk 651373 - NULL pointer dereference in reading vs. truncating race 651584 - GFS2: BUG_ON kernel panic in gfs2_glock_hold on 2.6.18-226 651639 - On AMD host, running an F14 guest with 2 cores assigned hangs for "a long time" (several 10's of minutes) at start of boot 651865 - cifs: bug fixes for 6.1 651878 - cifs: mfsymlinks support 652013 - If EXT4_EXTENTS_FL flag is not set, the max file size of write() is different than seek(). 652371 - temporary loss of path to SAN results in persistent EIO with msync 653066 - Upgrading NFS client to 2.6.37 release 653068 - Upgrading NFS server to 2.6.37 release 653245 - kernel: restrict unprivileged access to kernel syslog [rhel-6.1] 654532 - Guest BSOD during installation 654665 - EFI/UEFI page table initialization is incorrect for x86_64 in physical mode. 655231 - kernel 2.6.32-84.el6 breaks systemtap 655521 - e1000 driver tracebacks when running under VMware ESX4 655718 - Win2008 and Win7 fail to load files at the beginning of installation 655875 - jbd2_stats_proc_init has wrong location. 655889 - kabitool blocks custom kernel builds when kernel version > 2.6.18-53.1.21.el5 655935 - [Emulex 6.1] Update lpfc driver to 8.3.5.28 656042 - [RFE] Include autogroup patch to aid in automatic creation of cgroups 656461 - cifs: fix problems with filehandle management and reporting of writeback errors 656835 - Memory leak in virtio-console driver if driver probe routine fails 656939 - GFS2: [RFE] glock scalability patches 657261 - Guest kernels need 'noapic' to get kexec working with virtio-blk 657303 - CVE-2010-4251 kernel: unlimited socket backlog DoS 657553 - [xfstests 243] ext4 incosistency with EOFBLOCK_FL 658248 - [Emulex 6.1 feat] add BSG and FC Transport patches from Upstream 658437 - guest kernel panic when transfering file from host to guest during migration 658482 - block IO controller: Allow creation of cgroup hierarchies 658518 - neighbour update causes an Oops when using tunnel device 658590 - GFS2: Use 512 B block sizes to communicate with userland quota tools 659119 - khugepaged numa memcg minor memleak 659137 - GFS2: Kernel changes necessary to allow growing completely full filesystems. 659480 - UV: WAR for interrupt-IOPort deadlock 660674 - (Mellanox) Add CX3 PCI IDs to mlx4 driver 660680 - iw_cxgb3 advertises incorrect max cq depth causing stalls on large MPI clusters 661048 - fsck.gfs2 reported statfs error after gfs2_grow 661172 - MCP55 message on screen at boot even with quiet 662125 - lldpad is generating selinux errors on 6.0-RC-4. 662589 - nfs4 callback from client returned to wrong address 662660 - OS halt on the login screen 662782 - Bug fixes to the 2.6.37 NFS Client 663042 - gfs2 FIEMAP oops 663119 - [Emulex 6.1 feat] Update lpfc driver to 8.3.5.30 663222 - [Cisco 6.1 bug] Fix memory leak in fnic and bump version to 1.5.0.1 663280 - Update drivers/media to 2.6.38 codebase 663448 - Bug fixes to the 2.6.37 NFS Server 663538 - Add AES to CPUID ext_features recognized by kvm.. 663749 - Btrfs: update to latest upstream 663755 - RHEL6 Xen domU freeze after migrate to lower (MHz) CPU 663864 - kernel: restrict access to /proc/kcore to just elf headers [rhel-6.1] 663994 - kernels don't build on make-3.82 664364 - [6.0] System reset when changing EFI variable on large memory system 664772 - THP updates from -mm 665110 - System panic in pskb_expand_head When arp_validate option is specified in bonding ARP monitor mode 665169 - kexec: limit root to call kexec_load() 665360 - vhost-net/kvm lacks fixes/optimizations in net-next as of Dec 23 665970 - KVM crashes inside SeaBIOS when attempting to boot MS-DOS 666264 - ftrace: kernel/trace/ring_buffer.c:1987 rb_reserve_next_event 667186 - Add upstream performance enhancement to reduce time page fault handler holds mmap_sem semaphore. 667281 - Bug for patches outside AGP/DRM required for AGP/DRM backport. 667328 - lib: fix vscnprintf() if @size is == 0 667340 - kexec: Make sure to stop all CPUs before exiting the kernel 667354 - PV cdrom should be disabled on HVM guests 667356 - xen: unplug the emulated devices at resume time 667359 - forward port xen pvops changes for evtchn 667361 - xenfs: enable for HVM domains too 667654 - cifs.upcall not called when mounting second CIFS share from same server using different krb5 credentials 667661 - [NetApp 6.1 Bug] Include new NetApp PID entry to the alua_dev_list array in the ALUA hardware handler 667686 - update Documentation/vm/page-types.c to latest upstream 668114 - fcoe fails to login with Cisco Eaglehawk switch firmware on VFC shut/no shut 668340 - NUMA is not recognized for nec-em25.rhts.eng.bos.redhat.com 668478 - PCI sysfs rom file needs owner write access 668825 - Server cannot boot with kernel-2.6.32-85 668915 - setfacl does not update ctime when changing file permission on ext3/4 669252 - [XEN]RHEL6 guest fail to save/restore 669272 - xfs: need upstream unaligned aio/dio data corruption fixes 669373 - ath9k: inconsistent lock state 669418 - khugepaged blocking on page locks 669737 - net: add receive functions that return GRO result codes 669749 - netif_vdbg() is broken, does not compile if VERBOSE_DEBUG is not defined 669773 - disable NUMA for Xen PV guests 669787 - Additional upstream functions that make backporting easier 669813 - [Broadcom 6.1 feat] bnx2: Update firmware to 6.2.1+ 669877 - GFS2: Blocks not marked free on delete 670063 - pages stuck in ksm pages_volatile 670572 - [NetApp 6.0 Bug] Erroneous TPG ID check in SCSI ALUA Handler 670734 - kernel panic at __rpc_create_common() when mounting nfs 670907 - [RHEL6.1][Kernel] BUG: unable to handle kernel NULL pointer dereference, IP: [] get_rps_cpu+0x290/0x340 671147 - xen 64-bit PV guests fail to save-restore with kernels >= -95 671161 - xen microcode WARN on save-restore 671267 - GFS2: allow gfs2 to update quota usage through quotactl 671477 - [RHEL6.1] possible vmalloc_sync_all() bug 672234 - add POLLPRI to sock_def_readable() 672305 - Repeatable NFS mount hang 672600 - GFS2: recovery stuck on transaction lock 672844 - section mismatch due to wrong annotation of hugetlb_sysfs_add_hstate() 672937 - backport set_iounmap_nonlazy() to speedup reading of /proc/vmcore 673496 - DOMU-HVM FULLVIRT Guest issue 673532 - sfc: the rss_cpus module parameter is ignored 674064 - [RHEL6] panic in scsi_init_io() during connectathon 674147 - SPECsfs NFS V3 workload on RHEL6 running kernels 2.6.32-85 have a massive performance regression due to compact-kswap behavior 674286 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock 674409 - usb: latest xhci fixes 675102 - kernel-headers 2.6.32-112.el6 broken 675270 - GFS2: Fails to clear glocks during unmount 675294 - [RHEL6.1] s/390x hang while running LTP test 675299 - 'tail -f' waits forever for inotify 675304 - Fix potential deadlock in intel-iommu 675745 - GFS2: panics on quotacheck update 675815 - Back port Bug fixes from the 2.6.38 NFS Client to the RHEL6 Client 675998 - /dev/crash does not require CAP_SYS_RAWIO for access 676009 - xen fix save/restore: unmask event channel for IRQF_TIMER 676099 - ip_gre module throws slab corruption errors upon removal from the kernel 676134 - [Cisco 6.1 Bug Fix] enic: Update enic driver to latest upstream version 2.1.1.10 676346 - drivers/xen/events.c clean up section mismatch warning 676579 - virtio_net: missing schedule on oom 676875 - ixgbe: update to 3.0.12-k2 causing a panic on boot 676948 - [RFE][6.1] sched: Try not to migrate higher priority RT tasks 677314 - system_reset cause KVM internal error. Suberror: 2 677532 - [kdump] WARNING: at kernel/watchdog.c:229 watchdog_overflow_callback+0xa9/0xd0() (Not tainted 677786 - Panic in get_rps_cpu+0x1ad/0x320 on kvm guest when attempting to run LTP containers test. 678067 - qeth: allow channel path changes in recovery 678209 - CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack 678357 - online disk resizing may cause data corruption 678429 - [RHEL6.1] [Kernel] When booting previous kernel we are missing the firmware 679002 - Wifi connection speed is very slow (intel PRO/Wireless 3945ABG), caused by plcp check 679021 - semantic difference between mapped file counters of memcg and global VM 679025 - memcg: upstream backport of various race condition fixes 679096 - md: Do not replace request queue lock internally 679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables 679514 - qeth: remove needless IPA-commands in offline 680105 - [ext4/xfstests] kernel BUG at fs/jbd2/transaction.c:1027! 680126 - kernel: BUG: warning at drivers/char/tty_audit.c:55/tty_audit_buf_free() 680140 - emc_clariion error handler panics with multiple failures 680345 - CVE-2011-1023 kernel: BUG_ON() in rds_send_xmit() 681017 - 82576 stuck after PCI AER error 681133 - RHEL 5.6 32bit SMP guest hang at boot up 681306 - tape: deadlock on global work queue 681360 - block IO controller: Do not use kblockd workqueue for throttle work 681439 - [ext4/xfstests] 133 task blocked for more than 120 seconds 681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures 682110 - kdump dont't work on megaraid_sas 682265 - [RHEL 6] libsas: flush initial device discovery before completing ->scan_finished() 682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab 682726 - fix skb leak in iwlwifi 682742 - iwlagn: Support new 5000 microcode 682831 - Bad ext4 sync performance on 16 TB GPT partition 682951 - GFS2: umount stuck on gfs2_gl_hash_clear 683073 - page_referenced() sometime ignores young bits with THP 684008 - pE for /sbin/init has special logic that makes it unboundable 684705 - missed unlock_page() in gfs2_write_begin() 684719 - Windows guests hang when rebooting with kernel-2.6.32-121.el6 684816 - occasional NVS 3100 X server lockups 684957 - RHEL6.1-Alpha: kABI breakage on UV 685161 - memcg: premature oom-kill with transparent huge pages 687918 - thp+memcg-numa: fix BUG at include/linux/mm.h:370! 687921 - nfsv4 server leaking struct file on every lock operation 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 688547 - RHEL6.1-20110316.1 dell-pe2800 NMI received for unknown reason 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 689551 - cfq-iosched: Fix a potential crash upon frequent group weight change 689566 - mark drivers as tech preview 690224 - Veritas SF 5.1 disagrees about version of symbol aio_complete 690754 - NFS4 with sec=krb5 does not work with 6.1 beta 690865 - kernel BUG at drivers/gpu/drm/i915/i915_gem.c:4238! 690900 - slab corruption after seeing some nfs-related BUG: warning 690921 - Fix compaction deadlock with SLUB and loop over tmpfs 691339 - RHEL6.1 HVM guest with hda+hdc or hdb+hdd crashes; plus hdb/hdd are mapped incorrectly to xvde 692515 - sha512hmac expects different checksum, fails on PPC64 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695585 - [regression] fix be2iscsi rmmod 696029 - CVE-2011-1581 kernel: bonding: Incorrect TX queue offset 696275 - [Broadcom 6.1 feat] Support bnx2i hba-mode and non-hba mode for boot in kernel 696337 - Bond interface flapping and increasing rx_missed_errors 696376 - server BUG() on receipt of bad NFSv4 lock request 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm i386: kernel-2.6.32-131.0.15.el6.i686.rpm kernel-debug-2.6.32-131.0.15.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm kernel-devel-2.6.32-131.0.15.el6.i686.rpm kernel-headers-2.6.32-131.0.15.el6.i686.rpm perf-2.6.32-131.0.15.el6.i686.rpm perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm noarch: kernel-doc-2.6.32-131.0.15.el6.noarch.rpm kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm x86_64: kernel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm perf-2.6.32-131.0.15.el6.x86_64.rpm perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm noarch: kernel-doc-2.6.32-131.0.15.el6.noarch.rpm kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm x86_64: kernel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm perf-2.6.32-131.0.15.el6.x86_64.rpm perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm i386: kernel-2.6.32-131.0.15.el6.i686.rpm kernel-debug-2.6.32-131.0.15.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm kernel-devel-2.6.32-131.0.15.el6.i686.rpm kernel-headers-2.6.32-131.0.15.el6.i686.rpm perf-2.6.32-131.0.15.el6.i686.rpm perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm noarch: kernel-doc-2.6.32-131.0.15.el6.noarch.rpm kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm ppc64: kernel-2.6.32-131.0.15.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.0.15.el6.ppc64.rpm kernel-debug-2.6.32-131.0.15.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.0.15.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.0.15.el6.ppc64.rpm kernel-devel-2.6.32-131.0.15.el6.ppc64.rpm kernel-headers-2.6.32-131.0.15.el6.ppc64.rpm perf-2.6.32-131.0.15.el6.ppc64.rpm perf-debuginfo-2.6.32-131.0.15.el6.ppc64.rpm s390x: kernel-2.6.32-131.0.15.el6.s390x.rpm kernel-debug-2.6.32-131.0.15.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.s390x.rpm kernel-debug-devel-2.6.32-131.0.15.el6.s390x.rpm kernel-debuginfo-2.6.32-131.0.15.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.0.15.el6.s390x.rpm kernel-devel-2.6.32-131.0.15.el6.s390x.rpm kernel-headers-2.6.32-131.0.15.el6.s390x.rpm kernel-kdump-2.6.32-131.0.15.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.0.15.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.0.15.el6.s390x.rpm perf-2.6.32-131.0.15.el6.s390x.rpm perf-debuginfo-2.6.32-131.0.15.el6.s390x.rpm x86_64: kernel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm perf-2.6.32-131.0.15.el6.x86_64.rpm perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.0.15.el6.src.rpm i386: kernel-2.6.32-131.0.15.el6.i686.rpm kernel-debug-2.6.32-131.0.15.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debug-devel-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-2.6.32-131.0.15.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.0.15.el6.i686.rpm kernel-devel-2.6.32-131.0.15.el6.i686.rpm kernel-headers-2.6.32-131.0.15.el6.i686.rpm perf-2.6.32-131.0.15.el6.i686.rpm perf-debuginfo-2.6.32-131.0.15.el6.i686.rpm noarch: kernel-doc-2.6.32-131.0.15.el6.noarch.rpm kernel-firmware-2.6.32-131.0.15.el6.noarch.rpm x86_64: kernel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.0.15.el6.x86_64.rpm kernel-devel-2.6.32-131.0.15.el6.x86_64.rpm kernel-headers-2.6.32-131.0.15.el6.x86_64.rpm perf-2.6.32-131.0.15.el6.x86_64.rpm perf-debuginfo-2.6.32-131.0.15.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4251.html https://www.redhat.com/security/data/cve/CVE-2011-0999.html https://www.redhat.com/security/data/cve/CVE-2011-1010.html https://www.redhat.com/security/data/cve/CVE-2011-1023.html https://www.redhat.com/security/data/cve/CVE-2011-1082.html https://www.redhat.com/security/data/cve/CVE-2011-1090.html https://www.redhat.com/security/data/cve/CVE-2011-1163.html https://www.redhat.com/security/data/cve/CVE-2011-1170.html https://www.redhat.com/security/data/cve/CVE-2011-1171.html https://www.redhat.com/security/data/cve/CVE-2011-1172.html https://www.redhat.com/security/data/cve/CVE-2011-1494.html https://www.redhat.com/security/data/cve/CVE-2011-1495.html https://www.redhat.com/security/data/cve/CVE-2011-1581.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Release_Notes/index.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.1_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1QkdXlSAg2UNWIIRAhHgAJkB4GapVEpsipKlOJSB0yGXSL4mvQCggcJX JghBB2a5H0tlXvtvBrmcZ6s= =KPsX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:16:45 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:16:45 +0000 Subject: [RHSA-2011:0545-01] Low: squid security and bug fix update Message-ID: <201105191216.p4JCGjDe031854@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: squid security and bug fix update Advisory ID: RHSA-2011:0545-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0545.html Issue date: 2011-05-19 CVE Names: CVE-2010-3072 ===================================================================== 1. Summary: An updated squid package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially-crafted request. (CVE-2010-3072) This update also fixes the following bugs: * A small memory leak in Squid caused multiple "ctx: enter level" messages to be logged to "/var/log/squid/cache.log". This update resolves the memory leak. (BZ#666533) * This erratum upgrades Squid to upstream version 3.1.10. This upgraded version supports the Google Instant service and introduces various code improvements. (BZ#639365) Users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630444 - CVE-2010-3072 Squid: Denial of service due internal error in string handling (SQUID-2010:3) 639365 - Rebase squid to version 3.1.10 666533 - small memleak in squid-3.1.4 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6.src.rpm i386: squid-3.1.10-1.el6.i686.rpm squid-debuginfo-3.1.10-1.el6.i686.rpm ppc64: squid-3.1.10-1.el6.ppc64.rpm squid-debuginfo-3.1.10-1.el6.ppc64.rpm s390x: squid-3.1.10-1.el6.s390x.rpm squid-debuginfo-3.1.10-1.el6.s390x.rpm x86_64: squid-3.1.10-1.el6.x86_64.rpm squid-debuginfo-3.1.10-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6.src.rpm i386: squid-3.1.10-1.el6.i686.rpm squid-debuginfo-3.1.10-1.el6.i686.rpm x86_64: squid-3.1.10-1.el6.x86_64.rpm squid-debuginfo-3.1.10-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3072.