From bugzilla at redhat.com Tue Nov 1 17:20:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2011 17:20:47 +0000 Subject: [RHSA-2011:1418-01] Moderate: kernel security update Message-ID: <201111011720.pA1HKlxt030233@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security update Advisory ID: RHSA-2011:1418-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1418.html Issue date: 2011-11-01 CVE Names: CVE-2011-3209 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP (symmetric multiprocessing) systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service. (CVE-2011-3209, Moderate) Red Hat would like to thank Yasuaki Ishimatsu for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 732878 - CVE-2011-3209 kernel: panic occurs when clock_gettime() is called 6. Package List: Red Hat Enterprise Linux (v. 5.3.LL server): Source: kernel-2.6.18-128.36.1.el5.src.rpm i386: kernel-2.6.18-128.36.1.el5.i686.rpm kernel-PAE-2.6.18-128.36.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.36.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.36.1.el5.i686.rpm kernel-debug-2.6.18-128.36.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.36.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.36.1.el5.i686.rpm kernel-debuginfo-2.6.18-128.36.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.36.1.el5.i686.rpm kernel-devel-2.6.18-128.36.1.el5.i686.rpm kernel-headers-2.6.18-128.36.1.el5.i386.rpm kernel-xen-2.6.18-128.36.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.36.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.36.1.el5.i686.rpm ia64: kernel-2.6.18-128.36.1.el5.ia64.rpm kernel-debug-2.6.18-128.36.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.36.1.el5.ia64.rpm kernel-debug-devel-2.6.18-128.36.1.el5.ia64.rpm kernel-debuginfo-2.6.18-128.36.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.36.1.el5.ia64.rpm kernel-devel-2.6.18-128.36.1.el5.ia64.rpm kernel-headers-2.6.18-128.36.1.el5.ia64.rpm kernel-xen-2.6.18-128.36.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.36.1.el5.ia64.rpm kernel-xen-devel-2.6.18-128.36.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.36.1.el5.noarch.rpm x86_64: kernel-2.6.18-128.36.1.el5.x86_64.rpm kernel-debug-2.6.18-128.36.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.36.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.36.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.36.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.36.1.el5.x86_64.rpm kernel-devel-2.6.18-128.36.1.el5.x86_64.rpm kernel-headers-2.6.18-128.36.1.el5.x86_64.rpm kernel-xen-2.6.18-128.36.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.36.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.36.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3209.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOsCpgXlSAg2UNWIIRAjqfAKCFLNS+D4RanS+sMSVGpoQNlprSigCglTrM 5ntsUBop9d4EYVNsB3p6hsw= =GNeV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 1 17:21:09 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Nov 2011 17:21:09 +0000 Subject: [RHSA-2011:1419-01] Moderate: kernel security and bug fix update Message-ID: <201111011721.pA1HL9wB002806@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2011:1419-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1419.html Issue date: 2011-11-01 CVE Names: CVE-2011-3188 CVE-2011-3209 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and four bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.6.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP (symmetric multiprocessing) systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service. (CVE-2011-3209, Moderate) Red Hat would like to thank Dan Kaminsky for reporting CVE-2011-3188, and Yasuaki Ishimatsu for reporting CVE-2011-3209. In addition, this update fixes the following bugs: * When the Global File System 2 (GFS2) file system is suspended, its delete work queue is also suspended, along with any pending work on the queue. Prior to this update, if GFS2's transaction lock was demoted while the delete work queue was suspended, a deadlock could occur on the file system because the file system tried to flush the work queue in the lock demotion code. With this update, the delete work queue is no longer flushed by the lock demotion code, and a deadlock no longer occurs. Instead, the work queue is flushed by the unmount operation, so that pending work is properly completed. (BZ#733678) * A previously applied patch introduced a regression for third-party file systems that do not set the FS_HAS_IODONE2 flag, specifically, Oracle Cluster File System 2 (OCFS2). The patch removed a call to the aio_complete function, resulting in no completion events being processed, causing user-space applications to become unresponsive. This update reintroduces the aio_complete function call, fixing this issue. (BZ#734156) * Certain devices support multiple operation modes. For example, EMC CLARiiON disk arrays support ALUA mode and their own vendor specific mode for failover. In Red Hat Enterprise Linux 5.5, a bug was discovered that prevented tools such as multipath from being able to select the device/hardware handler plug-in to use. This resulted in the application (for example, multipath) not working properly. With this update, the kernel has been modified to allow applications to select the device/hardware handler to use, thus resolving this issue. (BZ#739900) * This update improves the performance of delete/unlink operations in a GFS2 file system with large files by adding a layer of metadata read-ahead for indirect blocks. (BZ#743805) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 732658 - CVE-2011-3188 kernel: net: improve sequence number generation 732878 - CVE-2011-3209 kernel: panic occurs when clock_gettime() is called 733678 - GFS2: recovery stuck on transaction lock [rhel-5.6.z] 739900 - scsi_dh_emc gives "error attaching hardware handler" for EMC active-active SANs [rhel-5.6.z] 6. Package List: Red Hat Enterprise Linux (v. 5.6.z server): Source: kernel-2.6.18-238.28.1.el5.src.rpm i386: kernel-2.6.18-238.28.1.el5.i686.rpm kernel-PAE-2.6.18-238.28.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.28.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.28.1.el5.i686.rpm kernel-debug-2.6.18-238.28.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.28.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.28.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.28.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.28.1.el5.i686.rpm kernel-devel-2.6.18-238.28.1.el5.i686.rpm kernel-headers-2.6.18-238.28.1.el5.i386.rpm kernel-xen-2.6.18-238.28.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.28.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.28.1.el5.i686.rpm ia64: kernel-2.6.18-238.28.1.el5.ia64.rpm kernel-debug-2.6.18-238.28.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.28.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.28.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.28.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.28.1.el5.ia64.rpm kernel-devel-2.6.18-238.28.1.el5.ia64.rpm kernel-headers-2.6.18-238.28.1.el5.ia64.rpm kernel-xen-2.6.18-238.28.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.28.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.28.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.28.1.el5.noarch.rpm ppc: kernel-2.6.18-238.28.1.el5.ppc64.rpm kernel-debug-2.6.18-238.28.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.28.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.28.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.28.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.28.1.el5.ppc64.rpm kernel-devel-2.6.18-238.28.1.el5.ppc64.rpm kernel-headers-2.6.18-238.28.1.el5.ppc.rpm kernel-headers-2.6.18-238.28.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.28.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.28.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.28.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.28.1.el5.s390x.rpm kernel-debug-2.6.18-238.28.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.28.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.28.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.28.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.28.1.el5.s390x.rpm kernel-devel-2.6.18-238.28.1.el5.s390x.rpm kernel-headers-2.6.18-238.28.1.el5.s390x.rpm kernel-kdump-2.6.18-238.28.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.28.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.28.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.28.1.el5.x86_64.rpm kernel-debug-2.6.18-238.28.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.28.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.28.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.28.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.28.1.el5.x86_64.rpm kernel-devel-2.6.18-238.28.1.el5.x86_64.rpm kernel-headers-2.6.18-238.28.1.el5.x86_64.rpm kernel-xen-2.6.18-238.28.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.28.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.28.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3188.html https://www.redhat.com/security/data/cve/CVE-2011-3209.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOsCp6XlSAg2UNWIIRAqjtAKC+6itwqo7i/nD2TiB5jAoly0MGowCfU9EU LGpVFEpzls46GkvOInRcpSo= =qH8Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 22:31:27 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2011 22:31:27 +0000 Subject: [RHSA-2011:1422-01] Moderate: openswan security update Message-ID: <201111022231.pA2MVRFI031240@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openswan security update Advisory ID: RHSA-2011:1422-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1422.html Issue date: 2011-11-02 CVE Names: CVE-2011-4073 ===================================================================== 1. Summary: Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6. (CVE-2011-4073) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 748961 - CVE-2011-4073 openswan: use-after-free vulnerability leads to DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.21-5.el5_7.6.src.rpm i386: openswan-2.6.21-5.el5_7.6.i386.rpm openswan-debuginfo-2.6.21-5.el5_7.6.i386.rpm openswan-doc-2.6.21-5.el5_7.6.i386.rpm x86_64: openswan-2.6.21-5.el5_7.6.x86_64.rpm openswan-debuginfo-2.6.21-5.el5_7.6.x86_64.rpm openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.21-5.el5_7.6.src.rpm i386: openswan-2.6.21-5.el5_7.6.i386.rpm openswan-debuginfo-2.6.21-5.el5_7.6.i386.rpm openswan-doc-2.6.21-5.el5_7.6.i386.rpm ia64: openswan-2.6.21-5.el5_7.6.ia64.rpm openswan-debuginfo-2.6.21-5.el5_7.6.ia64.rpm openswan-doc-2.6.21-5.el5_7.6.ia64.rpm ppc: openswan-2.6.21-5.el5_7.6.ppc.rpm openswan-debuginfo-2.6.21-5.el5_7.6.ppc.rpm openswan-doc-2.6.21-5.el5_7.6.ppc.rpm s390x: openswan-2.6.21-5.el5_7.6.s390x.rpm openswan-debuginfo-2.6.21-5.el5_7.6.s390x.rpm openswan-doc-2.6.21-5.el5_7.6.s390x.rpm x86_64: openswan-2.6.21-5.el5_7.6.x86_64.rpm openswan-debuginfo-2.6.21-5.el5_7.6.x86_64.rpm openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-2.6.32-4.el6_1.4.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm x86_64: openswan-2.6.32-4.el6_1.4.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm openswan-doc-2.6.32-4.el6_1.4.i686.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-2.6.32-4.el6_1.4.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm ppc64: openswan-2.6.32-4.el6_1.4.ppc64.rpm openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm s390x: openswan-2.6.32-4.el6_1.4.s390x.rpm openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm x86_64: openswan-2.6.32-4.el6_1.4.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm openswan-doc-2.6.32-4.el6_1.4.i686.rpm ppc64: openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm openswan-doc-2.6.32-4.el6_1.4.ppc64.rpm s390x: openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm openswan-doc-2.6.32-4.el6_1.4.s390x.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-2.6.32-4.el6_1.4.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm x86_64: openswan-2.6.32-4.el6_1.4.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-4.el6_1.4.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm openswan-doc-2.6.32-4.el6_1.4.i686.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4073.