From bugzilla at redhat.com Mon Oct 3 20:13:35 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Oct 2011 20:13:35 +0000 Subject: [RHSA-2011:1349-01] Important: rpm security update Message-ID: <201110032013.p93KDa07003212@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rpm security update Advisory ID: RHSA-2011:1349-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1349.html Issue date: 2011-10-03 CVE Names: CVE-2011-3378 ===================================================================== 1. Summary: Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5.6.z server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 6.0.z) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6.0.z) - noarch Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741606 - CVE-2011-3378 rpm: crashes and overflows on malformed header 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: rpm-4.2.3-35_nonptl.src.rpm i386: popt-1.8.2-35_nonptl.i386.rpm rpm-4.2.3-35_nonptl.i386.rpm rpm-build-4.2.3-35_nonptl.i386.rpm rpm-debuginfo-4.2.3-35_nonptl.i386.rpm rpm-devel-4.2.3-35_nonptl.i386.rpm rpm-libs-4.2.3-35_nonptl.i386.rpm rpm-python-4.2.3-35_nonptl.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: rpm-4.2.3-35_nonptl.src.rpm i386: popt-1.8.2-35_nonptl.i386.rpm rpm-4.2.3-35_nonptl.i386.rpm rpm-build-4.2.3-35_nonptl.i386.rpm rpm-debuginfo-4.2.3-35_nonptl.i386.rpm rpm-devel-4.2.3-35_nonptl.i386.rpm rpm-libs-4.2.3-35_nonptl.i386.rpm rpm-python-4.2.3-35_nonptl.i386.rpm Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/rpm-4.3.3-35_nonptl.el4.src.rpm i386: popt-1.9.1-35_nonptl.el4.i386.rpm rpm-4.3.3-35_nonptl.el4.i386.rpm rpm-build-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-devel-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-python-4.3.3-35_nonptl.el4.i386.rpm ia64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.ia64.rpm rpm-4.3.3-35_nonptl.el4.ia64.rpm rpm-build-4.3.3-35_nonptl.el4.ia64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.ia64.rpm rpm-devel-4.3.3-35_nonptl.el4.ia64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.ia64.rpm rpm-python-4.3.3-35_nonptl.el4.ia64.rpm ppc: popt-1.9.1-35_nonptl.el4.ppc.rpm popt-1.9.1-35_nonptl.el4.ppc64.rpm rpm-4.3.3-35_nonptl.el4.ppc.rpm rpm-build-4.3.3-35_nonptl.el4.ppc.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.ppc.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.ppc64.rpm rpm-devel-4.3.3-35_nonptl.el4.ppc.rpm rpm-libs-4.3.3-35_nonptl.el4.ppc.rpm rpm-libs-4.3.3-35_nonptl.el4.ppc64.rpm rpm-python-4.3.3-35_nonptl.el4.ppc.rpm s390: popt-1.9.1-35_nonptl.el4.s390.rpm rpm-4.3.3-35_nonptl.el4.s390.rpm rpm-build-4.3.3-35_nonptl.el4.s390.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.s390.rpm rpm-devel-4.3.3-35_nonptl.el4.s390.rpm rpm-libs-4.3.3-35_nonptl.el4.s390.rpm rpm-python-4.3.3-35_nonptl.el4.s390.rpm s390x: popt-1.9.1-35_nonptl.el4.s390.rpm popt-1.9.1-35_nonptl.el4.s390x.rpm rpm-4.3.3-35_nonptl.el4.s390x.rpm rpm-build-4.3.3-35_nonptl.el4.s390x.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.s390.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.s390x.rpm rpm-devel-4.3.3-35_nonptl.el4.s390x.rpm rpm-libs-4.3.3-35_nonptl.el4.s390.rpm rpm-libs-4.3.3-35_nonptl.el4.s390x.rpm rpm-python-4.3.3-35_nonptl.el4.s390x.rpm x86_64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.x86_64.rpm rpm-4.3.3-35_nonptl.el4.x86_64.rpm rpm-build-4.3.3-35_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-35_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.x86_64.rpm rpm-python-4.3.3-35_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/rpm-4.3.3-35_nonptl.el4.src.rpm i386: popt-1.9.1-35_nonptl.el4.i386.rpm rpm-4.3.3-35_nonptl.el4.i386.rpm rpm-build-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-devel-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-python-4.3.3-35_nonptl.el4.i386.rpm x86_64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.x86_64.rpm rpm-4.3.3-35_nonptl.el4.x86_64.rpm rpm-build-4.3.3-35_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-35_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.x86_64.rpm rpm-python-4.3.3-35_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/rpm-4.3.3-35_nonptl.el4.src.rpm i386: popt-1.9.1-35_nonptl.el4.i386.rpm rpm-4.3.3-35_nonptl.el4.i386.rpm rpm-build-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-devel-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-python-4.3.3-35_nonptl.el4.i386.rpm ia64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.ia64.rpm rpm-4.3.3-35_nonptl.el4.ia64.rpm rpm-build-4.3.3-35_nonptl.el4.ia64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.ia64.rpm rpm-devel-4.3.3-35_nonptl.el4.ia64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.ia64.rpm rpm-python-4.3.3-35_nonptl.el4.ia64.rpm x86_64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.x86_64.rpm rpm-4.3.3-35_nonptl.el4.x86_64.rpm rpm-build-4.3.3-35_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-35_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.x86_64.rpm rpm-python-4.3.3-35_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/rpm-4.3.3-35_nonptl.el4.src.rpm i386: popt-1.9.1-35_nonptl.el4.i386.rpm rpm-4.3.3-35_nonptl.el4.i386.rpm rpm-build-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-devel-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-python-4.3.3-35_nonptl.el4.i386.rpm ia64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.ia64.rpm rpm-4.3.3-35_nonptl.el4.ia64.rpm rpm-build-4.3.3-35_nonptl.el4.ia64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.ia64.rpm rpm-devel-4.3.3-35_nonptl.el4.ia64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.ia64.rpm rpm-python-4.3.3-35_nonptl.el4.ia64.rpm x86_64: popt-1.9.1-35_nonptl.el4.i386.rpm popt-1.9.1-35_nonptl.el4.x86_64.rpm rpm-4.3.3-35_nonptl.el4.x86_64.rpm rpm-build-4.3.3-35_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-35_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-35_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-35_nonptl.el4.i386.rpm rpm-libs-4.3.3-35_nonptl.el4.x86_64.rpm rpm-python-4.3.3-35_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-22.el5_7.2.src.rpm i386: popt-1.10.2.3-22.el5_7.2.i386.rpm rpm-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm rpm-python-4.4.2.3-22.el5_7.2.i386.rpm x86_64: popt-1.10.2.3-22.el5_7.2.i386.rpm popt-1.10.2.3-22.el5_7.2.x86_64.rpm rpm-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm rpm-libs-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-python-4.4.2.3-22.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-22.el5_7.2.src.rpm i386: rpm-apidocs-4.4.2.3-22.el5_7.2.i386.rpm rpm-build-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm x86_64: rpm-apidocs-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-build-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm rpm-devel-4.4.2.3-22.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5.3.LL server): Source: rpm-4.4.2.3-9.el5_3.2.src.rpm i386: popt-1.10.2.3-9.el5_3.2.i386.rpm rpm-4.4.2.3-9.el5_3.2.i386.rpm rpm-apidocs-4.4.2.3-9.el5_3.2.i386.rpm rpm-build-4.4.2.3-9.el5_3.2.i386.rpm rpm-debuginfo-4.4.2.3-9.el5_3.2.i386.rpm rpm-devel-4.4.2.3-9.el5_3.2.i386.rpm rpm-libs-4.4.2.3-9.el5_3.2.i386.rpm rpm-python-4.4.2.3-9.el5_3.2.i386.rpm ia64: popt-1.10.2.3-9.el5_3.2.ia64.rpm rpm-4.4.2.3-9.el5_3.2.ia64.rpm rpm-apidocs-4.4.2.3-9.el5_3.2.ia64.rpm rpm-build-4.4.2.3-9.el5_3.2.ia64.rpm rpm-debuginfo-4.4.2.3-9.el5_3.2.ia64.rpm rpm-devel-4.4.2.3-9.el5_3.2.ia64.rpm rpm-libs-4.4.2.3-9.el5_3.2.ia64.rpm rpm-python-4.4.2.3-9.el5_3.2.ia64.rpm x86_64: popt-1.10.2.3-9.el5_3.2.i386.rpm popt-1.10.2.3-9.el5_3.2.x86_64.rpm rpm-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-apidocs-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-build-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-debuginfo-4.4.2.3-9.el5_3.2.i386.rpm rpm-debuginfo-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-devel-4.4.2.3-9.el5_3.2.i386.rpm rpm-devel-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-libs-4.4.2.3-9.el5_3.2.i386.rpm rpm-libs-4.4.2.3-9.el5_3.2.x86_64.rpm rpm-python-4.4.2.3-9.el5_3.2.x86_64.rpm Red Hat Enterprise Linux (v. 5.6.z server): Source: rpm-4.4.2.3-22.el5_6.2.src.rpm i386: popt-1.10.2.3-22.el5_6.2.i386.rpm rpm-4.4.2.3-22.el5_6.2.i386.rpm rpm-apidocs-4.4.2.3-22.el5_6.2.i386.rpm rpm-build-4.4.2.3-22.el5_6.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.i386.rpm rpm-devel-4.4.2.3-22.el5_6.2.i386.rpm rpm-libs-4.4.2.3-22.el5_6.2.i386.rpm rpm-python-4.4.2.3-22.el5_6.2.i386.rpm ia64: popt-1.10.2.3-22.el5_6.2.ia64.rpm rpm-4.4.2.3-22.el5_6.2.ia64.rpm rpm-apidocs-4.4.2.3-22.el5_6.2.ia64.rpm rpm-build-4.4.2.3-22.el5_6.2.ia64.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.ia64.rpm rpm-devel-4.4.2.3-22.el5_6.2.ia64.rpm rpm-libs-4.4.2.3-22.el5_6.2.ia64.rpm rpm-python-4.4.2.3-22.el5_6.2.ia64.rpm ppc: popt-1.10.2.3-22.el5_6.2.ppc.rpm popt-1.10.2.3-22.el5_6.2.ppc64.rpm rpm-4.4.2.3-22.el5_6.2.ppc.rpm rpm-apidocs-4.4.2.3-22.el5_6.2.ppc.rpm rpm-build-4.4.2.3-22.el5_6.2.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.ppc64.rpm rpm-devel-4.4.2.3-22.el5_6.2.ppc.rpm rpm-devel-4.4.2.3-22.el5_6.2.ppc64.rpm rpm-libs-4.4.2.3-22.el5_6.2.ppc.rpm rpm-libs-4.4.2.3-22.el5_6.2.ppc64.rpm rpm-python-4.4.2.3-22.el5_6.2.ppc.rpm s390x: popt-1.10.2.3-22.el5_6.2.s390.rpm popt-1.10.2.3-22.el5_6.2.s390x.rpm rpm-4.4.2.3-22.el5_6.2.s390x.rpm rpm-apidocs-4.4.2.3-22.el5_6.2.s390x.rpm rpm-build-4.4.2.3-22.el5_6.2.s390x.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.s390.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.s390x.rpm rpm-devel-4.4.2.3-22.el5_6.2.s390.rpm rpm-devel-4.4.2.3-22.el5_6.2.s390x.rpm rpm-libs-4.4.2.3-22.el5_6.2.s390.rpm rpm-libs-4.4.2.3-22.el5_6.2.s390x.rpm rpm-python-4.4.2.3-22.el5_6.2.s390x.rpm x86_64: popt-1.10.2.3-22.el5_6.2.i386.rpm popt-1.10.2.3-22.el5_6.2.x86_64.rpm rpm-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-apidocs-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-build-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-devel-4.4.2.3-22.el5_6.2.i386.rpm rpm-devel-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-libs-4.4.2.3-22.el5_6.2.i386.rpm rpm-libs-4.4.2.3-22.el5_6.2.x86_64.rpm rpm-python-4.4.2.3-22.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rpm-4.4.2.3-22.el5_7.2.src.rpm i386: popt-1.10.2.3-22.el5_7.2.i386.rpm rpm-4.4.2.3-22.el5_7.2.i386.rpm rpm-apidocs-4.4.2.3-22.el5_7.2.i386.rpm rpm-build-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm rpm-python-4.4.2.3-22.el5_7.2.i386.rpm ia64: popt-1.10.2.3-22.el5_7.2.ia64.rpm rpm-4.4.2.3-22.el5_7.2.ia64.rpm rpm-apidocs-4.4.2.3-22.el5_7.2.ia64.rpm rpm-build-4.4.2.3-22.el5_7.2.ia64.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.ia64.rpm rpm-devel-4.4.2.3-22.el5_7.2.ia64.rpm rpm-libs-4.4.2.3-22.el5_7.2.ia64.rpm rpm-python-4.4.2.3-22.el5_7.2.ia64.rpm ppc: popt-1.10.2.3-22.el5_7.2.ppc.rpm popt-1.10.2.3-22.el5_7.2.ppc64.rpm rpm-4.4.2.3-22.el5_7.2.ppc.rpm rpm-apidocs-4.4.2.3-22.el5_7.2.ppc.rpm rpm-build-4.4.2.3-22.el5_7.2.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.ppc64.rpm rpm-devel-4.4.2.3-22.el5_7.2.ppc.rpm rpm-devel-4.4.2.3-22.el5_7.2.ppc64.rpm rpm-libs-4.4.2.3-22.el5_7.2.ppc.rpm rpm-libs-4.4.2.3-22.el5_7.2.ppc64.rpm rpm-python-4.4.2.3-22.el5_7.2.ppc.rpm s390x: popt-1.10.2.3-22.el5_7.2.s390.rpm popt-1.10.2.3-22.el5_7.2.s390x.rpm rpm-4.4.2.3-22.el5_7.2.s390x.rpm rpm-apidocs-4.4.2.3-22.el5_7.2.s390x.rpm rpm-build-4.4.2.3-22.el5_7.2.s390x.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.s390.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.s390x.rpm rpm-devel-4.4.2.3-22.el5_7.2.s390.rpm rpm-devel-4.4.2.3-22.el5_7.2.s390x.rpm rpm-libs-4.4.2.3-22.el5_7.2.s390.rpm rpm-libs-4.4.2.3-22.el5_7.2.s390x.rpm rpm-python-4.4.2.3-22.el5_7.2.s390x.rpm x86_64: popt-1.10.2.3-22.el5_7.2.i386.rpm popt-1.10.2.3-22.el5_7.2.x86_64.rpm rpm-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-apidocs-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-build-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-devel-4.4.2.3-22.el5_7.2.i386.rpm rpm-devel-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-libs-4.4.2.3-22.el5_7.2.i386.rpm rpm-libs-4.4.2.3-22.el5_7.2.x86_64.rpm rpm-python-4.4.2.3-22.el5_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm i386: rpm-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-python-4.8.0-16.el6_1.1.i686.rpm x86_64: rpm-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.x86_64.rpm rpm-python-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm i386: rpm-build-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm noarch: rpm-apidocs-4.8.0-16.el6_1.1.noarch.rpm rpm-cron-4.8.0-16.el6_1.1.noarch.rpm x86_64: rpm-build-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm x86_64: rpm-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.x86_64.rpm rpm-python-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm noarch: rpm-apidocs-4.8.0-16.el6_1.1.noarch.rpm rpm-cron-4.8.0-16.el6_1.1.noarch.rpm x86_64: rpm-build-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6.0.z): Source: rpm-4.8.0-12.el6_0.1.src.rpm i386: rpm-4.8.0-12.el6_0.1.i686.rpm rpm-build-4.8.0-12.el6_0.1.i686.rpm rpm-debuginfo-4.8.0-12.el6_0.1.i686.rpm rpm-devel-4.8.0-12.el6_0.1.i686.rpm rpm-libs-4.8.0-12.el6_0.1.i686.rpm rpm-python-4.8.0-12.el6_0.1.i686.rpm ppc64: rpm-4.8.0-12.el6_0.1.ppc64.rpm rpm-build-4.8.0-12.el6_0.1.ppc64.rpm rpm-debuginfo-4.8.0-12.el6_0.1.ppc.rpm rpm-debuginfo-4.8.0-12.el6_0.1.ppc64.rpm rpm-devel-4.8.0-12.el6_0.1.ppc.rpm rpm-devel-4.8.0-12.el6_0.1.ppc64.rpm rpm-libs-4.8.0-12.el6_0.1.ppc.rpm rpm-libs-4.8.0-12.el6_0.1.ppc64.rpm rpm-python-4.8.0-12.el6_0.1.ppc64.rpm s390x: rpm-4.8.0-12.el6_0.1.s390x.rpm rpm-build-4.8.0-12.el6_0.1.s390x.rpm rpm-debuginfo-4.8.0-12.el6_0.1.s390.rpm rpm-debuginfo-4.8.0-12.el6_0.1.s390x.rpm rpm-devel-4.8.0-12.el6_0.1.s390.rpm rpm-devel-4.8.0-12.el6_0.1.s390x.rpm rpm-libs-4.8.0-12.el6_0.1.s390.rpm rpm-libs-4.8.0-12.el6_0.1.s390x.rpm rpm-python-4.8.0-12.el6_0.1.s390x.rpm x86_64: rpm-4.8.0-12.el6_0.1.x86_64.rpm rpm-build-4.8.0-12.el6_0.1.x86_64.rpm rpm-debuginfo-4.8.0-12.el6_0.1.i686.rpm rpm-debuginfo-4.8.0-12.el6_0.1.x86_64.rpm rpm-devel-4.8.0-12.el6_0.1.i686.rpm rpm-devel-4.8.0-12.el6_0.1.x86_64.rpm rpm-libs-4.8.0-12.el6_0.1.i686.rpm rpm-libs-4.8.0-12.el6_0.1.x86_64.rpm rpm-python-4.8.0-12.