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1QoVXlSAg2UNWIIRAus+AJ9KG64p9VxJTdV0rL1nV2EmGfd1dgCeJv+d n0b5YLJ5FOoorECMonve9XE= =r2vM -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:18:28 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:18:28 +0000 Subject: [RHSA-2011:0554-01] Moderate: python security, bug fix, and enhancement update Message-ID: <201105191218.p4JCISml020500@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security, bug fix, and enhancement update Advisory ID: RHSA-2011:0554-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0554.html Issue date: 2011-05-19 CVE Names: CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 ===================================================================== 1. Summary: Updated python packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) This erratum also upgrades Python to upstream version 2.6.6, and includes a number of bug fixes and enhancements. Documentation for these bug fixes and enhancements is available from the Technical Notes document, linked to in the References section. All users of Python are advised to upgrade to these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 603073 - python >>> help() >>> modules command traceback when used without DISPLAY 614680 - Try to print repr() when a fatal garbage collection assertion fails 625393 - adjust test_commands unit test to the updated output of the ls command 625395 - include the tests/data directory in the python-test rpm 626756 - test_dbm fails on ppc64 & s390x 627301 - Rebase python from 2.6.5 to 2.6.6 in RHEL 6.1 632200 - CVE-2010-3493 Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129) 634944 - rpmlint errors and warnings 639392 - Generating python backtrace with "py-bt" fails with a traceback 649274 - Infinite recursion in urllib2 on basicauth failure 650588 - subprocess fails in select when descriptors are large (rhel6) 669847 - urllib2's AbstractBasicAuthHandler is limited to 6 requests 680094 - CVE-2011-1015 python (CGIHTTPServer): CGI script source code disclosure 684991 - python update causes rhythmbox to crash 690315 - python occasionally fails to build on machines with more than one core 690560 - CVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-20.el6.src.rpm i386: python-2.6.6-20.el6.i686.rpm python-debuginfo-2.6.6-20.el6.i686.rpm python-libs-2.6.6-20.el6.i686.rpm tkinter-2.6.6-20.el6.i686.rpm x86_64: python-2.6.6-20.el6.x86_64.rpm python-debuginfo-2.6.6-20.el6.x86_64.rpm python-libs-2.6.6-20.el6.x86_64.rpm tkinter-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-20.el6.src.rpm i386: python-debuginfo-2.6.6-20.el6.i686.rpm python-devel-2.6.6-20.el6.i686.rpm python-test-2.6.6-20.el6.i686.rpm python-tools-2.6.6-20.el6.i686.rpm x86_64: python-debuginfo-2.6.6-20.el6.x86_64.rpm python-devel-2.6.6-20.el6.x86_64.rpm python-test-2.6.6-20.el6.x86_64.rpm python-tools-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-20.el6.src.rpm x86_64: python-2.6.6-20.el6.x86_64.rpm python-debuginfo-2.6.6-20.el6.x86_64.rpm python-libs-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-20.el6.src.rpm x86_64: python-debuginfo-2.6.6-20.el6.x86_64.rpm python-devel-2.6.6-20.el6.x86_64.rpm python-test-2.6.6-20.el6.x86_64.rpm python-tools-2.6.6-20.el6.x86_64.rpm tkinter-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-20.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-docs-2.6.6-2.el6.src.rpm i386: python-2.6.6-20.el6.i686.rpm python-debuginfo-2.6.6-20.el6.i686.rpm python-devel-2.6.6-20.el6.i686.rpm python-libs-2.6.6-20.el6.i686.rpm tkinter-2.6.6-20.el6.i686.rpm noarch: python-docs-2.6.6-2.el6.noarch.rpm ppc64: python-2.6.6-20.el6.ppc64.rpm python-debuginfo-2.6.6-20.el6.ppc64.rpm python-devel-2.6.6-20.el6.ppc64.rpm python-libs-2.6.6-20.el6.ppc64.rpm tkinter-2.6.6-20.el6.ppc64.rpm s390x: python-2.6.6-20.el6.s390x.rpm python-debuginfo-2.6.6-20.el6.s390x.rpm python-devel-2.6.6-20.el6.s390x.rpm python-libs-2.6.6-20.el6.s390x.rpm x86_64: python-2.6.6-20.el6.x86_64.rpm python-debuginfo-2.6.6-20.el6.x86_64.rpm python-devel-2.6.6-20.el6.x86_64.rpm python-libs-2.6.6-20.el6.x86_64.rpm tkinter-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-20.el6.src.rpm i386: python-debuginfo-2.6.6-20.el6.i686.rpm python-test-2.6.6-20.el6.i686.rpm python-tools-2.6.6-20.el6.i686.rpm ppc64: python-debuginfo-2.6.6-20.el6.ppc64.rpm python-test-2.6.6-20.el6.ppc64.rpm python-tools-2.6.6-20.el6.ppc64.rpm s390x: python-debuginfo-2.6.6-20.el6.s390x.rpm python-test-2.6.6-20.el6.s390x.rpm python-tools-2.6.6-20.el6.s390x.rpm tkinter-2.6.6-20.el6.s390x.rpm x86_64: python-debuginfo-2.6.6-20.el6.x86_64.rpm python-test-2.6.6-20.el6.x86_64.rpm python-tools-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-20.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-docs-2.6.6-2.el6.src.rpm i386: python-2.6.6-20.el6.i686.rpm python-debuginfo-2.6.6-20.el6.i686.rpm python-devel-2.6.6-20.el6.i686.rpm python-libs-2.6.6-20.el6.i686.rpm tkinter-2.6.6-20.el6.i686.rpm noarch: python-docs-2.6.6-2.el6.noarch.rpm x86_64: python-2.6.6-20.el6.x86_64.rpm python-debuginfo-2.6.6-20.el6.x86_64.rpm python-devel-2.6.6-20.el6.x86_64.rpm python-libs-2.6.6-20.el6.x86_64.rpm tkinter-2.6.6-20.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-20.el6.src.rpm i386: python-debuginfo-2.6.6-20.el6.i686.rpm python-test-2.6.6-20.el6.i686.rpm python-tools-2.6.6-20.el6.i686.rpm x86_64: python-debuginfo-2.6.6-20.el6.x86_64.rpm python-test-2.6.6-20.el6.x86_64.rpm python-tools-2.6.6-20.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3493.html https://www.redhat.com/security/data/cve/CVE-2011-1015.html https://www.redhat.com/security/data/cve/CVE-2011-1521.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/python.html http://www.python.org/download/releases/2.6.6/NEWS.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qo8XlSAg2UNWIIRAiqyAJ9QP+xc6uNVsrvVNOqgs0XgxNn01wCff30f qbgNNQreEAiLlPKT2e2qSDY= =WT99 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:19:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:19:58 +0000 Subject: [RHSA-2011:0558-01] Moderate: perl security and bug fix update Message-ID: <201105191219.p4JCJx5k004575@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security and bug fix update Advisory ID: RHSA-2011:0558-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0558.html Issue date: 2011-05-19 CVE Names: CVE-2010-2761 CVE-2010-4410 CVE-2011-1487 ===================================================================== 1. Summary: Updated perl packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially-crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module's Changes file, linked to in the References, for a full list of changes. This update also fixes the following bugs: * When using the "threads" module, an attempt to send a signal to a thread that did not have a signal handler specified caused the perl interpreter to terminate unexpectedly with a segmentation fault. With this update, the "threads" module has been updated to upstream version 1.82, which fixes this bug. As a result, sending a signal to a thread that does not have the signal handler specified no longer causes perl to crash. (BZ#626330) * Prior to this update, the perl packages did not require the Digest::SHA module as a dependency. Consequent to this, when a user started the cpan command line interface and attempted to download a distribution from CPAN, they may have been presented with the following message: CPAN: checksum security checks disabled because Digest::SHA not installed. Please consider installing the Digest::SHA module. This update corrects the spec file for the perl package to require the perl-Digest-SHA package as a dependency, and cpan no longer displays the above message. (BZ#640716) * When using the "threads" module, continual creation and destruction of threads could cause the Perl program to consume an increasing amount of memory. With this update, the underlying source code has been corrected to free the allocated memory when a thread is destroyed, and the continual creation and destruction of threads in Perl programs no longer leads to memory leaks. (BZ#640720) * Due to a packaging error, the perl packages did not include the "NDBM_File" module. This update corrects this error, and "NDBM_File" is now included as expected. (BZ#640729) * Prior to this update, the prove(1) manual page and the "prove --help" command listed "--fork" as a valid command line option. However, version 3.17 of the Test::Harness distribution removed the support for the fork-based parallel testing, and the prove utility thus no longer supports this option. This update corrects both the manual page and the output of the "prove --help" command, so that "--fork" is no longer included in the list of available command line options. (BZ#609492) Users of Perl, especially those of Perl threads, are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 609492 - unknown option fork with prove 626330 - Sending signal to thread without signal handler in thread causes perl to segfault 640716 - Let perl-CPAN Require: perl(Digest::SHA) 640720 - Thread desctructor leaks 640729 - NDBM_File module is missing in perl core 658976 - perl-CGI, perl-CGI-Simple: CVE-2010-2761 - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting 692898 - CVE-2011-1487 perl: lc(), uc() routines are laundering tainted data 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm i386: perl-5.10.1-119.el6.i686.rpm perl-Archive-Extract-0.38-119.el6.i686.rpm perl-Archive-Tar-1.58-119.el6.i686.rpm perl-CGI-3.51-119.el6.i686.rpm perl-CPAN-1.9402-119.el6.i686.rpm perl-CPANPLUS-0.88-119.el6.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm perl-Compress-Zlib-2.020-119.el6.i686.rpm perl-Digest-SHA-5.47-119.el6.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm perl-ExtUtils-Embed-1.28-119.el6.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm perl-File-Fetch-0.26-119.el6.i686.rpm perl-IO-Compress-Base-2.020-119.el6.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm perl-IO-Zlib-1.09-119.el6.i686.rpm perl-IPC-Cmd-0.56-119.el6.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm perl-Log-Message-0.02-119.el6.i686.rpm perl-Log-Message-Simple-0.04-119.el6.i686.rpm perl-Module-Build-0.3500-119.el6.i686.rpm perl-Module-CoreList-2.18-119.el6.i686.rpm perl-Module-Load-0.16-119.el6.i686.rpm perl-Module-Load-Conditional-0.30-119.el6.i686.rpm perl-Module-Loaded-0.02-119.el6.i686.rpm perl-Module-Pluggable-3.90-119.el6.i686.rpm perl-Object-Accessor-0.34-119.el6.i686.rpm perl-Package-Constants-0.02-119.el6.i686.rpm perl-Params-Check-0.26-119.el6.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm perl-Pod-Escapes-1.04-119.el6.i686.rpm perl-Pod-Simple-3.13-119.el6.i686.rpm perl-Term-UI-0.20-119.el6.i686.rpm perl-Test-Harness-3.17-119.el6.i686.rpm perl-Test-Simple-0.92-119.el6.i686.rpm perl-Time-HiRes-1.9721-119.el6.i686.rpm perl-Time-Piece-1.15-119.el6.i686.rpm perl-core-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-parent-0.221-119.el6.i686.rpm perl-suidperl-5.10.1-119.el6.i686.rpm perl-version-0.77-119.el6.i686.rpm x86_64: perl-5.10.1-119.el6.x86_64.rpm perl-Archive-Extract-0.38-119.el6.x86_64.rpm perl-Archive-Tar-1.58-119.el6.x86_64.rpm perl-CGI-3.51-119.el6.x86_64.rpm perl-CPAN-1.9402-119.el6.x86_64.rpm perl-CPANPLUS-0.88-119.el6.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm perl-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-Digest-SHA-5.47-119.el6.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm perl-File-Fetch-0.26-119.el6.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-IO-Zlib-1.09-119.el6.x86_64.rpm perl-IPC-Cmd-0.56-119.el6.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm perl-Log-Message-0.02-119.el6.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm perl-Module-Build-0.3500-119.el6.x86_64.rpm perl-Module-CoreList-2.18-119.el6.x86_64.rpm perl-Module-Load-0.16-119.el6.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm perl-Module-Loaded-0.02-119.el6.x86_64.rpm perl-Module-Pluggable-3.90-119.el6.x86_64.rpm perl-Object-Accessor-0.34-119.el6.x86_64.rpm perl-Package-Constants-0.02-119.el6.x86_64.rpm perl-Params-Check-0.26-119.el6.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm perl-Pod-Escapes-1.04-119.el6.x86_64.rpm perl-Pod-Simple-3.13-119.el6.x86_64.rpm perl-Term-UI-0.20-119.el6.x86_64.rpm perl-Test-Harness-3.17-119.el6.x86_64.rpm perl-Test-Simple-0.92-119.el6.x86_64.rpm perl-Time-HiRes-1.9721-119.el6.x86_64.rpm perl-Time-Piece-1.15-119.el6.x86_64.rpm perl-core-5.10.1-119.el6.x86_64.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.x86_64.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.x86_64.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.x86_64.rpm perl-parent-0.221-119.el6.x86_64.rpm perl-suidperl-5.10.1-119.el6.x86_64.rpm perl-version-0.77-119.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm x86_64: perl-5.10.1-119.el6.x86_64.rpm perl-Archive-Extract-0.38-119.el6.x86_64.rpm perl-Archive-Tar-1.58-119.el6.x86_64.rpm perl-CGI-3.51-119.el6.x86_64.rpm perl-CPAN-1.9402-119.el6.x86_64.rpm perl-CPANPLUS-0.88-119.el6.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm perl-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-Digest-SHA-5.47-119.el6.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm perl-File-Fetch-0.26-119.el6.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-IO-Zlib-1.09-119.el6.x86_64.rpm perl-IPC-Cmd-0.56-119.el6.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm perl-Log-Message-0.02-119.el6.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm perl-Module-Build-0.3500-119.el6.x86_64.rpm perl-Module-CoreList-2.18-119.el6.x86_64.rpm perl-Module-Load-0.16-119.el6.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm perl-Module-Loaded-0.02-119.el6.x86_64.rpm perl-Module-Pluggable-3.90-119.el6.x86_64.rpm perl-Object-Accessor-0.34-119.el6.x86_64.rpm perl-Package-Constants-0.02-119.el6.x86_64.rpm perl-Params-Check-0.26-119.el6.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm perl-Pod-Escapes-1.04-119.el6.x86_64.rpm perl-Pod-Simple-3.13-119.el6.x86_64.rpm perl-Term-UI-0.20-119.el6.x86_64.rpm perl-Test-Harness-3.17-119.el6.x86_64.rpm perl-Test-Simple-0.92-119.el6.x86_64.rpm perl-Time-HiRes-1.9721-119.el6.x86_64.rpm perl-Time-Piece-1.15-119.el6.x86_64.rpm perl-core-5.10.1-119.el6.x86_64.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.x86_64.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.x86_64.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.x86_64.rpm perl-parent-0.221-119.el6.x86_64.rpm perl-suidperl-5.10.1-119.el6.x86_64.rpm perl-version-0.77-119.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm i386: perl-5.10.1-119.el6.i686.rpm perl-Archive-Extract-0.38-119.el6.i686.rpm perl-Archive-Tar-1.58-119.el6.i686.rpm perl-CGI-3.51-119.el6.i686.rpm perl-CPAN-1.9402-119.el6.i686.rpm perl-CPANPLUS-0.88-119.el6.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm perl-Compress-Zlib-2.020-119.el6.i686.rpm perl-Digest-SHA-5.47-119.el6.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm perl-ExtUtils-Embed-1.28-119.el6.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm perl-File-Fetch-0.26-119.el6.i686.rpm perl-IO-Compress-Base-2.020-119.el6.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm perl-IO-Zlib-1.09-119.el6.i686.rpm perl-IPC-Cmd-0.56-119.el6.