From bugzilla at redhat.com Thu Sep 1 20:09:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Sep 2011 20:09:16 +0000 Subject: [RHSA-2011:1247-01] Moderate: rsyslog security update Message-ID: <201109012009.p81K9HwS027457@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rsyslog security update Advisory ID: RHSA-2011:1247-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1247.html Issue date: 2011-09-01 CVE Names: CVE-2011-3200 ===================================================================== 1. Summary: Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon's parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon. (CVE-2011-3200) All rsyslog users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the rsyslog daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 727644 - CVE-2011-3200 rsyslog: parseLegacySyslogMsg off-by-two buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm i386: rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm x86_64: rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm ppc64: rsyslog-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.ppc64.rpm rsyslog-relp-4.6.2-3.el6_1.2.ppc64.rpm s390x: rsyslog-4.6.2-3.el6_1.2.s390x.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.s390x.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.s390x.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.s390x.rpm rsyslog-mysql-4.6.2-3.el6_1.2.s390x.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.s390x.rpm rsyslog-relp-4.6.2-3.el6_1.2.s390x.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rsyslog-4.6.2-3.el6_1.2.src.rpm i386: rsyslog-4.6.2-3.el6_1.2.i686.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.i686.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.i686.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.i686.rpm rsyslog-mysql-4.6.2-3.el6_1.2.i686.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.i686.rpm rsyslog-relp-4.6.2-3.el6_1.2.i686.rpm x86_64: rsyslog-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-debuginfo-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gnutls-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-gssapi-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-mysql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-pgsql-4.6.2-3.el6_1.2.x86_64.rpm rsyslog-relp-4.6.2-3.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3200.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOX+ZlXlSAg2UNWIIRAnSfAJsGszEbl6phWeedAWZZGIRkLeu83QCcD5Ta moVeSrnERHtsD29ndhkmjF8= =doBl -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 2 11:57:23 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Sep 2011 11:57:23 +0000 Subject: [RHSA-2011:1248-01] Important: ca-certificates security update Message-ID: <201109021157.p82BvNJm002734@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ca-certificates security update Advisory ID: RHSA-2011:1248-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1248.html Issue date: 2011-09-02 ===================================================================== 1. Summary: An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI). It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. (BZ#734381) All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734381 - Remove DigiNotar CA cert from RHEL packages 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ca-certificates-2010.63-3.el6_1.5.src.rpm noarch: ca-certificates-2010.63-3.el6_1.5.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ca-certificates-2010.63-3.el6_1.5.src.rpm noarch: ca-certificates-2010.63-3.el6_1.5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ca-certificates-2010.63-3.el6_1.5.src.rpm noarch: ca-certificates-2010.63-3.el6_1.5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ca-certificates-2010.63-3.el6_1.5.src.rpm noarch: ca-certificates-2010.63-3.el6_1.5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOYMRoXlSAg2UNWIIRAj3TAJ49ONXYDNV8a7slXDcE99dU0Y43YACbBulf 4WCeEPUPCADvXAHBmIYojd8= =WQJh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 6 22:32:41 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Sep 2011 22:32:41 +0000 Subject: [RHSA-2011:1212-01] Important: kernel security and bug fix update Message-ID: <201109062232.p86MWfEn008937@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2011:1212-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1212.html Issue date: 2011-09-06 CVE Names: CVE-2011-2482 CVE-2011-2491 CVE-2011-2495 CVE-2011-2517 CVE-2011-2519 CVE-2011-2901 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important) * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate) * An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems. A privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 712885 - RHEL6.1 32bit xen hvm guest crash randomly 714867 - CVE-2011-2482 kernel: sctp dos 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation 727590 - [xfs] mis-sized O_DIRECT I/O results in hung task timeouts [rhel-5.7.z] 727835 - xfs_error_report() oops when passed-in mp is NULL [rhel-5.7.z] 728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.3.1.el5.src.rpm i386: kernel-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.3.1.el5.i686.rpm kernel-debug-2.6.18-274.