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm i386: rpm-4.8.0-16.el6_1.1.i686.rpm rpm-build-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-python-4.8.0-16.el6_1.1.i686.rpm ppc64: rpm-4.8.0-16.el6_1.1.ppc64.rpm rpm-build-4.8.0-16.el6_1.1.ppc64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.ppc.rpm rpm-debuginfo-4.8.0-16.el6_1.1.ppc64.rpm rpm-devel-4.8.0-16.el6_1.1.ppc.rpm rpm-devel-4.8.0-16.el6_1.1.ppc64.rpm rpm-libs-4.8.0-16.el6_1.1.ppc.rpm rpm-libs-4.8.0-16.el6_1.1.ppc64.rpm rpm-python-4.8.0-16.el6_1.1.ppc64.rpm s390x: rpm-4.8.0-16.el6_1.1.s390x.rpm rpm-build-4.8.0-16.el6_1.1.s390x.rpm rpm-debuginfo-4.8.0-16.el6_1.1.s390.rpm rpm-debuginfo-4.8.0-16.el6_1.1.s390x.rpm rpm-devel-4.8.0-16.el6_1.1.s390.rpm rpm-devel-4.8.0-16.el6_1.1.s390x.rpm rpm-libs-4.8.0-16.el6_1.1.s390.rpm rpm-libs-4.8.0-16.el6_1.1.s390x.rpm rpm-python-4.8.0-16.el6_1.1.s390x.rpm x86_64: rpm-4.8.0-16.el6_1.1.x86_64.rpm rpm-build-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.x86_64.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.x86_64.rpm rpm-python-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6.0.z): Source: rpm-4.8.0-12.el6_0.1.src.rpm noarch: rpm-apidocs-4.8.0-12.el6_0.1.noarch.rpm rpm-cron-4.8.0-12.el6_0.1.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm noarch: rpm-apidocs-4.8.0-16.el6_1.1.noarch.rpm rpm-cron-4.8.0-16.el6_1.1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm i386: rpm-4.8.0-16.el6_1.1.i686.rpm rpm-build-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-python-4.8.0-16.el6_1.1.i686.rpm x86_64: rpm-4.8.0-16.el6_1.1.x86_64.rpm rpm-build-4.8.0-16.el6_1.1.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.1.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.1.x86_64.rpm rpm-devel-4.8.0-16.el6_1.1.i686.rpm rpm-devel-4.8.0-16.el6_1.1.x86_64.rpm rpm-libs-4.8.0-16.el6_1.1.i686.rpm rpm-libs-4.8.0-16.el6_1.1.x86_64.rpm rpm-python-4.8.0-16.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rpm-4.8.0-16.el6_1.1.src.rpm noarch: rpm-apidocs-4.8.0-16.el6_1.1.noarch.rpm rpm-cron-4.8.0-16.el6_1.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3378.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOihdaXlSAg2UNWIIRAgUbAJ41yDhKnRyaBGEiYupgYze7Tvu3oQCeLYua ydXgq0h0gCbvOH9KdSAuEx0= =Pcaj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 5 21:51:52 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Oct 2011 21:51:52 +0000 Subject: [RHSA-2011:1350-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201110052151.p95LprnG014718@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1350-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1350.html Issue date: 2011-10-05 CVE Names: CVE-2011-1160 CVE-2011-1745 CVE-2011-1746 CVE-2011-1833 CVE-2011-2022 CVE-2011-2484 CVE-2011-2496 CVE-2011-2521 CVE-2011-2723 CVE-2011-2898 CVE-2011-2918 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate) * A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use. (CVE-2011-2484, Moderate) * A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate) * A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate) * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate) * A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. (CVE-2011-1160, Low) * Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833. This update also fixes various bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 684671 - CVE-2011-1160 kernel: tpm infoleaks 698996 - CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls 698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory() 713463 - UV: fscache taints kernel; NFS requires fscache; NFS taints kernel 715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in listener mode can lead to DoS 716538 - CVE-2011-2496 kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions 719228 - CVE-2011-2521 kernel: perf, x86: fix Intel fixed counters base initialization 726552 - CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled 728023 - CVE-2011-2898 kernel: af_packet: infoleak 730706 - CVE-2011-2918 kernel: perf: Fix software event overflow 731172 - CVE-2011-1833 kernel: ecryptfs: mount source TOCTOU race 732379 - [bnx2x_extract_max_cfg:1079(ethxx)]Illegal configuration detected for Max BW - using 100 instead [rhel-6.1.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.17.1.el6.src.rpm i386: kernel-2.6.32-131.17.1.el6.i686.rpm kernel-debug-2.6.32-131.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.17.1.el6.i686.rpm kernel-devel-2.6.32-131.17.1.el6.i686.rpm kernel-headers-2.6.32-131.17.1.el6.i686.rpm perf-2.6.32-131.17.1.el6.i686.rpm perf-debuginfo-2.6.32-131.17.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.17.1.el6.noarch.rpm kernel-firmware-2.6.32-131.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6.x86_64.rpm kernel-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-headers-2.6.32-131.17.1.el6.x86_64.rpm perf-2.6.32-131.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.17.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.17.1.el6.noarch.rpm kernel-firmware-2.6.32-131.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6.x86_64.rpm kernel-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-headers-2.6.32-131.17.1.el6.x86_64.rpm perf-2.6.32-131.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.17.1.el6.src.rpm i386: kernel-2.6.32-131.17.1.el6.i686.rpm kernel-debug-2.6.32-131.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.17.1.el6.i686.rpm kernel-devel-2.6.32-131.17.1.el6.i686.rpm kernel-headers-2.6.32-131.17.1.el6.i686.rpm perf-2.6.32-131.17.1.el6.i686.rpm perf-debuginfo-2.6.32-131.17.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.17.1.el6.noarch.rpm kernel-firmware-2.6.32-131.17.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.17.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.17.1.el6.ppc64.rpm kernel-debug-2.6.32-131.17.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.17.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.17.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.17.1.el6.ppc64.rpm kernel-devel-2.6.32-131.17.1.el6.ppc64.rpm kernel-headers-2.6.32-131.17.1.el6.ppc64.rpm perf-2.6.32-131.17.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.17.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.17.1.el6.s390x.rpm kernel-debug-2.6.32-131.17.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.17.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.17.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.17.1.el6.s390x.rpm kernel-devel-2.6.32-131.17.1.el6.s390x.rpm kernel-headers-2.6.32-131.17.1.el6.s390x.rpm kernel-kdump-2.6.32-131.17.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.17.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.17.1.el6.s390x.rpm perf-2.6.32-131.17.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.17.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6.x86_64.rpm kernel-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-headers-2.6.32-131.17.1.el6.x86_64.rpm perf-2.6.32-131.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.17.1.el6.src.rpm i386: kernel-2.6.32-131.17.1.el6.i686.rpm kernel-debug-2.6.32-131.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.17.1.el6.i686.rpm kernel-devel-2.6.32-131.17.1.el6.i686.rpm kernel-headers-2.6.32-131.17.1.el6.i686.rpm perf-2.6.32-131.17.1.el6.i686.rpm perf-debuginfo-2.6.32-131.17.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.17.1.el6.noarch.rpm kernel-firmware-2.6.32-131.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6.x86_64.rpm kernel-devel-2.6.32-131.17.1.el6.x86_64.rpm kernel-headers-2.6.32-131.17.1.el6.x86_64.rpm perf-2.6.32-131.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.17.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1160.html https://www.redhat.com/security/data/cve/CVE-2011-1745.html https://www.redhat.com/security/data/cve/CVE-2011-1746.html https://www.redhat.com/security/data/cve/CVE-2011-1833.html https://www.redhat.com/security/data/cve/CVE-2011-2022.html https://www.redhat.com/security/data/cve/CVE-2011-2484.html https://www.redhat.com/security/data/cve/CVE-2011-2496.html https://www.redhat.com/security/data/cve/CVE-2011-2521.html https://www.redhat.com/security/data/cve/CVE-2011-2723.html https://www.redhat.com/security/data/cve/CVE-2011-2898.html https://www.redhat.com/security/data/cve/CVE-2011-2918.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1241.html https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1350 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOjNFsXlSAg2UNWIIRAncnAJ9Eon/Io2iz0R/PUxF8qdDNeX3c/ACgo0RP 1tmPLgJU379yVB6lK9EZ1dc= =qyeH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 5 21:52:21 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Oct 2011 21:52:21 +0000 Subject: [RHSA-2011:1356-01] Moderate: openswan security update Message-ID: <201110052152.p95LqM2a020524@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openswan security update Advisory ID: RHSA-2011:1356-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1356.html Issue date: 2011-10-05 CVE Names: CVE-2011-3380 ===================================================================== 1. Summary: Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. (CVE-2011-3380) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 742065 - CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-2.6.32-4.el6_1.2.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm x86_64: openswan-2.6.32-4.el6_1.2.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm openswan-doc-2.6.32-4.el6_1.2.i686.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-2.6.32-4.el6_1.2.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm ppc64: openswan-2.6.32-4.el6_1.2.ppc64.rpm openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm s390x: openswan-2.6.32-4.el6_1.2.s390x.rpm openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm x86_64: openswan-2.6.32-4.el6_1.2.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm openswan-doc-2.6.32-4.el6_1.2.i686.rpm ppc64: openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm openswan-doc-2.6.32-4.el6_1.2.ppc64.rpm s390x: openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm openswan-doc-2.6.32-4.el6_1.2.s390x.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-2.6.32-4.el6_1.2.i686.rpm openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm x86_64: openswan-2.6.32-4.el6_1.2.x86_64.rpm openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-4.el6_1.2.src.rpm i386: openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm openswan-doc-2.6.32-4.el6_1.2.i686.rpm x86_64: openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3380.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOjNGMXlSAg2UNWIIRAnKgAJ9CypAQR9hOAr/4HTXtMGnl5tasVwCgnvBV wTcF2XKvWk+6c2nh4EWowes= =E30U -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 6 18:09:31 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Oct 2011 18:09:31 +0000 Subject: [RHSA-2011:1359-01] Moderate: xorg-x11-server security update Message-ID: <201110061809.p96I9WKO013186@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xorg-x11-server security update Advisory ID: RHSA-2011:1359-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1359.html Issue date: 2011-10-06 CVE Names: CVE-2010-4818 CVE-2010-4819 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 740954 - CVE-2010-4818 X.org: multiple GLX input sanitization flaws 740961 - CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.76.el5_7.5.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.i386.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.76.el5_7.5.src.rpm i386: xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.i386.rpm x86_64: xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xorg-x11-server-1.1.1-48.76.el5_7.5.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.i386.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.i386.rpm ia64: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.ia64.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.ia64.rpm ppc: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.ppc.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.ppc.rpm s390x: xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.s390x.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.s390x.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.s390x.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.s390x.