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm perl-Log-Message-0.02-119.el6.i686.rpm perl-Log-Message-Simple-0.04-119.el6.i686.rpm perl-Module-Build-0.3500-119.el6.i686.rpm perl-Module-CoreList-2.18-119.el6.i686.rpm perl-Module-Load-0.16-119.el6.i686.rpm perl-Module-Load-Conditional-0.30-119.el6.i686.rpm perl-Module-Loaded-0.02-119.el6.i686.rpm perl-Module-Pluggable-3.90-119.el6.i686.rpm perl-Object-Accessor-0.34-119.el6.i686.rpm perl-Package-Constants-0.02-119.el6.i686.rpm perl-Params-Check-0.26-119.el6.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm perl-Pod-Escapes-1.04-119.el6.i686.rpm perl-Pod-Simple-3.13-119.el6.i686.rpm perl-Term-UI-0.20-119.el6.i686.rpm perl-Test-Harness-3.17-119.el6.i686.rpm perl-Test-Simple-0.92-119.el6.i686.rpm perl-Time-HiRes-1.9721-119.el6.i686.rpm perl-Time-Piece-1.15-119.el6.i686.rpm perl-core-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-parent-0.221-119.el6.i686.rpm perl-suidperl-5.10.1-119.el6.i686.rpm perl-version-0.77-119.el6.i686.rpm ppc64: perl-5.10.1-119.el6.ppc64.rpm perl-Archive-Extract-0.38-119.el6.ppc64.rpm perl-Archive-Tar-1.58-119.el6.ppc64.rpm perl-CGI-3.51-119.el6.ppc64.rpm perl-CPAN-1.9402-119.el6.ppc64.rpm perl-CPANPLUS-0.88-119.el6.ppc64.rpm perl-Compress-Raw-Zlib-2.023-119.el6.ppc64.rpm perl-Compress-Zlib-2.020-119.el6.ppc64.rpm perl-Digest-SHA-5.47-119.el6.ppc64.rpm perl-ExtUtils-CBuilder-0.27-119.el6.ppc64.rpm perl-ExtUtils-Embed-1.28-119.el6.ppc64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.ppc64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.ppc64.rpm perl-File-Fetch-0.26-119.el6.ppc64.rpm perl-IO-Compress-Base-2.020-119.el6.ppc64.rpm perl-IO-Compress-Zlib-2.020-119.el6.ppc64.rpm perl-IO-Zlib-1.09-119.el6.ppc64.rpm perl-IPC-Cmd-0.56-119.el6.ppc64.rpm perl-Locale-Maketext-Simple-0.18-119.el6.ppc64.rpm perl-Log-Message-0.02-119.el6.ppc64.rpm perl-Log-Message-Simple-0.04-119.el6.ppc64.rpm perl-Module-Build-0.3500-119.el6.ppc64.rpm perl-Module-CoreList-2.18-119.el6.ppc64.rpm perl-Module-Load-0.16-119.el6.ppc64.rpm perl-Module-Load-Conditional-0.30-119.el6.ppc64.rpm perl-Module-Loaded-0.02-119.el6.ppc64.rpm perl-Module-Pluggable-3.90-119.el6.ppc64.rpm perl-Object-Accessor-0.34-119.el6.ppc64.rpm perl-Package-Constants-0.02-119.el6.ppc64.rpm perl-Params-Check-0.26-119.el6.ppc64.rpm perl-Parse-CPAN-Meta-1.40-119.el6.ppc64.rpm perl-Pod-Escapes-1.04-119.el6.ppc64.rpm perl-Pod-Simple-3.13-119.el6.ppc64.rpm perl-Term-UI-0.20-119.el6.ppc64.rpm perl-Test-Harness-3.17-119.el6.ppc64.rpm perl-Test-Simple-0.92-119.el6.ppc64.rpm perl-Time-HiRes-1.9721-119.el6.ppc64.rpm perl-Time-Piece-1.15-119.el6.ppc64.rpm perl-core-5.10.1-119.el6.ppc64.rpm perl-debuginfo-5.10.1-119.el6.ppc.rpm perl-debuginfo-5.10.1-119.el6.ppc64.rpm perl-devel-5.10.1-119.el6.ppc.rpm perl-devel-5.10.1-119.el6.ppc64.rpm perl-libs-5.10.1-119.el6.ppc.rpm perl-libs-5.10.1-119.el6.ppc64.rpm perl-parent-0.221-119.el6.ppc64.rpm perl-suidperl-5.10.1-119.el6.ppc64.rpm perl-version-0.77-119.el6.ppc64.rpm s390x: perl-5.10.1-119.el6.s390x.rpm perl-Archive-Extract-0.38-119.el6.s390x.rpm perl-Archive-Tar-1.58-119.el6.s390x.rpm perl-CGI-3.51-119.el6.s390x.rpm perl-CPAN-1.9402-119.el6.s390x.rpm perl-CPANPLUS-0.88-119.el6.s390x.rpm perl-Compress-Raw-Zlib-2.023-119.el6.s390x.rpm perl-Compress-Zlib-2.020-119.el6.s390x.rpm perl-Digest-SHA-5.47-119.el6.s390x.rpm perl-ExtUtils-CBuilder-0.27-119.el6.s390x.rpm perl-ExtUtils-Embed-1.28-119.el6.s390x.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.s390x.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.s390x.rpm perl-File-Fetch-0.26-119.el6.s390x.rpm perl-IO-Compress-Base-2.020-119.el6.s390x.rpm perl-IO-Compress-Zlib-2.020-119.el6.s390x.rpm perl-IO-Zlib-1.09-119.el6.s390x.rpm perl-IPC-Cmd-0.56-119.el6.s390x.rpm perl-Locale-Maketext-Simple-0.18-119.el6.s390x.rpm perl-Log-Message-0.02-119.el6.s390x.rpm perl-Log-Message-Simple-0.04-119.el6.s390x.rpm perl-Module-Build-0.3500-119.el6.s390x.rpm perl-Module-CoreList-2.18-119.el6.s390x.rpm perl-Module-Load-0.16-119.el6.s390x.rpm perl-Module-Load-Conditional-0.30-119.el6.s390x.rpm perl-Module-Loaded-0.02-119.el6.s390x.rpm perl-Module-Pluggable-3.90-119.el6.s390x.rpm perl-Object-Accessor-0.34-119.el6.s390x.rpm perl-Package-Constants-0.02-119.el6.s390x.rpm perl-Params-Check-0.26-119.el6.s390x.rpm perl-Parse-CPAN-Meta-1.40-119.el6.s390x.rpm perl-Pod-Escapes-1.04-119.el6.s390x.rpm perl-Pod-Simple-3.13-119.el6.s390x.rpm perl-Term-UI-0.20-119.el6.s390x.rpm perl-Test-Harness-3.17-119.el6.s390x.rpm perl-Test-Simple-0.92-119.el6.s390x.rpm perl-Time-HiRes-1.9721-119.el6.s390x.rpm perl-Time-Piece-1.15-119.el6.s390x.rpm perl-core-5.10.1-119.el6.s390x.rpm perl-debuginfo-5.10.1-119.el6.s390.rpm perl-debuginfo-5.10.1-119.el6.s390x.rpm perl-devel-5.10.1-119.el6.s390.rpm perl-devel-5.10.1-119.el6.s390x.rpm perl-libs-5.10.1-119.el6.s390.rpm perl-libs-5.10.1-119.el6.s390x.rpm perl-parent-0.221-119.el6.s390x.rpm perl-suidperl-5.10.1-119.el6.s390x.rpm perl-version-0.77-119.el6.s390x.rpm x86_64: perl-5.10.1-119.el6.x86_64.rpm perl-Archive-Extract-0.38-119.el6.x86_64.rpm perl-Archive-Tar-1.58-119.el6.x86_64.rpm perl-CGI-3.51-119.el6.x86_64.rpm perl-CPAN-1.9402-119.el6.x86_64.rpm perl-CPANPLUS-0.88-119.el6.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm perl-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-Digest-SHA-5.47-119.el6.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm perl-File-Fetch-0.26-119.el6.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-IO-Zlib-1.09-119.el6.x86_64.rpm perl-IPC-Cmd-0.56-119.el6.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm perl-Log-Message-0.02-119.el6.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm perl-Module-Build-0.3500-119.el6.x86_64.rpm perl-Module-CoreList-2.18-119.el6.x86_64.rpm perl-Module-Load-0.16-119.el6.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm perl-Module-Loaded-0.02-119.el6.x86_64.rpm perl-Module-Pluggable-3.90-119.el6.x86_64.rpm perl-Object-Accessor-0.34-119.el6.x86_64.rpm perl-Package-Constants-0.02-119.el6.x86_64.rpm perl-Params-Check-0.26-119.el6.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm perl-Pod-Escapes-1.04-119.el6.x86_64.rpm perl-Pod-Simple-3.13-119.el6.x86_64.rpm perl-Term-UI-0.20-119.el6.x86_64.rpm perl-Test-Harness-3.17-119.el6.x86_64.rpm perl-Test-Simple-0.92-119.el6.x86_64.rpm perl-Time-HiRes-1.9721-119.el6.x86_64.rpm perl-Time-Piece-1.15-119.el6.x86_64.rpm perl-core-5.10.1-119.el6.x86_64.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.x86_64.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.x86_64.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.x86_64.rpm perl-parent-0.221-119.el6.x86_64.rpm perl-suidperl-5.10.1-119.el6.x86_64.rpm perl-version-0.77-119.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perl-5.10.1-119.el6.src.rpm i386: perl-5.10.1-119.el6.i686.rpm perl-Archive-Extract-0.38-119.el6.i686.rpm perl-Archive-Tar-1.58-119.el6.i686.rpm perl-CGI-3.51-119.el6.i686.rpm perl-CPAN-1.9402-119.el6.i686.rpm perl-CPANPLUS-0.88-119.el6.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6.i686.rpm perl-Compress-Zlib-2.020-119.el6.i686.rpm perl-Digest-SHA-5.47-119.el6.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6.i686.rpm perl-ExtUtils-Embed-1.28-119.el6.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.i686.rpm perl-File-Fetch-0.26-119.el6.i686.rpm perl-IO-Compress-Base-2.020-119.el6.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6.i686.rpm perl-IO-Zlib-1.09-119.el6.i686.rpm perl-IPC-Cmd-0.56-119.el6.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6.i686.rpm perl-Log-Message-0.02-119.el6.i686.rpm perl-Log-Message-Simple-0.04-119.el6.i686.rpm perl-Module-Build-0.3500-119.el6.i686.rpm perl-Module-CoreList-2.18-119.el6.i686.rpm perl-Module-Load-0.16-119.el6.i686.rpm perl-Module-Load-Conditional-0.30-119.el6.i686.rpm perl-Module-Loaded-0.02-119.el6.i686.rpm perl-Module-Pluggable-3.90-119.el6.i686.rpm perl-Object-Accessor-0.34-119.el6.i686.rpm perl-Package-Constants-0.02-119.el6.i686.rpm perl-Params-Check-0.26-119.el6.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6.i686.rpm perl-Pod-Escapes-1.04-119.el6.i686.rpm perl-Pod-Simple-3.13-119.el6.i686.rpm perl-Term-UI-0.20-119.el6.i686.rpm perl-Test-Harness-3.17-119.el6.i686.rpm perl-Test-Simple-0.92-119.el6.i686.rpm perl-Time-HiRes-1.9721-119.el6.i686.rpm perl-Time-Piece-1.15-119.el6.i686.rpm perl-core-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-parent-0.221-119.el6.i686.rpm perl-suidperl-5.10.1-119.el6.i686.rpm perl-version-0.77-119.el6.i686.rpm x86_64: perl-5.10.1-119.el6.x86_64.rpm perl-Archive-Extract-0.38-119.el6.x86_64.rpm perl-Archive-Tar-1.58-119.el6.x86_64.rpm perl-CGI-3.51-119.el6.x86_64.rpm perl-CPAN-1.9402-119.el6.x86_64.rpm perl-CPANPLUS-0.88-119.el6.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6.x86_64.rpm perl-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-Digest-SHA-5.47-119.el6.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6.x86_64.rpm perl-File-Fetch-0.26-119.el6.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6.x86_64.rpm perl-IO-Zlib-1.09-119.el6.x86_64.rpm perl-IPC-Cmd-0.56-119.el6.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6.x86_64.rpm perl-Log-Message-0.02-119.el6.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6.x86_64.rpm perl-Module-Build-0.3500-119.el6.x86_64.rpm perl-Module-CoreList-2.18-119.el6.x86_64.rpm perl-Module-Load-0.16-119.el6.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6.x86_64.rpm perl-Module-Loaded-0.02-119.el6.x86_64.rpm perl-Module-Pluggable-3.90-119.el6.x86_64.rpm perl-Object-Accessor-0.34-119.el6.x86_64.rpm perl-Package-Constants-0.02-119.el6.x86_64.rpm perl-Params-Check-0.26-119.el6.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6.x86_64.rpm perl-Pod-Escapes-1.04-119.el6.x86_64.rpm perl-Pod-Simple-3.13-119.el6.x86_64.rpm perl-Term-UI-0.20-119.el6.x86_64.rpm perl-Test-Harness-3.17-119.el6.x86_64.rpm perl-Test-Simple-0.92-119.el6.x86_64.rpm perl-Time-HiRes-1.9721-119.el6.x86_64.rpm perl-Time-Piece-1.15-119.el6.x86_64.rpm perl-core-5.10.1-119.el6.x86_64.rpm perl-debuginfo-5.10.1-119.el6.i686.rpm perl-debuginfo-5.10.1-119.el6.x86_64.rpm perl-devel-5.10.1-119.el6.i686.rpm perl-devel-5.10.1-119.el6.x86_64.rpm perl-libs-5.10.1-119.el6.i686.rpm perl-libs-5.10.1-119.el6.x86_64.rpm perl-parent-0.221-119.el6.x86_64.rpm perl-suidperl-5.10.1-119.el6.x86_64.rpm perl-version-0.77-119.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2761.html https://www.redhat.com/security/data/cve/CVE-2010-4410.html https://www.redhat.com/security/data/cve/CVE-2011-1487.html https://access.redhat.com/security/updates/classification/#moderate http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.51/Changes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qq8XlSAg2UNWIIRAnl5AJ9VtiEPh3HoqB6KLv092cgnr0SgwQCeO6d4 lynbKxajACsYHgRzieerq28= =MXN1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:20:52 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:20:52 +0000 Subject: [RHSA-2011:0560-01] Low: sssd security, bug fix, and enhancement update Message-ID: <201105191220.p4JCKq57021649@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0560-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0560.html Issue date: 2011-05-19 CVE Names: CVE-2010-4341 ===================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to crash SSSD via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users of SSSD should upgrade to these updated packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 442680 - Better support for Kerberos ticket cache management 598501 - SSSD doesn't follow LDAP referrals when using non-anonymous bind 633406 - the krb5 locator plugin isn't packaged for multilib 633487 - SSSD initgroups does not behave as expected 640602 - sssd is not escaping correctly LDAP searches 644072 - Rebase SSSD to 1.5 645438 - NSS responder dies if DP dies during a request 645449 - 'getent passwd ' returns nothing if its uidNumber gt 2147483647. 647816 - Login screen freezes for more than 2mins when configured SSSD for proxy auth. 649286 - SSSD will sometimes lose groups from the cache 658158 - sssd stops on upgrade 659401 - SSSD shutdown sometimes hangs 660323 - Provide an option to specify DNS domain for service discovery 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 667059 - nss client blocks when enumerating local domain after restart. 667326 - '-s' option in sss_obfuscate command is a bit redundant. 667349 - Obfuscated passwords can kill LDAP provider if OpenLDAP uses NSS. 670511 - SSSD and sftp-only jailed users with pubkey login 670763 - Missing primary group with simple access provider. 670804 - Nested groups are not unrolled during the first enumeration. 671478 - authconfig-tui/gtk removes "ldap_user_home_directory" from sssd.conf 674141 - Traceback call messages displayed while "sss_obfuscate" command is executed as a non-root user. 674164 - sss_obfuscate fails if there's no domain named "default". 674172 - Group members are not sanitized in nested group processing 674515 - -p option always uses empty string to obfuscate password. 675284 - "no matching rule" message logged on all successful requests. 676401 - Remove HBAC time rules from SSSD 676911 - SSSD attempts to use START_TLS over LDAPS for authentication 677318 - Does not read renewable ccache at startup. 677588 - sssd crashes at the next tgt renewals it tries. 678091 - SSSD in 6.0 can not locate HBAC rules from FreeIPAv2 678410 - name service caches names, so id command shows recently deleted users 678593 - User information not updated on login for secondary domains 678614 - SSSD needs to look at IPA's compat tree for netgroups 678777 - IPA provider does not update removed group memberships on initgroups 679082 - SSSD IPA provider should honor the krb5_realm option 680367 - sssd not thread-safe 682340 - sssd-be segmentation fault - ipa-client on ipa-server 682807 - sssd_nss core dumps with certain lookups 682850 - IPA provider should use realm instead of ipa_domain for base DN 683158 - multiple problems with sssd + ldap (Active-Directory) and groups members. 683255 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 683860 - sssd 1.5.1-9 breaks AD authentication 683885 - SSSD should skip over groups with multiple names 688491 - authconfig fails when access_provider is set as krb5 in sssd.conf. 689886 - group memberships are not populated correctly during IPA provider initgroups 690131 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d. 690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 690866 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691678 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692472 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694146 - SSSD consumes GBs of RAM, possible memory leak 694444 - Unable to resolve SRV record when called with _srv_, in ldap_uri 694783 - SSSD crashes during getent when anonymous bind is disabled. 696972 - [REGRESSION] Filters not honoured against fully-qualified users. 701700 - sssd client libraries use select() but should use poll() instead 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm ppc64: sssd-1.5.1-34.el6.ppc64.rpm sssd-client-1.5.1-34.el6.ppc.rpm sssd-client-1.5.1-34.el6.ppc64.rpm sssd-debuginfo-1.5.1-34.el6.ppc.rpm sssd-debuginfo-1.5.1-34.el6.ppc64.rpm s390x: sssd-1.5.1-34.el6.s390x.rpm sssd-client-1.5.1-34.el6.s390.rpm sssd-client-1.5.1-34.el6.s390x.rpm sssd-debuginfo-1.5.1-34.el6.s390.rpm sssd-debuginfo-1.5.1-34.el6.s390x.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm ppc64: sssd-debuginfo-1.5.1-34.el6.ppc64.rpm sssd-tools-1.5.1-34.el6.ppc64.rpm s390x: sssd-debuginfo-1.5.1-34.el6.s390x.rpm sssd-tools-1.5.1-34.el6.s390x.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.5.1-34.el6.src.rpm i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4341.