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.i686.rpm kernel-devel-2.6.18-274.3.1.el5.i686.rpm kernel-headers-2.6.18-274.3.1.el5.i386.rpm kernel-xen-2.6.18-274.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.3.1.el5.i686.rpm noarch: kernel-doc-2.6.18-274.3.1.el5.noarch.rpm x86_64: kernel-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.x86_64.rpm kernel-devel-2.6.18-274.3.1.el5.x86_64.rpm kernel-headers-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.3.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.3.1.el5.src.rpm i386: kernel-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.3.1.el5.i686.rpm kernel-debug-2.6.18-274.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.i686.rpm kernel-devel-2.6.18-274.3.1.el5.i686.rpm kernel-headers-2.6.18-274.3.1.el5.i386.rpm kernel-xen-2.6.18-274.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.3.1.el5.i686.rpm ia64: kernel-2.6.18-274.3.1.el5.ia64.rpm kernel-debug-2.6.18-274.3.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.ia64.rpm kernel-debug-devel-2.6.18-274.3.1.el5.ia64.rpm kernel-debuginfo-2.6.18-274.3.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.ia64.rpm kernel-devel-2.6.18-274.3.1.el5.ia64.rpm kernel-headers-2.6.18-274.3.1.el5.ia64.rpm kernel-xen-2.6.18-274.3.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.3.1.el5.ia64.rpm kernel-xen-devel-2.6.18-274.3.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.3.1.el5.noarch.rpm ppc: kernel-2.6.18-274.3.1.el5.ppc64.rpm kernel-debug-2.6.18-274.3.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.3.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.ppc64.rpm kernel-devel-2.6.18-274.3.1.el5.ppc64.rpm kernel-headers-2.6.18-274.3.1.el5.ppc.rpm kernel-headers-2.6.18-274.3.1.el5.ppc64.rpm kernel-kdump-2.6.18-274.3.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.3.1.el5.ppc64.rpm s390x: kernel-2.6.18-274.3.1.el5.s390x.rpm kernel-debug-2.6.18-274.3.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.s390x.rpm kernel-debug-devel-2.6.18-274.3.1.el5.s390x.rpm kernel-debuginfo-2.6.18-274.3.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.s390x.rpm kernel-devel-2.6.18-274.3.1.el5.s390x.rpm kernel-headers-2.6.18-274.3.1.el5.s390x.rpm kernel-kdump-2.6.18-274.3.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.3.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.3.1.el5.s390x.rpm x86_64: kernel-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.3.1.el5.x86_64.rpm kernel-devel-2.6.18-274.3.1.el5.x86_64.rpm kernel-headers-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.3.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2482.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2519.html https://www.redhat.com/security/data/cve/CVE-2011-2901.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1212 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZp97XlSAg2UNWIIRAl6HAJ448Y45tpukFIai3463Z+ttCEzm/gCgv9PX 0jTLTpYmehlHG6s+bVc/ipQ= =ndTX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 6 22:33:15 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Sep 2011 22:33:15 +0000 Subject: [RHSA-2011:1264-01] Important: gstreamer-plugins security update Message-ID: <201109062233.p86MXF9H008008@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gstreamer-plugins security update Advisory ID: RHSA-2011:1264-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1264.html Issue date: 2011-09-06 CVE Names: CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 ===================================================================== 1. Summary: Updated gstreamer-plugins packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 728371 - CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm ppc: gstreamer-plugins-0.8.5-1.EL.4.ppc.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ppc.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ppc.rpm s390: gstreamer-plugins-0.8.5-1.EL.4.s390.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.s390.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.s390.rpm s390x: gstreamer-plugins-0.8.5-1.EL.4.s390x.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.s390x.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.s390x.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2911.html https://www.redhat.com/security/data/cve/CVE-2011-2912.html https://www.redhat.com/security/data/cve/CVE-2011-2913.html https://www.redhat.com/security/data/cve/CVE-2011-2914.html https://www.redhat.com/security/data/cve/CVE-2011-2915.