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.76.el5_7.5.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.76.el5_7.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm x86_64: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm noarch: xorg-x11-server-source-1.7.7-29.el6_1.2.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm noarch: xorg-x11-server-source-1.7.7-29.el6_1.2.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm ppc64: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.s390x.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.s390x.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm noarch: xorg-x11-server-source-1.7.7-29.el6_1.2.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.ppc.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.ppc64.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.ppc.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.s390x.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.s390x.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.s390x.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm x86_64: xorg-x11-server-Xephyr-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xorg-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-common-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.7.7-29.el6_1.2.src.rpm i386: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm noarch: xorg-x11-server-source-1.7.7-29.el6_1.2.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xnest-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-Xvfb-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-debuginfo-1.7.7-29.el6_1.2.x86_64.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.i686.rpm xorg-x11-server-devel-1.7.7-29.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4818.html https://www.redhat.com/security/data/cve/CVE-2010-4819.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOje7MXlSAg2UNWIIRAgx3AJ9Smw1YIiB9qy+Soz4wobm6yn3LMACgkXft 2spOeIdB5agTeuc/cKV6r3g= =/2SE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 6 18:10:04 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Oct 2011 18:10:04 +0000 Subject: [RHSA-2011:1360-01] Moderate: xorg-x11 security update Message-ID: <201110061810.p96IA4xw029030@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xorg-x11 security update Advisory ID: RHSA-2011:1360-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1360.html Issue date: 2011-10-06 CVE Names: CVE-2010-4818 CVE-2010-4819 ===================================================================== 1. Summary: Updated xorg-x11 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Users of xorg-x11 should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 740954 - CVE-2010-4818 X.org: multiple GLX input sanitization flaws 740961 - CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xorg-x11-6.8.2-1.EL.70.src.rpm i386: xorg-x11-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.70.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-doc-6.8.2-1.EL.70.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-sdk-6.8.2-1.EL.70.i386.rpm xorg-x11-tools-6.8.2-1.EL.70.i386.rpm xorg-x11-twm-6.8.2-1.EL.70.i386.rpm xorg-x11-xauth-6.8.2-1.EL.70.i386.rpm xorg-x11-xdm-6.8.2-1.EL.70.i386.rpm xorg-x11-xfs-6.8.2-1.EL.70.i386.rpm ia64: xorg-x11-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-doc-6.8.2-1.EL.70.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.ia64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.70.ia64.rpm xorg-x11-tools-6.8.2-1.EL.70.ia64.rpm xorg-x11-twm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.70.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.70.ia64.rpm ppc: xorg-x11-6.8.2-1.EL.70.ppc.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.ppc.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.ppc64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.ppc.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.ppc64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.ppc.rpm xorg-x11-Xnest-6.8.2-1.EL.70.ppc.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.ppc.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.ppc.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.ppc64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.ppc.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.ppc64.rpm xorg-x11-devel-6.8.2-1.EL.70.ppc.rpm xorg-x11-devel-6.8.2-1.EL.70.ppc64.rpm xorg-x11-doc-6.8.2-1.EL.70.ppc.rpm xorg-x11-font-utils-6.8.2-1.EL.70.ppc.rpm xorg-x11-libs-6.8.2-1.EL.70.ppc.rpm xorg-x11-libs-6.8.2-1.EL.70.ppc64.rpm xorg-x11-sdk-6.8.2-1.EL.70.ppc.rpm xorg-x11-tools-6.8.2-1.EL.70.ppc.rpm xorg-x11-twm-6.8.2-1.EL.70.ppc.rpm xorg-x11-xauth-6.8.2-1.EL.70.ppc.rpm xorg-x11-xdm-6.8.2-1.EL.70.ppc.rpm xorg-x11-xfs-6.8.2-1.EL.70.ppc.rpm s390: xorg-x11-6.8.2-1.EL.70.s390.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.s390.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.s390.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.s390.rpm xorg-x11-Xnest-6.8.2-1.EL.70.s390.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.s390.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.s390.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.s390.rpm xorg-x11-devel-6.8.2-1.EL.70.s390.rpm xorg-x11-font-utils-6.8.2-1.EL.70.s390.rpm xorg-x11-libs-6.8.2-1.EL.70.s390.rpm xorg-x11-tools-6.8.2-1.EL.70.s390.rpm xorg-x11-twm-6.8.2-1.EL.70.s390.rpm xorg-x11-xauth-6.8.2-1.EL.70.s390.rpm xorg-x11-xdm-6.8.2-1.EL.70.s390.rpm xorg-x11-xfs-6.8.2-1.EL.70.s390.rpm s390x: xorg-x11-6.8.2-1.EL.70.s390x.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.s390.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.s390x.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.s390.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.s390x.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.s390x.rpm xorg-x11-Xnest-6.8.2-1.EL.70.s390x.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.s390x.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.s390.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.s390x.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.s390.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.s390x.rpm xorg-x11-devel-6.8.2-1.EL.70.s390.rpm xorg-x11-devel-6.8.2-1.EL.70.s390x.rpm xorg-x11-font-utils-6.8.2-1.EL.70.s390x.rpm xorg-x11-libs-6.8.2-1.EL.70.s390.rpm xorg-x11-libs-6.8.2-1.EL.70.s390x.rpm xorg-x11-tools-6.8.2-1.EL.70.s390x.rpm xorg-x11-twm-6.8.2-1.EL.70.s390x.rpm xorg-x11-xauth-6.8.2-1.EL.70.s390x.rpm xorg-x11-xdm-6.8.2-1.EL.70.s390x.rpm xorg-x11-xfs-6.8.2-1.EL.70.s390x.rpm x86_64: xorg-x11-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.70.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.70.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.70.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.70.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xorg-x11-6.8.2-1.EL.70.src.rpm i386: xorg-x11-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.70.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-doc-6.8.2-1.EL.70.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-sdk-6.8.2-1.EL.70.i386.rpm xorg-x11-tools-6.8.2-1.EL.70.i386.rpm xorg-x11-twm-6.8.2-1.EL.70.i386.rpm xorg-x11-xauth-6.8.2-1.EL.70.i386.rpm xorg-x11-xdm-6.8.2-1.EL.70.i386.rpm xorg-x11-xfs-6.8.2-1.EL.70.i386.rpm x86_64: xorg-x11-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.70.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.70.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.70.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.70.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xorg-x11-6.8.2-1.EL.70.src.rpm i386: xorg-x11-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.70.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-doc-6.8.2-1.EL.70.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-sdk-6.8.2-1.EL.70.i386.rpm xorg-x11-tools-6.8.2-1.EL.70.i386.rpm xorg-x11-twm-6.8.2-1.EL.70.i386.rpm xorg-x11-xauth-6.8.2-1.EL.70.i386.rpm xorg-x11-xdm-6.8.2-1.EL.70.i386.rpm xorg-x11-xfs-6.8.2-1.EL.70.i386.rpm ia64: xorg-x11-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-doc-6.8.2-1.EL.70.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.ia64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.70.ia64.rpm xorg-x11-tools-6.8.2-1.EL.70.ia64.rpm xorg-x11-twm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.70.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.70.ia64.rpm x86_64: xorg-x11-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.70.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.70.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.70.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.70.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xorg-x11-6.8.2-1.EL.70.src.rpm i386: xorg-x11-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.i386.rpm xorg-x11-Xnest-6.8.2-1.EL.70.i386.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-doc-6.8.2-1.EL.70.i386.rpm xorg-x11-font-utils-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-sdk-6.8.2-1.EL.70.i386.rpm xorg-x11-tools-6.8.2-1.EL.70.i386.rpm xorg-x11-twm-6.8.2-1.EL.70.i386.rpm xorg-x11-xauth-6.8.2-1.EL.70.i386.rpm xorg-x11-xdm-6.8.2-1.EL.70.i386.rpm xorg-x11-xfs-6.8.2-1.EL.70.i386.rpm ia64: xorg-x11-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.ia64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.ia64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-devel-6.8.2-1.EL.70.ia64.rpm xorg-x11-doc-6.8.2-1.EL.70.ia64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.ia64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.ia64.rpm xorg-x11-sdk-6.8.2-1.EL.70.ia64.rpm xorg-x11-tools-6.8.2-1.EL.70.ia64.rpm xorg-x11-twm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xauth-6.8.2-1.EL.70.ia64.rpm xorg-x11-xdm-6.8.2-1.EL.70.ia64.rpm xorg-x11-xfs-6.8.2-1.EL.70.ia64.rpm x86_64: xorg-x11-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGL-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.i386.rpm xorg-x11-Mesa-libGLU-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xdmx-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xnest-6.8.2-1.EL.70.x86_64.rpm xorg-x11-Xvfb-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-deprecated-libs-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-devel-6.8.2-1.EL.70.i386.rpm xorg-x11-devel-6.8.2-1.EL.70.x86_64.rpm xorg-x11-doc-6.8.2-1.EL.70.x86_64.rpm xorg-x11-font-utils-6.8.2-1.EL.70.x86_64.rpm xorg-x11-libs-6.8.2-1.EL.70.i386.rpm xorg-x11-libs-6.8.2-1.EL.70.x86_64.rpm xorg-x11-sdk-6.8.2-1.EL.70.x86_64.rpm xorg-x11-tools-6.8.2-1.EL.70.x86_64.rpm xorg-x11-twm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xauth-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xdm-6.8.2-1.EL.70.x86_64.rpm xorg-x11-xfs-6.8.2-1.EL.70.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4818.html https://www.redhat.com/security/data/cve/CVE-2010-4819.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOje7sXlSAg2UNWIIRAl+aAKDA78G4AxS3PKYoOYelYm7UUi4RSACgwx9z rqzl6PR5DN+wpy/lLhgVtjQ= =LxkM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 11 16:50:32 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Oct 2011 16:50:32 +0000 Subject: [RHSA-2011:1364-01] Moderate: kdelibs security and enhancement update Message-ID: <201110111650.p9BGoWSu004204@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kdelibs security and enhancement update Advisory ID: RHSA-2011:1364-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1364.html Issue date: 2011-10-11 CVE Names: CVE-2011-3365 ===================================================================== 1. Summary: Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kdelibs packages provide libraries for the K Desktop Environment (KDE). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365) This update also adds the following enhancement: * kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951) Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 743054 - CVE-2011-3365 kdelibs: input validation failure in KSSL 743951 - kdelibs: use ca-certificates' ca-bundle.crt [rhel-6] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kdelibs-4.3.4-11.el6_1.4.src.rpm i386: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-common-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm x86_64: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-common-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kdelibs-4.3.4-11.el6_1.4.src.rpm i386: kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm noarch: kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm x86_64: kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kdelibs-4.3.4-11.el6_1.4.src.rpm noarch: kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm x86_64: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-common-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kdelibs-4.3.4-11.el6_1.4.src.rpm i386: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-common-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm noarch: kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm ppc64: kdelibs-4.3.4-11.el6_1.4.ppc.rpm kdelibs-4.3.4-11.el6_1.4.ppc64.rpm kdelibs-common-4.3.4-11.el6_1.4.ppc64.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.ppc.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.ppc64.rpm kdelibs-devel-4.3.4-11.el6_1.4.ppc.rpm kdelibs-devel-4.3.4-11.el6_1.4.ppc64.rpm s390x: kdelibs-4.3.4-11.el6_1.4.s390.rpm kdelibs-4.3.4-11.el6_1.4.s390x.rpm kdelibs-common-4.3.4-11.el6_1.4.s390x.