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOscSkXlSAg2UNWIIRAk+MAKCAnXN7x9EfSpbysZGf8txPzXDRswCfXl3R yJlAbwI4reBvE/Jb/DTRKq8= =4o9v -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 22:32:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2011 22:32:38 +0000 Subject: [RHSA-2011:1423-01] Moderate: php53 and php security update Message-ID: <201111022232.pA2MWdC1024223@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 and php security update Advisory ID: RHSA-2011:1423-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1423.html Issue date: 2011-11-02 CVE Names: CVE-2011-0708 CVE-2011-1148 CVE-2011-1466 CVE-2011-1468 CVE-2011-1469 CVE-2011-1471 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 ===================================================================== 1. Summary: Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream "CRYPT_BLOWFISH security fix details" document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially-crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680972 - CVE-2011-0708 php: buffer over-read in Exif extension 688958 - CVE-2011-1148 php: use-after-free vulnerability in substr_replace() 689386 - CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar 690899 - CVE-2011-1468 php: Multiple memory leaks in the OpenSSL extension 690905 - CVE-2011-1469 php: DoS when using HTTP proxy with the FTP wrapper 690915 - CVE-2011-1471 php: DoS (excessive CPU consumption) by processing certain Zip archive files 709067 - CVE-2011-1938 php: stack-based buffer overflow in socket_connect() 713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename 715025 - CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-1.el5_7.3.src.rpm i386: php53-5.3.3-1.el5_7.3.i386.rpm php53-bcmath-5.3.3-1.el5_7.3.i386.rpm php53-cli-5.3.3-1.el5_7.3.i386.rpm php53-common-5.3.3-1.el5_7.3.i386.rpm php53-dba-5.3.3-1.el5_7.3.i386.rpm php53-debuginfo-5.3.3-1.el5_7.3.i386.rpm php53-devel-5.3.3-1.el5_7.3.i386.rpm php53-gd-5.3.3-1.el5_7.3.i386.rpm php53-imap-5.3.3-1.el5_7.3.i386.rpm php53-intl-5.3.3-1.el5_7.3.i386.rpm php53-ldap-5.3.3-1.el5_7.3.i386.rpm php53-mbstring-5.3.3-1.el5_7.3.i386.rpm php53-mysql-5.3.3-1.el5_7.3.i386.rpm php53-odbc-5.3.3-1.el5_7.3.i386.rpm php53-pdo-5.3.3-1.el5_7.3.i386.rpm php53-pgsql-5.3.3-1.el5_7.3.i386.rpm php53-process-5.3.3-1.el5_7.3.i386.rpm php53-pspell-5.3.3-1.el5_7.3.i386.rpm php53-snmp-5.3.3-1.el5_7.3.i386.rpm php53-soap-5.3.3-1.el5_7.3.i386.rpm php53-xml-5.3.3-1.el5_7.3.i386.rpm php53-xmlrpc-5.3.3-1.el5_7.3.i386.rpm x86_64: php53-5.3.3-1.el5_7.3.x86_64.rpm php53-bcmath-5.3.3-1.el5_7.3.x86_64.rpm php53-cli-5.3.3-1.el5_7.3.x86_64.rpm php53-common-5.3.3-1.el5_7.3.x86_64.rpm php53-dba-5.3.3-1.el5_7.3.x86_64.rpm php53-debuginfo-5.3.3-1.el5_7.3.x86_64.rpm php53-devel-5.3.3-1.el5_7.3.x86_64.rpm php53-gd-5.3.3-1.el5_7.3.x86_64.rpm php53-imap-5.3.3-1.el5_7.3.x86_64.rpm php53-intl-5.3.3-1.el5_7.3.x86_64.rpm php53-ldap-5.3.3-1.el5_7.3.x86_64.rpm php53-mbstring-5.3.3-1.el5_7.3.x86_64.rpm php53-mysql-5.3.3-1.el5_7.3.x86_64.rpm php53-odbc-5.3.3-1.el5_7.3.x86_64.rpm php53-pdo-5.3.3-1.el5_7.3.x86_64.rpm php53-pgsql-5.3.3-1.el5_7.3.x86_64.rpm php53-process-5.3.3-1.el5_7.3.x86_64.rpm php53-pspell-5.3.3-1.el5_7.3.x86_64.rpm php53-snmp-5.3.3-1.el5_7.3.x86_64.rpm php53-soap-5.3.3-1.el5_7.3.x86_64.rpm php53-xml-5.3.3-1.el5_7.3.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_7.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-1.el5_7.3.src.rpm i386: php53-5.3.3-1.el5_7.3.i386.rpm php53-bcmath-5.3.3-1.el5_7.3.i386.rpm php53-cli-5.3.3-1.el5_7.3.i386.rpm php53-common-5.3.3-1.el5_7.3.i386.rpm php53-dba-5.3.3-1.el5_7.3.i386.rpm php53-debuginfo-5.3.3-1.el5_7.3.i386.rpm php53-devel-5.3.3-1.el5_7.3.i386.rpm php53-gd-5.3.3-1.el5_7.3.i386.rpm php53-imap-5.3.3-1.el5_7.3.i386.rpm php53-intl-5.3.3-1.el5_7.3.i386.rpm php53-ldap-5.3.3-1.el5_7.3.i386.rpm php53-mbstring-5.3.3-1.el5_7.3.i386.rpm php53-mysql-5.3.3-1.el5_7.3.i386.rpm php53-odbc-5.3.3-1.el5_7.3.i386.rpm php53-pdo-5.3.3-1.el5_7.3.i386.rpm php53-pgsql-5.3.3-1.el5_7.3.i386.rpm php53-process-5.3.3-1.el5_7.3.i386.rpm php53-pspell-5.3.3-1.el5_7.3.i386.rpm php53-snmp-5.3.3-1.el5_7.3.i386.rpm php53-soap-5.3.3-1.el5_7.3.i386.rpm php53-xml-5.3.3-1.el5_7.3.i386.rpm php53-xmlrpc-5.3.3-1.el5_7.3.i386.rpm ia64: php53-5.3.3-1.el5_7.3.ia64.rpm php53-bcmath-5.3.3-1.el5_7.3.ia64.rpm php53-cli-5.3.3-1.el5_7.3.ia64.rpm php53-common-5.3.3-1.el5_7.3.ia64.rpm php53-dba-5.3.3-1.el5_7.3.ia64.rpm php53-debuginfo-5.3.3-1.el5_7.3.ia64.rpm php53-devel-5.3.3-1.el5_7.3.ia64.rpm php53-gd-5.3.3-1.el5_7.3.ia64.rpm php53-imap-5.3.3-1.el5_7.3.ia64.rpm php53-intl-5.3.3-1.el5_7.3.ia64.rpm php53-ldap-5.3.3-1.el5_7.3.ia64.rpm php53-mbstring-5.3.3-1.el5_7.3.ia64.rpm php53-mysql-5.3.3-1.el5_7.3.ia64.rpm php53-odbc-5.3.3-1.el5_7.3.ia64.rpm php53-pdo-5.3.3-1.el5_7.3.ia64.rpm php53-pgsql-5.3.3-1.el5_7.3.ia64.rpm php53-process-5.3.3-1.el5_7.3.ia64.rpm php53-pspell-5.3.3-1.el5_7.3.ia64.rpm php53-snmp-5.3.3-1.el5_7.3.ia64.rpm php53-soap-5.3.3-1.el5_7.3.ia64.rpm php53-xml-5.3.3-1.el5_7.3.ia64.rpm php53-xmlrpc-5.3.3-1.el5_7.3.ia64.rpm ppc: php53-5.3.3-1.el5_7.3.ppc.rpm php53-bcmath-5.3.3-1.el5_7.3.ppc.rpm php53-cli-5.3.3-1.el5_7.3.ppc.rpm php53-common-5.3.3-1.el5_7.3.ppc.rpm php53-dba-5.3.3-1.el5_7.3.ppc.rpm php53-debuginfo-5.3.3-1.el5_7.3.ppc.rpm php53-devel-5.3.3-1.el5_7.3.ppc.rpm php53-gd-5.3.3-1.el5_7.3.ppc.rpm php53-imap-5.3.3-1.el5_7.3.ppc.rpm php53-intl-5.3.3-1.el5_7.3.ppc.rpm php53-ldap-5.3.3-1.el5_7.3.ppc.rpm php53-mbstring-5.3.3-1.el5_7.3.ppc.rpm php53-mysql-5.3.3-1.el5_7.3.ppc.rpm php53-odbc-5.3.3-1.el5_7.3.ppc.rpm php53-pdo-5.3.3-1.el5_7.3.ppc.rpm php53-pgsql-5.3.3-1.el5_7.3.ppc.rpm php53-process-5.3.3-1.el5_7.3.ppc.rpm php53-pspell-5.3.3-1.el5_7.3.ppc.rpm php53-snmp-5.3.3-1.el5_7.3.ppc.rpm php53-soap-5.3.3-1.el5_7.3.ppc.rpm php53-xml-5.3.3-1.el5_7.3.ppc.rpm php53-xmlrpc-5.3.3-1.el5_7.3.ppc.rpm s390x: php53-5.3.3-1.el5_7.3.s390x.rpm php53-bcmath-5.3.3-1.el5_7.3.s390x.rpm php53-cli-5.3.3-1.el5_7.3.s390x.rpm php53-common-5.3.3-1.el5_7.3.s390x.rpm php53-dba-5.3.3-1.el5_7.3.s390x.rpm php53-debuginfo-5.3.3-1.el5_7.3.s390x.rpm php53-devel-5.3.3-1.el5_7.3.s390x.rpm php53-gd-5.3.3-1.el5_7.3.s390x.rpm php53-imap-5.3.3-1.el5_7.3.s390x.rpm php53-intl-5.3.3-1.el5_7.3.s390x.rpm php53-ldap-5.3.3-1.el5_7.3.s390x.rpm php53-mbstring-5.3.3-1.el5_7.3.s390x.rpm php53-mysql-5.3.3-1.el5_7.3.s390x.rpm php53-odbc-5.3.3-1.el5_7.3.s390x.rpm php53-pdo-5.3.3-1.el5_7.3.s390x.rpm php53-pgsql-5.3.3-1.el5_7.3.s390x.rpm php53-process-5.3.3-1.el5_7.3.s390x.rpm php53-pspell-5.3.3-1.el5_7.3.s390x.rpm php53-snmp-5.3.3-1.el5_7.3.s390x.rpm php53-soap-5.3.3-1.el5_7.3.s390x.rpm php53-xml-5.3.3-1.el5_7.3.s390x.rpm php53-xmlrpc-5.3.3-1.el5_7.3.s390x.rpm x86_64: php53-5.3.3-1.el5_7.3.x86_64.rpm php53-bcmath-5.3.3-1.el5_7.3.x86_64.rpm php53-cli-5.3.3-1.el5_7.3.x86_64.rpm php53-common-5.3.3-1.el5_7.3.x86_64.rpm php53-dba-5.3.3-1.el5_7.3.x86_64.rpm php53-debuginfo-5.3.3-1.el5_7.3.x86_64.rpm php53-devel-5.3.3-1.el5_7.3.x86_64.rpm php53-gd-5.3.3-1.el5_7.3.x86_64.rpm php53-imap-5.3.3-1.el5_7.3.x86_64.rpm php53-intl-5.3.3-1.el5_7.3.x86_64.rpm php53-ldap-5.3.3-1.el5_7.3.x86_64.rpm php53-mbstring-5.3.3-1.el5_7.3.x86_64.rpm php53-mysql-5.3.3-1.el5_7.3.x86_64.rpm php53-odbc-5.3.3-1.el5_7.3.x86_64.rpm php53-pdo-5.3.3-1.el5_7.3.x86_64.rpm php53-pgsql-5.3.3-1.el5_7.3.x86_64.rpm php53-process-5.3.3-1.el5_7.3.x86_64.rpm php53-pspell-5.3.3-1.el5_7.3.x86_64.rpm php53-snmp-5.3.3-1.el5_7.3.x86_64.rpm php53-soap-5.3.3-1.el5_7.3.x86_64.rpm php53-xml-5.3.3-1.el5_7.3.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_7.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm i386: php-5.3.3-3.el6_1.3.i686.rpm php-bcmath-5.3.3-3.el6_1.3.i686.rpm php-cli-5.3.3-3.el6_1.3.i686.rpm php-common-5.3.3-3.el6_1.3.i686.rpm php-dba-5.3.3-3.el6_1.3.i686.rpm php-debuginfo-5.3.3-3.el6_1.3.i686.rpm php-devel-5.3.3-3.el6_1.3.i686.rpm php-embedded-5.3.3-3.el6_1.3.i686.rpm php-enchant-5.3.3-3.el6_1.3.i686.rpm php-gd-5.3.3-3.el6_1.3.i686.rpm php-imap-5.3.3-3.el6_1.3.i686.rpm php-intl-5.3.3-3.el6_1.3.i686.rpm php-ldap-5.3.3-3.el6_1.3.i686.rpm php-mbstring-5.3.3-3.el6_1.3.i686.rpm php-mysql-5.3.3-3.el6_1.3.i686.rpm php-odbc-5.3.3-3.el6_1.3.i686.rpm php-pdo-5.3.3-3.el6_1.3.i686.rpm php-pgsql-5.3.3-3.el6_1.3.i686.rpm php-process-5.3.3-3.el6_1.3.i686.rpm php-pspell-5.3.3-3.el6_1.3.i686.rpm php-recode-5.3.3-3.el6_1.3.i686.rpm php-snmp-5.3.3-3.el6_1.3.i686.rpm php-soap-5.3.3-3.el6_1.3.i686.rpm php-tidy-5.3.3-3.el6_1.3.i686.rpm php-xml-5.3.3-3.el6_1.3.i686.rpm php-xmlrpc-5.3.3-3.el6_1.3.i686.rpm php-zts-5.3.3-3.el6_1.3.i686.rpm x86_64: php-5.3.3-3.el6_1.3.x86_64.rpm php-bcmath-5.3.3-3.el6_1.3.x86_64.rpm php-cli-5.3.3-3.el6_1.3.x86_64.rpm php-common-5.3.3-3.el6_1.3.x86_64.rpm php-dba-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-devel-5.3.3-3.el6_1.3.x86_64.rpm php-embedded-5.3.3-3.el6_1.3.x86_64.rpm php-enchant-5.3.3-3.el6_1.3.x86_64.rpm php-gd-5.3.3-3.el6_1.3.x86_64.rpm php-imap-5.3.3-3.el6_1.3.x86_64.rpm php-intl-5.3.3-3.el6_1.3.x86_64.rpm php-ldap-5.3.3-3.el6_1.3.x86_64.rpm php-mbstring-5.3.3-3.el6_1.3.x86_64.rpm php-mysql-5.3.3-3.el6_1.3.x86_64.rpm php-odbc-5.3.3-3.el6_1.3.x86_64.rpm php-pdo-5.3.3-3.el6_1.3.x86_64.rpm php-pgsql-5.3.3-3.el6_1.3.x86_64.rpm php-process-5.3.3-3.el6_1.3.x86_64.rpm php-pspell-5.3.3-3.el6_1.3.x86_64.rpm php-recode-5.3.3-3.el6_1.3.x86_64.rpm php-snmp-5.3.3-3.el6_1.3.x86_64.rpm php-soap-5.3.3-3.el6_1.3.x86_64.rpm php-tidy-5.3.3-3.el6_1.3.x86_64.rpm php-xml-5.3.3-3.el6_1.3.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.3.x86_64.rpm php-zts-5.3.3-3.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm x86_64: php-5.3.3-3.el6_1.3.x86_64.rpm php-bcmath-5.3.3-3.el6_1.3.x86_64.rpm php-cli-5.3.3-3.el6_1.3.x86_64.rpm php-common-5.3.3-3.el6_1.3.x86_64.rpm php-dba-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-devel-5.3.3-3.el6_1.3.x86_64.rpm php-embedded-5.3.3-3.el6_1.3.x86_64.rpm php-enchant-5.3.3-3.el6_1.3.x86_64.rpm php-gd-5.3.3-3.el6_1.3.x86_64.rpm php-imap-5.3.3-3.el6_1.3.x86_64.rpm php-intl-5.3.3-3.el6_1.3.x86_64.rpm php-ldap-5.3.3-3.el6_1.3.x86_64.rpm php-mbstring-5.3.3-3.el6_1.3.x86_64.rpm php-mysql-5.3.3-3.el6_1.3.x86_64.rpm php-odbc-5.3.3-3.el6_1.3.x86_64.rpm php-pdo-5.3.3-3.el6_1.3.x86_64.rpm php-pgsql-5.3.3-3.el6_1.3.x86_64.rpm php-process-5.3.3-3.el6_1.3.x86_64.rpm php-pspell-5.3.3-3.el6_1.3.x86_64.rpm php-recode-5.3.3-3.el6_1.3.x86_64.rpm php-snmp-5.3.3-3.el6_1.3.x86_64.rpm php-soap-5.3.3-3.el6_1.3.x86_64.rpm php-tidy-5.3.3-3.el6_1.3.x86_64.rpm php-xml-5.3.3-3.el6_1.3.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.3.x86_64.rpm php-zts-5.3.3-3.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm i386: php-5.3.3-3.el6_1.3.i686.rpm php-cli-5.3.3-3.el6_1.3.i686.rpm php-common-5.3.3-3.el6_1.3.i686.rpm php-debuginfo-5.3.3-3.el6_1.3.i686.rpm php-gd-5.3.3-3.el6_1.3.i686.rpm php-ldap-5.3.3-3.el6_1.3.i686.rpm php-mysql-5.3.3-3.el6_1.3.i686.rpm php-odbc-5.3.3-3.el6_1.3.i686.rpm php-pdo-5.3.3-3.el6_1.3.i686.rpm php-pgsql-5.3.3-3.el6_1.3.i686.rpm php-soap-5.3.3-3.el6_1.3.i686.rpm php-xml-5.3.3-3.el6_1.3.i686.rpm php-xmlrpc-5.3.3-3.el6_1.3.i686.rpm ppc64: php-5.3.3-3.el6_1.3.ppc64.rpm php-cli-5.3.3-3.el6_1.3.ppc64.rpm php-common-5.3.3-3.el6_1.3.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.3.ppc64.rpm php-gd-5.3.3-3.el6_1.3.ppc64.rpm php-ldap-5.3.3-3.el6_1.3.ppc64.rpm php-mysql-5.3.3-3.el6_1.3.ppc64.rpm php-odbc-5.3.3-3.el6_1.3.ppc64.rpm php-pdo-5.3.3-3.el6_1.3.ppc64.rpm php-pgsql-5.3.3-3.el6_1.3.ppc64.rpm php-soap-5.3.3-3.el6_1.3.ppc64.rpm php-xml-5.3.3-3.el6_1.3.ppc64.rpm php-xmlrpc-5.3.3-3.el6_1.3.ppc64.rpm s390x: php-5.3.3-3.el6_1.3.s390x.rpm php-cli-5.3.3-3.el6_1.3.s390x.rpm php-common-5.3.3-3.el6_1.3.s390x.rpm php-debuginfo-5.3.3-3.el6_1.3.s390x.rpm php-gd-5.3.3-3.el6_1.3.s390x.rpm php-ldap-5.3.3-3.el6_1.3.s390x.rpm php-mysql-5.3.3-3.el6_1.3.s390x.rpm php-odbc-5.3.3-3.el6_1.3.s390x.rpm php-pdo-5.3.3-3.el6_1.3.s390x.rpm php-pgsql-5.3.3-3.el6_1.3.s390x.rpm php-soap-5.3.3-3.el6_1.3.s390x.rpm php-xml-5.3.3-3.el6_1.3.s390x.rpm php-xmlrpc-5.3.3-3.el6_1.3.s390x.rpm x86_64: php-5.3.3-3.el6_1.3.x86_64.rpm php-cli-5.3.3-3.el6_1.3.x86_64.rpm php-common-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-gd-5.3.3-3.el6_1.3.x86_64.rpm php-ldap-5.3.3-3.el6_1.3.x86_64.rpm php-mysql-5.3.3-3.el6_1.3.x86_64.rpm php-odbc-5.3.3-3.el6_1.3.x86_64.rpm php-pdo-5.3.3-3.el6_1.3.x86_64.rpm php-pgsql-5.3.3-3.el6_1.3.x86_64.rpm php-soap-5.3.3-3.el6_1.3.x86_64.rpm php-xml-5.3.3-3.el6_1.3.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm i386: php-bcmath-5.3.3-3.el6_1.3.i686.rpm php-dba-5.3.3-3.el6_1.3.i686.rpm php-debuginfo-5.3.3-3.el6_1.3.i686.rpm php-devel-5.3.3-3.el6_1.3.i686.rpm php-embedded-5.3.3-3.el6_1.3.i686.rpm php-enchant-5.3.3-3.el6_1.3.i686.rpm php-imap-5.3.3-3.el6_1.3.i686.rpm php-intl-5.3.3-3.el6_1.3.i686.rpm php-mbstring-5.3.3-3.el6_1.3.i686.rpm php-process-5.3.3-3.el6_1.3.i686.rpm php-pspell-5.3.3-3.el6_1.3.i686.rpm php-recode-5.3.3-3.el6_1.3.i686.rpm php-snmp-5.3.3-3.el6_1.3.i686.rpm php-tidy-5.3.3-3.el6_1.3.i686.rpm php-zts-5.3.3-3.el6_1.3.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_1.3.ppc64.rpm php-dba-5.3.3-3.el6_1.3.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.3.ppc64.rpm php-devel-5.3.3-3.el6_1.3.ppc64.rpm php-embedded-5.3.3-3.el6_1.3.ppc64.rpm php-enchant-5.3.3-3.el6_1.3.ppc64.rpm php-imap-5.3.3-3.el6_1.3.ppc64.rpm php-intl-5.3.3-3.el6_1.3.ppc64.rpm php-mbstring-5.3.3-3.el6_1.3.ppc64.rpm php-process-5.3.3-3.el6_1.3.ppc64.rpm php-pspell-5.3.3-3.el6_1.3.ppc64.rpm php-recode-5.3.3-3.el6_1.3.ppc64.rpm php-snmp-5.3.3-3.el6_1.3.ppc64.rpm php-tidy-5.3.3-3.el6_1.3.ppc64.rpm php-zts-5.3.3-3.el6_1.3.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_1.3.s390x.rpm php-dba-5.3.3-3.el6_1.3.s390x.rpm php-debuginfo-5.3.3-3.el6_1.3.s390x.rpm php-devel-5.3.3-3.el6_1.3.s390x.rpm php-embedded-5.3.3-3.el6_1.3.s390x.rpm php-enchant-5.3.3-3.el6_1.3.s390x.rpm php-imap-5.3.3-3.el6_1.3.s390x.rpm php-intl-5.3.3-3.el6_1.3.s390x.rpm php-mbstring-5.3.3-3.el6_1.3.s390x.rpm php-process-5.3.3-3.el6_1.3.s390x.rpm php-pspell-5.3.3-3.el6_1.3.s390x.rpm php-recode-5.3.3-3.el6_1.3.s390x.rpm php-snmp-5.3.3-3.el6_1.3.s390x.rpm php-tidy-5.3.3-3.el6_1.3.s390x.rpm php-zts-5.3.3-3.el6_1.3.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_1.3.x86_64.rpm php-dba-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-devel-5.3.3-3.el6_1.3.x86_64.rpm php-embedded-5.3.3-3.el6_1.3.x86_64.rpm php-enchant-5.3.3-3.el6_1.3.x86_64.rpm php-imap-5.3.3-3.el6_1.3.x86_64.rpm php-intl-5.3.3-3.el6_1.3.x86_64.rpm php-mbstring-5.3.3-3.el6_1.3.x86_64.rpm php-process-5.3.3-3.el6_1.3.x86_64.rpm php-pspell-5.3.3-3.el6_1.3.x86_64.rpm php-recode-5.3.3-3.el6_1.3.x86_64.rpm php-snmp-5.3.3-3.el6_1.3.x86_64.rpm php-tidy-5.3.3-3.el6_1.3.x86_64.rpm php-zts-5.3.3-3.