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qr+XlSAg2UNWIIRAitmAJ4/vnFA+RG6yosPlusnICXjY6ayygCfZRO7 +8USf94DNiwfiJq2wxiq3Rc= =Onj8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:21:32 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:21:32 +0000 Subject: [RHSA-2011:0568-01] Low: eclipse security, bug fix, and enhancement update Message-ID: <201105191221.p4JCLW35001148@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: eclipse security, bug fix, and enhancement update Advisory ID: RHSA-2011:0568-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0568.html Issue date: 2011-05-19 CVE Names: CVE-2010-4647 ===================================================================== 1. Summary: Updated eclipse packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting (XSS) flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted Eclipse Help URL. (CVE-2010-4647) The following Eclipse packages have been upgraded to the versions found in the official upstream Eclipse Helios SR1 release, providing a number of bug fixes and enhancements over the previous versions: * eclipse to 3.6.1. (BZ#656329) * eclipse-cdt to 7.0.1. (BZ#656333) * eclipse-birt to 2.6.0. (BZ#656391) * eclipse-emf to 2.6.0. (BZ#656344) * eclipse-gef to 3.6.1. (BZ#656347) * eclipse-mylyn to 3.4.2. (BZ#656337) * eclipse-rse to 3.2. (BZ#656338) * eclipse-dtp to 1.8.1. (BZ#656397) * eclipse-changelog to 2.7.0. (BZ#669499) * eclipse-valgrind to 0.6.1. (BZ#669460) * eclipse-callgraph to 0.6.1. (BZ#669462) * eclipse-oprofile to 0.6.1. (BZ#670228) * eclipse-linuxprofilingframework to 0.6.1. (BZ#669461) In addition, the following updates were made to the dependencies of the Eclipse packages above: * icu4j to 4.2.1. (BZ#656342) * sat4j to 2.2.0. (BZ#661842) * objectweb-asm to 3.2. (BZ#664019) * jetty-eclipse to 6.1.24. (BZ#661845) This update includes numerous upstream bug fixes and enhancements, such as: * The Eclipse IDE and Java Development Tools (JDT): - - projects and folders can filter out resources in the workspace. - - new virtual folder and linked files support. - - the full set of UNIX file permissions is now supported. - - addition of the stop button to cancel long-running wizard tasks. - - Java editor now shows multiple quick-fixes via problem hover. - - new support for running JUnit version 4 tests. - - over 200 upstream bug fixes. * The Eclipse C/C++ Development Tooling (CDT): - - new Codan framework has been added for static code analysis. - - refactoring improvements such as stored refactoring history. - - compile and build errors now highlighted in the build console. - - switch to the new DSF debugger framework. - - new template view support. - - over 600 upstream bug fixes. This update also fixes the following bugs: * Incorrect URIs for GNU Tools in the "Help Contents" window have been fixed. (BZ#622713) * The profiling of binaries did not work if an Eclipse project was not in an Eclipse workspace. This update adds an automated test for external project profiling, which corrects this issue. (BZ#622867) * Running a C/C++ application in Eclipse successfully terminated, but returned an I/O exception not related to the application itself in the Error Log window. With this update, the exception is no longer returned. (BZ#668890) * The eclipse-mylyn package showed a "20100916-0100-e3x" qualifier. The qualifier has been modified to "v20100902-0100-e3x" to match the upstream version of eclipse-mylyn. (BZ#669819) * Installing the eclipse-mylyn package failed and returned a "Resource temporarily unavailable" error message due to a bug in the packaging. This update fixes this bug and installation now works as expected. (BZ#673174) * Building the eclipse-cdt package could fail due to an incorrect interaction with the local file system. Interaction with the local file system is now prevented and the build no longer fails. (BZ#678364) * The libhover plug-in, provided by the eclipse-cdt package, used binary data to search for hover topics. The data location was specified externally as a URL which could cause an exception to occur on a system with no Internet access. This update modifies the plug-in so that it pulls the needed data from a local location. (BZ#679543) Users of eclipse should upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 622713 - Help Contents: Wrong URIs to GNU Tools 622867 - Profiling of binaries does not work if Eclipse project is NOT in Eclipse workspace 656329 - [eclipse] Re-base to Helios SR1 656333 - [eclipse-cdt] Re-base to Helios SR1(7.0.1) 656337 - [eclipse-mylyn] Re-base to Helios SR1(3.4.0) 656338 - [eclipse-rse] Re-base to Helios SR1(3.2.0) 656342 - Re-base icu4j to 4.2.1 656344 - [eclipse-emf] Re-base to Helios SR1(2.6.0) 656347 - [eclipse-gef] Re-base to Helios SR1(3.6.0) 656391 - Re-base eclipse-birt to Helios SR1(2.6.0) 656397 - [eclipse-dtp] Re-base to Helios SR1(1.8.0) 661842 - Re-base to sat4j 2.2.0 661845 - Re-base to jetty-eclipse 6.1.24 661901 - CVE-2010-4647 eclipse: Help Content web application vulnerable to multiple XSS 664019 - Re-base to objectweb-asm 3.2 668890 - Debug core logs spawner IO exception when running C/C++ executable 669460 - [eclipse-valgrind] Update to work with updated eclipse-birt 669461 - [eclipse-linuxprofilingframework] new version to allow updated eclipse-valgrind 669462 - [eclipse-callgraph] Updates to callgraph to work with newer GEF 669499 - [eclipse-changelog] Update eclipse-changelog plug-in 669819 - Update eclipse-mylyn qualifier to 20100916-0100-e3x 670228 - [eclipse-oprofile] Re-base to upstream 0.6.1 release 673174 - error: unpacking of archive failed: cpio: lstat failed - Resource temporarily unavailable 678364 - eclipse-cdt build touching local filesystem 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-3.6.1-6.13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-birt-2.6.0-1.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-callgraph-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-changelog-2.7.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-dtp-1.8.1-1.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-linuxprofilingframework-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-mylyn-3.4.2-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-oprofile-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-rse-3.2-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-valgrind-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/jetty-eclipse-6.1.24-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sat4j-2.2.0-4.0.el6.src.rpm i386: eclipse-birt-2.6.0-1.1.el6.i686.rpm eclipse-callgraph-0.6.1-1.el6.i686.rpm eclipse-cdt-7.0.1-4.el6.i686.rpm eclipse-changelog-2.7.0-1.el6.i686.rpm eclipse-debuginfo-3.6.1-6.13.el6.i686.rpm eclipse-dtp-1.8.1-1.1.el6.i686.rpm eclipse-emf-2.6.0-1.el6.i686.rpm eclipse-gef-3.6.1-3.el6.i686.rpm eclipse-jdt-3.6.1-6.13.el6.i686.rpm eclipse-linuxprofilingframework-0.6.1-1.el6.i686.rpm eclipse-mylyn-3.4.2-9.el6.i686.rpm eclipse-mylyn-cdt-3.4.2-9.el6.i686.rpm eclipse-mylyn-java-3.4.2-9.el6.i686.rpm eclipse-mylyn-pde-3.4.2-9.el6.i686.rpm eclipse-mylyn-trac-3.4.2-9.el6.i686.rpm eclipse-mylyn-webtasks-3.4.2-9.el6.i686.rpm eclipse-mylyn-wikitext-3.4.2-9.el6.i686.rpm eclipse-oprofile-0.6.1-1.el6.i686.rpm eclipse-oprofile-debuginfo-0.6.1-1.el6.i686.rpm eclipse-pde-3.6.1-6.13.el6.i686.rpm eclipse-platform-3.6.1-6.13.el6.i686.rpm eclipse-rcp-3.6.1-6.13.el6.i686.rpm eclipse-rse-3.2-1.el6.i686.rpm eclipse-swt-3.6.1-6.13.el6.i686.rpm eclipse-valgrind-0.6.1-1.el6.i686.rpm icu4j-eclipse-4.2.1-5.el6.i686.rpm noarch: jetty-eclipse-6.1.24-2.el6.noarch.rpm objectweb-asm-3.2-2.1.el6.noarch.rpm sat4j-2.2.0-4.0.el6.noarch.rpm x86_64: eclipse-birt-2.6.0-1.1.el6.x86_64.rpm eclipse-callgraph-0.6.1-1.el6.x86_64.rpm eclipse-cdt-7.0.1-4.el6.x86_64.rpm eclipse-changelog-2.7.0-1.el6.x86_64.rpm eclipse-debuginfo-3.6.1-6.13.el6.x86_64.rpm eclipse-dtp-1.8.1-1.1.el6.x86_64.rpm eclipse-emf-2.6.0-1.el6.x86_64.rpm eclipse-gef-3.6.1-3.el6.x86_64.rpm eclipse-jdt-3.6.1-6.13.el6.x86_64.rpm eclipse-linuxprofilingframework-0.6.1-1.el6.x86_64.rpm eclipse-mylyn-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-cdt-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-java-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-pde-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-trac-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-webtasks-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-wikitext-3.4.2-9.el6.x86_64.rpm eclipse-oprofile-0.6.1-1.el6.x86_64.rpm eclipse-oprofile-debuginfo-0.6.1-1.el6.x86_64.rpm eclipse-pde-3.6.1-6.13.el6.x86_64.rpm eclipse-platform-3.6.1-6.13.el6.x86_64.rpm eclipse-rcp-3.6.1-6.13.el6.x86_64.rpm eclipse-rse-3.2-1.el6.x86_64.rpm eclipse-swt-3.6.1-6.13.el6.x86_64.rpm eclipse-valgrind-0.6.1-1.el6.x86_64.rpm icu4j-eclipse-4.2.1-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm i386: eclipse-cdt-parsers-7.0.1-4.el6.i686.rpm eclipse-cdt-sdk-7.0.1-4.el6.i686.rpm eclipse-emf-examples-2.6.0-1.el6.i686.rpm eclipse-emf-sdk-2.6.0-1.el6.i686.rpm eclipse-emf-xsd-2.6.0-1.el6.i686.rpm eclipse-emf-xsd-sdk-2.6.0-1.el6.i686.rpm eclipse-gef-examples-3.6.1-3.el6.i686.rpm eclipse-gef-sdk-3.6.1-3.el6.i686.rpm icu4j-4.2.1-5.el6.i686.rpm icu4j-javadoc-4.2.1-5.el6.i686.rpm noarch: objectweb-asm-javadoc-3.2-2.1.el6.noarch.rpm x86_64: eclipse-cdt-parsers-7.0.1-4.el6.x86_64.rpm eclipse-cdt-sdk-7.0.1-4.el6.x86_64.rpm eclipse-emf-examples-2.6.0-1.el6.x86_64.rpm eclipse-emf-sdk-2.6.0-1.el6.x86_64.rpm eclipse-emf-xsd-2.6.0-1.el6.x86_64.rpm eclipse-emf-xsd-sdk-2.6.0-1.el6.x86_64.rpm eclipse-gef-examples-3.6.1-3.el6.x86_64.rpm eclipse-gef-sdk-3.6.1-3.el6.x86_64.rpm icu4j-4.2.1-5.el6.x86_64.rpm icu4j-javadoc-4.2.1-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-3.6.1-6.13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-birt-2.6.0-1.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-callgraph-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-changelog-2.7.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-dtp-1.8.1-1.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-linuxprofilingframework-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-mylyn-3.4.2-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-oprofile-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-rse-3.2-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-valgrind-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/jetty-eclipse-6.1.24-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sat4j-2.2.0-4.0.el6.src.rpm i386: eclipse-birt-2.6.0-1.1.el6.i686.rpm eclipse-callgraph-0.6.1-1.el6.i686.rpm eclipse-cdt-7.0.1-4.el6.i686.rpm eclipse-changelog-2.7.0-1.el6.i686.rpm eclipse-debuginfo-3.6.1-6.13.el6.i686.rpm eclipse-dtp-1.8.1-1.1.el6.i686.rpm eclipse-emf-2.6.0-1.el6.i686.rpm eclipse-gef-3.6.1-3.el6.i686.rpm eclipse-jdt-3.6.1-6.13.el6.i686.rpm eclipse-linuxprofilingframework-0.6.1-1.el6.i686.rpm eclipse-mylyn-3.4.2-9.el6.i686.rpm eclipse-mylyn-cdt-3.4.2-9.el6.i686.rpm eclipse-mylyn-java-3.4.2-9.el6.i686.rpm eclipse-mylyn-pde-3.4.2-9.el6.i686.rpm eclipse-mylyn-trac-3.4.2-9.el6.i686.rpm eclipse-mylyn-webtasks-3.4.2-9.el6.i686.rpm eclipse-mylyn-wikitext-3.4.2-9.el6.i686.rpm eclipse-oprofile-0.6.1-1.el6.i686.rpm eclipse-oprofile-debuginfo-0.6.1-1.el6.i686.rpm eclipse-pde-3.6.1-6.13.el6.i686.rpm eclipse-platform-3.6.1-6.13.el6.i686.rpm eclipse-rcp-3.6.1-6.13.el6.i686.rpm eclipse-rse-3.2-1.el6.i686.rpm eclipse-swt-3.6.1-6.13.el6.i686.rpm eclipse-valgrind-0.6.1-1.el6.i686.rpm icu4j-eclipse-4.2.1-5.el6.i686.rpm noarch: jetty-eclipse-6.1.24-2.el6.noarch.rpm objectweb-asm-3.2-2.1.el6.noarch.rpm sat4j-2.2.0-4.0.el6.noarch.rpm x86_64: eclipse-birt-2.6.0-1.1.el6.x86_64.rpm eclipse-callgraph-0.6.1-1.el6.x86_64.rpm eclipse-cdt-7.0.1-4.el6.x86_64.rpm eclipse-changelog-2.7.0-1.el6.x86_64.rpm eclipse-debuginfo-3.6.1-6.13.el6.x86_64.rpm eclipse-dtp-1.8.1-1.1.el6.x86_64.rpm eclipse-emf-2.6.0-1.el6.x86_64.rpm eclipse-gef-3.6.1-3.el6.x86_64.rpm eclipse-jdt-3.6.1-6.13.el6.x86_64.rpm eclipse-linuxprofilingframework-0.6.1-1.el6.x86_64.rpm eclipse-mylyn-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-cdt-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-java-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-pde-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-trac-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-webtasks-3.4.2-9.el6.x86_64.rpm eclipse-mylyn-wikitext-3.4.2-9.el6.x86_64.rpm eclipse-oprofile-0.6.1-1.el6.x86_64.rpm eclipse-oprofile-debuginfo-0.6.1-1.el6.x86_64.rpm eclipse-pde-3.6.1-6.13.el6.x86_64.rpm eclipse-platform-3.6.1-6.13.el6.x86_64.rpm eclipse-rcp-3.6.1-6.13.el6.x86_64.rpm eclipse-rse-3.2-1.el6.x86_64.rpm eclipse-swt-3.6.1-6.13.el6.x86_64.rpm eclipse-valgrind-0.6.1-1.el6.x86_64.rpm icu4j-eclipse-4.2.1-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-cdt-7.0.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-emf-2.6.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/eclipse-gef-3.6.1-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icu4j-4.2.1-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/objectweb-asm-3.2-2.1.el6.src.rpm i386: eclipse-cdt-parsers-7.0.1-4.el6.i686.rpm eclipse-cdt-sdk-7.0.1-4.el6.i686.rpm eclipse-emf-examples-2.6.0-1.el6.i686.rpm eclipse-emf-sdk-2.6.0-1.el6.i686.rpm eclipse-emf-xsd-2.6.0-1.el6.i686.rpm eclipse-emf-xsd-sdk-2.6.0-1.el6.i686.rpm eclipse-gef-examples-3.6.1-3.el6.i686.rpm eclipse-gef-sdk-3.6.1-3.el6.i686.rpm icu4j-4.2.1-5.el6.i686.rpm icu4j-javadoc-4.2.1-5.el6.i686.rpm noarch: objectweb-asm-javadoc-3.2-2.1.el6.noarch.rpm x86_64: eclipse-cdt-parsers-7.0.1-4.el6.x86_64.rpm eclipse-cdt-sdk-7.0.1-4.el6.x86_64.rpm eclipse-emf-examples-2.6.0-1.el6.x86_64.rpm eclipse-emf-sdk-2.6.0-1.el6.x86_64.rpm eclipse-emf-xsd-2.6.0-1.el6.x86_64.rpm eclipse-emf-xsd-sdk-2.6.0-1.el6.x86_64.rpm eclipse-gef-examples-3.6.1-3.el6.x86_64.rpm eclipse-gef-sdk-3.6.1-3.el6.x86_64.rpm icu4j-4.2.1-5.el6.x86_64.rpm icu4j-javadoc-4.2.1-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4647.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qs1XlSAg2UNWIIRAjEDAJ0aIDI/bkHdgtqTllPColMoPxJeHwCfSRck JxlAVx058J8LJeUA5whe5A8= =WbiO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:22:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:22:42 +0000 Subject: [RHSA-2011:0586-01] Low: libguestfs security, bug fix, and enhancement update Message-ID: <201105191222.p4JCMg72005995@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libguestfs security, bug fix, and enhancement update Advisory ID: RHSA-2011:0586-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0586.html Issue date: 2011-05-19 CVE Names: CVE-2010-3851 ===================================================================== 1. Summary: Updated libguestfs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to a user on that host who was running a program that utilized the libguestfs library. (CVE-2010-3851) This erratum upgrades libguestfs to upstream version 1.7.17, which includes a number of bug fixes and one enhancement. Documentation for these bug fixes and this enhancement is provided in the Technical Notes document, linked to in the References section. All libguestfs users are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 600144 - document that mkmountpoint and umount-all cannot be mixed 612308 - qemu -net / vlan option deprecated. Use -netdev instead. 613593 - Rebase libguestfs in RHEL 6.1 615223 - vfs-type could not read just-created filesystem 617440 - guestfish: fails to tilde expand '~' when the $HOME env is unset 627468 - [RFE]It's better to emphasize "libguestfs-winsupport" in V2V manpage or error output 627832 - [RFE] guestfish should print outputs in a suitable base (eg. octal for modes) 627833 - get-e2uuid should use blkid instead of "tune2fs -l" to get filesystem UUID 633174 - some guestfish sub commands can not handle special files properly 639601 - "virt-ls" command failed to parse domain name "#" 639602 - ""virt-list-filesystems" fails to parse the command line argument if the domain name is "#". 