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.s390.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.s390x.rpm kdelibs-devel-4.3.4-11.el6_1.4.s390.rpm kdelibs-devel-4.3.4-11.el6_1.4.s390x.rpm x86_64: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-common-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kdelibs-4.3.4-11.el6_1.4.src.rpm i386: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-common-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm noarch: kdelibs-apidocs-4.3.4-11.el6_1.4.noarch.rpm x86_64: kdelibs-4.3.4-11.el6_1.4.i686.rpm kdelibs-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-common-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.i686.rpm kdelibs-debuginfo-4.3.4-11.el6_1.4.x86_64.rpm kdelibs-devel-4.3.4-11.el6_1.4.i686.rpm kdelibs-devel-4.3.4-11.el6_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3365.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOlHOzXlSAg2UNWIIRAtlUAJ98njAqeaErjAUYcL01LV2FQocTvwCfSpGK zI1u7tPUbFt+hfuAcH3c7GU= =5k5X -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 13 19:45:30 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Oct 2011 19:45:30 +0000 Subject: [RHSA-2011:1369-01] Important: httpd security update Message-ID: <201110131945.p9DJjU2Z003277@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2011:1369-01 Product: Red Hat Application Stack Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1369.html Issue date: 2011-10-13 CVE Names: CVE-2011-3192 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue are now available for Red Hat Application Stack v2. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Description: The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 732928 - CVE-2011-3192 httpd: multiple ranges DoS 6. Package List: Red Hat Application Stack v2 for Enterprise Linux (v.5): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/httpd-2.2.13-3.el5s2.src.rpm i386: httpd-2.2.13-3.el5s2.i386.rpm httpd-debuginfo-2.2.13-3.el5s2.i386.rpm httpd-devel-2.2.13-3.el5s2.i386.rpm httpd-manual-2.2.13-3.el5s2.i386.rpm mod_ssl-2.2.13-3.el5s2.i386.rpm x86_64: httpd-2.2.13-3.el5s2.x86_64.rpm httpd-debuginfo-2.2.13-3.el5s2.i386.rpm httpd-debuginfo-2.2.13-3.el5s2.x86_64.rpm httpd-devel-2.2.13-3.el5s2.i386.rpm httpd-devel-2.2.13-3.el5s2.x86_64.rpm httpd-manual-2.2.13-3.el5s2.x86_64.rpm mod_ssl-2.2.13-3.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOlz++XlSAg2UNWIIRAneZAKCLnpQtiZ0wHRg1bEYHGCCaOQxQPwCeLNCT IGqkF+cnmWWKJQBS8hbc/Vo= =yruE -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 14 03:34:30 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 14 Oct 2011 03:34:30 +0000 Subject: [RHSA-2011:1371-01] Moderate: pidgin security update Message-ID: <201110140334.p9E3YVww017993@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2011:1371-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1371.html Issue date: 2011-10-13 CVE Names: CVE-2011-1091 CVE-2011-3594 ===================================================================== 1. Summary: Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-3594) Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. (CVE-2011-1091) Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091. Upstream acknowledges Marius Wachtler as the original reporter of CVE-2011-1091. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 683031 - CVE-2011-1091 Pidgin: Multiple NULL pointer dereference flaws in Yahoo protocol plug-in 743481 - CVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pidgin-2.6.6-7.el4.src.rpm i386: finch-2.6.6-7.el4.i386.rpm finch-devel-2.6.6-7.el4.i386.rpm libpurple-2.6.6-7.el4.i386.rpm libpurple-devel-2.6.6-7.el4.i386.rpm libpurple-perl-2.6.6-7.el4.i386.rpm libpurple-tcl-2.6.6-7.el4.i386.rpm pidgin-2.6.6-7.el4.i386.rpm pidgin-debuginfo-2.6.6-7.el4.i386.rpm pidgin-devel-2.6.6-7.el4.i386.rpm pidgin-perl-2.6.6-7.el4.i386.rpm ia64: finch-2.6.6-7.el4.ia64.rpm finch-devel-2.6.6-7.el4.ia64.rpm libpurple-2.6.6-7.el4.ia64.rpm libpurple-devel-2.6.6-7.el4.ia64.rpm libpurple-perl-2.6.6-7.el4.ia64.rpm libpurple-tcl-2.6.6-7.el4.ia64.rpm pidgin-2.6.6-7.el4.ia64.rpm pidgin-debuginfo-2.6.6-7.el4.ia64.rpm pidgin-devel-2.6.6-7.el4.ia64.rpm pidgin-perl-2.6.6-7.el4.ia64.rpm ppc: finch-2.6.6-7.el4.ppc.rpm finch-devel-2.6.6-7.el4.ppc.rpm libpurple-2.6.6-7.el4.ppc.rpm libpurple-devel-2.6.6-7.el4.ppc.rpm libpurple-perl-2.6.6-7.el4.ppc.rpm libpurple-tcl-2.6.6-7.el4.ppc.rpm pidgin-2.6.6-7.el4.ppc.rpm pidgin-debuginfo-2.6.6-7.el4.ppc.rpm pidgin-devel-2.6.6-7.el4.ppc.rpm pidgin-perl-2.6.6-7.el4.ppc.rpm x86_64: finch-2.6.6-7.el4.x86_64.rpm finch-devel-2.6.6-7.el4.x86_64.rpm libpurple-2.6.6-7.el4.x86_64.rpm libpurple-devel-2.6.6-7.el4.x86_64.rpm libpurple-perl-2.6.6-7.el4.x86_64.rpm libpurple-tcl-2.6.6-7.el4.x86_64.rpm pidgin-2.6.6-7.el4.x86_64.rpm pidgin-debuginfo-2.6.6-7.el4.x86_64.rpm pidgin-devel-2.6.6-7.el4.x86_64.rpm pidgin-perl-2.6.6-7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pidgin-2.6.6-7.el4.src.rpm i386: finch-2.6.6-7.el4.i386.rpm finch-devel-2.6.6-7.el4.i386.rpm libpurple-2.6.6-7.el4.i386.rpm libpurple-devel-2.6.6-7.el4.i386.rpm libpurple-perl-2.6.6-7.el4.i386.rpm libpurple-tcl-2.6.6-7.el4.i386.rpm pidgin-2.6.6-7.el4.i386.rpm pidgin-debuginfo-2.6.6-7.el4.i386.rpm pidgin-devel-2.6.6-7.el4.i386.rpm pidgin-perl-2.6.6-7.el4.i386.rpm x86_64: finch-2.6.6-7.el4.x86_64.rpm finch-devel-2.6.6-7.el4.x86_64.rpm libpurple-2.6.6-7.el4.x86_64.rpm libpurple-devel-2.6.6-7.el4.x86_64.rpm libpurple-perl-2.6.6-7.el4.x86_64.rpm libpurple-tcl-2.6.6-7.el4.x86_64.rpm pidgin-2.6.6-7.el4.x86_64.rpm pidgin-debuginfo-2.6.6-7.el4.x86_64.rpm pidgin-devel-2.6.6-7.el4.x86_64.rpm pidgin-perl-2.6.6-7.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pidgin-2.6.6-7.el4.src.rpm i386: finch-2.6.6-7.el4.i386.rpm finch-devel-2.6.6-7.el4.i386.rpm libpurple-2.6.6-7.el4.i386.rpm libpurple-devel-2.6.6-7.el4.i386.rpm libpurple-perl-2.6.6-7.el4.i386.rpm libpurple-tcl-2.6.6-7.el4.i386.rpm pidgin-2.6.6-7.el4.i386.rpm pidgin-debuginfo-2.6.6-7.el4.i386.rpm pidgin-devel-2.6.6-7.el4.i386.rpm pidgin-perl-2.6.6-7.el4.i386.rpm ia64: finch-2.6.6-7.el4.ia64.rpm finch-devel-2.6.6-7.el4.ia64.rpm libpurple-2.6.6-7.el4.ia64.rpm libpurple-devel-2.6.6-7.el4.ia64.rpm libpurple-perl-2.6.6-7.el4.ia64.rpm libpurple-tcl-2.6.6-7.el4.ia64.rpm pidgin-2.6.6-7.el4.ia64.rpm pidgin-debuginfo-2.6.6-7.el4.ia64.rpm pidgin-devel-2.6.6-7.el4.ia64.rpm pidgin-perl-2.6.6-7.el4.ia64.rpm x86_64: finch-2.6.6-7.el4.x86_64.rpm finch-devel-2.6.6-7.el4.x86_64.rpm libpurple-2.6.6-7.el4.x86_64.rpm libpurple-devel-2.6.6-7.el4.x86_64.rpm libpurple-perl-2.6.6-7.el4.x86_64.rpm libpurple-tcl-2.6.6-7.el4.x86_64.rpm pidgin-2.6.6-7.el4.x86_64.rpm pidgin-debuginfo-2.6.6-7.el4.x86_64.rpm pidgin-devel-2.6.6-7.el4.x86_64.rpm pidgin-perl-2.6.6-7.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pidgin-2.6.6-7.el4.src.rpm i386: finch-2.6.6-7.el4.i386.rpm finch-devel-2.6.6-7.el4.i386.rpm libpurple-2.6.6-7.el4.i386.rpm libpurple-devel-2.6.6-7.el4.i386.rpm libpurple-perl-2.6.6-7.el4.i386.rpm libpurple-tcl-2.6.6-7.el4.i386.rpm pidgin-2.6.6-7.el4.i386.rpm pidgin-debuginfo-2.6.6-7.el4.i386.rpm pidgin-devel-2.6.6-7.el4.i386.rpm pidgin-perl-2.6.6-7.el4.i386.rpm ia64: finch-2.6.6-7.el4.ia64.rpm finch-devel-2.6.6-7.el4.ia64.rpm libpurple-2.6.6-7.el4.ia64.rpm libpurple-devel-2.6.6-7.el4.ia64.rpm libpurple-perl-2.6.6-7.el4.ia64.rpm libpurple-tcl-2.6.6-7.el4.ia64.rpm pidgin-2.6.6-7.el4.ia64.rpm pidgin-debuginfo-2.6.6-7.el4.ia64.rpm pidgin-devel-2.6.6-7.el4.ia64.rpm pidgin-perl-2.6.6-7.el4.ia64.rpm x86_64: finch-2.6.6-7.el4.x86_64.rpm finch-devel-2.6.6-7.el4.x86_64.rpm libpurple-2.6.6-7.el4.x86_64.rpm libpurple-devel-2.6.6-7.el4.x86_64.rpm libpurple-perl-2.6.6-7.el4.x86_64.rpm libpurple-tcl-2.6.6-7.el4.x86_64.rpm pidgin-2.6.6-7.el4.x86_64.rpm pidgin-debuginfo-2.6.6-7.el4.x86_64.rpm pidgin-devel-2.6.6-7.el4.x86_64.rpm pidgin-perl-2.6.6-7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-5.el5_7.1.src.rpm i386: finch-2.6.6-5.el5_7.1.i386.rpm libpurple-2.6.6-5.el5_7.1.i386.rpm libpurple-perl-2.6.6-5.el5_7.1.i386.rpm libpurple-tcl-2.6.6-5.el5_7.1.i386.rpm pidgin-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-perl-2.6.6-5.el5_7.1.i386.rpm x86_64: finch-2.6.6-5.el5_7.1.i386.rpm finch-2.6.6-5.el5_7.1.x86_64.rpm libpurple-2.6.6-5.el5_7.1.i386.rpm libpurple-2.6.6-5.el5_7.1.x86_64.rpm libpurple-perl-2.6.6-5.el5_7.1.x86_64.rpm libpurple-tcl-2.6.6-5.el5_7.1.x86_64.rpm pidgin-2.6.6-5.el5_7.1.i386.rpm pidgin-2.6.6-5.el5_7.1.x86_64.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.x86_64.rpm pidgin-perl-2.6.6-5.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-5.el5_7.1.src.rpm i386: finch-devel-2.6.6-5.el5_7.1.i386.rpm libpurple-devel-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-devel-2.6.6-5.el5_7.1.i386.rpm x86_64: finch-devel-2.6.6-5.el5_7.1.i386.rpm finch-devel-2.6.6-5.el5_7.1.x86_64.rpm libpurple-devel-2.6.6-5.el5_7.1.i386.rpm libpurple-devel-2.6.6-5.el5_7.1.x86_64.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.x86_64.rpm pidgin-devel-2.6.6-5.el5_7.1.i386.rpm pidgin-devel-2.6.6-5.el5_7.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.6-5.el5_7.1.src.rpm i386: finch-2.6.6-5.el5_7.1.i386.rpm finch-devel-2.6.6-5.el5_7.1.i386.rpm libpurple-2.6.6-5.el5_7.1.i386.rpm libpurple-devel-2.6.6-5.el5_7.1.i386.rpm libpurple-perl-2.6.6-5.el5_7.1.i386.rpm libpurple-tcl-2.6.6-5.el5_7.1.i386.rpm pidgin-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-devel-2.6.6-5.el5_7.1.i386.rpm pidgin-perl-2.6.6-5.el5_7.1.i386.rpm x86_64: finch-2.6.6-5.el5_7.1.i386.rpm finch-2.6.6-5.el5_7.1.x86_64.rpm finch-devel-2.6.6-5.el5_7.1.i386.rpm finch-devel-2.6.6-5.el5_7.1.x86_64.rpm libpurple-2.6.6-5.el5_7.1.i386.rpm libpurple-2.6.6-5.el5_7.1.x86_64.rpm libpurple-devel-2.6.6-5.el5_7.1.i386.rpm libpurple-devel-2.6.6-5.el5_7.1.x86_64.rpm libpurple-perl-2.6.6-5.el5_7.1.x86_64.rpm libpurple-tcl-2.6.6-5.el5_7.1.x86_64.rpm pidgin-2.6.6-5.el5_7.1.i386.rpm pidgin-2.6.6-5.el5_7.1.x86_64.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.i386.rpm pidgin-debuginfo-2.6.6-5.el5_7.1.x86_64.rpm pidgin-devel-2.6.6-5.el5_7.1.i386.rpm pidgin-devel-2.6.6-5.el5_7.1.x86_64.rpm pidgin-perl-2.6.6-5.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1091.html https://www.redhat.com/security/data/cve/CVE-2011-3594.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOl621XlSAg2UNWIIRAiRbAJ0SKGk3U93Porsqli8ILlp5l7TSgQCfZeWh ThOwsEC7d0F0vQAwqE32fKg= =13gE -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 17 22:00:55 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Oct 2011 22:00:55 +0000 Subject: [RHSA-2011:1377-01] Moderate: postgresql security update Message-ID: <201110172200.p9HM0tss005039@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2011:1377-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1377.html Issue date: 2011-10-17 CVE Names: CVE-2011-2483 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to "$2x$". For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 715025 - CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm i386: postgresql-7.4.30-3.el4.i386.rpm postgresql-contrib-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-devel-7.4.30-3.el4.i386.rpm postgresql-docs-7.4.30-3.el4.i386.rpm postgresql-jdbc-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-pl-7.4.30-3.el4.i386.rpm postgresql-python-7.4.30-3.el4.i386.rpm postgresql-server-7.4.30-3.el4.i386.rpm postgresql-tcl-7.4.30-3.el4.i386.rpm postgresql-test-7.4.30-3.el4.i386.rpm ia64: postgresql-7.4.30-3.el4.ia64.rpm postgresql-contrib-7.4.30-3.el4.ia64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.ia64.rpm postgresql-devel-7.4.30-3.el4.ia64.rpm postgresql-docs-7.4.30-3.el4.ia64.rpm postgresql-jdbc-7.4.30-3.el4.ia64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.ia64.rpm postgresql-pl-7.4.30-3.el4.ia64.rpm postgresql-python-7.4.30-3.el4.ia64.rpm postgresql-server-7.4.30-3.el4.ia64.rpm postgresql-tcl-7.4.30-3.el4.ia64.rpm postgresql-test-7.4.30-3.el4.ia64.rpm ppc: postgresql-7.4.30-3.el4.ppc.rpm postgresql-contrib-7.4.30-3.el4.ppc.rpm postgresql-debuginfo-7.4.30-3.el4.ppc.rpm postgresql-debuginfo-7.4.30-3.el4.ppc64.rpm postgresql-devel-7.4.30-3.el4.ppc.rpm postgresql-docs-7.4.30-3.el4.ppc.rpm postgresql-jdbc-7.4.30-3.el4.ppc.rpm postgresql-libs-7.4.30-3.el4.ppc.rpm postgresql-libs-7.4.30-3.el4.ppc64.rpm postgresql-pl-7.4.30-3.el4.ppc.rpm postgresql-python-7.4.30-3.el4.ppc.rpm postgresql-server-7.4.30-3.el4.ppc.rpm postgresql-tcl-7.4.30-3.el4.ppc.rpm postgresql-test-7.4.30-3.el4.ppc.rpm s390: postgresql-7.4.30-3.el4.s390.rpm postgresql-contrib-7.4.30-3.el4.s390.rpm postgresql-debuginfo-7.4.30-3.el4.s390.rpm postgresql-devel-7.4.30-3.el4.s390.rpm postgresql-docs-7.4.30-3.el4.s390.rpm postgresql-jdbc-7.4.30-3.el4.s390.rpm postgresql-libs-7.4.30-3.el4.s390.rpm postgresql-pl-7.4.30-3.el4.s390.rpm postgresql-python-7.4.30-3.el4.s390.rpm postgresql-server-7.4.30-3.el4.s390.rpm postgresql-tcl-7.4.30-3.el4.s390.rpm postgresql-test-7.4.30-3.el4.s390.rpm s390x: postgresql-7.4.30-3.el4.s390x.rpm postgresql-contrib-7.4.30-3.el4.s390x.rpm postgresql-debuginfo-7.4.30-3.el4.s390.rpm postgresql-debuginfo-7.4.30-3.el4.s390x.rpm postgresql-devel-7.4.30-3.el4.s390x.rpm postgresql-docs-7.4.30-3.el4.s390x.rpm postgresql-jdbc-7.4.30-3.el4.s390x.rpm postgresql-libs-7.4.30-3.el4.s390.rpm postgresql-libs-7.4.30-3.el4.s390x.rpm postgresql-pl-7.4.30-3.el4.s390x.rpm postgresql-python-7.4.30-3.el4.s390x.rpm postgresql-server-7.4.30-3.el4.s390x.rpm postgresql-tcl-7.4.30-3.el4.s390x.rpm postgresql-test-7.4.30-3.el4.s390x.rpm x86_64: postgresql-7.4.30-3.el4.x86_64.rpm postgresql-contrib-7.4.30-3.el4.x86_64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm postgresql-devel-7.4.30-3.el4.x86_64.rpm postgresql-docs-7.4.30-3.el4.x86_64.rpm postgresql-jdbc-7.4.30-3.el4.x86_64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.x86_64.rpm postgresql-pl-7.4.30-3.el4.x86_64.rpm postgresql-python-7.4.30-3.el4.x86_64.rpm postgresql-server-7.4.30-3.el4.x86_64.rpm postgresql-tcl-7.4.30-3.el4.x86_64.rpm postgresql-test-7.4.30-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm i386: postgresql-7.4.30-3.el4.i386.rpm postgresql-contrib-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-devel-7.4.30-3.el4.i386.rpm postgresql-docs-7.4.30-3.el4.i386.rpm postgresql-jdbc-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-pl-7.4.30-3.el4.i386.rpm postgresql-python-7.4.30-3.el4.i386.rpm postgresql-server-7.4.30-3.el4.i386.rpm postgresql-tcl-7.4.30-3.el4.i386.rpm postgresql-test-7.4.30-3.el4.i386.rpm x86_64: postgresql-7.4.30-3.el4.x86_64.rpm postgresql-contrib-7.4.30-3.el4.x86_64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm postgresql-devel-7.4.30-3.el4.x86_64.rpm postgresql-docs-7.4.30-3.el4.x86_64.rpm postgresql-jdbc-7.4.30-3.el4.x86_64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.x86_64.rpm postgresql-pl-7.4.30-3.el4.x86_64.rpm postgresql-python-7.4.30-3.el4.x86_64.rpm postgresql-server-7.4.30-3.el4.x86_64.rpm postgresql-tcl-7.4.30-3.el4.x86_64.rpm postgresql-test-7.4.30-3.