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm i386: php-5.3.3-3.el6_1.3.i686.rpm php-cli-5.3.3-3.el6_1.3.i686.rpm php-common-5.3.3-3.el6_1.3.i686.rpm php-debuginfo-5.3.3-3.el6_1.3.i686.rpm php-gd-5.3.3-3.el6_1.3.i686.rpm php-ldap-5.3.3-3.el6_1.3.i686.rpm php-mysql-5.3.3-3.el6_1.3.i686.rpm php-odbc-5.3.3-3.el6_1.3.i686.rpm php-pdo-5.3.3-3.el6_1.3.i686.rpm php-pgsql-5.3.3-3.el6_1.3.i686.rpm php-soap-5.3.3-3.el6_1.3.i686.rpm php-xml-5.3.3-3.el6_1.3.i686.rpm php-xmlrpc-5.3.3-3.el6_1.3.i686.rpm x86_64: php-5.3.3-3.el6_1.3.x86_64.rpm php-cli-5.3.3-3.el6_1.3.x86_64.rpm php-common-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-gd-5.3.3-3.el6_1.3.x86_64.rpm php-ldap-5.3.3-3.el6_1.3.x86_64.rpm php-mysql-5.3.3-3.el6_1.3.x86_64.rpm php-odbc-5.3.3-3.el6_1.3.x86_64.rpm php-pdo-5.3.3-3.el6_1.3.x86_64.rpm php-pgsql-5.3.3-3.el6_1.3.x86_64.rpm php-soap-5.3.3-3.el6_1.3.x86_64.rpm php-xml-5.3.3-3.el6_1.3.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_1.3.src.rpm i386: php-bcmath-5.3.3-3.el6_1.3.i686.rpm php-dba-5.3.3-3.el6_1.3.i686.rpm php-debuginfo-5.3.3-3.el6_1.3.i686.rpm php-devel-5.3.3-3.el6_1.3.i686.rpm php-embedded-5.3.3-3.el6_1.3.i686.rpm php-enchant-5.3.3-3.el6_1.3.i686.rpm php-imap-5.3.3-3.el6_1.3.i686.rpm php-intl-5.3.3-3.el6_1.3.i686.rpm php-mbstring-5.3.3-3.el6_1.3.i686.rpm php-process-5.3.3-3.el6_1.3.i686.rpm php-pspell-5.3.3-3.el6_1.3.i686.rpm php-recode-5.3.3-3.el6_1.3.i686.rpm php-snmp-5.3.3-3.el6_1.3.i686.rpm php-tidy-5.3.3-3.el6_1.3.i686.rpm php-zts-5.3.3-3.el6_1.3.i686.rpm x86_64: php-bcmath-5.3.3-3.el6_1.3.x86_64.rpm php-dba-5.3.3-3.el6_1.3.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.3.x86_64.rpm php-devel-5.3.3-3.el6_1.3.x86_64.rpm php-embedded-5.3.3-3.el6_1.3.x86_64.rpm php-enchant-5.3.3-3.el6_1.3.x86_64.rpm php-imap-5.3.3-3.el6_1.3.x86_64.rpm php-intl-5.3.3-3.el6_1.3.x86_64.rpm php-mbstring-5.3.3-3.el6_1.3.x86_64.rpm php-process-5.3.3-3.el6_1.3.x86_64.rpm php-pspell-5.3.3-3.el6_1.3.x86_64.rpm php-recode-5.3.3-3.el6_1.3.x86_64.rpm php-snmp-5.3.3-3.el6_1.3.x86_64.rpm php-tidy-5.3.3-3.el6_1.3.x86_64.rpm php-zts-5.3.3-3.el6_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0708.html https://www.redhat.com/security/data/cve/CVE-2011-1148.html https://www.redhat.com/security/data/cve/CVE-2011-1466.html https://www.redhat.com/security/data/cve/CVE-2011-1468.html https://www.redhat.com/security/data/cve/CVE-2011-1469.html https://www.redhat.com/security/data/cve/CVE-2011-1471.html https://www.redhat.com/security/data/cve/CVE-2011-1938.html https://www.redhat.com/security/data/cve/CVE-2011-2202.html https://www.redhat.com/security/data/cve/CVE-2011-2483.html https://access.redhat.com/security/updates/classification/#moderate http://www.php.net/security/crypt_blowfish.php 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOscTUXlSAg2UNWIIRAkIPAJsEMWxUI6mFj6t3oRWjGQlSz+KESACgtxNR NR2UwknaLOAh3fVYTwIjfjY= =5M+u -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 21:05:24 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2011 21:05:24 +0000 Subject: [RHSA-2011:1424-01] Moderate: perl security update Message-ID: <201111032105.pA3L5OxO011620@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2011:1424-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1424.html Issue date: 2011-11-03 CVE Names: CVE-2011-2939 CVE-2011-3597 ===================================================================== 1. Summary: Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 731246 - CVE-2011-2939 Perl decode_xs heap-based buffer overflow 743010 - CVE-2011-3597 Perl Digest improper control of generation of code 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/perl-5.10.1-119.el6_1.1.src.rpm i386: perl-5.10.1-119.el6_1.1.i686.rpm perl-Archive-Extract-0.38-119.el6_1.1.i686.rpm perl-Archive-Tar-1.58-119.el6_1.1.i686.rpm perl-CGI-3.51-119.el6_1.1.i686.rpm perl-CPAN-1.9402-119.el6_1.1.i686.rpm perl-CPANPLUS-0.88-119.el6_1.1.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686.rpm perl-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-Digest-SHA-5.47-119.el6_1.1.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686.rpm perl-File-Fetch-0.26-119.el6_1.1.i686.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-IO-Zlib-1.09-119.el6_1.1.i686.rpm perl-IPC-Cmd-0.56-119.el6_1.1.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686.rpm perl-Log-Message-0.02-119.el6_1.1.i686.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.i686.rpm perl-Module-Build-0.3500-119.el6_1.1.i686.rpm perl-Module-CoreList-2.18-119.el6_1.1.i686.rpm perl-Module-Load-0.16-119.el6_1.1.i686.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.i686.rpm perl-Module-Loaded-0.02-119.el6_1.1.i686.rpm perl-Module-Pluggable-3.90-119.el6_1.1.i686.rpm perl-Object-Accessor-0.34-119.el6_1.1.i686.rpm perl-Package-Constants-0.02-119.el6_1.1.i686.rpm perl-Params-Check-0.26-119.el6_1.1.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686.rpm perl-Pod-Escapes-1.04-119.el6_1.1.i686.rpm perl-Pod-Simple-3.13-119.el6_1.1.i686.rpm perl-Term-UI-0.20-119.el6_1.1.i686.rpm perl-Test-Harness-3.17-119.el6_1.1.i686.rpm perl-Test-Simple-0.92-119.el6_1.1.i686.rpm perl-Time-HiRes-1.9721-119.el6_1.1.i686.rpm perl-Time-Piece-1.15-119.el6_1.1.i686.rpm perl-core-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-parent-0.221-119.el6_1.1.i686.rpm perl-suidperl-5.10.1-119.el6_1.1.i686.rpm perl-version-0.77-119.el6_1.1.i686.rpm x86_64: perl-5.10.1-119.el6_1.1.x86_64.rpm perl-Archive-Extract-0.38-119.el6_1.1.x86_64.rpm perl-Archive-Tar-1.58-119.el6_1.1.x86_64.rpm perl-CGI-3.51-119.el6_1.1.x86_64.rpm perl-CPAN-1.9402-119.el6_1.1.x86_64.rpm perl-CPANPLUS-0.88-119.el6_1.1.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64.rpm perl-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-Digest-SHA-5.47-119.el6_1.1.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64.rpm perl-File-Fetch-0.26-119.el6_1.1.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-IO-Zlib-1.09-119.el6_1.1.x86_64.rpm perl-IPC-Cmd-0.56-119.el6_1.1.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64.rpm perl-Log-Message-0.02-119.el6_1.1.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64.rpm perl-Module-Build-0.3500-119.el6_1.1.x86_64.rpm perl-Module-CoreList-2.18-119.el6_1.1.x86_64.rpm perl-Module-Load-0.16-119.el6_1.1.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64.rpm perl-Module-Loaded-0.02-119.el6_1.1.x86_64.rpm perl-Module-Pluggable-3.90-119.el6_1.1.x86_64.rpm perl-Object-Accessor-0.34-119.el6_1.1.x86_64.rpm perl-Package-Constants-0.02-119.el6_1.1.x86_64.rpm perl-Params-Check-0.26-119.el6_1.1.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64.rpm perl-Pod-Escapes-1.04-119.el6_1.1.x86_64.rpm perl-Pod-Simple-3.13-119.el6_1.1.x86_64.rpm perl-Term-UI-0.20-119.el6_1.1.x86_64.rpm perl-Test-Harness-3.17-119.el6_1.1.x86_64.rpm perl-Test-Simple-0.92-119.el6_1.1.x86_64.rpm perl-Time-HiRes-1.9721-119.el6_1.1.x86_64.rpm perl-Time-Piece-1.15-119.el6_1.1.x86_64.rpm perl-core-5.10.1-119.el6_1.1.x86_64.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.x86_64.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.x86_64.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.x86_64.rpm perl-parent-0.221-119.el6_1.1.x86_64.rpm perl-suidperl-5.10.1-119.el6_1.1.x86_64.rpm perl-version-0.77-119.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perl-5.10.1-119.el6_1.1.src.rpm x86_64: perl-5.10.1-119.el6_1.1.x86_64.rpm perl-Archive-Extract-0.38-119.el6_1.1.x86_64.rpm perl-Archive-Tar-1.58-119.el6_1.1.x86_64.rpm perl-CGI-3.51-119.el6_1.1.x86_64.rpm perl-CPAN-1.9402-119.el6_1.1.x86_64.rpm perl-CPANPLUS-0.88-119.el6_1.1.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64.rpm perl-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-Digest-SHA-5.47-119.el6_1.1.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64.rpm perl-File-Fetch-0.26-119.el6_1.1.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-IO-Zlib-1.09-119.el6_1.1.x86_64.rpm perl-IPC-Cmd-0.56-119.el6_1.1.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64.rpm perl-Log-Message-0.02-119.el6_1.1.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64.rpm perl-Module-Build-0.3500-119.el6_1.1.x86_64.rpm perl-Module-CoreList-2.18-119.el6_1.1.x86_64.rpm perl-Module-Load-0.16-119.el6_1.1.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64.rpm perl-Module-Loaded-0.02-119.el6_1.1.x86_64.rpm perl-Module-Pluggable-3.90-119.el6_1.1.x86_64.rpm perl-Object-Accessor-0.34-119.el6_1.1.x86_64.rpm perl-Package-Constants-0.02-119.el6_1.1.x86_64.rpm perl-Params-Check-0.26-119.el6_1.1.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64.rpm perl-Pod-Escapes-1.04-119.el6_1.1.x86_64.rpm perl-Pod-Simple-3.13-119.el6_1.1.x86_64.rpm perl-Term-UI-0.20-119.el6_1.1.x86_64.rpm perl-Test-Harness-3.17-119.el6_1.1.x86_64.rpm perl-Test-Simple-0.92-119.el6_1.1.x86_64.rpm perl-Time-HiRes-1.9721-119.el6_1.1.x86_64.rpm perl-Time-Piece-1.15-119.el6_1.1.x86_64.rpm perl-core-5.10.1-119.el6_1.1.x86_64.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.x86_64.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.x86_64.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.x86_64.rpm perl-parent-0.221-119.el6_1.1.x86_64.rpm perl-suidperl-5.10.1-119.el6_1.1.x86_64.rpm perl-version-0.77-119.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perl-5.10.1-119.el6_1.1.src.rpm i386: perl-5.10.1-119.el6_1.1.i686.rpm perl-Archive-Extract-0.38-119.el6_1.1.i686.rpm perl-Archive-Tar-1.58-119.el6_1.1.i686.rpm perl-CGI-3.51-119.el6_1.1.i686.rpm perl-CPAN-1.9402-119.el6_1.1.i686.rpm perl-CPANPLUS-0.88-119.el6_1.1.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686.rpm perl-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-Digest-SHA-5.47-119.el6_1.1.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686.rpm perl-File-Fetch-0.26-119.el6_1.1.i686.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-IO-Zlib-1.09-119.el6_1.1.i686.rpm perl-IPC-Cmd-0.56-119.el6_1.1.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686.rpm perl-Log-Message-0.02-119.el6_1.1.i686.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.i686.rpm perl-Module-Build-0.3500-119.el6_1.1.i686.rpm perl-Module-CoreList-2.18-119.el6_1.1.i686.rpm perl-Module-Load-0.16-119.el6_1.1.i686.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.i686.rpm perl-Module-Loaded-0.02-119.el6_1.1.i686.rpm perl-Module-Pluggable-3.90-119.el6_1.1.i686.rpm perl-Object-Accessor-0.34-119.el6_1.1.i686.rpm perl-Package-Constants-0.02-119.el6_1.1.i686.rpm perl-Params-Check-0.26-119.el6_1.1.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686.rpm perl-Pod-Escapes-1.04-119.el6_1.1.i686.rpm perl-Pod-Simple-3.13-119.el6_1.1.i686.rpm perl-Term-UI-0.20-119.el6_1.1.i686.rpm perl-Test-Harness-3.17-119.el6_1.1.i686.rpm perl-Test-Simple-0.92-119.el6_1.1.i686.rpm perl-Time-HiRes-1.9721-119.el6_1.1.i686.rpm perl-Time-Piece-1.15-119.el6_1.1.i686.rpm perl-core-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-parent-0.221-119.el6_1.1.i686.rpm perl-suidperl-5.10.1-119.el6_1.1.i686.rpm perl-version-0.77-119.el6_1.1.i686.rpm ppc64: perl-5.10.1-119.el6_1.1.ppc64.rpm perl-Archive-Extract-0.38-119.el6_1.1.ppc64.rpm perl-Archive-Tar-1.58-119.el6_1.1.ppc64.rpm perl-CGI-3.51-119.el6_1.1.ppc64.rpm perl-CPAN-1.9402-119.el6_1.1.ppc64.rpm perl-CPANPLUS-0.88-119.el6_1.1.ppc64.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.ppc64.rpm perl-Compress-Zlib-2.020-119.el6_1.1.ppc64.rpm perl-Digest-SHA-5.47-119.el6_1.1.ppc64.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.ppc64.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.ppc64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.ppc64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.ppc64.rpm perl-File-Fetch-0.26-119.el6_1.1.ppc64.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.ppc64.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.ppc64.rpm perl-IO-Zlib-1.09-119.el6_1.1.ppc64.rpm perl-IPC-Cmd-0.56-119.el6_1.1.ppc64.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.ppc64.rpm perl-Log-Message-0.02-119.el6_1.1.ppc64.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.ppc64.rpm perl-Module-Build-0.3500-119.el6_1.1.ppc64.rpm perl-Module-CoreList-2.18-119.el6_1.1.ppc64.rpm perl-Module-Load-0.16-119.el6_1.1.ppc64.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.ppc64.rpm perl-Module-Loaded-0.02-119.el6_1.1.ppc64.rpm perl-Module-Pluggable-3.90-119.el6_1.1.ppc64.rpm perl-Object-Accessor-0.34-119.el6_1.1.ppc64.rpm perl-Package-Constants-0.02-119.el6_1.1.ppc64.rpm perl-Params-Check-0.26-119.el6_1.1.ppc64.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.ppc64.rpm perl-Pod-Escapes-1.04-119.el6_1.1.ppc64.rpm perl-Pod-Simple-3.13-119.el6_1.1.ppc64.rpm perl-Term-UI-0.20-119.el6_1.1.ppc64.rpm perl-Test-Harness-3.17-119.el6_1.1.ppc64.rpm perl-Test-Simple-0.92-119.el6_1.1.ppc64.rpm perl-Time-HiRes-1.9721-119.el6_1.1.ppc64.rpm perl-Time-Piece-1.15-119.el6_1.1.ppc64.rpm perl-core-5.10.1-119.el6_1.1.ppc64.rpm perl-debuginfo-5.10.1-119.el6_1.1.ppc.rpm perl-debuginfo-5.10.1-119.el6_1.1.ppc64.rpm perl-devel-5.10.1-119.el6_1.1.ppc.rpm perl-devel-5.10.1-119.el6_1.1.ppc64.rpm perl-libs-5.10.1-119.el6_1.1.ppc.rpm perl-libs-5.10.1-119.el6_1.1.ppc64.rpm perl-parent-0.221-119.el6_1.1.ppc64.rpm perl-suidperl-5.10.1-119.el6_1.1.ppc64.rpm perl-version-0.77-119.el6_1.1.ppc64.rpm s390x: perl-5.10.1-119.el6_1.1.s390x.rpm perl-Archive-Extract-0.38-119.el6_1.1.s390x.rpm perl-Archive-Tar-1.58-119.el6_1.1.s390x.rpm perl-CGI-3.51-119.el6_1.1.s390x.rpm perl-CPAN-1.9402-119.el6_1.1.s390x.rpm perl-CPANPLUS-0.88-119.el6_1.1.s390x.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.s390x.rpm perl-Compress-Zlib-2.020-119.el6_1.1.s390x.rpm perl-Digest-SHA-5.47-119.el6_1.1.s390x.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.s390x.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.s390x.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.s390x.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.s390x.rpm perl-File-Fetch-0.26-119.el6_1.1.s390x.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.s390x.