643958 - CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk 657472 - checksum: wrong check sum type causes umount to fail 657502 - virt-inspector depends on EPEL package perl-String-ShellQuote but does not require it 666577 - libguestfs: unknown filesystem /dev/fd0 666579 - libguestfs: unknown filesystem /dev/hd{x} (cdrom) 668115 - virt-filesystems command fails on guest with corrupt filesystem label 668611 - guestfish -i is trying to mount all mounts from /etc/fstab and fails with an error when device doesn't exists 673477 - Add a grep-friendly string to LIBGUESTFS_TRACE output 673721 - Typo in virt-make-fs manual page 676788 - libguestfs trace segfaults when list-filesystems returns error 677616 - appliance doesn't include augeas device_map lens 691724 - virt-inspector reports unknown filesystem /dev/vda1 695138 - Remove dependency on gfs2-utils 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: guestfish-1.7.17-17.el6.x86_64.rpm libguestfs-1.7.17-17.el6.x86_64.rpm libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-java-1.7.17-17.el6.x86_64.rpm libguestfs-mount-1.7.17-17.el6.x86_64.rpm libguestfs-tools-1.7.17-17.el6.x86_64.rpm libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-devel-1.7.17-17.el6.x86_64.rpm libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm python-libguestfs-1.7.17-17.el6.x86_64.rpm ruby-libguestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: guestfish-1.7.17-17.el6.x86_64.rpm libguestfs-1.7.17-17.el6.x86_64.rpm libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-java-1.7.17-17.el6.x86_64.rpm libguestfs-mount-1.7.17-17.el6.x86_64.rpm libguestfs-tools-1.7.17-17.el6.x86_64.rpm libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-devel-1.7.17-17.el6.x86_64.rpm libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm python-libguestfs-1.7.17-17.el6.x86_64.rpm ruby-libguestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: guestfish-1.7.17-17.el6.x86_64.rpm libguestfs-1.7.17-17.el6.x86_64.rpm libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-java-1.7.17-17.el6.x86_64.rpm libguestfs-mount-1.7.17-17.el6.x86_64.rpm libguestfs-tools-1.7.17-17.el6.x86_64.rpm libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-devel-1.7.17-17.el6.x86_64.rpm libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm python-libguestfs-1.7.17-17.el6.x86_64.rpm ruby-libguestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: guestfish-1.7.17-17.el6.x86_64.rpm libguestfs-1.7.17-17.el6.x86_64.rpm libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-java-1.7.17-17.el6.x86_64.rpm libguestfs-mount-1.7.17-17.el6.x86_64.rpm libguestfs-tools-1.7.17-17.el6.x86_64.rpm libguestfs-tools-c-1.7.17-17.el6.x86_64.rpm perl-Sys-Guestfs-1.7.17-17.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.7.17-17.el6.src.rpm x86_64: libguestfs-debuginfo-1.7.17-17.el6.x86_64.rpm libguestfs-devel-1.7.17-17.el6.x86_64.rpm libguestfs-java-devel-1.7.17-17.el6.x86_64.rpm libguestfs-javadoc-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-1.7.17-17.el6.x86_64.rpm ocaml-libguestfs-devel-1.7.17-17.el6.x86_64.rpm python-libguestfs-1.7.17-17.el6.x86_64.rpm ruby-libguestfs-1.7.17-17.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3851.html https://access.redhat.com/security/updates/classification/#low http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/index.html#libguestfs 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1QttXlSAg2UNWIIRAurJAKCrnb86vob16o/HWDyRSU91uYBcjQCbBMm3 /0Io6mGHOwBf7f3+YEVxarQ= =CsHH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:23:39 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:23:39 +0000 Subject: [RHSA-2011:0599-01] Low: sudo security and bug fix update Message-ID: <201105191223.p4JCNeLq006216@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sudo security and bug fix update Advisory ID: RHSA-2011:0599-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0599.html Issue date: 2011-05-19 CVE Names: CVE-2011-0010 ===================================================================== 1. Summary: An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. (CVE-2011-0010) This update also fixes the following bugs: * When the "/etc/sudoers" file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, running the "sudo -l" command now produces the correct output. (BZ#603823) * Prior to this update, the manual page for sudoers.ldap was not installed, even though it contains important information on how to set up an LDAP (Lightweight Directory Access Protocol) sudoers source, and other documents refer to it. With this update, the manual page is now properly included in the package. Additionally, various POD files have been removed from the package, as they are required for build purposes only. (BZ#634159) * The previous version of sudo did not use the same location for the LDAP configuration files as the nss_ldap package. This has been fixed and sudo now looks for these files in the same location as the nss_ldap package. (BZ#652726) * When a file was edited using the "sudo -e file" or the "sudoedit file" command, the editor being executed for this task was logged only as "sudoedit". With this update, the full path to the executable being used as an editor is now logged (instead of "sudoedit"). (BZ#665131) * A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default "/etc/sudoers" file to clarify its usage. (BZ#688640) * This erratum upgrades sudo to upstream version 1.7.4p5, which provides a number of bug fixes and enhancements over the previous version. (BZ#615087) All users of sudo are advised to upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 603823 - sudo - fix printing of entries with multiple host entries on a single line. 615087 - Rebase sudo to version 1.7.3 634159 - .pod files are packaged under /usr/share/doc/sudo*, and man page for sudoers.ldap is missing 652726 - sudo and nss_ldap use different ldap.conf 668879 - CVE-2011-0010 sudo: does not ask for password on GID changes 688640 - Add comment about the visiblepw option into sudoers 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm ppc64: sudo-1.7.4p5-5.el6.ppc64.rpm sudo-debuginfo-1.7.4p5-5.el6.ppc64.rpm s390x: sudo-1.7.4p5-5.el6.s390x.rpm sudo-debuginfo-1.7.4p5-5.el6.s390x.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sudo-1.7.4p5-5.el6.src.rpm i386: sudo-1.7.4p5-5.el6.i686.rpm sudo-debuginfo-1.7.4p5-5.el6.i686.rpm x86_64: sudo-1.7.4p5-5.el6.x86_64.rpm sudo-debuginfo-1.7.4p5-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0010.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1QumXlSAg2UNWIIRAg4rAJ4/Zsu4deew+l2OxMzQ6YK8BdaMBgCeNKqW qZySL7Bo6w6E3i+SYxHrfZM= =fH84 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:33:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:33:21 +0000 Subject: [RHSA-2011:0600-01] Moderate: dovecot security and enhancement update Message-ID: <201105191233.p4JCXLBJ010532@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dovecot security and enhancement update Advisory ID: RHSA-2011:0600-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0600.html Issue date: 2011-05-19 CVE Names: CVE-2010-3707 CVE-2010-3780 ===================================================================== 1. Summary: Updated dovecot packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it could cause the master process to crash. (CVE-2010-3780) A flaw was found in the way Dovecot processed multiple Access Control Lists (ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the more specific ACL entry, possibly resulting in more access being granted to the user than intended. (CVE-2010-3707) This update also adds the following enhancement: * This erratum upgrades Dovecot to upstream version 2.0.9, providing multiple fixes for the "dsync" utility and improving overall performance. Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing this update for further information about the changes. (BZ#637056) Users of dovecot are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. After installing the updated packages, the dovecot service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 637056 - rebase dovecot to 2.0 final 640410 - CVE-2010-3707 Dovecot: Failed to properly update ACL cache, when multiple rules defined rights for one subject 641276 - CVE-2010-3780 Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm i386: dovecot-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-mysql-2.0.9-2.el6.i686.rpm dovecot-pgsql-2.0.9-2.el6.i686.rpm dovecot-pigeonhole-2.0.9-2.el6.i686.rpm ppc64: dovecot-2.0.9-2.el6.ppc.rpm dovecot-2.0.9-2.el6.ppc64.rpm dovecot-debuginfo-2.0.9-2.el6.ppc.rpm dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm dovecot-mysql-2.0.9-2.el6.ppc64.rpm dovecot-pgsql-2.0.9-2.el6.ppc64.rpm dovecot-pigeonhole-2.0.9-2.el6.ppc64.rpm s390x: dovecot-2.0.9-2.el6.s390.rpm dovecot-2.0.9-2.el6.s390x.rpm dovecot-debuginfo-2.0.9-2.el6.s390.rpm dovecot-debuginfo-2.0.9-2.el6.s390x.rpm dovecot-mysql-2.0.9-2.el6.s390x.rpm dovecot-pgsql-2.0.9-2.el6.s390x.rpm dovecot-pigeonhole-2.0.9-2.el6.s390x.rpm x86_64: dovecot-2.0.9-2.el6.i686.rpm dovecot-2.0.9-2.el6.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-mysql-2.0.9-2.el6.x86_64.rpm dovecot-pgsql-2.0.9-2.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm i386: dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-devel-2.0.9-2.el6.i686.rpm ppc64: dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm dovecot-devel-2.0.9-2.el6.ppc64.rpm s390x: dovecot-debuginfo-2.0.9-2.el6.s390x.rpm dovecot-devel-2.0.9-2.el6.s390x.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-devel-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm i386: dovecot-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-mysql-2.0.9-2.el6.i686.rpm dovecot-pgsql-2.0.9-2.el6.i686.rpm dovecot-pigeonhole-2.0.9-2.el6.i686.rpm x86_64: dovecot-2.0.9-2.el6.i686.rpm dovecot-2.0.9-2.el6.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-mysql-2.0.9-2.el6.x86_64.rpm dovecot-pgsql-2.0.9-2.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-2.el6.src.rpm i386: dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-devel-2.0.9-2.el6.i686.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-devel-2.0.9-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3707.html https://www.redhat.com/security/data/cve/CVE-2010-3780.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Q26XlSAg2UNWIIRAnRbAJ0QW0l2aEfe6nddZBnG+s19f8s3SgCggZqZ CNPh97aZmtQBykLgqW7JOTY= =8faX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:34:18 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:34:18 +0000 Subject: [RHSA-2011:0616-01] Low: pidgin security and bug fix update Message-ID: <201105191234.p4JCYJjI010904@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: pidgin security and bug fix update Advisory ID: RHSA-2011:0616-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0616.html Issue date: 2011-05-19 CVE Names: CVE-2011-1091 ===================================================================== 1. Summary: Updated pidgin packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. (CVE-2011-1091) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Marius Wachtler as the original reporter. This update also fixes the following bugs: * Previous versions of the pidgin package did not properly clear certain data structures used in libpurple/cipher.c when attempting to free them. Partial information could potentially be extracted from the incorrectly cleared regions of the previously freed memory. With this update, data structures are properly cleared when freed. (BZ#684685) * This erratum upgrades Pidgin to upstream version 2.7.9. For a list of all changes addressed in this upgrade, refer to http://developer.pidgin.im/wiki/ChangeLog (BZ#616917) * Some incomplete translations for the kn_IN and ta_IN locales have been corrected. (BZ#633860, BZ#640170) Users of pidgin should upgrade to these updated packages, which resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 633860 - [kn_IN] Translation is not complete, untranslated message in Screenshot 640170 - [ta_IN] Translation need to review for "Add Account" 683031 - CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in 684685 - Cipher API information disclosure in pidgin 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm i386: libpurple-2.7.9-3.el6.i686.rpm pidgin-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm x86_64: libpurple-2.7.9-3.el6.i686.rpm libpurple-2.7.9-3.el6.x86_64.rpm pidgin-2.7.9-3.el6.x86_64.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm i386: finch-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-perl-2.7.9-3.el6.i686.rpm libpurple-tcl-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-docs-2.7.9-3.el6.i686.rpm pidgin-perl-2.7.9-3.el6.i686.rpm x86_64: finch-2.7.9-3.el6.i686.rpm finch-2.7.9-3.el6.x86_64.rpm finch-devel-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.x86_64.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.x86_64.rpm libpurple-perl-2.7.9-3.el6.x86_64.rpm libpurple-tcl-2.7.9-3.el6.x86_64.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.x86_64.rpm pidgin-docs-2.7.9-3.el6.x86_64.rpm pidgin-perl-2.7.9-3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm i386: finch-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.i686.rpm libpurple-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-perl-2.7.9-3.el6.i686.rpm libpurple-tcl-2.7.9-3.el6.i686.rpm pidgin-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-docs-2.7.9-3.el6.i686.rpm pidgin-perl-2.7.9-3.el6.i686.rpm ppc64: finch-2.7.9-3.el6.ppc.rpm finch-2.7.9-3.el6.ppc64.rpm finch-devel-2.7.9-3.el6.ppc.rpm finch-devel-2.7.9-3.el6.ppc64.rpm libpurple-2.7.9-3.el6.ppc.rpm libpurple-2.7.9-3.el6.ppc64.rpm libpurple-devel-2.7.9-3.el6.ppc.rpm libpurple-devel-2.7.9-3.el6.ppc64.rpm libpurple-perl-2.7.9-3.el6.ppc64.rpm libpurple-tcl-2.7.9-3.el6.ppc64.rpm pidgin-2.7.9-3.el6.ppc64.rpm pidgin-debuginfo-2.7.9-3.el6.ppc.rpm pidgin-debuginfo-2.7.9-3.el6.ppc64.rpm pidgin-devel-2.7.9-3.el6.ppc.rpm pidgin-devel-2.7.9-3.el6.ppc64.rpm pidgin-docs-2.7.9-3.el6.ppc64.rpm pidgin-perl-2.7.9-3.el6.ppc64.rpm x86_64: finch-2.7.9-3.el6.i686.rpm finch-2.7.9-3.el6.x86_64.rpm finch-devel-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.x86_64.rpm libpurple-2.7.9-3.el6.i686.rpm libpurple-2.7.9-3.el6.x86_64.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.x86_64.rpm libpurple-perl-2.7.9-3.el6.x86_64.rpm libpurple-tcl-2.7.9-3.el6.x86_64.rpm pidgin-2.7.9-3.el6.x86_64.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.x86_64.rpm pidgin-docs-2.7.9-3.el6.x86_64.rpm pidgin-perl-2.7.9-3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm i386: libpurple-2.7.9-3.el6.i686.rpm pidgin-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm x86_64: libpurple-2.7.9-3.el6.i686.rpm libpurple-2.7.9-3.el6.x86_64.rpm pidgin-2.7.9-3.el6.x86_64.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-3.el6.src.rpm i386: finch-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-perl-2.7.9-3.el6.i686.rpm libpurple-tcl-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-docs-2.7.9-3.el6.i686.rpm pidgin-perl-2.7.9-3.el6.i686.rpm x86_64: finch-2.7.9-3.el6.i686.rpm finch-2.7.9-3.el6.x86_64.rpm finch-devel-2.7.9-3.el6.i686.rpm finch-devel-2.7.9-3.el6.x86_64.rpm libpurple-devel-2.7.9-3.el6.i686.rpm libpurple-devel-2.7.9-3.el6.x86_64.rpm libpurple-perl-2.7.9-3.el6.x86_64.rpm libpurple-tcl-2.7.9-3.el6.x86_64.rpm pidgin-debuginfo-2.7.9-3.el6.i686.rpm pidgin-debuginfo-2.7.9-3.el6.x86_64.rpm pidgin-devel-2.7.9-3.el6.i686.rpm pidgin-devel-2.7.9-3.el6.x86_64.rpm pidgin-docs-2.7.9-3.el6.x86_64.rpm pidgin-perl-2.7.9-3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1091.html https://access.redhat.com/security/updates/classification/#low http://developer.pidgin.im/wiki/ChangeLog 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFN1Q4dXlSAg2UNWIIRAplcAKC3xLdwGDYp0iH3O5Dg7MqX3n2mpQCVHMLq Quq+M9zbgN38q+YxwisEjg== =m+W4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:35:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:35:34 +0000 Subject: [RHSA-2011:0677-01] Moderate: openssl security, bug fix, and enhancement update Message-ID: <201105191235.p4JCZZm9007449@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2011:0677-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0677.html Issue date: 2011-05-19 CVE Names: CVE-2011-0014 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue, two bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality. (CVE-2011-0014) This update fixes the following bugs: * The "openssl speed" command (which provides algorithm speed measurement) failed when openssl was running in FIPS (Federal Information Processing Standards) mode, even if testing of FIPS approved algorithms was requested. FIPS mode disables ciphers and cryptographic hash algorithms that are not approved by the NIST (National Institute of Standards and Technology) standards. With this update, the "openssl speed" command no longer fails. (BZ#619762) * The "openssl pkcs12 -export" command failed to export a PKCS#12 file in FIPS mode. The default algorithm for encrypting a certificate in the PKCS#12 file was not FIPS approved and thus did not work. The command now uses a FIPS approved algorithm by default in FIPS mode. (BZ#673453) This update also adds the following enhancements: * The "openssl s_server" command, which previously accepted connections only over IPv4, now accepts connections over IPv6. (BZ#601612) * For the purpose of allowing certain maintenance commands to be run (such as "rsync"), an "OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW" environment variable has been added. When a system is configured for FIPS mode and is in a maintenance state, this newly added environment variable can be set to allow software that requires the use of an MD5 cryptographic hash algorithm to be run, even though the hash algorithm is not approved by the FIPS-140-2 standard. (BZ#673071) Users of OpenSSL are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 601612 - s_server doesn't listen for ipv6 connections 619762 - openssl speed cmd fails on FIPS enabled machine 676063 - CVE-2011-0014 openssl: OCSP stapling vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm x86_64: openssl-1.0.0-10.el6.i686.rpm openssl-1.0.0-10.el6.x86_64.