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm i386: postgresql-7.4.30-3.el4.i386.rpm postgresql-contrib-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-devel-7.4.30-3.el4.i386.rpm postgresql-docs-7.4.30-3.el4.i386.rpm postgresql-jdbc-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-pl-7.4.30-3.el4.i386.rpm postgresql-python-7.4.30-3.el4.i386.rpm postgresql-server-7.4.30-3.el4.i386.rpm postgresql-tcl-7.4.30-3.el4.i386.rpm postgresql-test-7.4.30-3.el4.i386.rpm ia64: postgresql-7.4.30-3.el4.ia64.rpm postgresql-contrib-7.4.30-3.el4.ia64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.ia64.rpm postgresql-devel-7.4.30-3.el4.ia64.rpm postgresql-docs-7.4.30-3.el4.ia64.rpm postgresql-jdbc-7.4.30-3.el4.ia64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.ia64.rpm postgresql-pl-7.4.30-3.el4.ia64.rpm postgresql-python-7.4.30-3.el4.ia64.rpm postgresql-server-7.4.30-3.el4.ia64.rpm postgresql-tcl-7.4.30-3.el4.ia64.rpm postgresql-test-7.4.30-3.el4.ia64.rpm x86_64: postgresql-7.4.30-3.el4.x86_64.rpm postgresql-contrib-7.4.30-3.el4.x86_64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm postgresql-devel-7.4.30-3.el4.x86_64.rpm postgresql-docs-7.4.30-3.el4.x86_64.rpm postgresql-jdbc-7.4.30-3.el4.x86_64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.x86_64.rpm postgresql-pl-7.4.30-3.el4.x86_64.rpm postgresql-python-7.4.30-3.el4.x86_64.rpm postgresql-server-7.4.30-3.el4.x86_64.rpm postgresql-tcl-7.4.30-3.el4.x86_64.rpm postgresql-test-7.4.30-3.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.30-3.el4.src.rpm i386: postgresql-7.4.30-3.el4.i386.rpm postgresql-contrib-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-devel-7.4.30-3.el4.i386.rpm postgresql-docs-7.4.30-3.el4.i386.rpm postgresql-jdbc-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-pl-7.4.30-3.el4.i386.rpm postgresql-python-7.4.30-3.el4.i386.rpm postgresql-server-7.4.30-3.el4.i386.rpm postgresql-tcl-7.4.30-3.el4.i386.rpm postgresql-test-7.4.30-3.el4.i386.rpm ia64: postgresql-7.4.30-3.el4.ia64.rpm postgresql-contrib-7.4.30-3.el4.ia64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.ia64.rpm postgresql-devel-7.4.30-3.el4.ia64.rpm postgresql-docs-7.4.30-3.el4.ia64.rpm postgresql-jdbc-7.4.30-3.el4.ia64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.ia64.rpm postgresql-pl-7.4.30-3.el4.ia64.rpm postgresql-python-7.4.30-3.el4.ia64.rpm postgresql-server-7.4.30-3.el4.ia64.rpm postgresql-tcl-7.4.30-3.el4.ia64.rpm postgresql-test-7.4.30-3.el4.ia64.rpm x86_64: postgresql-7.4.30-3.el4.x86_64.rpm postgresql-contrib-7.4.30-3.el4.x86_64.rpm postgresql-debuginfo-7.4.30-3.el4.i386.rpm postgresql-debuginfo-7.4.30-3.el4.x86_64.rpm postgresql-devel-7.4.30-3.el4.x86_64.rpm postgresql-docs-7.4.30-3.el4.x86_64.rpm postgresql-jdbc-7.4.30-3.el4.x86_64.rpm postgresql-libs-7.4.30-3.el4.i386.rpm postgresql-libs-7.4.30-3.el4.x86_64.rpm postgresql-pl-7.4.30-3.el4.x86_64.rpm postgresql-python-7.4.30-3.el4.x86_64.rpm postgresql-server-7.4.30-3.el4.x86_64.rpm postgresql-tcl-7.4.30-3.el4.x86_64.rpm postgresql-test-7.4.30-3.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm i386: postgresql-8.1.23-1.el5_7.2.i386.rpm postgresql-contrib-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-docs-8.1.23-1.el5_7.2.i386.rpm postgresql-libs-8.1.23-1.el5_7.2.i386.rpm postgresql-python-8.1.23-1.el5_7.2.i386.rpm postgresql-tcl-8.1.23-1.el5_7.2.i386.rpm x86_64: postgresql-8.1.23-1.el5_7.2.x86_64.rpm postgresql-contrib-8.1.23-1.el5_7.2.x86_64.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm postgresql-docs-8.1.23-1.el5_7.2.x86_64.rpm postgresql-libs-8.1.23-1.el5_7.2.i386.rpm postgresql-libs-8.1.23-1.el5_7.2.x86_64.rpm postgresql-python-8.1.23-1.el5_7.2.x86_64.rpm postgresql-tcl-8.1.23-1.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm i386: postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-devel-8.1.23-1.el5_7.2.i386.rpm postgresql-pl-8.1.23-1.el5_7.2.i386.rpm postgresql-server-8.1.23-1.el5_7.2.i386.rpm postgresql-test-8.1.23-1.el5_7.2.i386.rpm x86_64: postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm postgresql-devel-8.1.23-1.el5_7.2.i386.rpm postgresql-devel-8.1.23-1.el5_7.2.x86_64.rpm postgresql-pl-8.1.23-1.el5_7.2.x86_64.rpm postgresql-server-8.1.23-1.el5_7.2.x86_64.rpm postgresql-test-8.1.23-1.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-1.el5_7.2.src.rpm i386: postgresql-8.1.23-1.el5_7.2.i386.rpm postgresql-contrib-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-devel-8.1.23-1.el5_7.2.i386.rpm postgresql-docs-8.1.23-1.el5_7.2.i386.rpm postgresql-libs-8.1.23-1.el5_7.2.i386.rpm postgresql-pl-8.1.23-1.el5_7.2.i386.rpm postgresql-python-8.1.23-1.el5_7.2.i386.rpm postgresql-server-8.1.23-1.el5_7.2.i386.rpm postgresql-tcl-8.1.23-1.el5_7.2.i386.rpm postgresql-test-8.1.23-1.el5_7.2.i386.rpm ia64: postgresql-8.1.23-1.el5_7.2.ia64.rpm postgresql-contrib-8.1.23-1.el5_7.2.ia64.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.ia64.rpm postgresql-devel-8.1.23-1.el5_7.2.ia64.rpm postgresql-docs-8.1.23-1.el5_7.2.ia64.rpm postgresql-libs-8.1.23-1.el5_7.2.i386.rpm postgresql-libs-8.1.23-1.el5_7.2.ia64.rpm postgresql-pl-8.1.23-1.el5_7.2.ia64.rpm postgresql-python-8.1.23-1.el5_7.2.ia64.rpm postgresql-server-8.1.23-1.el5_7.2.ia64.rpm postgresql-tcl-8.1.23-1.el5_7.2.ia64.rpm postgresql-test-8.1.23-1.el5_7.2.ia64.rpm ppc: postgresql-8.1.23-1.el5_7.2.ppc.rpm postgresql-8.1.23-1.el5_7.2.ppc64.rpm postgresql-contrib-8.1.23-1.el5_7.2.ppc.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.ppc.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.ppc64.rpm postgresql-devel-8.1.23-1.el5_7.2.ppc.rpm postgresql-devel-8.1.23-1.el5_7.2.ppc64.rpm postgresql-docs-8.1.23-1.el5_7.2.ppc.rpm postgresql-libs-8.1.23-1.el5_7.2.ppc.rpm postgresql-libs-8.1.23-1.el5_7.2.ppc64.rpm postgresql-pl-8.1.23-1.el5_7.2.ppc.rpm postgresql-python-8.1.23-1.el5_7.2.ppc.rpm postgresql-server-8.1.23-1.el5_7.2.ppc.rpm postgresql-tcl-8.1.23-1.el5_7.2.ppc.rpm postgresql-test-8.1.23-1.el5_7.2.ppc.rpm s390x: postgresql-8.1.23-1.el5_7.2.s390x.rpm postgresql-contrib-8.1.23-1.el5_7.2.s390x.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.s390.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.s390x.rpm postgresql-devel-8.1.23-1.el5_7.2.s390.rpm postgresql-devel-8.1.23-1.el5_7.2.s390x.rpm postgresql-docs-8.1.23-1.el5_7.2.s390x.rpm postgresql-libs-8.1.23-1.el5_7.2.s390.rpm postgresql-libs-8.1.23-1.el5_7.2.s390x.rpm postgresql-pl-8.1.23-1.el5_7.2.s390x.rpm postgresql-python-8.1.23-1.el5_7.2.s390x.rpm postgresql-server-8.1.23-1.el5_7.2.s390x.rpm postgresql-tcl-8.1.23-1.el5_7.2.s390x.rpm postgresql-test-8.1.23-1.el5_7.2.s390x.rpm x86_64: postgresql-8.1.23-1.el5_7.2.x86_64.rpm postgresql-contrib-8.1.23-1.el5_7.2.x86_64.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.i386.rpm postgresql-debuginfo-8.1.23-1.el5_7.2.x86_64.rpm postgresql-devel-8.1.23-1.el5_7.2.i386.rpm postgresql-devel-8.1.23-1.el5_7.2.x86_64.rpm postgresql-docs-8.1.23-1.el5_7.2.x86_64.rpm postgresql-libs-8.1.23-1.el5_7.2.i386.rpm postgresql-libs-8.1.23-1.el5_7.2.x86_64.rpm postgresql-pl-8.1.23-1.el5_7.2.x86_64.rpm postgresql-python-8.1.23-1.el5_7.2.x86_64.rpm postgresql-server-8.1.23-1.el5_7.2.x86_64.rpm postgresql-tcl-8.1.23-1.el5_7.2.x86_64.rpm postgresql-test-8.1.23-1.el5_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm i386: postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm x86_64: postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm i386: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-docs-8.4.9-1.el6_1.1.i686.rpm postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm postgresql-server-8.4.9-1.el6_1.1.i686.rpm postgresql-test-8.4.9-1.el6_1.1.i686.rpm x86_64: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-8.4.9-1.el6_1.1.x86_64.rpm postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm x86_64: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-8.4.9-1.el6_1.1.x86_64.rpm postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm i386: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-docs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm postgresql-server-8.4.9-1.el6_1.1.i686.rpm postgresql-test-8.4.9-1.el6_1.1.i686.rpm ppc64: postgresql-8.4.9-1.el6_1.1.ppc.rpm postgresql-8.4.9-1.el6_1.1.ppc64.rpm postgresql-contrib-8.4.9-1.el6_1.1.ppc64.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.ppc.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.ppc64.rpm postgresql-devel-8.4.9-1.el6_1.1.ppc.rpm postgresql-devel-8.4.9-1.el6_1.1.ppc64.rpm postgresql-docs-8.4.9-1.el6_1.1.ppc64.rpm postgresql-libs-8.4.9-1.el6_1.1.ppc.rpm postgresql-libs-8.4.9-1.el6_1.1.ppc64.rpm postgresql-plperl-8.4.9-1.el6_1.1.ppc64.rpm postgresql-plpython-8.4.9-1.el6_1.1.ppc64.rpm postgresql-pltcl-8.4.9-1.el6_1.1.ppc64.rpm postgresql-server-8.4.9-1.el6_1.1.ppc64.rpm postgresql-test-8.4.9-1.el6_1.1.ppc64.rpm s390x: postgresql-8.4.9-1.el6_1.1.s390.rpm postgresql-8.4.9-1.el6_1.1.s390x.rpm postgresql-contrib-8.4.9-1.el6_1.1.s390x.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.s390.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.s390x.rpm postgresql-devel-8.4.9-1.el6_1.1.s390.rpm postgresql-devel-8.4.9-1.el6_1.1.s390x.rpm postgresql-docs-8.4.9-1.el6_1.1.s390x.rpm postgresql-libs-8.4.9-1.el6_1.1.s390.rpm postgresql-libs-8.4.9-1.el6_1.1.s390x.rpm postgresql-plperl-8.4.9-1.el6_1.1.s390x.rpm postgresql-plpython-8.4.9-1.el6_1.1.s390x.rpm postgresql-pltcl-8.4.9-1.el6_1.1.s390x.rpm postgresql-server-8.4.9-1.el6_1.1.s390x.rpm postgresql-test-8.4.9-1.el6_1.1.s390x.rpm x86_64: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-8.4.9-1.el6_1.1.x86_64.rpm postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.9-1.el6_1.1.src.rpm i386: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-contrib-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-docs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-plperl-8.4.9-1.el6_1.1.i686.rpm postgresql-plpython-8.4.9-1.el6_1.1.i686.rpm postgresql-pltcl-8.4.9-1.el6_1.1.i686.rpm postgresql-server-8.4.9-1.el6_1.1.i686.rpm postgresql-test-8.4.9-1.el6_1.1.i686.rpm x86_64: postgresql-8.4.9-1.el6_1.1.i686.rpm postgresql-8.4.9-1.el6_1.1.x86_64.rpm postgresql-contrib-8.4.9-1.el6_1.1.x86_64.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.i686.rpm postgresql-debuginfo-8.4.9-1.el6_1.1.x86_64.rpm postgresql-devel-8.4.9-1.el6_1.1.i686.rpm postgresql-devel-8.4.9-1.el6_1.1.x86_64.rpm postgresql-docs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-libs-8.4.9-1.el6_1.1.i686.rpm postgresql-libs-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plperl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-plpython-8.4.9-1.el6_1.1.x86_64.rpm postgresql-pltcl-8.4.9-1.el6_1.1.x86_64.rpm postgresql-server-8.4.9-1.el6_1.1.x86_64.rpm postgresql-test-8.4.9-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2483.html https://access.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.4/static/release.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnKWBXlSAg2UNWIIRAqATAJsFraHvIJgu4YS2F94Y2rq27hMFhACfW8BC e0HEFqxyPgjm46XV4jx09Ow= =Tsb5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 17 22:01:31 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Oct 2011 22:01:31 +0000 Subject: [RHSA-2011:1378-01] Moderate: postgresql84 security update Message-ID: <201110172201.p9HM1Vko015688@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql84 security update Advisory ID: RHSA-2011:1378-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1378.html Issue date: 2011-10-17 CVE Names: CVE-2011-2483 ===================================================================== 1. Summary: Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to "$2x$". These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 715025 - CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.9-1.el5_7.1.src.rpm i386: postgresql84-8.4.9-1.el5_7.1.i386.rpm postgresql84-contrib-8.4.9-1.el5_7.1.i386.