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.s390x.rpm perl-IO-Zlib-1.09-119.el6_1.1.s390x.rpm perl-IPC-Cmd-0.56-119.el6_1.1.s390x.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.s390x.rpm perl-Log-Message-0.02-119.el6_1.1.s390x.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.s390x.rpm perl-Module-Build-0.3500-119.el6_1.1.s390x.rpm perl-Module-CoreList-2.18-119.el6_1.1.s390x.rpm perl-Module-Load-0.16-119.el6_1.1.s390x.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.s390x.rpm perl-Module-Loaded-0.02-119.el6_1.1.s390x.rpm perl-Module-Pluggable-3.90-119.el6_1.1.s390x.rpm perl-Object-Accessor-0.34-119.el6_1.1.s390x.rpm perl-Package-Constants-0.02-119.el6_1.1.s390x.rpm perl-Params-Check-0.26-119.el6_1.1.s390x.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.s390x.rpm perl-Pod-Escapes-1.04-119.el6_1.1.s390x.rpm perl-Pod-Simple-3.13-119.el6_1.1.s390x.rpm perl-Term-UI-0.20-119.el6_1.1.s390x.rpm perl-Test-Harness-3.17-119.el6_1.1.s390x.rpm perl-Test-Simple-0.92-119.el6_1.1.s390x.rpm perl-Time-HiRes-1.9721-119.el6_1.1.s390x.rpm perl-Time-Piece-1.15-119.el6_1.1.s390x.rpm perl-core-5.10.1-119.el6_1.1.s390x.rpm perl-debuginfo-5.10.1-119.el6_1.1.s390.rpm perl-debuginfo-5.10.1-119.el6_1.1.s390x.rpm perl-devel-5.10.1-119.el6_1.1.s390.rpm perl-devel-5.10.1-119.el6_1.1.s390x.rpm perl-libs-5.10.1-119.el6_1.1.s390.rpm perl-libs-5.10.1-119.el6_1.1.s390x.rpm perl-parent-0.221-119.el6_1.1.s390x.rpm perl-suidperl-5.10.1-119.el6_1.1.s390x.rpm perl-version-0.77-119.el6_1.1.s390x.rpm x86_64: perl-5.10.1-119.el6_1.1.x86_64.rpm perl-Archive-Extract-0.38-119.el6_1.1.x86_64.rpm perl-Archive-Tar-1.58-119.el6_1.1.x86_64.rpm perl-CGI-3.51-119.el6_1.1.x86_64.rpm perl-CPAN-1.9402-119.el6_1.1.x86_64.rpm perl-CPANPLUS-0.88-119.el6_1.1.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64.rpm perl-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-Digest-SHA-5.47-119.el6_1.1.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64.rpm perl-File-Fetch-0.26-119.el6_1.1.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-IO-Zlib-1.09-119.el6_1.1.x86_64.rpm perl-IPC-Cmd-0.56-119.el6_1.1.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64.rpm perl-Log-Message-0.02-119.el6_1.1.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64.rpm perl-Module-Build-0.3500-119.el6_1.1.x86_64.rpm perl-Module-CoreList-2.18-119.el6_1.1.x86_64.rpm perl-Module-Load-0.16-119.el6_1.1.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64.rpm perl-Module-Loaded-0.02-119.el6_1.1.x86_64.rpm perl-Module-Pluggable-3.90-119.el6_1.1.x86_64.rpm perl-Object-Accessor-0.34-119.el6_1.1.x86_64.rpm perl-Package-Constants-0.02-119.el6_1.1.x86_64.rpm perl-Params-Check-0.26-119.el6_1.1.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64.rpm perl-Pod-Escapes-1.04-119.el6_1.1.x86_64.rpm perl-Pod-Simple-3.13-119.el6_1.1.x86_64.rpm perl-Term-UI-0.20-119.el6_1.1.x86_64.rpm perl-Test-Harness-3.17-119.el6_1.1.x86_64.rpm perl-Test-Simple-0.92-119.el6_1.1.x86_64.rpm perl-Time-HiRes-1.9721-119.el6_1.1.x86_64.rpm perl-Time-Piece-1.15-119.el6_1.1.x86_64.rpm perl-core-5.10.1-119.el6_1.1.x86_64.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.x86_64.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.x86_64.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.x86_64.rpm perl-parent-0.221-119.el6_1.1.x86_64.rpm perl-suidperl-5.10.1-119.el6_1.1.x86_64.rpm perl-version-0.77-119.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perl-5.10.1-119.el6_1.1.src.rpm i386: perl-5.10.1-119.el6_1.1.i686.rpm perl-Archive-Extract-0.38-119.el6_1.1.i686.rpm perl-Archive-Tar-1.58-119.el6_1.1.i686.rpm perl-CGI-3.51-119.el6_1.1.i686.rpm perl-CPAN-1.9402-119.el6_1.1.i686.rpm perl-CPANPLUS-0.88-119.el6_1.1.i686.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686.rpm perl-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-Digest-SHA-5.47-119.el6_1.1.i686.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.i686.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686.rpm perl-File-Fetch-0.26-119.el6_1.1.i686.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.i686.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686.rpm perl-IO-Zlib-1.09-119.el6_1.1.i686.rpm perl-IPC-Cmd-0.56-119.el6_1.1.i686.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686.rpm perl-Log-Message-0.02-119.el6_1.1.i686.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.i686.rpm perl-Module-Build-0.3500-119.el6_1.1.i686.rpm perl-Module-CoreList-2.18-119.el6_1.1.i686.rpm perl-Module-Load-0.16-119.el6_1.1.i686.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.i686.rpm perl-Module-Loaded-0.02-119.el6_1.1.i686.rpm perl-Module-Pluggable-3.90-119.el6_1.1.i686.rpm perl-Object-Accessor-0.34-119.el6_1.1.i686.rpm perl-Package-Constants-0.02-119.el6_1.1.i686.rpm perl-Params-Check-0.26-119.el6_1.1.i686.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686.rpm perl-Pod-Escapes-1.04-119.el6_1.1.i686.rpm perl-Pod-Simple-3.13-119.el6_1.1.i686.rpm perl-Term-UI-0.20-119.el6_1.1.i686.rpm perl-Test-Harness-3.17-119.el6_1.1.i686.rpm perl-Test-Simple-0.92-119.el6_1.1.i686.rpm perl-Time-HiRes-1.9721-119.el6_1.1.i686.rpm perl-Time-Piece-1.15-119.el6_1.1.i686.rpm perl-core-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-parent-0.221-119.el6_1.1.i686.rpm perl-suidperl-5.10.1-119.el6_1.1.i686.rpm perl-version-0.77-119.el6_1.1.i686.rpm x86_64: perl-5.10.1-119.el6_1.1.x86_64.rpm perl-Archive-Extract-0.38-119.el6_1.1.x86_64.rpm perl-Archive-Tar-1.58-119.el6_1.1.x86_64.rpm perl-CGI-3.51-119.el6_1.1.x86_64.rpm perl-CPAN-1.9402-119.el6_1.1.x86_64.rpm perl-CPANPLUS-0.88-119.el6_1.1.x86_64.rpm perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64.rpm perl-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-Digest-SHA-5.47-119.el6_1.1.x86_64.rpm perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64.rpm perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64.rpm perl-File-Fetch-0.26-119.el6_1.1.x86_64.rpm perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64.rpm perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm perl-IO-Zlib-1.09-119.el6_1.1.x86_64.rpm perl-IPC-Cmd-0.56-119.el6_1.1.x86_64.rpm perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64.rpm perl-Log-Message-0.02-119.el6_1.1.x86_64.rpm perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64.rpm perl-Module-Build-0.3500-119.el6_1.1.x86_64.rpm perl-Module-CoreList-2.18-119.el6_1.1.x86_64.rpm perl-Module-Load-0.16-119.el6_1.1.x86_64.rpm perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64.rpm perl-Module-Loaded-0.02-119.el6_1.1.x86_64.rpm perl-Module-Pluggable-3.90-119.el6_1.1.x86_64.rpm perl-Object-Accessor-0.34-119.el6_1.1.x86_64.rpm perl-Package-Constants-0.02-119.el6_1.1.x86_64.rpm perl-Params-Check-0.26-119.el6_1.1.x86_64.rpm perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64.rpm perl-Pod-Escapes-1.04-119.el6_1.1.x86_64.rpm perl-Pod-Simple-3.13-119.el6_1.1.x86_64.rpm perl-Term-UI-0.20-119.el6_1.1.x86_64.rpm perl-Test-Harness-3.17-119.el6_1.1.x86_64.rpm perl-Test-Simple-0.92-119.el6_1.1.x86_64.rpm perl-Time-HiRes-1.9721-119.el6_1.1.x86_64.rpm perl-Time-Piece-1.15-119.el6_1.1.x86_64.rpm perl-core-5.10.1-119.el6_1.1.x86_64.rpm perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm perl-debuginfo-5.10.1-119.el6_1.1.x86_64.rpm perl-devel-5.10.1-119.el6_1.1.i686.rpm perl-devel-5.10.1-119.el6_1.1.x86_64.rpm perl-libs-5.10.1-119.el6_1.1.i686.rpm perl-libs-5.10.1-119.el6_1.1.x86_64.rpm perl-parent-0.221-119.el6_1.1.x86_64.rpm perl-suidperl-5.10.1-119.el6_1.1.x86_64.rpm perl-version-0.77-119.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2939.html https://www.redhat.com/security/data/cve/CVE-2011-3597.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOswH2XlSAg2UNWIIRAq1aAJ9lGxZ750F7pCU8qxzvt+gU6QaT+wCgxJDT w1oe4cawu1/9jy0jwkAtxA4= =9p92 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 11:58:25 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 11:58:25 +0000 Subject: [RHSA-2011:1434-01] Critical: acroread security update Message-ID: <201111081158.pA8BwP98032730@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2442) This update also fixes multiple security flaws in Adobe Flash Player embedded in Adobe Reader. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2444) This update also fixes an information disclosure flaw in Adobe Flash Player. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 22:08:02 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 22:08:02 +0000 Subject: [RHSA-2011:1437-01] Critical: firefox security update Message-ID: <201111082208.pA8M82CO030751@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2011:1437-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1437.html Issue date: 2011-11-08 CVE Names: CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 751931 - CVE-2011-3647 Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46) 751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47) 751933 - CVE-2011-3650 Mozilla: crash while profiling page with many functions (MFSA 2011-49) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm i386: firefox-3.6.24-3.el4.i386.rpm firefox-debuginfo-3.6.24-3.el4.i386.rpm ia64: firefox-3.6.24-3.el4.ia64.rpm firefox-debuginfo-3.6.24-3.el4.ia64.rpm ppc: firefox-3.6.24-3.el4.ppc.rpm firefox-debuginfo-3.6.24-3.el4.ppc.rpm s390: firefox-3.6.24-3.el4.s390.rpm firefox-debuginfo-3.6.24-3.el4.s390.rpm s390x: firefox-3.6.24-3.el4.s390x.rpm firefox-debuginfo-3.6.24-3.el4.s390x.rpm x86_64: firefox-3.6.24-3.el4.x86_64.rpm firefox-debuginfo-3.6.24-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm i386: firefox-3.6.24-3.el4.i386.rpm firefox-debuginfo-3.6.24-3.el4.i386.rpm x86_64: firefox-3.6.24-3.el4.x86_64.rpm firefox-debuginfo-3.6.24-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm i386: firefox-3.6.24-3.el4.i386.rpm firefox-debuginfo-3.6.24-3.el4.i386.rpm ia64: firefox-3.6.24-3.el4.ia64.rpm firefox-debuginfo-3.6.24-3.el4.ia64.rpm x86_64: firefox-3.6.24-3.el4.x86_64.rpm firefox-debuginfo-3.6.24-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.24-3.el4.src.rpm i386: firefox-3.6.24-3.el4.i386.rpm firefox-debuginfo-3.6.24-3.el4.i386.rpm ia64: firefox-3.6.24-3.el4.ia64.rpm firefox-debuginfo-3.6.24-3.el4.ia64.rpm x86_64: firefox-3.6.24-3.el4.x86_64.rpm firefox-debuginfo-3.6.24-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.24-3.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm i386: firefox-3.6.24-3.el5_7.i386.rpm firefox-debuginfo-3.6.24-3.el5_7.i386.rpm xulrunner-1.9.2.24-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm x86_64: firefox-3.6.24-3.el5_7.i386.rpm firefox-3.6.24-3.el5_7.x86_64.rpm firefox-debuginfo-3.6.24-3.el5_7.i386.rpm firefox-debuginfo-3.6.24-3.el5_7.x86_64.rpm xulrunner-1.9.2.24-2.el5_7.i386.rpm xulrunner-1.9.2.24-2.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm i386: xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm xulrunner-devel-1.9.2.24-2.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.24-3.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el5_7.src.rpm i386: firefox-3.6.24-3.el5_7.i386.rpm firefox-debuginfo-3.6.24-3.el5_7.i386.rpm xulrunner-1.9.2.24-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm ia64: firefox-3.6.24-3.el5_7.ia64.rpm firefox-debuginfo-3.6.24-3.el5_7.ia64.rpm xulrunner-1.9.2.24-2.el5_7.ia64.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.ia64.rpm xulrunner-devel-1.9.2.24-2.el5_7.ia64.rpm ppc: firefox-3.6.24-3.el5_7.ppc.rpm firefox-debuginfo-3.6.24-3.el5_7.ppc.rpm xulrunner-1.9.2.24-2.el5_7.ppc.rpm xulrunner-1.9.2.24-2.el5_7.ppc64.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.ppc.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.ppc64.rpm xulrunner-devel-1.9.2.24-2.el5_7.ppc.rpm xulrunner-devel-1.9.2.24-2.el5_7.ppc64.rpm s390x: firefox-3.6.24-3.el5_7.s390.rpm firefox-3.6.24-3.el5_7.s390x.rpm firefox-debuginfo-3.6.24-3.el5_7.s390.rpm firefox-debuginfo-3.6.24-3.el5_7.s390x.rpm xulrunner-1.9.2.24-2.el5_7.s390.rpm xulrunner-1.9.2.24-2.el5_7.s390x.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.s390.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.s390x.rpm xulrunner-devel-1.9.2.24-2.el5_7.s390.rpm xulrunner-devel-1.9.2.24-2.el5_7.s390x.rpm x86_64: firefox-3.6.24-3.el5_7.i386.rpm firefox-3.6.24-3.el5_7.x86_64.rpm firefox-debuginfo-3.6.24-3.el5_7.i386.rpm firefox-debuginfo-3.6.24-3.el5_7.x86_64.rpm xulrunner-1.9.2.24-2.el5_7.i386.rpm xulrunner-1.9.2.24-2.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.24-2.el5_7.x86_64.rpm xulrunner-devel-1.9.2.24-2.el5_7.i386.rpm xulrunner-devel-1.9.2.24-2.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: firefox-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm x86_64: firefox-3.6.24-3.el6_1.i686.rpm firefox-3.6.24-3.el6_1.x86_64.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm x86_64: firefox-3.6.24-3.el6_1.i686.rpm firefox-3.6.24-3.el6_1.x86_64.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: firefox-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm ppc64: firefox-3.6.24-3.el6_1.ppc.rpm firefox-3.6.24-3.el6_1.ppc64.rpm firefox-debuginfo-3.6.24-3.el6_1.ppc.rpm firefox-debuginfo-3.6.24-3.el6_1.ppc64.rpm xulrunner-1.9.2.24-2.el6_1.1.ppc.rpm xulrunner-1.9.2.24-2.el6_1.1.ppc64.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc64.rpm s390x: firefox-3.6.24-3.el6_1.s390.rpm firefox-3.6.24-3.el6_1.s390x.rpm firefox-debuginfo-3.6.24-3.el6_1.s390.rpm firefox-debuginfo-3.6.24-3.el6_1.s390x.rpm xulrunner-1.9.2.24-2.el6_1.1.s390.rpm xulrunner-1.9.2.24-2.el6_1.1.s390x.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390x.rpm x86_64: firefox-3.6.24-3.el6_1.i686.rpm firefox-3.6.24-3.el6_1.x86_64.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.ppc64.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.ppc.