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.i686.rpm openssl-perl-1.0.0-10.el6.i686.rpm openssl-static-1.0.0-10.el6.i686.rpm x86_64: openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-devel-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.x86_64.rpm openssl-perl-1.0.0-10.el6.x86_64.rpm openssl-static-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm x86_64: openssl-1.0.0-10.el6.i686.rpm openssl-1.0.0-10.el6.x86_64.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm x86_64: openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-devel-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.x86_64.rpm openssl-perl-1.0.0-10.el6.x86_64.rpm openssl-static-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.i686.rpm ppc64: openssl-1.0.0-10.el6.ppc.rpm openssl-1.0.0-10.el6.ppc64.rpm openssl-debuginfo-1.0.0-10.el6.ppc.rpm openssl-debuginfo-1.0.0-10.el6.ppc64.rpm openssl-devel-1.0.0-10.el6.ppc.rpm openssl-devel-1.0.0-10.el6.ppc64.rpm s390x: openssl-1.0.0-10.el6.s390.rpm openssl-1.0.0-10.el6.s390x.rpm openssl-debuginfo-1.0.0-10.el6.s390.rpm openssl-debuginfo-1.0.0-10.el6.s390x.rpm openssl-devel-1.0.0-10.el6.s390.rpm openssl-devel-1.0.0-10.el6.s390x.rpm x86_64: openssl-1.0.0-10.el6.i686.rpm openssl-1.0.0-10.el6.x86_64.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-devel-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-perl-1.0.0-10.el6.i686.rpm openssl-static-1.0.0-10.el6.i686.rpm ppc64: openssl-debuginfo-1.0.0-10.el6.ppc64.rpm openssl-perl-1.0.0-10.el6.ppc64.rpm openssl-static-1.0.0-10.el6.ppc64.rpm s390x: openssl-debuginfo-1.0.0-10.el6.s390x.rpm openssl-perl-1.0.0-10.el6.s390x.rpm openssl-static-1.0.0-10.el6.s390x.rpm x86_64: openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-perl-1.0.0-10.el6.x86_64.rpm openssl-static-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.i686.rpm x86_64: openssl-1.0.0-10.el6.i686.rpm openssl-1.0.0-10.el6.x86_64.rpm openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-devel-1.0.0-10.el6.i686.rpm openssl-devel-1.0.0-10.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6.src.rpm i386: openssl-debuginfo-1.0.0-10.el6.i686.rpm openssl-perl-1.0.0-10.el6.i686.rpm openssl-static-1.0.0-10.el6.i686.rpm x86_64: openssl-debuginfo-1.0.0-10.el6.x86_64.rpm openssl-perl-1.0.0-10.el6.x86_64.rpm openssl-static-1.0.0-10.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0014.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Q5dXlSAg2UNWIIRAvGtAKCIXLWM3iaTbveCYs1au3kBa0Q3egCgtx4T drM+YTZ/0+hAma8uIsMqsMo= =x7Vd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:37:04 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:37:04 +0000 Subject: [RHSA-2011:0779-01] Moderate: avahi security and bug fix update Message-ID: <201105191237.p4JCb4tM012524@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: avahi security and bug fix update Advisory ID: RHSA-2011:0779-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0779.html Issue date: 2011-05-19 CVE Names: CVE-2011-1002 ===================================================================== 1. Summary: Updated avahi packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) This update also fixes the following bug: * Previously, the avahi packages in Red Hat Enterprise Linux 6 were not compiled with standard RPM CFLAGS; therefore, the Stack Protector and Fortify Source protections were not enabled, and the debuginfo packages did not contain the information required for debugging. This update corrects this issue by using proper CFLAGS when compiling the packages. (BZ#629954, BZ#684276) All users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, avahi-daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 667187 - CVE-2011-1002 avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression) 684276 - [PATCH] avahi debuginfo useless 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-0.6.25-11.el6.i686.rpm avahi-autoipd-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-tools-0.6.25-11.el6.i686.rpm avahi-ui-0.6.25-11.el6.i686.rpm x86_64: avahi-0.6.25-11.el6.i686.rpm avahi-0.6.25-11.el6.x86_64.rpm avahi-autoipd-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.x86_64.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.x86_64.rpm avahi-tools-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-dnsconfd-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-tools-0.6.25-11.el6.i686.rpm x86_64: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-0.6.25-11.el6.x86_64.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.x86_64.rpm avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.x86_64.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.x86_64.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-tools-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm x86_64: avahi-0.6.25-11.el6.i686.rpm avahi-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.x86_64.rpm avahi-tools-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm x86_64: avahi-autoipd-0.6.25-11.el6.x86_64.rpm avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-0.6.25-11.el6.x86_64.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.x86_64.rpm avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.x86_64.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-gobject-0.6.25-11.el6.x86_64.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.x86_64.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.x86_64.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.i686.rpm avahi-ui-0.6.25-11.el6.x86_64.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-tools-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-0.6.25-11.el6.i686.rpm avahi-autoipd-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-tools-0.6.25-11.el6.i686.rpm avahi-ui-0.6.25-11.el6.i686.rpm ppc64: avahi-0.6.25-11.el6.ppc.rpm avahi-0.6.25-11.el6.ppc64.rpm avahi-autoipd-0.6.25-11.el6.ppc64.rpm avahi-debuginfo-0.6.25-11.el6.ppc.rpm avahi-debuginfo-0.6.25-11.el6.ppc64.rpm avahi-glib-0.6.25-11.el6.ppc.rpm avahi-glib-0.6.25-11.el6.ppc64.rpm avahi-gobject-0.6.25-11.el6.ppc64.rpm avahi-libs-0.6.25-11.el6.ppc.rpm avahi-libs-0.6.25-11.el6.ppc64.rpm avahi-tools-0.6.25-11.el6.ppc64.rpm avahi-ui-0.6.25-11.el6.ppc64.rpm s390x: avahi-0.6.25-11.el6.s390.rpm avahi-0.6.25-11.el6.s390x.rpm avahi-autoipd-0.6.25-11.el6.s390x.rpm avahi-debuginfo-0.6.25-11.el6.s390.rpm avahi-debuginfo-0.6.25-11.el6.s390x.rpm avahi-glib-0.6.25-11.el6.s390.rpm avahi-glib-0.6.25-11.el6.s390x.rpm avahi-gobject-0.6.25-11.el6.s390x.rpm avahi-libs-0.6.25-11.el6.s390.rpm avahi-libs-0.6.25-11.el6.s390x.rpm avahi-tools-0.6.25-11.el6.s390x.rpm avahi-ui-0.6.25-11.el6.s390x.rpm x86_64: avahi-0.6.25-11.el6.i686.rpm avahi-0.6.25-11.el6.x86_64.rpm avahi-autoipd-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.x86_64.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.x86_64.rpm avahi-tools-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-dnsconfd-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-tools-0.6.25-11.el6.i686.rpm ppc64: avahi-compat-howl-0.6.25-11.el6.ppc.rpm avahi-compat-howl-0.6.25-11.el6.ppc64.rpm avahi-compat-howl-devel-0.6.25-11.el6.ppc.rpm avahi-compat-howl-devel-0.6.25-11.el6.ppc64.rpm avahi-compat-libdns_sd-0.6.25-11.el6.ppc.rpm avahi-compat-libdns_sd-0.6.25-11.el6.ppc64.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.ppc.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.ppc64.rpm avahi-debuginfo-0.6.25-11.el6.ppc.rpm avahi-debuginfo-0.6.25-11.el6.ppc64.rpm avahi-devel-0.6.25-11.el6.ppc.rpm avahi-devel-0.6.25-11.el6.ppc64.rpm avahi-dnsconfd-0.6.25-11.el6.ppc64.rpm avahi-glib-devel-0.6.25-11.el6.ppc.rpm avahi-glib-devel-0.6.25-11.el6.ppc64.rpm avahi-gobject-0.6.25-11.el6.ppc.rpm avahi-gobject-devel-0.6.25-11.el6.ppc.rpm avahi-gobject-devel-0.6.25-11.el6.ppc64.rpm avahi-qt3-0.6.25-11.el6.ppc.rpm avahi-qt3-0.6.25-11.el6.ppc64.rpm avahi-qt3-devel-0.6.25-11.el6.ppc.rpm avahi-qt3-devel-0.6.25-11.el6.ppc64.rpm avahi-qt4-0.6.25-11.el6.ppc.rpm avahi-qt4-0.6.25-11.el6.ppc64.rpm avahi-qt4-devel-0.6.25-11.el6.ppc.rpm avahi-qt4-devel-0.6.25-11.el6.ppc64.rpm avahi-ui-0.6.25-11.el6.ppc.rpm avahi-ui-devel-0.6.25-11.el6.ppc.rpm avahi-ui-devel-0.6.25-11.el6.ppc64.rpm avahi-ui-tools-0.6.25-11.el6.ppc64.rpm s390x: avahi-compat-howl-0.6.25-11.el6.s390.rpm avahi-compat-howl-0.6.25-11.el6.s390x.rpm avahi-compat-howl-devel-0.6.25-11.el6.s390.rpm avahi-compat-howl-devel-0.6.25-11.el6.s390x.rpm avahi-compat-libdns_sd-0.6.25-11.el6.s390.rpm avahi-compat-libdns_sd-0.6.25-11.el6.s390x.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.s390.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.s390x.rpm avahi-debuginfo-0.6.25-11.el6.s390.rpm avahi-debuginfo-0.6.25-11.el6.s390x.rpm avahi-devel-0.6.25-11.el6.s390.rpm avahi-devel-0.6.25-11.el6.s390x.rpm avahi-dnsconfd-0.6.25-11.el6.s390x.rpm avahi-glib-devel-0.6.25-11.el6.s390.rpm avahi-glib-devel-0.6.25-11.el6.s390x.rpm avahi-gobject-0.6.25-11.el6.s390.rpm avahi-gobject-devel-0.6.25-11.el6.s390.rpm avahi-gobject-devel-0.6.25-11.el6.s390x.rpm avahi-qt3-0.6.25-11.el6.s390.rpm avahi-qt3-0.6.25-11.el6.s390x.rpm avahi-qt3-devel-0.6.25-11.el6.s390.rpm avahi-qt3-devel-0.6.25-11.el6.s390x.rpm avahi-qt4-0.6.25-11.el6.s390.rpm avahi-qt4-0.6.25-11.el6.s390x.rpm avahi-qt4-devel-0.6.25-11.el6.s390.rpm avahi-qt4-devel-0.6.25-11.el6.s390x.rpm avahi-ui-0.6.25-11.el6.s390.rpm avahi-ui-devel-0.6.25-11.el6.s390.rpm avahi-ui-devel-0.6.25-11.el6.s390x.rpm avahi-ui-tools-0.6.25-11.el6.s390x.rpm x86_64: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-0.6.25-11.el6.x86_64.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.x86_64.rpm avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.x86_64.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.x86_64.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-tools-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-0.6.25-11.el6.i686.rpm avahi-autoipd-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-tools-0.6.25-11.el6.i686.rpm avahi-ui-0.6.25-11.el6.i686.rpm x86_64: avahi-0.6.25-11.el6.i686.rpm avahi-0.6.25-11.el6.x86_64.rpm avahi-autoipd-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-glib-0.6.25-11.el6.i686.rpm avahi-glib-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.x86_64.rpm avahi-libs-0.6.25-11.el6.i686.rpm avahi-libs-0.6.25-11.el6.x86_64.rpm avahi-tools-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/avahi-0.6.25-11.el6.src.rpm i386: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-dnsconfd-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-tools-0.6.25-11.el6.i686.rpm x86_64: avahi-compat-howl-0.6.25-11.el6.i686.rpm avahi-compat-howl-0.6.25-11.el6.x86_64.rpm avahi-compat-howl-devel-0.6.25-11.el6.i686.rpm avahi-compat-howl-devel-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-0.6.25-11.el6.x86_64.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.i686.rpm avahi-compat-libdns_sd-devel-0.6.25-11.el6.x86_64.rpm avahi-debuginfo-0.6.25-11.el6.i686.rpm avahi-debuginfo-0.6.25-11.el6.x86_64.rpm avahi-devel-0.6.25-11.el6.i686.rpm avahi-devel-0.6.25-11.el6.x86_64.rpm avahi-dnsconfd-0.6.25-11.el6.x86_64.rpm avahi-glib-devel-0.6.25-11.el6.i686.rpm avahi-glib-devel-0.6.25-11.el6.x86_64.rpm avahi-gobject-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.i686.rpm avahi-gobject-devel-0.6.25-11.el6.x86_64.rpm avahi-qt3-0.6.25-11.el6.i686.rpm avahi-qt3-0.6.25-11.el6.x86_64.rpm avahi-qt3-devel-0.6.25-11.el6.i686.rpm avahi-qt3-devel-0.6.25-11.el6.x86_64.rpm avahi-qt4-0.6.25-11.el6.i686.rpm avahi-qt4-0.6.25-11.el6.x86_64.rpm avahi-qt4-devel-0.6.25-11.el6.i686.rpm avahi-qt4-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.i686.rpm avahi-ui-devel-0.6.25-11.el6.x86_64.rpm avahi-ui-tools-0.6.25-11.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1002.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Q6mXlSAg2UNWIIRAg49AJ92b8pfd94npJLWQJPsOdscfl9hAwCeJ2FX L0YWgIMHNid3DSIXsAwkzYA= =i1+X -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 19 12:39:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 May 2011 12:39:02 +0000 Subject: [RHSA-2011:0791-01] Moderate: tomcat6 security and bug fix update Message-ID: <201105191239.p4JCd343013040@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2011:0791-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0791.html Issue date: 2011-05-19 CVE Names: CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 ===================================================================== 1. Summary: Updated tomcat6 packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) This update also fixes the following bugs: * A bug in the "tomcat6" init script prevented additional Tomcat instances from starting. As well, running "service tomcat6 start" caused configuration options applied from "/etc/sysconfig/tomcat6" to be overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update, multiple instances of Tomcat run as expected. (BZ#636997) * The "/usr/share/java/" directory was missing a symbolic link to the "/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was mandatory for certain operations (such as running the Jasper JSP precompiler), the "build-jar-repository" command was unable to compose a valid classpath. With this update, the missing symbolic link has been added. (BZ#661244) * Previously, the "tomcat6" init script failed to start Tomcat with a "This account is currently not available." message when Tomcat was configured to run under a user that did not have a valid shell configured as a login shell. This update modifies the init script to work correctly regardless of the daemon user's login shell. Additionally, these new tomcat6 packages now set "/sbin/nologin" as the login shell for the "tomcat" user upon installation, as recommended by deployment best practices. (BZ#678671) * Some standard Tomcat directories were missing write permissions for the "tomcat" group, which could cause certain applications to fail with errors such as "No output folder". This update adds write permissions for the "tomcat" group to the affected directories. (BZ#643809) * The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the "catalina.out" file, which may have caused problems (such as for logging init script output) if Tomcat was being run with a user other than "tomcat" and with CATALINA_BASE set to a directory other than the default. (BZ#695284, BZ#697504) * Stopping Tomcat could have resulted in traceback errors being logged to "catalina.out" when certain web applications were deployed. (BZ#698624) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 636997 - Additionally Created Instances of Tomcat are broken / don't work 643809 - Bad permissions on tomcat folders 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 661244 - Missing tomcat6-juli link in /usr/share/java 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 678671 - tomcat user requires login shell 695284 - catalina.out path hard-coded in /usr/sbin/tomcat6 697504 - tomcat6-6.0.wrapper redirects init script output to wrong place 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-6.0.24-33.el6.noarch.rpm tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-javadoc-6.0.24-33.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-lib-6.0.24-33.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm tomcat6-webapps-6.0.24-33.el6.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-6.0.24-33.el6.noarch.rpm tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-javadoc-6.0.24-33.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-lib-6.0.24-33.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm tomcat6-webapps-6.0.24-33.