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-docs-8.4.9-1.el5_7.1.i386.rpm postgresql84-libs-8.4.9-1.el5_7.1.i386.rpm postgresql84-python-8.4.9-1.el5_7.1.i386.rpm postgresql84-tcl-8.4.9-1.el5_7.1.i386.rpm x86_64: postgresql84-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-contrib-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-docs-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-libs-8.4.9-1.el5_7.1.i386.rpm postgresql84-libs-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-python-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-tcl-8.4.9-1.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.9-1.el5_7.1.src.rpm i386: postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-devel-8.4.9-1.el5_7.1.i386.rpm postgresql84-plperl-8.4.9-1.el5_7.1.i386.rpm postgresql84-plpython-8.4.9-1.el5_7.1.i386.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.i386.rpm postgresql84-server-8.4.9-1.el5_7.1.i386.rpm postgresql84-test-8.4.9-1.el5_7.1.i386.rpm x86_64: postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-devel-8.4.9-1.el5_7.1.i386.rpm postgresql84-devel-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-plperl-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-plpython-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-server-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-test-8.4.9-1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql84-8.4.9-1.el5_7.1.src.rpm i386: postgresql84-8.4.9-1.el5_7.1.i386.rpm postgresql84-contrib-8.4.9-1.el5_7.1.i386.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-devel-8.4.9-1.el5_7.1.i386.rpm postgresql84-docs-8.4.9-1.el5_7.1.i386.rpm postgresql84-libs-8.4.9-1.el5_7.1.i386.rpm postgresql84-plperl-8.4.9-1.el5_7.1.i386.rpm postgresql84-plpython-8.4.9-1.el5_7.1.i386.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.i386.rpm postgresql84-python-8.4.9-1.el5_7.1.i386.rpm postgresql84-server-8.4.9-1.el5_7.1.i386.rpm postgresql84-tcl-8.4.9-1.el5_7.1.i386.rpm postgresql84-test-8.4.9-1.el5_7.1.i386.rpm ia64: postgresql84-8.4.9-1.el5_7.1.ia64.rpm postgresql84-contrib-8.4.9-1.el5_7.1.ia64.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.ia64.rpm postgresql84-devel-8.4.9-1.el5_7.1.ia64.rpm postgresql84-docs-8.4.9-1.el5_7.1.ia64.rpm postgresql84-libs-8.4.9-1.el5_7.1.ia64.rpm postgresql84-plperl-8.4.9-1.el5_7.1.ia64.rpm postgresql84-plpython-8.4.9-1.el5_7.1.ia64.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.ia64.rpm postgresql84-python-8.4.9-1.el5_7.1.ia64.rpm postgresql84-server-8.4.9-1.el5_7.1.ia64.rpm postgresql84-tcl-8.4.9-1.el5_7.1.ia64.rpm postgresql84-test-8.4.9-1.el5_7.1.ia64.rpm ppc: postgresql84-8.4.9-1.el5_7.1.ppc.rpm postgresql84-8.4.9-1.el5_7.1.ppc64.rpm postgresql84-contrib-8.4.9-1.el5_7.1.ppc.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.ppc.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.ppc64.rpm postgresql84-devel-8.4.9-1.el5_7.1.ppc.rpm postgresql84-devel-8.4.9-1.el5_7.1.ppc64.rpm postgresql84-docs-8.4.9-1.el5_7.1.ppc.rpm postgresql84-libs-8.4.9-1.el5_7.1.ppc.rpm postgresql84-libs-8.4.9-1.el5_7.1.ppc64.rpm postgresql84-plperl-8.4.9-1.el5_7.1.ppc.rpm postgresql84-plpython-8.4.9-1.el5_7.1.ppc.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.ppc.rpm postgresql84-python-8.4.9-1.el5_7.1.ppc.rpm postgresql84-server-8.4.9-1.el5_7.1.ppc.rpm postgresql84-tcl-8.4.9-1.el5_7.1.ppc.rpm postgresql84-test-8.4.9-1.el5_7.1.ppc.rpm s390x: postgresql84-8.4.9-1.el5_7.1.s390x.rpm postgresql84-contrib-8.4.9-1.el5_7.1.s390x.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.s390.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.s390x.rpm postgresql84-devel-8.4.9-1.el5_7.1.s390.rpm postgresql84-devel-8.4.9-1.el5_7.1.s390x.rpm postgresql84-docs-8.4.9-1.el5_7.1.s390x.rpm postgresql84-libs-8.4.9-1.el5_7.1.s390.rpm postgresql84-libs-8.4.9-1.el5_7.1.s390x.rpm postgresql84-plperl-8.4.9-1.el5_7.1.s390x.rpm postgresql84-plpython-8.4.9-1.el5_7.1.s390x.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.s390x.rpm postgresql84-python-8.4.9-1.el5_7.1.s390x.rpm postgresql84-server-8.4.9-1.el5_7.1.s390x.rpm postgresql84-tcl-8.4.9-1.el5_7.1.s390x.rpm postgresql84-test-8.4.9-1.el5_7.1.s390x.rpm x86_64: postgresql84-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-contrib-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.i386.rpm postgresql84-debuginfo-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-devel-8.4.9-1.el5_7.1.i386.rpm postgresql84-devel-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-docs-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-libs-8.4.9-1.el5_7.1.i386.rpm postgresql84-libs-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-plperl-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-plpython-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-pltcl-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-python-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-server-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-tcl-8.4.9-1.el5_7.1.x86_64.rpm postgresql84-test-8.4.9-1.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2483.html https://access.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.4/static/release.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnKWqXlSAg2UNWIIRAgpHAKCcGVVvUt0E7lIs9y8ItcT2IhZ25QCfXSMk fcTb/Ih6EZT/agl3cysEJeo= =sSd3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 23:21:26 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2011 23:21:26 +0000 Subject: [RHSA-2011:1379-01] Moderate: krb5 security update Message-ID: <201110182321.p9INLQh6009509@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2011:1379-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1379.html Issue date: 2011-10-18 CVE Names: CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737711 - CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm i386: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.i686.rpm krb5-workstation-1.9-9.el6_1.2.i686.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.x86_64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.x86_64.rpm krb5-workstation-1.9-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm i386: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-server-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.x86_64.rpm krb5-server-1.9-9.el6_1.2.x86_64.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.x86_64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.x86_64.rpm krb5-server-1.9-9.el6_1.2.x86_64.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.x86_64.rpm krb5-workstation-1.9-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm i386: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.i686.rpm krb5-server-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-workstation-1.9-9.el6_1.2.i686.rpm ppc64: krb5-debuginfo-1.9-9.el6_1.2.ppc.rpm krb5-debuginfo-1.9-9.el6_1.2.ppc64.rpm krb5-devel-1.9-9.el6_1.2.ppc.rpm krb5-devel-1.9-9.el6_1.2.ppc64.rpm krb5-libs-1.9-9.el6_1.2.ppc.rpm krb5-libs-1.9-9.el6_1.2.ppc64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.ppc64.rpm krb5-server-1.9-9.el6_1.2.ppc64.rpm krb5-server-ldap-1.9-9.el6_1.2.ppc.rpm krb5-server-ldap-1.9-9.el6_1.2.ppc64.rpm krb5-workstation-1.9-9.el6_1.2.ppc64.rpm s390x: krb5-debuginfo-1.9-9.el6_1.2.s390.rpm krb5-debuginfo-1.9-9.el6_1.2.s390x.rpm krb5-devel-1.9-9.el6_1.2.s390.rpm krb5-devel-1.9-9.el6_1.2.s390x.rpm krb5-libs-1.9-9.el6_1.2.s390.rpm krb5-libs-1.9-9.el6_1.2.s390x.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.s390x.rpm krb5-server-1.9-9.el6_1.2.s390x.rpm krb5-server-ldap-1.9-9.el6_1.2.s390.rpm krb5-server-ldap-1.9-9.el6_1.2.s390x.rpm krb5-workstation-1.9-9.el6_1.2.s390x.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.x86_64.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.x86_64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.x86_64.rpm krb5-server-1.9-9.el6_1.2.x86_64.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.x86_64.rpm krb5-workstation-1.9-9.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.9-9.el6_1.2.src.rpm i386: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.i686.rpm krb5-server-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-workstation-1.9-9.el6_1.2.i686.rpm x86_64: krb5-debuginfo-1.9-9.el6_1.2.i686.rpm krb5-debuginfo-1.9-9.el6_1.2.x86_64.rpm krb5-devel-1.9-9.el6_1.2.i686.rpm krb5-devel-1.9-9.el6_1.2.x86_64.rpm krb5-libs-1.9-9.el6_1.2.i686.rpm krb5-libs-1.9-9.el6_1.2.x86_64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.x86_64.rpm krb5-server-1.9-9.el6_1.2.x86_64.rpm krb5-server-ldap-1.9-9.el6_1.2.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.x86_64.rpm krb5-workstation-1.9-9.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1527.html https://www.redhat.com/security/data/cve/CVE-2011-1528.html https://www.redhat.com/security/data/cve/CVE-2011-1529.html https://access.redhat.com/security/updates/classification/#moderate http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOngnVXlSAg2UNWIIRAmqRAJ94bmk7qEXhlCS/IZMaXqJSmRH+pwCgs7zx SL14/7irg9JuvAX62+2exUM= =vwYV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 18 23:30:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Oct 2011 23:30:16 +0000 Subject: [RHSA-2011:1380-01] Critical: java-1.6.0-openjdk security update Message-ID: <201110182330.p9INUHwm006632@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547) A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558) The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553) It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552) This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 19 18:00:32 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Oct 2011 18:00:32 +0000 Subject: [RHSA-2011:1384-01] Critical: java-1.6.0-sun security update Message-ID: <201110191800.p9JI0X6o021788@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 19 18:02:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Oct 2011 18:02:34 +0000 Subject: [RHSA-2011:1385-01] Moderate: kdelibs and kdelibs3 security update Message-ID: <201110191802.p9JI2Zc1025127@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kdelibs and kdelibs3 security update Advisory ID: RHSA-2011:1385-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1385.html Issue date: 2011-10-19 CVE Names: CVE-2011-3365 ===================================================================== 1. Summary: Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 743054 - CVE-2011-3365 kdelibs: input validation failure in KSSL 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-18.el4.src.rpm i386: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-devel-3.3.1-18.el4.i386.rpm ia64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.ia64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.ia64.rpm kdelibs-devel-3.3.1-18.el4.ia64.rpm ppc: kdelibs-3.3.1-18.el4.ppc.rpm kdelibs-3.3.1-18.el4.ppc64.rpm kdelibs-debuginfo-3.3.1-18.el4.ppc.rpm kdelibs-debuginfo-3.3.1-18.el4.ppc64.rpm kdelibs-devel-3.3.1-18.el4.ppc.rpm s390: kdelibs-3.3.1-18.el4.s390.rpm kdelibs-debuginfo-3.3.1-18.el4.s390.rpm kdelibs-devel-3.3.1-18.el4.s390.rpm s390x: kdelibs-3.3.1-18.el4.s390.rpm kdelibs-3.3.1-18.el4.s390x.rpm kdelibs-debuginfo-3.3.1-18.el4.s390.rpm kdelibs-debuginfo-3.3.1-18.el4.s390x.rpm kdelibs-devel-3.3.1-18.el4.s390x.rpm x86_64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.x86_64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.x86_64.rpm kdelibs-devel-3.3.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-18.el4.src.rpm i386: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-devel-3.3.1-18.el4.i386.rpm x86_64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.x86_64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.x86_64.rpm kdelibs-devel-3.3.1-18.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-18.el4.src.rpm i386: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-devel-3.3.1-18.el4.i386.rpm ia64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.ia64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.ia64.rpm kdelibs-devel-3.3.1-18.el4.ia64.rpm x86_64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.x86_64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.x86_64.rpm kdelibs-devel-3.3.1-18.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-18.el4.src.rpm i386: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-devel-3.3.1-18.el4.i386.rpm ia64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.ia64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.ia64.rpm kdelibs-devel-3.3.1-18.el4.ia64.rpm x86_64: kdelibs-3.3.1-18.el4.i386.rpm kdelibs-3.3.1-18.el4.x86_64.rpm kdelibs-debuginfo-3.3.1-18.el4.i386.rpm kdelibs-debuginfo-3.3.1-18.el4.x86_64.rpm kdelibs-devel-3.3.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-26.el5_7.1.src.rpm i386: kdelibs-3.5.4-26.el5_7.1.i386.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.i386.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm x86_64: kdelibs-3.5.4-26.el5_7.1.i386.rpm kdelibs-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-26.el5_7.1.src.rpm i386: kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm kdelibs-devel-3.5.4-26.el5_7.1.i386.rpm x86_64: kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-devel-3.5.4-26.el5_7.1.i386.rpm kdelibs-devel-3.5.4-26.