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.s390x.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.s390.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.24-3.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: firefox-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm x86_64: firefox-3.6.24-3.el6_1.i686.rpm firefox-3.6.24-3.el6_1.x86_64.rpm firefox-debuginfo-3.6.24-3.el6_1.i686.rpm firefox-debuginfo-3.6.24-3.el6_1.x86_64.rpm xulrunner-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.24-2.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.24-2.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.i686.rpm xulrunner-devel-1.9.2.24-2.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3647.html https://www.redhat.com/security/data/cve/CVE-2011-3648.html https://www.redhat.com/security/data/cve/CVE-2011-3650.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuaf7XlSAg2UNWIIRAgZ1AJ9ZRgRzJ4TrukNipSh53QjsWetKBwCcDveI IyYRU2V+wm0lpQuwa3MGHlw= =P8n8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 22:08:38 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 22:08:38 +0000 Subject: [RHSA-2011:1438-01] Moderate: thunderbird security update Message-ID: <201111082208.pA8M8cIn001262@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2011:1438-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1438.html Issue date: 2011-11-08 CVE Names: CVE-2011-3648 ===================================================================== 1. Summary: An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-45.el4.src.rpm i386: thunderbird-1.5.0.12-45.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-45.el4.i386.rpm ia64: thunderbird-1.5.0.12-45.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.ia64.rpm ppc: thunderbird-1.5.0.12-45.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-45.el4.ppc.rpm s390: thunderbird-1.5.0.12-45.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-45.el4.s390.rpm s390x: thunderbird-1.5.0.12-45.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-45.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-45.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-45.el4.src.rpm i386: thunderbird-1.5.0.12-45.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-45.el4.i386.rpm x86_64: thunderbird-1.5.0.12-45.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-45.el4.src.rpm i386: thunderbird-1.5.0.12-45.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-45.el4.i386.rpm ia64: thunderbird-1.5.0.12-45.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-45.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-45.el4.src.rpm i386: thunderbird-1.5.0.12-45.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-45.el4.i386.rpm ia64: thunderbird-1.5.0.12-45.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-45.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-45.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-27.el5_7.src.rpm i386: thunderbird-2.0.0.24-27.el5_7.i386.rpm thunderbird-debuginfo-2.0.0.24-27.el5_7.i386.rpm x86_64: thunderbird-2.0.0.24-27.el5_7.x86_64.rpm thunderbird-debuginfo-2.0.0.24-27.el5_7.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-27.el5_7.src.rpm i386: thunderbird-2.0.0.24-27.el5_7.i386.rpm thunderbird-debuginfo-2.0.0.24-27.el5_7.i386.rpm x86_64: thunderbird-2.0.0.24-27.el5_7.x86_64.rpm thunderbird-debuginfo-2.0.0.24-27.el5_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3648.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuahSXlSAg2UNWIIRAsq5AKCz/9J5APMhtSN65g1J1UTfq9SveQCfU1AM z8UXnaBfK1+SqY6EHuQKGJg= =j59p -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 22:09:26 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 22:09:26 +0000 Subject: [RHSA-2011:1439-01] Critical: thunderbird security update Message-ID: <201111082209.pA8M9RAC017708@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:1439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1439.html Issue date: 2011-11-08 CVE Names: CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 751931 - CVE-2011-3647 Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46) 751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47) 751933 - CVE-2011-3650 Mozilla: crash while profiling page with many functions (MFSA 2011-49) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.16-2.el6_1.src.rpm i386: thunderbird-3.1.16-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.16-2.el6_1.i686.rpm x86_64: thunderbird-3.1.16-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.16-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.16-2.el6_1.src.rpm i386: thunderbird-3.1.16-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.16-2.el6_1.i686.rpm ppc64: thunderbird-3.1.16-2.el6_1.ppc64.rpm thunderbird-debuginfo-3.1.16-2.el6_1.ppc64.rpm s390x: thunderbird-3.1.16-2.el6_1.s390x.rpm thunderbird-debuginfo-3.1.16-2.el6_1.s390x.rpm x86_64: thunderbird-3.1.16-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.16-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.16-2.el6_1.src.rpm i386: thunderbird-3.1.16-2.el6_1.i686.rpm thunderbird-debuginfo-3.1.16-2.el6_1.i686.rpm x86_64: thunderbird-3.1.16-2.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.16-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3647.html https://www.redhat.com/security/data/cve/CVE-2011-3648.html https://www.redhat.com/security/data/cve/CVE-2011-3650.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuah0XlSAg2UNWIIRAha8AJ95uZ0K4xvP3WmL6MaSTfh3LNjjqgCghlKQ 5q17sOU4RrClp+GOyvXdNsE= =ereQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 22:10:22 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 22:10:22 +0000 Subject: [RHSA-2011:1440-01] Moderate: seamonkey security update Message-ID: <201111082210.pA8MAMBg017785@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: seamonkey security update Advisory ID: RHSA-2011:1440-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1440.html Issue date: 2011-11-08 CVE Names: CVE-2011-3648 ===================================================================== 1. Summary: Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-77.el4.src.rpm i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm ppc: seamonkey-1.0.9-77.el4.ppc.rpm seamonkey-chat-1.0.9-77.el4.ppc.rpm seamonkey-debuginfo-1.0.9-77.el4.ppc.rpm seamonkey-devel-1.0.9-77.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-77.el4.ppc.rpm seamonkey-js-debugger-1.0.9-77.el4.ppc.rpm seamonkey-mail-1.0.9-77.el4.ppc.rpm s390: seamonkey-1.0.9-77.el4.s390.rpm seamonkey-chat-1.0.9-77.el4.s390.rpm seamonkey-debuginfo-1.0.9-77.el4.s390.rpm seamonkey-devel-1.0.9-77.el4.s390.rpm seamonkey-dom-inspector-1.0.9-77.el4.s390.rpm seamonkey-js-debugger-1.0.9-77.el4.s390.rpm seamonkey-mail-1.0.9-77.el4.s390.rpm s390x: seamonkey-1.0.9-77.el4.s390x.rpm seamonkey-chat-1.0.9-77.el4.s390x.rpm seamonkey-debuginfo-1.0.9-77.el4.s390x.rpm seamonkey-devel-1.0.9-77.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-77.el4.s390x.rpm seamonkey-js-debugger-1.0.9-77.el4.s390x.rpm seamonkey-mail-1.0.9-77.el4.s390x.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-77.el4.src.rpm i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-77.el4.src.rpm i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-77.el4.src.rpm i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3648.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuainXlSAg2UNWIIRAjuaAJoCcwmvOHdUTsCH8k5wkSQfj4L5uQCdFUEl B7hPGUDPXQNHuRjBE02vDAs= =hAEj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 8 22:11:20 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Nov 2011 22:11:20 +0000 Subject: [RHSA-2011:1441-01] Moderate: icedtea-web security update Message-ID: <201111082211.pA8MBKFl002390@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: icedtea-web security update Advisory ID: RHSA-2011:1441-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1441.html Issue date: 2011-11-08 CVE Names: CVE-2011-3377 ===================================================================== 1. Summary: Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. (CVE-2011-3377) All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 742515 - CVE-2011-3377 IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-1.0.6-1.el6_1.i686.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-1.0.6-1.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm icedtea-web-javadoc-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm x86_64: icedtea-web-1.0.6-1.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm x86_64: icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-1.0.6-1.el6_1.i686.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-1.0.6-1.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm icedtea-web-javadoc-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-1.0.6-1.el6_1.i686.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-1.0.6-1.el6_1.x86_64.rpm icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.0.6-1.el6_1.src.rpm i386: icedtea-web-debuginfo-1.0.6-1.el6_1.i686.rpm icedtea-web-javadoc-1.0.6-1.el6_1.i686.rpm x86_64: icedtea-web-debuginfo-1.0.6-1.el6_1.x86_64.rpm icedtea-web-javadoc-1.0.6-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3377.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuajeXlSAg2UNWIIRAmZ3AKC8gDkmvRT6nBDEVjEBXMzbBDKNugCdGW4g OH/6nplCrNj8EowSZ/nbSYA= =d1fi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 9 13:47:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Nov 2011 13:47:01 +0000 Subject: [RHSA-2011:1444-01] Important: nss security update Message-ID: <201111091347.pA9Dl1JF014944@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss security update Advisory ID: RHSA-2011:1444-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1444.html Issue date: 2011-11-09 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. (BZ#751366) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. This update also fixes the following bug on Red Hat Enterprise Linux 5: * When using mod_nss with the Apache HTTP Server, a bug in NSS on Red Hat Enterprise Linux 5 resulted in file descriptors leaking each time the Apache HTTP Server was restarted with the "service httpd reload" command. This could have prevented the Apache HTTP Server from functioning properly if all available file descriptors were consumed. (BZ#743508) For Red Hat Enterprise Linux 6, these updated packages upgrade NSS to version 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) to version 4.8.8 and nss-util to version 3.12.10 on Red Hat Enterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272, BZ#735973) All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. In addition, on Red Hat Enterprise Linux 6, applications using NSPR and nss-util must also be restarted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 735972 - Update nss to 3.12.10 735973 - Update nss-util to 3.12.10 736272 - Update nspr to 4.8.8 743508 - File descriptor leak after "service httpd reload" 751366 - Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from nss 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.10-6.el4.src.rpm i386: nss-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-devel-3.12.10-6.el4.i386.rpm nss-tools-3.12.10-6.el4.i386.rpm ia64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.ia64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.ia64.rpm nss-devel-3.12.10-6.el4.ia64.rpm nss-tools-3.12.10-6.el4.ia64.rpm ppc: nss-3.12.10-6.el4.ppc.rpm nss-3.12.10-6.el4.ppc64.rpm nss-debuginfo-3.12.10-6.el4.ppc.rpm nss-debuginfo-3.12.10-6.el4.ppc64.rpm nss-devel-3.12.10-6.el4.ppc.rpm nss-tools-3.12.10-6.el4.ppc.rpm s390: nss-3.12.10-6.el4.s390.rpm nss-debuginfo-3.12.10-6.el4.s390.rpm nss-devel-3.12.10-6.el4.s390.rpm nss-tools-3.12.10-6.el4.s390.rpm s390x: nss-3.12.10-6.el4.s390.rpm nss-3.12.10-6.el4.s390x.rpm nss-debuginfo-3.12.10-6.el4.s390.rpm nss-debuginfo-3.12.10-6.el4.s390x.rpm nss-devel-3.12.10-6.el4.s390x.rpm nss-tools-3.12.10-6.el4.s390x.rpm x86_64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.x86_64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.x86_64.rpm nss-devel-3.12.10-6.el4.x86_64.rpm nss-tools-3.12.10-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.10-6.el4.src.rpm i386: nss-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-devel-3.12.10-6.el4.i386.rpm nss-tools-3.12.10-6.el4.i386.rpm x86_64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.x86_64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.x86_64.rpm nss-devel-3.12.10-6.el4.x86_64.rpm nss-tools-3.12.10-6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.10-6.el4.src.rpm i386: nss-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-devel-3.12.10-6.el4.i386.rpm nss-tools-3.12.10-6.el4.i386.rpm ia64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.ia64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.ia64.rpm nss-devel-3.12.10-6.el4.ia64.rpm nss-tools-3.12.10-6.el4.ia64.rpm x86_64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.x86_64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.x86_64.rpm nss-devel-3.12.10-6.el4.x86_64.rpm nss-tools-3.12.10-6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.10-6.el4.src.rpm i386: nss-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-devel-3.12.10-6.el4.i386.rpm nss-tools-3.12.10-6.el4.i386.rpm ia64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.ia64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.ia64.rpm nss-devel-3.12.10-6.el4.ia64.rpm nss-tools-3.12.10-6.el4.ia64.rpm x86_64: nss-3.12.10-6.el4.i386.rpm nss-3.12.10-6.el4.x86_64.rpm nss-debuginfo-3.12.10-6.el4.i386.rpm nss-debuginfo-3.12.10-6.el4.x86_64.rpm nss-devel-3.12.10-6.el4.x86_64.rpm nss-tools-3.12.10-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.10-7.el5_7.src.rpm i386: nss-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-tools-3.12.10-7.el5_7.i386.rpm x86_64: nss-3.12.10-7.el5_7.i386.rpm nss-3.12.10-7.el5_7.x86_64.rpm nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.x86_64.rpm nss-tools-3.12.10-7.