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-6.0.24-33.el6.noarch.rpm tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-lib-6.0.24-33.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm tomcat6-javadoc-6.0.24-33.el6.noarch.rpm tomcat6-webapps-6.0.24-33.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-6.0.24-33.el6.noarch.rpm tomcat6-el-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-33.el6.noarch.rpm tomcat6-lib-6.0.24-33.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-33.el6.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-33.el6.src.rpm noarch: tomcat6-admin-webapps-6.0.24-33.el6.noarch.rpm tomcat6-docs-webapp-6.0.24-33.el6.noarch.rpm tomcat6-javadoc-6.0.24-33.el6.noarch.rpm tomcat6-webapps-6.0.24-33.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3718.html https://www.redhat.com/security/data/cve/CVE-2010-4172.html https://www.redhat.com/security/data/cve/CVE-2011-0013.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Q8DXlSAg2UNWIIRAiAjAKCKpl/PFfVHVQW3duUk3RvEpSrxOgCfQOVY 4+vDaJH2BGgmbj70ZTb551A= =zxY+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:00:44 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:00:44 +0000 Subject: [RHSA-2011:0833-01] Important: kernel security and bug fix update Message-ID: <201105311500.p4VF0i6p025961@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:0833-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0833.html Issue date: 2011-05-31 CVE Names: CVE-2011-0726 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1163 CVE-2011-1166 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577 CVE-2011-1763 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate) * A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low) * A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) * A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z] 688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest() 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z] 689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z] 690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z] 690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z] 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z] 697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z] 699808 - dasd: fix race between open and offline [rhel-5.6.z] 701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm ia64: kernel-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm kernel-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-headers-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm ppc: kernel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-headers-2.6.18-238.12.1.el5.ppc.rpm kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm kernel-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-headers-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0726.html https://www.redhat.com/security/data/cve/CVE-2011-1078.html https://www.redhat.com/security/data/cve/CVE-2011-1079.html https://www.redhat.com/security/data/cve/CVE-2011-1080.html https://www.redhat.com/security/data/cve/CVE-2011-1093.html https://www.redhat.com/security/data/cve/CVE-2011-1163.html https://www.redhat.com/security/data/cve/CVE-2011-1166.html https://www.redhat.com/security/data/cve/CVE-2011-1170.html https://www.redhat.com/security/data/cve/CVE-2011-1171.html https://www.redhat.com/security/data/cve/CVE-2011-1172.html https://www.redhat.com/security/data/cve/CVE-2011-1494.html https://www.redhat.com/security/data/cve/CVE-2011-1495.html https://www.redhat.com/security/data/cve/CVE-2011-1577.html https://www.redhat.com/security/data/cve/CVE-2011-1763.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0833 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QJUXlSAg2UNWIIRAvvqAJoC95KwBDxXJEQIxkOxeZaJ2DmPZACeOcLj 8Kmo6h7EJObjmrcRZP0n6p8= =A5DX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:03:19 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:03:19 +0000 Subject: [RHSA-2011:0837-01] Moderate: gimp security update Message-ID: <201105311503.p4VF3JVw001403@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2011:0837-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0837.html Issue date: 2011-05-31 CVE Names: CVE-2009-1570 CVE-2010-4541 CVE-2010-4543 CVE-2011-1178 ===================================================================== 1. Summary: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially-crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4541) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin 689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gimp-2.0.5-7.0.7.el4.1.src.rpm i386: gimp-2.0.5-7.0.7.el4.1.i386.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.i386.rpm gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm ia64: gimp-2.0.5-7.0.7.el4.1.ia64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.ia64.rpm gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm ppc: gimp-2.0.5-7.0.7.el4.1.ppc.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.ppc.rpm gimp-devel-2.0.5-7.0.7.el4.1.ppc.rpm s390: gimp-2.0.5-7.0.7.el4.1.s390.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.s390.rpm gimp-devel-2.0.5-7.0.7.el4.1.s390.rpm s390x: gimp-2.0.5-7.0.7.el4.1.s390x.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.s390x.rpm gimp-devel-2.0.5-7.0.7.el4.1.s390x.rpm x86_64: gimp-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gimp-2.0.5-7.0.7.el4.1.src.rpm i386: gimp-2.0.5-7.0.7.el4.1.i386.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.i386.rpm gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm x86_64: gimp-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gimp-2.0.5-7.0.7.el4.1.src.rpm i386: gimp-2.0.5-7.0.7.el4.1.i386.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.i386.rpm gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm ia64: gimp-2.0.5-7.0.7.el4.1.ia64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.ia64.rpm gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm x86_64: gimp-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gimp-2.0.5-7.0.7.el4.1.src.rpm i386: gimp-2.0.5-7.0.7.el4.1.i386.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.i386.rpm gimp-devel-2.0.5-7.0.7.el4.1.i386.rpm ia64: gimp-2.0.5-7.0.7.el4.1.ia64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.ia64.rpm gimp-devel-2.0.5-7.0.7.el4.1.ia64.rpm x86_64: gimp-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-debuginfo-2.0.5-7.0.7.el4.1.x86_64.rpm gimp-devel-2.0.5-7.0.7.el4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-1570.html https://www.redhat.com/security/data/cve/CVE-2010-4541.html https://www.redhat.com/security/data/cve/CVE-2010-4543.html https://www.redhat.com/security/data/cve/CVE-2011-1178.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QMRXlSAg2UNWIIRAgkfAJ9G/1K/rzBhaOrBREFxx3Fbw0RlIQCgpnNH R1nJoGKX5iKtN//BokhOGAg= =e6ya -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:05:29 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:05:29 +0000 Subject: [RHSA-2011:0838-01] Moderate: gimp security update Message-ID: <201105311505.p4VF5T0w031455@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2011:0838-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0838.html Issue date: 2011-05-31 CVE Names: CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 ===================================================================== 1. Summary: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin 666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in 689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm i386: gimp-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm x86_64: gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm i386: gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm x86_64: gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm i386: gimp-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm ia64: gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm ppc: gimp-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.ppc64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ppc.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.ppc64.rpm s390x: gimp-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.s390x.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.s390.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.s390x.rpm x86_64: gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-1570.html https://www.redhat.com/security/data/cve/CVE-2010-4540.html https://www.redhat.com/security/data/cve/CVE-2010-4541.html https://www.redhat.com/security/data/cve/CVE-2010-4542.html https://www.redhat.com/security/data/cve/CVE-2010-4543.html https://www.redhat.com/security/data/cve/CVE-2011-1178.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QOSXlSAg2UNWIIRAnUBAJwNkWQUNNqRGrhzVzl3EmPXtFWeEgCgqTYL HbbrB7YVDo9kH+o2CbMMcOE= =DH9S -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:07:14 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:07:14 +0000 Subject: [RHSA-2011:0839-01] Moderate: gimp security update Message-ID: <201105311507.p4VF7Ew6007357@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2011:0839-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0839.html Issue date: 2011-05-31 CVE Names: CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 ===================================================================== 1. Summary: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-help-browser-2.6.9-4.el6_1.1.i686.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm x86_64: gimp-2.6.9-4.el6_1.1.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-help-browser-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-tools-2.6.9-4.el6_1.1.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-help-browser-2.6.9-4.el6_1.1.i686.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm ppc64: gimp-2.6.9-4.el6_1.1.ppc64.rpm gimp-debuginfo-2.6.9-4.el6_1.1.ppc64.rpm gimp-help-browser-2.6.9-4.el6_1.1.ppc64.rpm gimp-libs-2.6.9-4.el6_1.1.ppc64.rpm s390x: gimp-2.6.9-4.el6_1.1.s390x.rpm gimp-debuginfo-2.6.9-4.el6_1.1.s390x.rpm gimp-help-browser-2.6.9-4.el6_1.1.s390x.rpm gimp-libs-2.6.9-4.el6_1.1.s390x.rpm x86_64: gimp-2.6.9-4.el6_1.1.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-help-browser-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-tools-2.6.9-4.el6_1.1.i686.rpm ppc64: gimp-debuginfo-2.6.9-4.el6_1.1.ppc.rpm gimp-debuginfo-2.6.9-4.el6_1.1.ppc64.rpm gimp-devel-2.6.9-4.el6_1.1.ppc.rpm gimp-devel-2.6.9-4.el6_1.1.ppc64.rpm gimp-devel-tools-2.6.9-4.el6_1.1.ppc64.rpm gimp-libs-2.6.9-4.el6_1.1.ppc.rpm s390x: gimp-debuginfo-2.6.9-4.el6_1.1.s390.rpm gimp-debuginfo-2.6.9-4.el6_1.1.s390x.rpm gimp-devel-2.6.9-4.el6_1.1.s390.rpm gimp-devel-2.6.9-4.el6_1.1.s390x.rpm gimp-devel-tools-2.6.9-4.el6_1.1.s390x.rpm gimp-libs-2.6.9-4.el6_1.1.s390.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-help-browser-2.6.9-4.el6_1.1.i686.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm x86_64: gimp-2.6.9-4.el6_1.1.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-help-browser-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/gimp-2.6.9-4.el6_1.1.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-tools-2.6.9-4.el6_1.1.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_1.1.i686.rpm gimp-debuginfo-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-2.6.9-4.el6_1.1.i686.rpm gimp-devel-2.6.9-4.el6_1.1.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_1.1.x86_64.rpm gimp-libs-2.6.9-4.el6_1.1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4540.html https://www.redhat.com/security/data/cve/CVE-2010-4541.html https://www.redhat.com/security/data/cve/CVE-2010-4542.html https://www.redhat.com/security/data/cve/CVE-2010-4543.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QQGXlSAg2UNWIIRAjp3AJ9dBCQYo4uDaOMs0tLnucXmrPVvdgCgr278 MOP+3Y80EZcmFliNb5DIgv8= =eLWs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:09:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:09:25 +0000 Subject: [RHSA-2011:0840-01] Important: dhcp security update Message-ID: <201105311509.p4VF9PEM003900@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: dhcp security update Advisory ID: RHSA-2011:0840-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0840.html Issue date: 2011-05-31 CVE Names: CVE-2011-0997 ===================================================================== 1. Summary: Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: dhcp-3.0.1-10.3_EL3.src.rpm i386: dhclient-3.0.1-10.3_EL3.i386.rpm dhcp-3.0.1-10.3_EL3.i386.rpm dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm dhcp-devel-3.0.1-10.3_EL3.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: dhcp-3.0.1-10.3_EL3.src.rpm i386: dhclient-3.0.1-10.3_EL3.i386.rpm dhcp-3.0.1-10.3_EL3.i386.rpm dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm dhcp-devel-3.0.1-10.3_EL3.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0997.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QSLXlSAg2UNWIIRAsdVAJ9mkD7RcbzsYOkK8JnEQsRSeelYuwCeNmZd LdK24/RBkJXiFOiY5pI8Eig= =HTuE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:11:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:11:02 +0000 Subject: [RHSA-2011:0841-01] Moderate: systemtap security update Message-ID: <201105311511.p4VFB2Tf009126@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2011:0841-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0841.html Issue date: 2011-05-31 CVE Names: CVE-2011-1769 ===================================================================== 1. Summary: Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 702687 - CVE-2011-1769 systemtap: does not guard against DWARF operations div-by-zero errors, which can cause a kernel panic 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-1.3-4.el5_6.1.src.rpm i386: systemtap-1.3-4.el5_6.1.i386.rpm systemtap-client-1.3-4.el5_6.1.i386.rpm systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm systemtap-initscript-1.3-4.el5_6.1.i386.rpm systemtap-runtime-1.3-4.el5_6.1.i386.rpm systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm systemtap-server-1.3-4.el5_6.1.i386.rpm systemtap-testsuite-1.3-4.el5_6.1.i386.rpm x86_64: systemtap-1.3-4.el5_6.1.x86_64.rpm systemtap-client-1.3-4.el5_6.1.x86_64.rpm systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm systemtap-debuginfo-1.3-4.el5_6.1.x86_64.rpm systemtap-initscript-1.3-4.el5_6.1.x86_64.rpm systemtap-runtime-1.3-4.el5_6.1.x86_64.rpm systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm systemtap-sdt-devel-1.3-4.el5_6.1.x86_64.rpm systemtap-server-1.3-4.el5_6.1.x86_64.rpm systemtap-testsuite-1.3-4.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-1.3-4.el5_6.1.src.rpm i386: systemtap-1.3-4.el5_6.1.i386.rpm systemtap-client-1.3-4.el5_6.1.i386.rpm systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm systemtap-initscript-1.3-4.el5_6.1.i386.rpm systemtap-runtime-1.3-4.el5_6.1.i386.rpm systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm systemtap-server-1.3-4.el5_6.1.i386.rpm systemtap-testsuite-1.3-4.el5_6.1.i386.rpm ia64: systemtap-1.3-4.el5_6.1.ia64.rpm systemtap-client-1.3-4.el5_6.1.ia64.rpm systemtap-debuginfo-1.3-4.el5_6.1.ia64.rpm systemtap-initscript-1.3-4.el5_6.1.ia64.rpm systemtap-runtime-1.3-4.el5_6.1.ia64.rpm systemtap-sdt-devel-1.3-4.el5_6.1.ia64.rpm systemtap-server-1.3-4.el5_6.1.ia64.rpm systemtap-testsuite-1.3-4.el5_6.1.ia64.rpm ppc: systemtap-1.3-4.el5_6.1.ppc64.rpm systemtap-client-1.3-4.el5_6.1.ppc64.rpm systemtap-debuginfo-1.3-4.el5_6.1.ppc64.rpm systemtap-initscript-1.3-4.el5_6.1.ppc64.rpm systemtap-runtime-1.3-4.el5_6.1.ppc64.rpm systemtap-sdt-devel-1.3-4.el5_6.1.ppc64.rpm systemtap-server-1.3-4.el5_6.1.ppc64.rpm systemtap-testsuite-1.3-4.el5_6.1.ppc64.rpm s390x: systemtap-1.3-4.el5_6.1.s390x.rpm systemtap-client-1.3-4.el5_6.1.s390x.rpm systemtap-debuginfo-1.3-4.el5_6.1.s390.rpm systemtap-debuginfo-1.3-4.el5_6.1.s390x.rpm systemtap-initscript-1.3-4.el5_6.1.s390x.rpm systemtap-runtime-1.3-4.el5_6.1.s390x.rpm systemtap-sdt-devel-1.3-4.el5_6.1.s390.rpm systemtap-sdt-devel-1.3-4.el5_6.1.s390x.rpm systemtap-server-1.3-4.el5_6.1.s390x.rpm systemtap-testsuite-1.3-4.el5_6.1.s390x.rpm x86_64: systemtap-1.3-4.el5_6.1.x86_64.rpm systemtap-client-1.3-4.el5_6.1.x86_64.rpm systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm systemtap-debuginfo-1.3-4.el5_6.1.x86_64.rpm systemtap-initscript-1.3-4.el5_6.1.x86_64.rpm systemtap-runtime-1.3-4.el5_6.1.x86_64.rpm systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm systemtap-sdt-devel-1.3-4.el5_6.1.x86_64.rpm systemtap-server-1.3-4.el5_6.1.x86_64.rpm systemtap-testsuite-1.3-4.