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdelibs-3.5.4-26.el5_7.1.src.rpm i386: kdelibs-3.5.4-26.el5_7.1.i386.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.i386.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm kdelibs-devel-3.5.4-26.el5_7.1.i386.rpm ia64: kdelibs-3.5.4-26.el5_7.1.ia64.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.ia64.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.ia64.rpm kdelibs-devel-3.5.4-26.el5_7.1.ia64.rpm ppc: kdelibs-3.5.4-26.el5_7.1.ppc.rpm kdelibs-3.5.4-26.el5_7.1.ppc64.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.ppc.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.ppc.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.ppc64.rpm kdelibs-devel-3.5.4-26.el5_7.1.ppc.rpm kdelibs-devel-3.5.4-26.el5_7.1.ppc64.rpm s390x: kdelibs-3.5.4-26.el5_7.1.s390.rpm kdelibs-3.5.4-26.el5_7.1.s390x.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.s390x.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.s390.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.s390x.rpm kdelibs-devel-3.5.4-26.el5_7.1.s390.rpm kdelibs-devel-3.5.4-26.el5_7.1.s390x.rpm x86_64: kdelibs-3.5.4-26.el5_7.1.i386.rpm kdelibs-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-apidocs-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.i386.rpm kdelibs-debuginfo-3.5.4-26.el5_7.1.x86_64.rpm kdelibs-devel-3.5.4-26.el5_7.1.i386.rpm kdelibs-devel-3.5.4-26.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm i386: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm x86_64: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm i386: kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm noarch: kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm x86_64: kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm noarch: kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm x86_64: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm i386: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm ppc64: kdelibs3-3.5.10-24.el6_1.1.ppc.rpm kdelibs3-3.5.10-24.el6_1.1.ppc64.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.ppc.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.ppc64.rpm kdelibs3-devel-3.5.10-24.el6_1.1.ppc.rpm kdelibs3-devel-3.5.10-24.el6_1.1.ppc64.rpm s390x: kdelibs3-3.5.10-24.el6_1.1.s390.rpm kdelibs3-3.5.10-24.el6_1.1.s390x.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.s390.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.s390x.rpm kdelibs3-devel-3.5.10-24.el6_1.1.s390.rpm kdelibs3-devel-3.5.10-24.el6_1.1.s390x.rpm x86_64: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm noarch: kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm i386: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm x86_64: kdelibs3-3.5.10-24.el6_1.1.i686.rpm kdelibs3-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.i686.rpm kdelibs3-debuginfo-3.5.10-24.el6_1.1.x86_64.rpm kdelibs3-devel-3.5.10-24.el6_1.1.i686.rpm kdelibs3-devel-3.5.10-24.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kdelibs3-3.5.10-24.el6_1.1.src.rpm noarch: kdelibs3-apidocs-3.5.10-24.el6_1.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3365.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnxBkXlSAg2UNWIIRAjsbAJ9CUYbH01NXMf2Q+ILae3M3feiQKgCeMFdP i6P2rmJwrBUTq8lzJlRmIoc= =P4L9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 17:36:28 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2011 17:36:28 +0000 Subject: [RHSA-2011:1386-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201110201736.p9KHaSD7003749@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1386-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1386.html Issue date: 2011-10-20 CVE Names: CVE-2009-4067 CVE-2011-1160 CVE-2011-1585 CVE-2011-1833 CVE-2011-2484 CVE-2011-2496 CVE-2011-2695 CVE-2011-2699 CVE-2011-2723 CVE-2011-2942 CVE-2011-3131 CVE-2011-3188 CVE-2011-3191 CVE-2011-3209 CVE-2011-3347 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important) * A malicious CIFS (Common Internet File System) server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate) * A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate) * Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate) * A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially-crafted USB device. (CVE-2009-4067, Low) * A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space. (CVE-2011-1160, Low) * A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low) Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833. 4. Solution: This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 684671 - CVE-2011-1160 kernel: tpm infoleaks 697394 - CVE-2011-1585 kernel: cifs session reuse 715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in listener mode can lead to DoS 716538 - CVE-2011-2496 kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions 722393 - CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe() 722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file 723429 - CVE-2011-2699 kernel: ipv6: make fragment identifications less predictable 726552 - CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled 728518 - win2003 i386 guest BSOD when created with e1000 nic [rhel-5.7.z] 730341 - CVE-2011-3131 kernel: xen: IOMMU fault livelock 730682 - [EL5.7] igb: failed to activate WOL on 2nd LAN port on i350 [rhel-5.7.z] 730686 - Huge performance regression in NFS client [rhel-5.7.z] 730917 - CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver 731172 - CVE-2011-1833 kernel: ecryptfs: mount source TOCTOU race 732658 - CVE-2011-3188 kernel: net: improve sequence number generation 732869 - CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext() 732878 - CVE-2011-3209 kernel: panic occurs when clock_gettime() is called 733665 - Incorrect values in /proc/sys/vm/dirty_writeback_centises and dirty_expire_centisecs [rhel-5.7.z] 736425 - CVE-2011-3347 kernel: be2net: promiscuous mode and non-member VLAN packets DoS 738389 - Patch needed to allow MTU >1500 on vif prior to connecting to bridge [rhel-5.7.z] 738392 - netfront MTU drops to 1500 after domain migration [rhel-5.7.z] 739823 - 2.6.18-238.1.1.el5 or newer won't boot under Xen HVM due to linux-2.6-virt-nmi-don-t-print-nmi-stuck-messages-on-guests.patch [rhel-5.7.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.7.1.el5.src.rpm i386: kernel-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.7.1.el5.i686.rpm kernel-debug-2.6.18-274.7.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.7.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.i686.rpm kernel-devel-2.6.18-274.7.1.el5.i686.rpm kernel-headers-2.6.18-274.7.1.el5.i386.rpm kernel-xen-2.6.18-274.7.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.7.1.el5.i686.rpm noarch: kernel-doc-2.6.18-274.7.1.el5.noarch.rpm x86_64: kernel-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.7.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.x86_64.rpm kernel-devel-2.6.18-274.7.1.el5.x86_64.rpm kernel-headers-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.7.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.7.1.el5.src.rpm i386: kernel-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.7.1.el5.i686.rpm kernel-debug-2.6.18-274.7.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.7.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.i686.rpm kernel-devel-2.6.18-274.7.1.el5.i686.rpm kernel-headers-2.6.18-274.7.1.el5.i386.rpm kernel-xen-2.6.18-274.7.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.7.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.7.1.el5.i686.rpm ia64: kernel-2.6.18-274.7.1.el5.ia64.rpm kernel-debug-2.6.18-274.7.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.ia64.rpm kernel-debug-devel-2.6.18-274.7.1.el5.ia64.rpm kernel-debuginfo-2.6.18-274.7.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.ia64.rpm kernel-devel-2.6.18-274.7.1.el5.ia64.rpm kernel-headers-2.6.18-274.7.1.el5.ia64.rpm kernel-xen-2.6.18-274.7.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.7.1.el5.ia64.rpm kernel-xen-devel-2.6.18-274.7.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.7.1.el5.noarch.rpm ppc: kernel-2.6.18-274.7.1.el5.ppc64.rpm kernel-debug-2.6.18-274.7.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.7.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.7.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.ppc64.rpm kernel-devel-2.6.18-274.7.1.el5.ppc64.rpm kernel-headers-2.6.18-274.7.1.el5.ppc.rpm kernel-headers-2.6.18-274.7.1.el5.ppc64.rpm kernel-kdump-2.6.18-274.7.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.7.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.7.1.el5.ppc64.rpm s390x: kernel-2.6.18-274.7.1.el5.s390x.rpm kernel-debug-2.6.18-274.7.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.s390x.rpm kernel-debug-devel-2.6.18-274.7.1.el5.s390x.rpm kernel-debuginfo-2.6.18-274.7.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.s390x.rpm kernel-devel-2.6.18-274.7.1.el5.s390x.rpm kernel-headers-2.6.18-274.7.1.el5.s390x.rpm kernel-kdump-2.6.18-274.7.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.7.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.7.1.el5.s390x.rpm x86_64: kernel-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.7.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.7.1.el5.x86_64.rpm kernel-devel-2.6.18-274.7.1.el5.x86_64.rpm kernel-headers-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.7.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4067.html https://www.redhat.com/security/data/cve/CVE-2011-1160.html https://www.redhat.com/security/data/cve/CVE-2011-1585.html https://www.redhat.com/security/data/cve/CVE-2011-1833.html https://www.redhat.com/security/data/cve/CVE-2011-2484.html https://www.redhat.com/security/data/cve/CVE-2011-2496.html https://www.redhat.com/security/data/cve/CVE-2011-2695.html https://www.redhat.com/security/data/cve/CVE-2011-2699.html https://www.redhat.com/security/data/cve/CVE-2011-2723.html https://www.redhat.com/security/data/cve/CVE-2011-2942.html https://www.redhat.com/security/data/cve/CVE-2011-3131.html https://www.redhat.com/security/data/cve/CVE-2011-3188.html https://www.redhat.com/security/data/cve/CVE-2011-3191.html https://www.redhat.com/security/data/cve/CVE-2011-3209.html https://www.redhat.com/security/data/cve/CVE-2011-3347.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1386 https://rhn.redhat.com/errata/RHSA-2011-1241.html https://rhn.redhat.com/errata/RHSA-2011-1065.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOoFwHXlSAg2UNWIIRAjeRAJ96y38FGmEtyTMBRZFSXh0DzC5ryQCgqSPG /bUSsPcuZoEItpFWsA7sg0o= =SPIP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 17:37:00 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2011 17:37:00 +0000 Subject: [RHSA-2011:1391-01] Moderate: httpd security and bug fix update Message-ID: <201110201737.p9KHb0Lo032242@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2011:1391-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1391.html Issue date: 2011-10-20 CVE Names: CVE-2011-3348 CVE-2011-3368 ===================================================================== 1. Summary: Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736592) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 736592 - httpd: RHSA-2011:1245 regressions [rhel-6] 736690 - CVE-2011-3348 httpd: mod_proxy_ajp remote temporary DoS 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm i386: httpd-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-tools-2.2.15-9.el6_1.3.i686.rpm x86_64: httpd-2.2.15-9.el6_1.3.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-tools-2.2.15-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm i386: httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm mod_ssl-2.2.15-9.el6_1.3.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.3.noarch.rpm x86_64: httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.x86_64.rpm mod_ssl-2.2.15-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm x86_64: httpd-2.2.15-9.el6_1.3.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-tools-2.2.15-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm noarch: httpd-manual-2.2.15-9.el6_1.3.noarch.rpm x86_64: httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.x86_64.rpm mod_ssl-2.2.15-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm i386: httpd-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-tools-2.2.15-9.el6_1.3.i686.rpm mod_ssl-2.2.15-9.el6_1.3.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.3.noarch.rpm ppc64: httpd-2.2.15-9.el6_1.3.ppc64.rpm httpd-debuginfo-2.2.15-9.el6_1.3.ppc.rpm httpd-debuginfo-2.2.15-9.el6_1.3.ppc64.rpm httpd-devel-2.2.15-9.el6_1.3.ppc.rpm httpd-devel-2.2.15-9.el6_1.3.ppc64.rpm httpd-tools-2.2.15-9.el6_1.3.ppc64.rpm mod_ssl-2.2.15-9.el6_1.3.ppc64.rpm s390x: httpd-2.2.15-9.el6_1.3.s390x.rpm httpd-debuginfo-2.2.15-9.el6_1.3.s390.rpm httpd-debuginfo-2.2.15-9.el6_1.3.s390x.rpm httpd-devel-2.2.15-9.el6_1.3.s390.rpm httpd-devel-2.2.15-9.el6_1.3.s390x.rpm httpd-tools-2.2.15-9.el6_1.3.s390x.rpm mod_ssl-2.2.15-9.el6_1.3.s390x.rpm x86_64: httpd-2.2.15-9.el6_1.3.