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.10-7.el5_7.src.rpm i386: nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-devel-3.12.10-7.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-7.el5_7.i386.rpm x86_64: nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.x86_64.rpm nss-devel-3.12.10-7.el5_7.i386.rpm nss-devel-3.12.10-7.el5_7.x86_64.rpm nss-pkcs11-devel-3.12.10-7.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-7.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.10-7.el5_7.src.rpm i386: nss-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-devel-3.12.10-7.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-7.el5_7.i386.rpm nss-tools-3.12.10-7.el5_7.i386.rpm ia64: nss-3.12.10-7.el5_7.i386.rpm nss-3.12.10-7.el5_7.ia64.rpm nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.ia64.rpm nss-devel-3.12.10-7.el5_7.ia64.rpm nss-pkcs11-devel-3.12.10-7.el5_7.ia64.rpm nss-tools-3.12.10-7.el5_7.ia64.rpm ppc: nss-3.12.10-7.el5_7.ppc.rpm nss-3.12.10-7.el5_7.ppc64.rpm nss-debuginfo-3.12.10-7.el5_7.ppc.rpm nss-debuginfo-3.12.10-7.el5_7.ppc64.rpm nss-devel-3.12.10-7.el5_7.ppc.rpm nss-devel-3.12.10-7.el5_7.ppc64.rpm nss-pkcs11-devel-3.12.10-7.el5_7.ppc.rpm nss-pkcs11-devel-3.12.10-7.el5_7.ppc64.rpm nss-tools-3.12.10-7.el5_7.ppc.rpm s390x: nss-3.12.10-7.el5_7.s390.rpm nss-3.12.10-7.el5_7.s390x.rpm nss-debuginfo-3.12.10-7.el5_7.s390.rpm nss-debuginfo-3.12.10-7.el5_7.s390x.rpm nss-devel-3.12.10-7.el5_7.s390.rpm nss-devel-3.12.10-7.el5_7.s390x.rpm nss-pkcs11-devel-3.12.10-7.el5_7.s390.rpm nss-pkcs11-devel-3.12.10-7.el5_7.s390x.rpm nss-tools-3.12.10-7.el5_7.s390x.rpm x86_64: nss-3.12.10-7.el5_7.i386.rpm nss-3.12.10-7.el5_7.x86_64.rpm nss-debuginfo-3.12.10-7.el5_7.i386.rpm nss-debuginfo-3.12.10-7.el5_7.x86_64.rpm nss-devel-3.12.10-7.el5_7.i386.rpm nss-devel-3.12.10-7.el5_7.x86_64.rpm nss-pkcs11-devel-3.12.10-7.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-7.el5_7.x86_64.rpm nss-tools-3.12.10-7.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm i386: nspr-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nss-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-sysinit-3.12.10-2.el6_1.i686.rpm nss-tools-3.12.10-2.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm x86_64: nspr-4.8.8-1.el6_1.i686.rpm nspr-4.8.8-1.el6_1.x86_64.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nss-3.12.10-2.el6_1.i686.rpm nss-3.12.10-2.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-sysinit-3.12.10-2.el6_1.x86_64.rpm nss-tools-3.12.10-2.el6_1.x86_64.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm i386: nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm x86_64: nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm x86_64: nspr-4.8.8-1.el6_1.i686.rpm nspr-4.8.8-1.el6_1.x86_64.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nss-3.12.10-2.el6_1.i686.rpm nss-3.12.10-2.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-sysinit-3.12.10-2.el6_1.x86_64.rpm nss-tools-3.12.10-2.el6_1.x86_64.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm x86_64: nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm i386: nspr-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nss-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-sysinit-3.12.10-2.el6_1.i686.rpm nss-tools-3.12.10-2.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm ppc64: nspr-4.8.8-1.el6_1.ppc.rpm nspr-4.8.8-1.el6_1.ppc64.rpm nspr-debuginfo-4.8.8-1.el6_1.ppc.rpm nspr-debuginfo-4.8.8-1.el6_1.ppc64.rpm nspr-devel-4.8.8-1.el6_1.ppc.rpm nspr-devel-4.8.8-1.el6_1.ppc64.rpm nss-3.12.10-2.el6_1.ppc.rpm nss-3.12.10-2.el6_1.ppc64.rpm nss-debuginfo-3.12.10-2.el6_1.ppc.rpm nss-debuginfo-3.12.10-2.el6_1.ppc64.rpm nss-devel-3.12.10-2.el6_1.ppc.rpm nss-devel-3.12.10-2.el6_1.ppc64.rpm nss-sysinit-3.12.10-2.el6_1.ppc64.rpm nss-tools-3.12.10-2.el6_1.ppc64.rpm nss-util-3.12.10-1.el6_1.ppc.rpm nss-util-3.12.10-1.el6_1.ppc64.rpm nss-util-debuginfo-3.12.10-1.el6_1.ppc.rpm nss-util-debuginfo-3.12.10-1.el6_1.ppc64.rpm nss-util-devel-3.12.10-1.el6_1.ppc.rpm nss-util-devel-3.12.10-1.el6_1.ppc64.rpm s390x: nspr-4.8.8-1.el6_1.s390.rpm nspr-4.8.8-1.el6_1.s390x.rpm nspr-debuginfo-4.8.8-1.el6_1.s390.rpm nspr-debuginfo-4.8.8-1.el6_1.s390x.rpm nspr-devel-4.8.8-1.el6_1.s390.rpm nspr-devel-4.8.8-1.el6_1.s390x.rpm nss-3.12.10-2.el6_1.s390.rpm nss-3.12.10-2.el6_1.s390x.rpm nss-debuginfo-3.12.10-2.el6_1.s390.rpm nss-debuginfo-3.12.10-2.el6_1.s390x.rpm nss-devel-3.12.10-2.el6_1.s390.rpm nss-devel-3.12.10-2.el6_1.s390x.rpm nss-sysinit-3.12.10-2.el6_1.s390x.rpm nss-tools-3.12.10-2.el6_1.s390x.rpm nss-util-3.12.10-1.el6_1.s390.rpm nss-util-3.12.10-1.el6_1.s390x.rpm nss-util-debuginfo-3.12.10-1.el6_1.s390.rpm nss-util-debuginfo-3.12.10-1.el6_1.s390x.rpm nss-util-devel-3.12.10-1.el6_1.s390.rpm nss-util-devel-3.12.10-1.el6_1.s390x.rpm x86_64: nspr-4.8.8-1.el6_1.i686.rpm nspr-4.8.8-1.el6_1.x86_64.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.x86_64.rpm nss-3.12.10-2.el6_1.i686.rpm nss-3.12.10-2.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.x86_64.rpm nss-sysinit-3.12.10-2.el6_1.x86_64.rpm nss-tools-3.12.10-2.el6_1.x86_64.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm i386: nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm ppc64: nss-debuginfo-3.12.10-2.el6_1.ppc.rpm nss-debuginfo-3.12.10-2.el6_1.ppc64.rpm nss-pkcs11-devel-3.12.10-2.el6_1.ppc.rpm nss-pkcs11-devel-3.12.10-2.el6_1.ppc64.rpm s390x: nss-debuginfo-3.12.10-2.el6_1.s390.rpm nss-debuginfo-3.12.10-2.el6_1.s390x.rpm nss-pkcs11-devel-3.12.10-2.el6_1.s390.rpm nss-pkcs11-devel-3.12.10-2.el6_1.s390x.rpm x86_64: nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.8.8-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.12.10-1.el6_1.src.rpm i386: nspr-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nss-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-sysinit-3.12.10-2.el6_1.i686.rpm nss-tools-3.12.10-2.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm x86_64: nspr-4.8.8-1.el6_1.i686.rpm nspr-4.8.8-1.el6_1.x86_64.rpm nspr-debuginfo-4.8.8-1.el6_1.i686.rpm nspr-debuginfo-4.8.8-1.el6_1.x86_64.rpm nspr-devel-4.8.8-1.el6_1.i686.rpm nspr-devel-4.8.8-1.el6_1.x86_64.rpm nss-3.12.10-2.el6_1.i686.rpm nss-3.12.10-2.el6_1.x86_64.rpm nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-devel-3.12.10-2.el6_1.i686.rpm nss-devel-3.12.10-2.el6_1.x86_64.rpm nss-sysinit-3.12.10-2.el6_1.x86_64.rpm nss-tools-3.12.10-2.el6_1.x86_64.rpm nss-util-3.12.10-1.el6_1.i686.rpm nss-util-3.12.10-1.el6_1.x86_64.rpm nss-util-debuginfo-3.12.10-1.el6_1.i686.rpm nss-util-debuginfo-3.12.10-1.el6_1.x86_64.rpm nss-util-devel-3.12.10-1.el6_1.i686.rpm nss-util-devel-3.12.10-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.10-2.el6_1.src.rpm i386: nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm x86_64: nss-debuginfo-3.12.10-2.el6_1.i686.rpm nss-debuginfo-3.12.10-2.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.10-2.el6_1.i686.rpm nss-pkcs11-devel-3.12.10-2.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuoQqXlSAg2UNWIIRAiU+AJ9NodJIIWcaUerPaJbVy3ZISXjg7wCeJxaV enU3aKuQvsre7ihzl1AWhKc= =ifCs -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Nov 11 12:03:12 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 11 Nov 2011 12:03:12 +0000 Subject: [RHSA-2011:1445-01] Critical: flash-plugin security update Message-ID: <201111111203.pABC3Cgx001003@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:1445-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1445.html Issue date: 2011-11-11 CVE Names: CVE-2011-2445 CVE-2011-2450 CVE-2011-2451 CVE-2011-2452 CVE-2011-2453 CVE-2011-2454 CVE-2011-2455 CVE-2011-2456 CVE-2011-2457 CVE-2011-2459 CVE-2011-2460 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-28, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2459, CVE-2011-2460) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.11. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 752983 - flash-plugin: mulitple code execution flaws (APSB11-28) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.11-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.11-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.11-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.11-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.11-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.11-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.11-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.11-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.11-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.11-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2445.html https://www.redhat.com/security/data/cve/CVE-2011-2450.html https://www.redhat.com/security/data/cve/CVE-2011-2451.html https://www.redhat.com/security/data/cve/CVE-2011-2452.html https://www.redhat.com/security/data/cve/CVE-2011-2453.html https://www.redhat.com/security/data/cve/CVE-2011-2454.html https://www.redhat.com/security/data/cve/CVE-2011-2455.html https://www.redhat.com/security/data/cve/CVE-2011-2456.html https://www.redhat.com/security/data/cve/CVE-2011-2457.html https://www.redhat.com/security/data/cve/CVE-2011-2459.html https://www.redhat.com/security/data/cve/CVE-2011-2460.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-28.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOvQ7YXlSAg2UNWIIRAnjKAJ9IBGUxIPb3wKrfMJ+365x1fi4VCgCfRQ3T zthsykex3oM7jAzeyW7KUa0= =VH9O -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 16 23:12:24 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Nov 2011 23:12:24 +0000 Subject: [RHSA-2011:1455-01] Important: freetype security update Message-ID: <201111162312.pAGNCOQ5006692@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1455-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1455.html Issue date: 2011-11-16 CVE Names: CVE-2011-3439 ===================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 753799 - CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm ppc: freetype-2.1.9-21.el4.ppc.rpm freetype-2.1.9-21.el4.ppc64.rpm freetype-debuginfo-2.1.9-21.el4.ppc.rpm freetype-debuginfo-2.1.9-21.el4.ppc64.rpm freetype-demos-2.1.9-21.el4.ppc.rpm freetype-devel-2.1.9-21.el4.ppc.rpm freetype-utils-2.1.9-21.el4.ppc.rpm s390: freetype-2.1.9-21.el4.s390.rpm freetype-debuginfo-2.1.9-21.el4.s390.rpm freetype-demos-2.1.9-21.el4.s390.rpm freetype-devel-2.1.9-21.el4.s390.rpm freetype-utils-2.1.9-21.el4.s390.rpm s390x: freetype-2.1.9-21.el4.s390.rpm freetype-2.1.9-21.el4.s390x.rpm freetype-debuginfo-2.1.9-21.el4.s390.rpm freetype-debuginfo-2.1.9-21.el4.s390x.rpm freetype-demos-2.1.9-21.el4.s390x.rpm freetype-devel-2.1.9-21.el4.s390x.rpm freetype-utils-2.1.9-21.el4.s390x.rpm x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-21.el4.src.rpm i386: freetype-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-demos-2.1.9-21.el4.i386.rpm freetype-devel-2.1.9-21.el4.i386.rpm freetype-utils-2.1.9-21.el4.i386.rpm ia64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.ia64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.ia64.rpm freetype-demos-2.1.9-21.el4.ia64.rpm freetype-devel-2.1.9-21.el4.ia64.rpm freetype-utils-2.1.9-21.el4.ia64.rpm x86_64: freetype-2.1.9-21.el4.i386.rpm freetype-2.1.9-21.el4.x86_64.rpm freetype-debuginfo-2.1.9-21.el4.i386.rpm freetype-debuginfo-2.1.9-21.el4.x86_64.rpm freetype-demos-2.1.9-21.el4.x86_64.rpm freetype-devel-2.1.9-21.el4.x86_64.rpm freetype-utils-2.1.9-21.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm i386: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm x86_64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm i386: freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-demos-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm x86_64: freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.2.src.rpm i386: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-demos-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm ia64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.ia64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ia64.rpm freetype-demos-2.2.1-28.el5_7.2.ia64.rpm freetype-devel-2.2.1-28.el5_7.2.ia64.rpm ppc: freetype-2.2.1-28.el5_7.2.ppc.rpm freetype-2.2.1-28.el5_7.2.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ppc.rpm freetype-debuginfo-2.2.1-28.el5_7.2.ppc64.rpm freetype-demos-2.2.1-28.el5_7.2.ppc.rpm freetype-devel-2.2.1-28.el5_7.2.ppc.rpm freetype-devel-2.2.1-28.el5_7.2.ppc64.rpm s390x: freetype-2.2.1-28.el5_7.2.s390.rpm freetype-2.2.1-28.el5_7.2.s390x.rpm freetype-debuginfo-2.2.1-28.el5_7.2.s390.rpm freetype-debuginfo-2.2.1-28.el5_7.2.s390x.rpm freetype-demos-2.2.1-28.el5_7.2.s390x.rpm freetype-devel-2.2.1-28.el5_7.2.s390.rpm freetype-devel-2.2.1-28.el5_7.2.s390x.rpm x86_64: freetype-2.2.1-28.el5_7.2.i386.rpm freetype-2.2.1-28.el5_7.2.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.2.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.2.x86_64.rpm freetype-demos-2.2.1-28.el5_7.2.x86_64.rpm freetype-devel-2.2.1-28.el5_7.2.i386.rpm freetype-devel-2.2.1-28.el5_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm ppc64: freetype-2.3.11-6.el6_1.8.ppc.rpm freetype-2.3.11-6.el6_1.8.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm freetype-devel-2.3.11-6.el6_1.8.ppc.rpm freetype-devel-2.3.11-6.el6_1.8.ppc64.rpm s390x: freetype-2.3.11-6.el6_1.8.s390.rpm freetype-2.3.11-6.el6_1.8.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.8.