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1769.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QTtXlSAg2UNWIIRAow7AKCJQ0kYCABiNtS72tk2KuqKaH101wCfb69P F5OiGWsw7APEwD4chNcmKmM= =hpe1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:12:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:12:38 +0000 Subject: [RHSA-2011:0842-01] Moderate: systemtap security update Message-ID: <201105311512.p4VFCcqa002135@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2011:0842-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0842.html Issue date: 2011-05-31 CVE Names: CVE-2011-1769 CVE-2011-1781 ===================================================================== 1. Summary: Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769, CVE-2011-1781) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 702687 - CVE-2011-1769 systemtap: does not guard against DWARF operations div-by-zero errors, which can cause a kernel panic 703972 - CVE-2011-1781 systemtap: divide by zero stack unwinding flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-1.4-6.el6_1.1.i686.rpm systemtap-client-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-grapher-1.4-6.el6_1.1.i686.rpm systemtap-initscript-1.4-6.el6_1.1.i686.rpm systemtap-runtime-1.4-6.el6_1.1.i686.rpm x86_64: systemtap-1.4-6.el6_1.1.x86_64.rpm systemtap-client-1.4-6.el6_1.1.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-server-1.4-6.el6_1.1.i686.rpm systemtap-testsuite-1.4-6.el6_1.1.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm systemtap-server-1.4-6.el6_1.1.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm x86_64: systemtap-1.4-6.el6_1.1.x86_64.rpm systemtap-client-1.4-6.el6_1.1.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm systemtap-server-1.4-6.el6_1.1.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-1.4-6.el6_1.1.i686.rpm systemtap-client-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-grapher-1.4-6.el6_1.1.i686.rpm systemtap-initscript-1.4-6.el6_1.1.i686.rpm systemtap-runtime-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-server-1.4-6.el6_1.1.i686.rpm ppc64: systemtap-1.4-6.el6_1.1.ppc64.rpm systemtap-client-1.4-6.el6_1.1.ppc64.rpm systemtap-debuginfo-1.4-6.el6_1.1.ppc.rpm systemtap-debuginfo-1.4-6.el6_1.1.ppc64.rpm systemtap-grapher-1.4-6.el6_1.1.ppc64.rpm systemtap-initscript-1.4-6.el6_1.1.ppc64.rpm systemtap-runtime-1.4-6.el6_1.1.ppc64.rpm systemtap-sdt-devel-1.4-6.el6_1.1.ppc.rpm systemtap-sdt-devel-1.4-6.el6_1.1.ppc64.rpm systemtap-server-1.4-6.el6_1.1.ppc64.rpm s390x: systemtap-1.4-6.el6_1.1.s390x.rpm systemtap-client-1.4-6.el6_1.1.s390x.rpm systemtap-debuginfo-1.4-6.el6_1.1.s390.rpm systemtap-debuginfo-1.4-6.el6_1.1.s390x.rpm systemtap-grapher-1.4-6.el6_1.1.s390x.rpm systemtap-initscript-1.4-6.el6_1.1.s390x.rpm systemtap-runtime-1.4-6.el6_1.1.s390x.rpm systemtap-sdt-devel-1.4-6.el6_1.1.s390.rpm systemtap-sdt-devel-1.4-6.el6_1.1.s390x.rpm systemtap-server-1.4-6.el6_1.1.s390x.rpm x86_64: systemtap-1.4-6.el6_1.1.x86_64.rpm systemtap-client-1.4-6.el6_1.1.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm systemtap-server-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-testsuite-1.4-6.el6_1.1.i686.rpm ppc64: systemtap-debuginfo-1.4-6.el6_1.1.ppc64.rpm systemtap-testsuite-1.4-6.el6_1.1.ppc64.rpm s390x: systemtap-debuginfo-1.4-6.el6_1.1.s390x.rpm systemtap-testsuite-1.4-6.el6_1.1.s390x.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-1.4-6.el6_1.1.i686.rpm systemtap-client-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-grapher-1.4-6.el6_1.1.i686.rpm systemtap-initscript-1.4-6.el6_1.1.i686.rpm systemtap-runtime-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-server-1.4-6.el6_1.1.i686.rpm x86_64: systemtap-1.4-6.el6_1.1.x86_64.rpm systemtap-client-1.4-6.el6_1.1.x86_64.rpm systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm systemtap-server-1.4-6.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm i386: systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm systemtap-testsuite-1.4-6.el6_1.1.i686.rpm x86_64: systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1769.html https://www.redhat.com/security/data/cve/CVE-2011-1781.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5QVOXlSAg2UNWIIRAphQAKCzt6QWHFBI54Y0aKHSP7Ku+AHkYACfQlmF vvvQUwPHFYX1QeI7OPNHVxI= =kcX4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:57:09 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:57:09 +0000 Subject: [RHSA-2011:0843-01] Moderate: postfix security update Message-ID: <201105311557.p4VFv99g025389@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postfix security update Advisory ID: RHSA-2011:0843-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0843.html Issue date: 2011-05-31 CVE Names: CVE-2011-1720 ===================================================================== 1. Summary: Updated postfix packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. (CVE-2011-1720) Note: Cyrus SASL authentication for Postfix is not enabled by default. Red Hat would like to thank the CERT/CC for reporting this issue. Upstream acknowledges Thomas Jarosch of Intra2net AG as the original reporter. Users of Postfix are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the postfix service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 699035 - CVE-2011-1720 postfix (smtpd): Crash due to improper management of SASL handlers for SMTP sessions 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm i386: postfix-2.2.10-1.5.el4.i386.rpm postfix-debuginfo-2.2.10-1.5.el4.i386.rpm postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm ia64: postfix-2.2.10-1.5.el4.ia64.rpm postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm ppc: postfix-2.2.10-1.5.el4.ppc.rpm postfix-debuginfo-2.2.10-1.5.el4.ppc.rpm postfix-pflogsumm-2.2.10-1.5.el4.ppc.rpm s390: postfix-2.2.10-1.5.el4.s390.rpm postfix-debuginfo-2.2.10-1.5.el4.s390.rpm postfix-pflogsumm-2.2.10-1.5.el4.s390.rpm s390x: postfix-2.2.10-1.5.el4.s390x.rpm postfix-debuginfo-2.2.10-1.5.el4.s390x.rpm postfix-pflogsumm-2.2.10-1.5.el4.s390x.rpm x86_64: postfix-2.2.10-1.5.el4.x86_64.rpm postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm i386: postfix-2.2.10-1.5.el4.i386.rpm postfix-debuginfo-2.2.10-1.5.el4.i386.rpm postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm x86_64: postfix-2.2.10-1.5.el4.x86_64.rpm postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm i386: postfix-2.2.10-1.5.el4.i386.rpm postfix-debuginfo-2.2.10-1.5.el4.i386.rpm postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm ia64: postfix-2.2.10-1.5.el4.ia64.rpm postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm x86_64: postfix-2.2.10-1.5.el4.x86_64.rpm postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm i386: postfix-2.2.10-1.5.el4.i386.rpm postfix-debuginfo-2.2.10-1.5.el4.i386.rpm postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm ia64: postfix-2.2.10-1.5.el4.ia64.rpm postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm x86_64: postfix-2.2.10-1.5.el4.x86_64.rpm postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postfix-2.3.3-2.3.el5_6.src.rpm i386: postfix-2.3.3-2.3.el5_6.i386.rpm postfix-debuginfo-2.3.3-2.3.el5_6.i386.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.i386.rpm x86_64: postfix-2.3.3-2.3.el5_6.x86_64.rpm postfix-debuginfo-2.3.3-2.3.el5_6.x86_64.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postfix-2.3.3-2.3.el5_6.src.rpm i386: postfix-2.3.3-2.3.el5_6.i386.rpm postfix-debuginfo-2.3.3-2.3.el5_6.i386.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.i386.rpm ia64: postfix-2.3.3-2.3.el5_6.ia64.rpm postfix-debuginfo-2.3.3-2.3.el5_6.ia64.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.ia64.rpm ppc: postfix-2.3.3-2.3.el5_6.ppc.rpm postfix-debuginfo-2.3.3-2.3.el5_6.ppc.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.ppc.rpm s390x: postfix-2.3.3-2.3.el5_6.s390x.rpm postfix-debuginfo-2.3.3-2.3.el5_6.s390x.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.s390x.rpm x86_64: postfix-2.3.3-2.3.el5_6.x86_64.rpm postfix-debuginfo-2.3.3-2.3.el5_6.x86_64.rpm postfix-pflogsumm-2.3.3-2.3.el5_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-2.6.6-2.2.el6_1.i686.rpm postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm x86_64: postfix-2.6.6-2.2.el6_1.x86_64.rpm postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm x86_64: postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm x86_64: postfix-2.6.6-2.2.el6_1.x86_64.rpm postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm x86_64: postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-2.6.6-2.2.el6_1.i686.rpm postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm ppc64: postfix-2.6.6-2.2.el6_1.ppc64.rpm postfix-debuginfo-2.6.6-2.2.el6_1.ppc64.rpm s390x: postfix-2.6.6-2.2.el6_1.s390x.rpm postfix-debuginfo-2.6.6-2.2.el6_1.s390x.rpm x86_64: postfix-2.6.6-2.2.el6_1.x86_64.rpm postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm ppc64: postfix-debuginfo-2.6.6-2.2.el6_1.ppc64.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.ppc64.rpm s390x: postfix-debuginfo-2.6.6-2.2.el6_1.s390x.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.s390x.rpm x86_64: postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-2.6.6-2.2.el6_1.i686.rpm postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm x86_64: postfix-2.6.6-2.2.el6_1.x86_64.rpm postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm i386: postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm x86_64: postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1720.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5Q+zXlSAg2UNWIIRAnNJAJ9+kzFv8T5mFcOL0cP6TOKtt5A/rQCgn9WN fXvwjl2pb9anlkEY59xkzUI= =OfHv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 15:59:03 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 15:59:03 +0000 Subject: [RHSA-2011:0844-01] Low: apr security update Message-ID: <201105311559.p4VFx36g020003@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: apr security update Advisory ID: RHSA-2011:0844-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0844.html Issue date: 2011-05-31 CVE Names: CVE-2011-1928 ===================================================================== 1. Summary: Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706203 - CVE-2011-1928 apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm ppc: apr-0.9.4-26.el4.ppc.rpm apr-0.9.4-26.el4.ppc64.rpm apr-debuginfo-0.9.4-26.el4.ppc.rpm apr-debuginfo-0.9.4-26.el4.ppc64.rpm apr-devel-0.9.4-26.el4.ppc.rpm s390: apr-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-devel-0.9.4-26.el4.s390.rpm s390x: apr-0.9.4-26.el4.s390.rpm apr-0.9.4-26.el4.s390x.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390x.rpm apr-devel-0.9.4-26.el4.s390x.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm ia64: apr-1.2.7-11.el5_6.5.ia64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ia64.rpm apr-devel-1.2.7-11.el5_6.5.ia64.rpm apr-docs-1.2.7-11.el5_6.5.ia64.rpm ppc: apr-1.2.7-11.el5_6.5.ppc.rpm apr-1.2.7-11.el5_6.5.ppc64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc64.rpm apr-devel-1.2.7-11.el5_6.5.ppc.rpm apr-devel-1.2.7-11.el5_6.5.ppc64.rpm apr-docs-1.2.7-11.el5_6.5.ppc.rpm s390x: apr-1.2.7-11.el5_6.5.s390.rpm apr-1.2.7-11.el5_6.5.s390x.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390x.rpm apr-devel-1.2.7-11.el5_6.5.s390.rpm apr-devel-1.2.7-11.el5_6.5.s390x.rpm apr-docs-1.2.7-11.el5_6.5.s390x.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm ppc64: apr-1.3.9-3.el6_1.2.ppc.rpm apr-1.3.9-3.el6_1.2.ppc64.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc64.rpm apr-devel-1.3.9-3.el6_1.2.ppc.rpm apr-devel-1.3.9-3.el6_1.2.ppc64.rpm s390x: apr-1.3.9-3.el6_1.2.s390.rpm apr-1.3.9-3.el6_1.2.s390x.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390x.rpm apr-devel-1.3.9-3.el6_1.2.s390.rpm apr-devel-1.3.9-3.el6_1.2.s390x.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1928.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHSA-2011-0507.html 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5RAiXlSAg2UNWIIRAuwdAJ9vddMlxPWoOqzsNz37JmvVmqSKfgCfchI5 R4u+hsr+KDZ1nnC2K8wCJ9c= =e0/T -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 31 16:01:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 May 2011 16:01:16 +0000 Subject: [RHSA-2011:0845-01] Important: bind security update Message-ID: <201105311601.p4VG1GEg027690@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2011:0845-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0845.html Issue date: 2011-05-31 CVE Names: CVE-2011-1910 ===================================================================== 1. Summary: Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large resource record sets (RRSets). An attacker able to send recursive queries to a BIND server that is configured as a caching resolver could use this flaw to cause named to exit with an assertion failure. (CVE-2011-1910) All BIND users are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 708301 - CVE-2011-1910 bind: Large RRSIG RRsets and Negative Caching can crash named 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.2.src.rpm i386: bind97-9.7.0-6.P2.el5_6.2.i386.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm x86_64: bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.2.src.rpm i386: bind97-9.7.0-6.P2.el5_6.2.i386.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm ia64: bind97-9.7.0-6.P2.el5_6.2.ia64.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.ia64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.ia64.rpm bind97-devel-9.7.0-6.P2.el5_6.2.ia64.rpm bind97-libs-9.7.0-6.P2.el5_6.2.ia64.rpm bind97-utils-9.7.0-6.P2.el5_6.2.ia64.rpm ppc: bind97-9.7.0-6.P2.el5_6.2.ppc.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.ppc64.rpm bind97-devel-9.7.0-6.P2.el5_6.2.ppc.rpm bind97-devel-9.7.0-6.P2.el5_6.2.ppc64.rpm bind97-libs-9.7.0-6.P2.el5_6.2.ppc.rpm bind97-libs-9.7.0-6.P2.el5_6.2.ppc64.rpm bind97-utils-9.7.0-6.P2.el5_6.2.ppc.rpm s390x: bind97-9.7.0-6.P2.el5_6.2.s390x.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.s390x.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.s390.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.s390x.rpm bind97-devel-9.7.0-6.P2.el5_6.2.s390.rpm bind97-devel-9.7.0-6.P2.el5_6.2.s390x.rpm bind97-libs-9.7.0-6.P2.el5_6.2.s390.rpm bind97-libs-9.7.0-6.P2.el5_6.2.s390x.rpm bind97-utils-9.7.0-6.P2.el5_6.2.s390x.rpm x86_64: bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-9.7.3-2.el6_1.P1.1.i686.rpm bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm x86_64: bind-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm x86_64: bind-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-9.7.3-2.el6_1.P1.1.i686.rpm bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm ppc64: bind-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-chroot-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-libs-9.7.3-2.el6_1.P1.1.ppc.rpm bind-libs-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-utils-9.7.3-2.el6_1.P1.1.ppc64.rpm s390x: bind-9.7.3-2.el6_1.P1.1.s390x.rpm bind-chroot-9.7.3-2.el6_1.P1.1.s390x.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.s390x.rpm bind-libs-9.7.3-2.el6_1.P1.1.s390.rpm bind-libs-9.7.3-2.el6_1.P1.1.s390x.rpm bind-utils-9.7.3-2.el6_1.P1.1.s390x.rpm x86_64: bind-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm ppc64: bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-devel-9.7.3-2.el6_1.P1.1.ppc.rpm bind-devel-9.7.3-2.el6_1.P1.1.ppc64.rpm bind-sdb-9.7.3-2.el6_1.P1.1.ppc64.rpm s390x: bind-debuginfo-9.7.3-2.el6_1.P1.1.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.s390x.rpm bind-devel-9.7.3-2.el6_1.P1.1.s390.rpm bind-devel-9.7.3-2.el6_1.P1.1.s390x.rpm bind-sdb-9.7.3-2.el6_1.P1.1.s390x.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-9.7.3-2.el6_1.P1.1.i686.rpm bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm x86_64: bind-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1910.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2011-1910 8. Contact: The Red Hat security contact is <secalert at redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5RCZXlSAg2UNWIIRAvoLAKC+9choNmu+8nZInSGtrEqV/+ySzQCfSZTi Q+s+7Ug0QCibDgxeg6dukwU= =zHY+ -----END PGP SIGNATURE-----