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.x86_64.rpm httpd-tools-2.2.15-9.el6_1.3.x86_64.rpm mod_ssl-2.2.15-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-9.el6_1.3.src.rpm i386: httpd-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-tools-2.2.15-9.el6_1.3.i686.rpm mod_ssl-2.2.15-9.el6_1.3.i686.rpm noarch: httpd-manual-2.2.15-9.el6_1.3.noarch.rpm x86_64: httpd-2.2.15-9.el6_1.3.x86_64.rpm httpd-debuginfo-2.2.15-9.el6_1.3.i686.rpm httpd-debuginfo-2.2.15-9.el6_1.3.x86_64.rpm httpd-devel-2.2.15-9.el6_1.3.i686.rpm httpd-devel-2.2.15-9.el6_1.3.x86_64.rpm httpd-tools-2.2.15-9.el6_1.3.x86_64.rpm mod_ssl-2.2.15-9.el6_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3348.html https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1245.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOoFwtXlSAg2UNWIIRArNFAJ4wl+RBSDavBY4s30osXuQolAExpgCfdnq4 jqEdmfFTEkx4L2vdRBd3Ux8= =yDza -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 20 17:37:59 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Oct 2011 17:37:59 +0000 Subject: [RHSA-2011:1392-01] Moderate: httpd security and bug fix update Message-ID: <201110201738.p9KHbxDl030423@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2011:1392-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1392.html Issue date: 2011-10-20 CVE Names: CVE-2011-3368 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 736593 - httpd: RHSA-2011:1245 regressions [rhel-5] 736594 - httpd: RHSA-2011:1245 regressions [rhel-4] 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm ppc: httpd-2.0.52-49.ent.ppc.rpm httpd-debuginfo-2.0.52-49.ent.ppc.rpm httpd-devel-2.0.52-49.ent.ppc.rpm httpd-manual-2.0.52-49.ent.ppc.rpm httpd-suexec-2.0.52-49.ent.ppc.rpm mod_ssl-2.0.52-49.ent.ppc.rpm s390: httpd-2.0.52-49.ent.s390.rpm httpd-debuginfo-2.0.52-49.ent.s390.rpm httpd-devel-2.0.52-49.ent.s390.rpm httpd-manual-2.0.52-49.ent.s390.rpm httpd-suexec-2.0.52-49.ent.s390.rpm mod_ssl-2.0.52-49.ent.s390.rpm s390x: httpd-2.0.52-49.ent.s390x.rpm httpd-debuginfo-2.0.52-49.ent.s390x.rpm httpd-devel-2.0.52-49.ent.s390x.rpm httpd-manual-2.0.52-49.ent.s390x.rpm httpd-suexec-2.0.52-49.ent.s390x.rpm mod_ssl-2.0.52-49.ent.s390x.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm ia64: httpd-2.2.3-53.el5_7.3.ia64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ia64.rpm httpd-devel-2.2.3-53.el5_7.3.ia64.rpm httpd-manual-2.2.3-53.el5_7.3.ia64.rpm mod_ssl-2.2.3-53.el5_7.3.ia64.rpm ppc: httpd-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc64.rpm httpd-devel-2.2.3-53.el5_7.3.ppc.rpm httpd-devel-2.2.3-53.el5_7.3.ppc64.rpm httpd-manual-2.2.3-53.el5_7.3.ppc.rpm mod_ssl-2.2.3-53.el5_7.3.ppc.rpm s390x: httpd-2.2.3-53.el5_7.3.s390x.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390x.rpm httpd-devel-2.2.3-53.el5_7.3.s390.rpm httpd-devel-2.2.3-53.el5_7.3.s390x.rpm httpd-manual-2.2.3-53.el5_7.3.s390x.rpm mod_ssl-2.2.3-53.el5_7.3.s390x.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1245.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOoFxkXlSAg2UNWIIRAl1kAJ94ZNoM1fzZzwHexpMMIAyHsGsB8wCgvD5v qZVZrYEbxzHisIh4Yznj+ro= =yulh -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 24 17:16:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Oct 2011 17:16:05 +0000 Subject: [RHSA-2011:1401-01] Moderate: xen security and bug fix update Message-ID: <201110241716.p9OHG6jV003738@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xen security and bug fix update Advisory ID: RHSA-2011:1401-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1401.html Issue date: 2011-10-24 CVE Names: CVE-2011-3346 ===================================================================== 1. Summary: Updated xen packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of bytes that are used to zero out a fixed-sized buffer via a SAI READ CAPACITY SCSI command, overwriting memory and causing the guest to crash. (CVE-2011-3346) This update also fixes the following bugs: * Prior to this update, the vif-bridge script used a maximum transmission unit (MTU) of 1500 for a new Virtual Interface (VIF). As a result, the MTU of the VIF could differ from that of the target bridge. This update fixes the VIF hot-plug script so that the default MTU for new VIFs will match that of the target Xen hypervisor bridge. In combination with a new enough kernel (RHSA-2011:1386), this enables the use of jumbo frames in Xen hypervisor guests. (BZ#738608) * Prior to this update, the network-bridge script set the MTU of the bridge to 1500. As a result, the MTU of the Xen hypervisor bridge could differ from that of the physical interface. This update fixes the network script so the MTU of the bridge can be set higher than 1500, thus also providing support for jumbo frames. Now, the MTU of the Xen hypervisor bridge will match that of the physical interface. (BZ#738610) * Red Hat Enterprise Linux 5.6 introduced an optimized migration handling that speeds up the migration of guests with large memory. However, the new migration procedure can theoretically cause data corruption. While no cases were observed in practice, with this update, the xend daemon properly waits for correct device release before the guest is started on a destination machine, thus fixing this bug. (BZ#743850) Note: Before a guest is using a new enough kernel (RHSA-2011:1386), the MTU of the VIF will drop back to 1500 (if it was set higher) after migration. All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the xend service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 736038 - CVE-2011-3346 qemu: local DoS with SCSI CD-ROM 738608 - vif (netback) should take its default MTU from the bridge 738610 - The network-bridge script does not set the MTU of the bridge to match the MTU of the physical interface 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-132.el5_7.2.src.rpm i386: xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-libs-3.0.3-132.el5_7.2.i386.rpm x86_64: xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.x86_64.rpm xen-libs-3.0.3-132.el5_7.2.i386.rpm xen-libs-3.0.3-132.el5_7.2.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-132.el5_7.2.src.rpm i386: xen-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-devel-3.0.3-132.el5_7.2.i386.rpm x86_64: xen-3.0.3-132.el5_7.2.x86_64.rpm xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.x86_64.rpm xen-devel-3.0.3-132.el5_7.2.i386.rpm xen-devel-3.0.3-132.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-132.el5_7.2.src.rpm i386: xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-libs-3.0.3-132.el5_7.2.i386.rpm ia64: xen-debuginfo-3.0.3-132.el5_7.2.ia64.rpm xen-libs-3.0.3-132.el5_7.2.ia64.rpm x86_64: xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.x86_64.rpm xen-libs-3.0.3-132.el5_7.2.i386.rpm xen-libs-3.0.3-132.el5_7.2.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-132.el5_7.2.src.rpm i386: xen-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-devel-3.0.3-132.el5_7.2.i386.rpm ia64: xen-3.0.3-132.el5_7.2.ia64.rpm xen-debuginfo-3.0.3-132.el5_7.2.ia64.rpm xen-devel-3.0.3-132.el5_7.2.ia64.rpm x86_64: xen-3.0.3-132.el5_7.2.x86_64.rpm xen-debuginfo-3.0.3-132.el5_7.2.i386.rpm xen-debuginfo-3.0.3-132.el5_7.2.x86_64.rpm xen-devel-3.0.3-132.el5_7.2.i386.rpm xen-devel-3.0.3-132.el5_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3346.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1386.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOpZ02XlSAg2UNWIIRAp8EAJ4+aNIWB+gsdUuU/679sxt3qx5l0wCbBQRk GE8djRuPU/fjUTiaSUEStc0= =wChd -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Oct 25 18:25:10 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Oct 2011 18:25:10 +0000 Subject: [RHSA-2011:1402-01] Important: freetype security update Message-ID: <201110251825.p9PIPBem027592@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1402-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1402.html Issue date: 2011-10-25 CVE Names: CVE-2011-3256 ===================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3256) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 746226 - CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm ppc: freetype-2.1.9-20.el4.ppc.rpm freetype-2.1.9-20.el4.ppc64.rpm freetype-debuginfo-2.1.9-20.el4.ppc.rpm freetype-debuginfo-2.1.9-20.el4.ppc64.rpm freetype-demos-2.1.9-20.el4.ppc.rpm freetype-devel-2.1.9-20.el4.ppc.rpm freetype-utils-2.1.9-20.el4.ppc.rpm s390: freetype-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-demos-2.1.9-20.el4.s390.rpm freetype-devel-2.1.9-20.el4.s390.rpm freetype-utils-2.1.9-20.el4.s390.rpm s390x: freetype-2.1.9-20.el4.s390.rpm freetype-2.1.9-20.el4.s390x.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390x.rpm freetype-demos-2.1.9-20.el4.s390x.rpm freetype-devel-2.1.9-20.el4.s390x.rpm freetype-utils-2.1.9-20.el4.s390x.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm ia64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.ia64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ia64.rpm freetype-demos-2.2.1-28.el5_7.1.ia64.rpm freetype-devel-2.2.1-28.el5_7.1.ia64.rpm ppc: freetype-2.2.1-28.el5_7.1.ppc.rpm freetype-2.2.1-28.el5_7.1.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc64.rpm freetype-demos-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc64.rpm s390x: freetype-2.2.1-28.el5_7.1.s390.rpm freetype-2.2.1-28.el5_7.1.s390x.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390x.rpm freetype-demos-2.2.1-28.el5_7.1.s390x.rpm freetype-devel-2.2.1-28.el5_7.1.s390.rpm freetype-devel-2.2.1-28.el5_7.1.s390x.rpm x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm ppc64: freetype-2.3.11-6.el6_1.7.ppc.rpm freetype-2.3.11-6.el6_1.7.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-devel-2.3.11-6.el6_1.7.ppc.rpm freetype-devel-2.3.11-6.el6_1.7.ppc64.rpm s390x: freetype-2.3.11-6.el6_1.7.s390.rpm freetype-2.3.11-6.el6_1.7.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-devel-2.3.11-6.el6_1.7.s390.rpm freetype-devel-2.3.11-6.el6_1.7.s390x.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-demos-2.3.11-6.el6_1.7.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-demos-2.3.11-6.el6_1.7.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3256.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOpv7zXlSAg2UNWIIRAtxRAJ9yxP+ABOboEq9+fB+RnBOLIUp/XgCePltE cL8BidDpB1YhdkDs+bUyhbU= =qAkG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 26 17:26:20 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Oct 2011 17:26:20 +0000 Subject: [RHSA-2011:1409-01] Moderate: openssl security update Message-ID: <201110261726.p9QHQK35022046@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2011:1409-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1409.html Issue date: 2011-10-26 CVE Names: CVE-2011-3207 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. (CVE-2011-3207) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 736087 - CVE-2011-3207 openssl: CRL verification vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm x86_64: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-1.0.0-10.el6_1.5.x86_64.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm openssl-perl-1.0.0-10.el6_1.5.i686.rpm openssl-static-1.0.0-10.el6_1.5.i686.rpm x86_64: openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm openssl-static-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm x86_64: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-1.0.0-10.el6_1.5.x86_64.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm x86_64: openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm openssl-static-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm ppc64: openssl-1.0.0-10.el6_1.5.ppc.rpm openssl-1.0.0-10.el6_1.5.ppc64.rpm openssl-debuginfo-1.0.0-10.el6_1.5.ppc.rpm openssl-debuginfo-1.0.0-10.el6_1.5.ppc64.rpm openssl-devel-1.0.0-10.el6_1.5.ppc.rpm openssl-devel-1.0.0-10.el6_1.5.ppc64.rpm s390x: openssl-1.0.0-10.el6_1.5.s390.rpm openssl-1.0.0-10.el6_1.5.s390x.rpm openssl-debuginfo-1.0.0-10.el6_1.5.s390.rpm openssl-debuginfo-1.0.0-10.el6_1.5.s390x.rpm openssl-devel-1.0.0-10.el6_1.5.s390.rpm openssl-devel-1.0.0-10.el6_1.5.s390x.rpm x86_64: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-1.0.0-10.el6_1.5.x86_64.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-perl-1.0.0-10.el6_1.5.i686.rpm openssl-static-1.0.0-10.el6_1.5.i686.rpm ppc64: openssl-debuginfo-1.0.0-10.el6_1.5.ppc64.rpm openssl-perl-1.0.0-10.el6_1.5.ppc64.rpm openssl-static-1.0.0-10.el6_1.5.ppc64.rpm s390x: openssl-debuginfo-1.0.0-10.el6_1.5.s390x.rpm openssl-perl-1.0.0-10.el6_1.5.s390x.rpm openssl-static-1.0.0-10.el6_1.5.s390x.rpm x86_64: openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm openssl-static-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm x86_64: openssl-1.0.0-10.el6_1.5.i686.rpm openssl-1.0.0-10.el6_1.5.x86_64.rpm openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-devel-1.0.0-10.el6_1.5.i686.rpm openssl-devel-1.0.0-10.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-10.el6_1.5.src.rpm i386: openssl-debuginfo-1.0.0-10.el6_1.5.i686.rpm openssl-perl-1.0.0-10.el6_1.5.i686.rpm openssl-static-1.0.0-10.el6_1.5.i686.rpm x86_64: openssl-debuginfo-1.0.0-10.el6_1.5.x86_64.rpm openssl-perl-1.0.0-10.el6_1.5.x86_64.rpm openssl-static-1.0.0-10.el6_1.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3207.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOqEKmXlSAg2UNWIIRAu12AJ4r+xRtVLgjGnLa92p5Pyh6vEp54gCdEjgZ o24aGxH7GN13mI9WUhPkgt0= =4ANj -----END PGP SIGNATURE-----