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm freetype-devel-2.3.11-6.el6_1.8.s390.rpm freetype-devel-2.3.11-6.el6_1.8.s390x.rpm x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_1.8.ppc64.rpm freetype-demos-2.3.11-6.el6_1.8.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_1.8.s390x.rpm freetype-demos-2.3.11-6.el6_1.8.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm x86_64: freetype-2.3.11-6.el6_1.8.i686.rpm freetype-2.3.11-6.el6_1.8.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-devel-2.3.11-6.el6_1.8.i686.rpm freetype-devel-2.3.11-6.el6_1.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.8.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.8.i686.rpm freetype-demos-2.3.11-6.el6_1.8.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.8.x86_64.rpm freetype-demos-2.3.11-6.el6_1.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3439.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOxELiXlSAg2UNWIIRAmg3AJ97Gr0i8TaFnRSHpygUtgufIIvBsgCfQ/lt 9X4xr8MjwZa5fRg3cRkFSu4= =DgiA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 17 19:52:50 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Nov 2011 19:52:50 +0000 Subject: [RHSA-2011:1458-01] Important: bind security update Message-ID: <201111171952.pAHJqoB3019641@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2011:1458-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1458.html Issue date: 2011-11-17 CVE Names: CVE-2011-4313 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 754398 - CVE-2011-4313 bind: Remote denial of service against recursive servers via logging negative cache entry 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-16.P1.el5_7.1.src.rpm i386: bind-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-libs-9.3.6-16.P1.el5_7.1.i386.rpm bind-sdb-9.3.6-16.P1.el5_7.1.i386.rpm bind-utils-9.3.6-16.P1.el5_7.1.i386.rpm x86_64: bind-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-libs-9.3.6-16.P1.el5_7.1.i386.rpm bind-libs-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-sdb-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-utils-9.3.6-16.P1.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-16.P1.el5_7.1.src.rpm i386: bind-chroot-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.i386.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.i386.rpm x86_64: bind-chroot-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-devel-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.x86_64.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-16.P1.el5_7.1.src.rpm i386: bind-9.3.6-16.P1.el5_7.1.i386.rpm bind-chroot-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-libs-9.3.6-16.P1.el5_7.1.i386.rpm bind-sdb-9.3.6-16.P1.el5_7.1.i386.rpm bind-utils-9.3.6-16.P1.el5_7.1.i386.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.i386.rpm ia64: bind-9.3.6-16.P1.el5_7.1.ia64.rpm bind-chroot-9.3.6-16.P1.el5_7.1.ia64.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.ia64.rpm bind-devel-9.3.6-16.P1.el5_7.1.ia64.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.ia64.rpm bind-libs-9.3.6-16.P1.el5_7.1.i386.rpm bind-libs-9.3.6-16.P1.el5_7.1.ia64.rpm bind-sdb-9.3.6-16.P1.el5_7.1.ia64.rpm bind-utils-9.3.6-16.P1.el5_7.1.ia64.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.ia64.rpm ppc: bind-9.3.6-16.P1.el5_7.1.ppc.rpm bind-chroot-9.3.6-16.P1.el5_7.1.ppc.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.ppc.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.ppc64.rpm bind-devel-9.3.6-16.P1.el5_7.1.ppc.rpm bind-devel-9.3.6-16.P1.el5_7.1.ppc64.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.ppc.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.ppc64.rpm bind-libs-9.3.6-16.P1.el5_7.1.ppc.rpm bind-libs-9.3.6-16.P1.el5_7.1.ppc64.rpm bind-sdb-9.3.6-16.P1.el5_7.1.ppc.rpm bind-utils-9.3.6-16.P1.el5_7.1.ppc.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.ppc.rpm s390x: bind-9.3.6-16.P1.el5_7.1.s390x.rpm bind-chroot-9.3.6-16.P1.el5_7.1.s390x.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.s390.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.s390x.rpm bind-devel-9.3.6-16.P1.el5_7.1.s390.rpm bind-devel-9.3.6-16.P1.el5_7.1.s390x.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.s390.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.s390x.rpm bind-libs-9.3.6-16.P1.el5_7.1.s390.rpm bind-libs-9.3.6-16.P1.el5_7.1.s390x.rpm bind-sdb-9.3.6-16.P1.el5_7.1.s390x.rpm bind-utils-9.3.6-16.P1.el5_7.1.s390x.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.s390x.rpm x86_64: bind-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-chroot-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.i386.rpm bind-debuginfo-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-devel-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.i386.rpm bind-libbind-devel-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-libs-9.3.6-16.P1.el5_7.1.i386.rpm bind-libs-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-sdb-9.3.6-16.P1.el5_7.1.x86_64.rpm bind-utils-9.3.6-16.P1.el5_7.1.x86_64.rpm caching-nameserver-9.3.6-16.P1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-utils-9.7.3-2.el6_1.P3.3.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-9.7.3-2.el6_1.P3.3.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.3.i686.rpm x86_64: bind-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm x86_64: bind-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-9.7.3-2.el6_1.P3.3.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-utils-9.7.3-2.el6_1.P3.3.i686.rpm ppc64: bind-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-chroot-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-libs-9.7.3-2.el6_1.P3.3.ppc.rpm bind-libs-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-utils-9.7.3-2.el6_1.P3.3.ppc64.rpm s390x: bind-9.7.3-2.el6_1.P3.3.s390x.rpm bind-chroot-9.7.3-2.el6_1.P3.3.s390x.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.s390x.rpm bind-libs-9.7.3-2.el6_1.P3.3.s390.rpm bind-libs-9.7.3-2.el6_1.P3.3.s390x.rpm bind-utils-9.7.3-2.el6_1.P3.3.s390x.rpm x86_64: bind-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.3.i686.rpm ppc64: bind-debuginfo-9.7.3-2.el6_1.P3.3.ppc.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-devel-9.7.3-2.el6_1.P3.3.ppc.rpm bind-devel-9.7.3-2.el6_1.P3.3.ppc64.rpm bind-sdb-9.7.3-2.el6_1.P3.3.ppc64.rpm s390x: bind-debuginfo-9.7.3-2.el6_1.P3.3.s390.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.s390x.rpm bind-devel-9.7.3-2.el6_1.P3.3.s390.rpm bind-devel-9.7.3-2.el6_1.P3.3.s390x.rpm bind-sdb-9.7.3-2.el6_1.P3.3.s390x.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-9.7.3-2.el6_1.P3.3.i686.rpm bind-chroot-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-utils-9.7.3-2.el6_1.P3.3.i686.rpm x86_64: bind-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-chroot-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-libs-9.7.3-2.el6_1.P3.3.i686.rpm bind-libs-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-utils-9.7.3-2.el6_1.P3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P3.3.src.rpm i386: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-sdb-9.7.3-2.el6_1.P3.3.i686.rpm x86_64: bind-debuginfo-9.7.3-2.el6_1.P3.3.i686.rpm bind-debuginfo-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-devel-9.7.3-2.el6_1.P3.3.i686.rpm bind-devel-9.7.3-2.el6_1.P3.3.x86_64.rpm bind-sdb-9.7.3-2.el6_1.P3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4313.html https://access.redhat.com/security/updates/classification/#important https://www.isc.org/software/bind/advisories/cve-2011-4313 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOxWXzXlSAg2UNWIIRAiYpAKCNJW09yqXmjh+8LIUX3pkbnVQjTwCfT/A/ q6QAq2j+rJ97Om7DRvwA3ys= =bKEk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 17 19:53:31 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 Nov 2011 19:53:31 +0000 Subject: [RHSA-2011:1459-01] Important: bind97 security update Message-ID: <201111171953.pAHJrVO3018482@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2011:1459-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1459.html Issue date: 2011-11-17 CVE Names: CVE-2011-4313 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind97 are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 754398 - CVE-2011-4313 bind: Remote denial of service against recursive servers via logging negative cache entry 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-6.P2.el5_7.4.src.rpm i386: bind97-9.7.0-6.P2.el5_7.4.i386.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.i386.rpm bind97-devel-9.7.0-6.P2.el5_7.4.i386.rpm bind97-libs-9.7.0-6.P2.el5_7.4.i386.rpm bind97-utils-9.7.0-6.P2.el5_7.4.i386.rpm x86_64: bind97-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_7.4.i386.rpm bind97-devel-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_7.4.i386.rpm bind97-libs-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_7.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-6.P2.el5_7.4.src.rpm i386: bind97-9.7.0-6.P2.el5_7.4.i386.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.i386.rpm bind97-devel-9.7.0-6.P2.el5_7.4.i386.rpm bind97-libs-9.7.0-6.P2.el5_7.4.i386.rpm bind97-utils-9.7.0-6.P2.el5_7.4.i386.rpm ia64: bind97-9.7.0-6.P2.el5_7.4.ia64.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.ia64.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.ia64.rpm bind97-devel-9.7.0-6.P2.el5_7.4.ia64.rpm bind97-libs-9.7.0-6.P2.el5_7.4.ia64.rpm bind97-utils-9.7.0-6.P2.el5_7.4.ia64.rpm ppc: bind97-9.7.0-6.P2.el5_7.4.ppc.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.ppc.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.ppc64.rpm bind97-devel-9.7.0-6.P2.el5_7.4.ppc.rpm bind97-devel-9.7.0-6.P2.el5_7.4.ppc64.rpm bind97-libs-9.7.0-6.P2.el5_7.4.ppc.rpm bind97-libs-9.7.0-6.P2.el5_7.4.ppc64.rpm bind97-utils-9.7.0-6.P2.el5_7.4.ppc.rpm s390x: bind97-9.7.0-6.P2.el5_7.4.s390x.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.s390x.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.s390.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.s390x.rpm bind97-devel-9.7.0-6.P2.el5_7.4.s390.rpm bind97-devel-9.7.0-6.P2.el5_7.4.s390x.rpm bind97-libs-9.7.0-6.P2.el5_7.4.s390.rpm bind97-libs-9.7.0-6.P2.el5_7.4.s390x.rpm bind97-utils-9.7.0-6.P2.el5_7.4.s390x.rpm x86_64: bind97-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-chroot-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.i386.rpm bind97-debuginfo-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-devel-9.7.0-6.P2.el5_7.4.i386.rpm bind97-devel-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-libs-9.7.0-6.P2.el5_7.4.i386.rpm bind97-libs-9.7.0-6.P2.el5_7.4.x86_64.rpm bind97-utils-9.7.0-6.P2.el5_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4313.html https://access.redhat.com/security/updates/classification/#important https://www.isc.org/software/bind/advisories/cve-2011-4313 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOxWYdXlSAg2UNWIIRApg1AJ9KWgOEGaX3iqUNfN330eUcHMLLAwCgjJBr URxco+JehiQ7Ttf4i+8eCbs= =2c/W -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 22 16:50:20 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Nov 2011 16:50:20 +0000 Subject: [RHSA-2011:1465-01] Important: kernel security and bug fix update Message-ID: <201111221650.pAMGoLx5001542@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:1465-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1465.html Issue date: 2011-11-22 CVE Names: CVE-2011-1162 CVE-2011-1577 CVE-2011-2494 CVE-2011-2699 CVE-2011-2905 CVE-2011-3188 CVE-2011-3191 CVE-2011-3353 CVE-2011-3359 CVE-2011-3363 CVE-2011-3593 CVE-2011-4326 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important) * A signedness issue was found in the Linux kernel's CIFS (Common Internet File System) implementation. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on. A remote attacker could use this flaw to cause a denial of service. (CVE-2011-4326, Important) * The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem in Userspace) implementation. A local user in the fuse group who has access to mount a FUSE file system could use this flaw to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw was found in the b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw was found in the way CIFS shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service. (CVE-2011-3593, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * A heap overflow flaw was found in the Linux kernel's EFI GUID Partition Table (GPT) implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) * The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * It was found that the perf tool, a part of the Linux kernel's Performance Events implementation, could load its configuration file from the current working directory. If a local user with access to the perf tool were tricked into running perf in a directory that contains a specially-crafted configuration file, it could cause perf to overwrite arbitrary files and directories accessible to that user. (CVE-2011-2905, Low) Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Gideon Naim for reporting CVE-2011-3593; Peter Huewe for reporting CVE-2011-1162; Timo Warns for reporting CVE-2011-1577; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes various bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. 4. Solution: Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 716842 - CVE-2011-2494 kernel: taskstats io infoleak 723429 - CVE-2011-2699 kernel: ipv6: make fragment identifications less predictable 729808 - CVE-2011-2905 kernel: perf tools: may parse user-controlled configuration file 732629 - CVE-2011-1162 kernel: tpm: infoleak 732658 - CVE-2011-3188 kernel: net: improve sequence number generation 732869 - CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext() 736761 - CVE-2011-3353 kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message 738202 - CVE-2011-3359 kernel: b43: allocate receive buffers big enough for max frame len + offset 738291 - CVE-2011-3363 kernel: cifs: always do is_path_accessible check in cifs_mount 740352 - make guest mode entry to be rcu quiescent state [rhel-6.1.z] 741166 - enclosure fix [rhel-6.1.z] 742846 - CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames 743807 - igb: failed to activate WOL on 2nd LAN port on i350 [rhel-6.1.z] 744811 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time [rhel-6.1.z] 748808 - Host got crash when guest running netperf client with UDP_STREAM protocol with IPV6 [rhel-6.1.z] 755584 - CVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm i386: kernel-2.6.32-131.21.1.el6.i686.rpm kernel-debug-2.6.32-131.21.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm kernel-devel-2.6.32-131.21.1.el6.i686.rpm kernel-headers-2.6.32-131.21.1.el6.i686.rpm perf-2.6.32-131.21.1.el6.i686.rpm perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.21.1.el6.noarch.rpm kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm perf-2.6.32-131.21.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.21.1.el6.noarch.rpm kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm perf-2.6.32-131.21.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm i386: kernel-2.6.32-131.21.1.el6.i686.rpm kernel-debug-2.6.32-131.21.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm kernel-devel-2.6.32-131.21.1.el6.i686.rpm kernel-headers-2.6.32-131.21.1.el6.i686.rpm perf-2.6.32-131.21.1.el6.i686.rpm perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.21.1.el6.noarch.rpm kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.21.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.21.1.el6.ppc64.rpm kernel-debug-2.6.32-131.21.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.21.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.21.1.el6.ppc64.rpm kernel-devel-2.6.32-131.21.1.el6.ppc64.rpm kernel-headers-2.6.32-131.21.1.el6.ppc64.rpm perf-2.6.32-131.21.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.21.1.el6.s390x.rpm kernel-debug-2.6.32-131.21.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.21.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.21.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.21.1.el6.s390x.rpm kernel-devel-2.6.32-131.21.1.el6.s390x.rpm kernel-headers-2.6.32-131.21.1.el6.s390x.rpm kernel-kdump-2.6.32-131.21.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.21.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.21.1.el6.s390x.rpm perf-2.6.32-131.21.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.21.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm perf-2.6.32-131.21.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm i386: kernel-2.6.32-131.21.1.el6.i686.rpm kernel-debug-2.6.32-131.21.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm kernel-devel-2.6.32-131.21.1.el6.i686.rpm kernel-headers-2.6.32-131.21.1.el6.i686.rpm perf-2.6.32-131.21.1.el6.i686.rpm perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.21.1.el6.noarch.rpm kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm perf-2.6.32-131.21.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1162.html https://www.redhat.com/security/data/cve/CVE-2011-1577.html https://www.redhat.com/security/data/cve/CVE-2011-2494.html https://www.redhat.com/security/data/cve/CVE-2011-2699.html https://www.redhat.com/security/data/cve/CVE-2011-2905.html https://www.redhat.com/security/data/cve/CVE-2011-3188.html https://www.redhat.com/security/data/cve/CVE-2011-3191.html https://www.redhat.com/security/data/cve/CVE-2011-3353.html https://www.redhat.com/security/data/cve/CVE-2011-3359.html https://www.redhat.com/security/data/cve/CVE-2011-3363.html https://www.redhat.com/security/data/cve/CVE-2011-3593.html https://www.redhat.com/security/data/cve/CVE-2011-4326.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1465 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOy9KxXlSAg2UNWIIRApHRAKCrfJt7aIrWnGPf3TwUZKtul/8YUgCgtpZE l5BuL6rArAsWl76KlBJjWFw= =0G9b -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 24 16:07:15 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Nov 2011 16:07:15 +0000 Subject: [RHSA-2011:1478-01] Critical: java-1.5.0-ibm security update Message-ID: <201111241607.pAOG7FFw019448@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2011:1478-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1478.html Issue date: 2011-11-24 CVE Names: CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3554 CVE-2011-3556 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOzmt6XlSAg2UNWIIRAi6QAKDBjSeCRF5ohy6oBxvlL2bKiIywSACeKzcH 3KDDc4HKBfG2KfDqGTHcd5E= =Nb9O -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 29 15:04:39 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 Nov 2011 15:04:39 +0000 Subject: [RHSA-2011:1479-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201111291504.pATF4e4a011346@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1479-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1479.html Issue date: 2011-11-29 CVE Names: CVE-2011-1162 CVE-2011-1898 CVE-2011-2203 CVE-2011-2494 CVE-2011-3363 CVE-2011-4110 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * A NULL pointer dereference flaw was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially-crafted HFS file system with a corrupted MDB extent record. (CVE-2011-2203, Low) * The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363; Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 712774 - CVE-2011-2203 kernel: hfs_find_init() sb->ext_tree NULL pointer dereference 715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection 716842 - CVE-2011-2494 kernel: taskstats io infoleak 732629 - CVE-2011-1162 kernel: tpm: infoleak 738291 - CVE-2011-3363 kernel: cifs: always do is_path_accessible check in cifs_mount 741273 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time [rhel-5.7.z] 745726 - Host crash when pass-through fails [rhel-5.7.z] 751297 - CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.12.1.el5.src.rpm i386: kernel-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.12.1.el5.i686.rpm kernel-debug-2.6.18-274.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.i686.rpm kernel-devel-2.6.18-274.12.1.el5.i686.rpm kernel-headers-2.6.18-274.12.1.el5.i386.rpm kernel-xen-2.6.18-274.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.12.1.el5.i686.rpm noarch: kernel-doc-2.6.18-274.12.1.el5.noarch.rpm x86_64: kernel-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.x86_64.rpm kernel-devel-2.6.18-274.12.1.el5.x86_64.rpm kernel-headers-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.12.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.12.1.el5.src.rpm i386: kernel-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.12.1.el5.i686.rpm kernel-debug-2.6.18-274.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.i686.rpm kernel-devel-2.6.18-274.12.1.el5.i686.rpm kernel-headers-2.6.18-274.12.1.el5.i386.rpm kernel-xen-2.6.18-274.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.12.1.el5.i686.rpm ia64: kernel-2.6.18-274.12.1.el5.ia64.rpm kernel-debug-2.6.18-274.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-274.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-274.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.ia64.rpm kernel-devel-2.6.18-274.12.1.el5.ia64.rpm kernel-headers-2.6.18-274.12.1.el5.ia64.rpm kernel-xen-2.6.18-274.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-274.12.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.12.1.el5.noarch.rpm ppc: kernel-2.6.18-274.12.1.el5.ppc64.rpm kernel-debug-2.6.18-274.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.ppc64.rpm kernel-devel-2.6.18-274.12.1.el5.ppc64.rpm kernel-headers-2.6.18-274.12.1.el5.ppc.rpm kernel-headers-2.6.18-274.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-274.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.12.1.el5.ppc64.rpm s390x: kernel-2.6.18-274.12.1.el5.s390x.rpm kernel-debug-2.6.18-274.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-274.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-274.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.s390x.rpm kernel-devel-2.6.18-274.12.1.el5.s390x.rpm kernel-headers-2.6.18-274.12.1.el5.s390x.rpm kernel-kdump-2.6.18-274.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.12.1.el5.s390x.rpm x86_64: kernel-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.12.1.el5.x86_64.rpm kernel-devel-2.6.18-274.12.1.el5.x86_64.rpm kernel-headers-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.12.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1162.html https://www.redhat.com/security/data/cve/CVE-2011-1898.html https://www.redhat.com/security/data/cve/CVE-2011-2203.html https://www.redhat.com/security/data/cve/CVE-2011-2494.html https://www.redhat.com/security/data/cve/CVE-2011-3363.html https://www.redhat.com/security/data/cve/CVE-2011-4110.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1479 https://bugzilla.redhat.com/show_bug.cgi?id=715555 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFO1PQ3XlSAg2UNWIIRAoHZAJ0aagTQGZfUmhp52e0+8eEQislfnQCgi+He RYgOv/moSP4Gdui4XtzxTFw= =VAV9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 29 15:06:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 Nov 2011 15:06:58 +0000 Subject: [RHSA-2011:1496-01] Important: bind security update Message-ID: <201111291506.pATF6wwO026315@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2011:1496-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1496.html Issue date: 2011-11-29 CVE Names: CVE-2011-4313 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 754398 - CVE-2011-4313 bind: Remote denial of service against recursive servers via logging negative cache entry 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bind-9.2.4-38.el4.src.rpm i386: bind-9.2.4-38.el4.i386.rpm bind-chroot-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-devel-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-utils-9.2.4-38.el4.i386.rpm ia64: bind-9.2.4-38.el4.ia64.rpm bind-chroot-9.2.4-38.el4.ia64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.ia64.rpm bind-devel-9.2.4-38.el4.ia64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.ia64.rpm bind-utils-9.2.4-38.el4.ia64.rpm ppc: bind-9.2.4-38.el4.ppc.rpm bind-chroot-9.2.4-38.el4.ppc.rpm bind-debuginfo-9.2.4-38.el4.ppc.rpm bind-debuginfo-9.2.4-38.el4.ppc64.rpm bind-devel-9.2.4-38.el4.ppc.rpm bind-libs-9.2.4-38.el4.ppc.rpm bind-libs-9.2.4-38.el4.ppc64.rpm bind-utils-9.2.4-38.el4.ppc.rpm s390: bind-9.2.4-38.el4.s390.rpm bind-chroot-9.2.4-38.el4.s390.rpm bind-debuginfo-9.2.4-38.el4.s390.rpm bind-devel-9.2.4-38.el4.s390.rpm bind-libs-9.2.4-38.el4.s390.rpm bind-utils-9.2.4-38.el4.s390.rpm s390x: bind-9.2.4-38.el4.s390x.rpm bind-chroot-9.2.4-38.el4.s390x.rpm bind-debuginfo-9.2.4-38.el4.s390.rpm bind-debuginfo-9.2.4-38.el4.s390x.rpm bind-devel-9.2.4-38.el4.s390x.rpm bind-libs-9.2.4-38.el4.s390.rpm bind-libs-9.2.4-38.el4.s390x.rpm bind-utils-9.2.4-38.el4.s390x.rpm x86_64: bind-9.2.4-38.el4.x86_64.rpm bind-chroot-9.2.4-38.el4.x86_64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.x86_64.rpm bind-devel-9.2.4-38.el4.x86_64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.x86_64.rpm bind-utils-9.2.4-38.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bind-9.2.4-38.el4.src.rpm i386: bind-9.2.4-38.el4.i386.rpm bind-chroot-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-devel-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-utils-9.2.4-38.el4.i386.rpm x86_64: bind-9.2.4-38.el4.x86_64.rpm bind-chroot-9.2.4-38.el4.x86_64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.x86_64.rpm bind-devel-9.2.4-38.el4.x86_64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.x86_64.rpm bind-utils-9.2.4-38.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bind-9.2.4-38.el4.src.rpm i386: bind-9.2.4-38.el4.i386.rpm bind-chroot-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-devel-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-utils-9.2.4-38.el4.i386.rpm ia64: bind-9.2.4-38.el4.ia64.rpm bind-chroot-9.2.4-38.el4.ia64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.ia64.rpm bind-devel-9.2.4-38.el4.ia64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.ia64.rpm bind-utils-9.2.4-38.el4.ia64.rpm x86_64: bind-9.2.4-38.el4.x86_64.rpm bind-chroot-9.2.4-38.el4.x86_64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.x86_64.rpm bind-devel-9.2.4-38.el4.x86_64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.x86_64.rpm bind-utils-9.2.4-38.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bind-9.2.4-38.el4.src.rpm i386: bind-9.2.4-38.el4.i386.rpm bind-chroot-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-devel-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-utils-9.2.4-38.el4.i386.rpm ia64: bind-9.2.4-38.el4.ia64.rpm bind-chroot-9.2.4-38.el4.ia64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.ia64.rpm bind-devel-9.2.4-38.el4.ia64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.ia64.rpm bind-utils-9.2.4-38.el4.ia64.rpm x86_64: bind-9.2.4-38.el4.x86_64.rpm bind-chroot-9.2.4-38.el4.x86_64.rpm bind-debuginfo-9.2.4-38.el4.i386.rpm bind-debuginfo-9.2.4-38.el4.x86_64.rpm bind-devel-9.2.4-38.el4.x86_64.rpm bind-libs-9.2.4-38.el4.i386.rpm bind-libs-9.2.4-38.el4.x86_64.rpm bind-utils-9.2.4-38.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4313.html https://access.redhat.com/security/updates/classification/#important https://www.isc.org/software/bind/advisories/cve-2011-4313 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFO1PTmXlSAg2UNWIIRAjU6AJ9ZWJFlGnIDv6xzto+e1+piQIercACgkWsN gb+Cb5bX2e7VZApDA5a97Jc= =geHy -----END PGP SIGNATURE-----