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZp+fXlSAg2UNWIIRAvGaAJ47Zgv5Pk1adhn6QrLfX62/LZUc9ACffEDQ jLw7n4PuB3ye7G7Newkgprk= =txOB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 6 22:34:16 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Sep 2011 22:34:16 +0000 Subject: [RHSA-2011:1266-01] Important: seamonkey security update Message-ID: <201109062234.p86MYG8I027122@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: seamonkey security update Advisory ID: RHSA-2011:1266-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1266.html Issue date: 2011-09-06 ===================================================================== 1. Summary: Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. The RHSA-2011:1244 SeaMonkey update rendered HTTPS certificates signed by a certain Certificate Authority (CA) as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate signed by that CA as untrusted. (BZ#735483) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 735483 - Additional certificates signed by DigiNotar CA certificate to be revoked (MFSA 2011-35) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-75.el4.src.rpm i386: seamonkey-1.0.9-75.el4.i386.rpm seamonkey-chat-1.0.9-75.el4.i386.rpm seamonkey-debuginfo-1.0.9-75.el4.i386.rpm seamonkey-devel-1.0.9-75.el4.i386.rpm seamonkey-dom-inspector-1.0.9-75.el4.i386.rpm seamonkey-js-debugger-1.0.9-75.el4.i386.rpm seamonkey-mail-1.0.9-75.el4.i386.rpm ia64: seamonkey-1.0.9-75.el4.ia64.rpm seamonkey-chat-1.0.9-75.el4.ia64.rpm seamonkey-debuginfo-1.0.9-75.el4.ia64.rpm seamonkey-devel-1.0.9-75.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-75.el4.ia64.rpm seamonkey-js-debugger-1.0.9-75.el4.ia64.rpm seamonkey-mail-1.0.9-75.el4.ia64.rpm ppc: seamonkey-1.0.9-75.el4.ppc.rpm seamonkey-chat-1.0.9-75.el4.ppc.rpm seamonkey-debuginfo-1.0.9-75.el4.ppc.rpm seamonkey-devel-1.0.9-75.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-75.el4.ppc.rpm seamonkey-js-debugger-1.0.9-75.el4.ppc.rpm seamonkey-mail-1.0.9-75.el4.ppc.rpm s390: seamonkey-1.0.9-75.el4.s390.rpm seamonkey-chat-1.0.9-75.el4.s390.rpm seamonkey-debuginfo-1.0.9-75.el4.s390.rpm seamonkey-devel-1.0.9-75.el4.s390.rpm seamonkey-dom-inspector-1.0.9-75.el4.s390.rpm seamonkey-js-debugger-1.0.9-75.el4.s390.rpm seamonkey-mail-1.0.9-75.el4.s390.rpm s390x: seamonkey-1.0.9-75.el4.s390x.rpm seamonkey-chat-1.0.9-75.el4.s390x.rpm seamonkey-debuginfo-1.0.9-75.el4.s390x.rpm seamonkey-devel-1.0.9-75.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-75.el4.s390x.rpm seamonkey-js-debugger-1.0.9-75.el4.s390x.rpm seamonkey-mail-1.0.9-75.el4.s390x.rpm x86_64: seamonkey-1.0.9-75.el4.x86_64.rpm seamonkey-chat-1.0.9-75.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-75.el4.x86_64.rpm seamonkey-devel-1.0.9-75.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-75.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-75.el4.x86_64.rpm seamonkey-mail-1.0.9-75.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-75.el4.src.rpm i386: seamonkey-1.0.9-75.el4.i386.rpm seamonkey-chat-1.0.9-75.el4.i386.rpm seamonkey-debuginfo-1.0.9-75.el4.i386.rpm seamonkey-devel-1.0.9-75.el4.i386.rpm seamonkey-dom-inspector-1.0.9-75.el4.i386.rpm seamonkey-js-debugger-1.0.9-75.el4.i386.rpm seamonkey-mail-1.0.9-75.el4.i386.rpm x86_64: seamonkey-1.0.9-75.el4.x86_64.rpm seamonkey-chat-1.0.9-75.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-75.el4.x86_64.rpm seamonkey-devel-1.0.9-75.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-75.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-75.el4.x86_64.rpm seamonkey-mail-1.0.9-75.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-75.el4.src.rpm i386: seamonkey-1.0.9-75.el4.i386.rpm seamonkey-chat-1.0.9-75.el4.i386.rpm seamonkey-debuginfo-1.0.9-75.el4.i386.rpm seamonkey-devel-1.0.9-75.el4.i386.rpm seamonkey-dom-inspector-1.0.9-75.el4.i386.rpm seamonkey-js-debugger-1.0.9-75.el4.i386.rpm seamonkey-mail-1.0.9-75.el4.i386.rpm ia64: seamonkey-1.0.9-75.el4.ia64.rpm seamonkey-chat-1.0.9-75.el4.ia64.rpm seamonkey-debuginfo-1.0.9-75.el4.ia64.rpm seamonkey-devel-1.0.9-75.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-75.el4.ia64.rpm seamonkey-js-debugger-1.0.9-75.el4.ia64.rpm seamonkey-mail-1.0.9-75.el4.ia64.rpm x86_64: seamonkey-1.0.9-75.el4.x86_64.rpm seamonkey-chat-1.0.9-75.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-75.el4.x86_64.rpm seamonkey-devel-1.0.9-75.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-75.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-75.el4.x86_64.rpm seamonkey-mail-1.0.9-75.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-75.el4.src.rpm i386: seamonkey-1.0.9-75.el4.i386.rpm seamonkey-chat-1.0.9-75.el4.i386.rpm seamonkey-debuginfo-1.0.9-75.el4.i386.rpm seamonkey-devel-1.0.9-75.el4.i386.rpm seamonkey-dom-inspector-1.0.9-75.el4.i386.rpm seamonkey-js-debugger-1.0.9-75.el4.i386.rpm seamonkey-mail-1.0.9-75.el4.i386.rpm ia64: seamonkey-1.0.9-75.el4.ia64.rpm seamonkey-chat-1.0.9-75.el4.ia64.rpm seamonkey-debuginfo-1.0.9-75.el4.ia64.rpm seamonkey-devel-1.0.9-75.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-75.el4.ia64.rpm seamonkey-js-debugger-1.0.9-75.el4.ia64.rpm seamonkey-mail-1.0.9-75.el4.ia64.rpm x86_64: seamonkey-1.0.9-75.el4.x86_64.rpm seamonkey-chat-1.0.9-75.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-75.el4.x86_64.rpm seamonkey-devel-1.0.9-75.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-75.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-75.el4.x86_64.rpm seamonkey-mail-1.0.9-75.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1244.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZp/XXlSAg2UNWIIRAmtjAKCfAzsXzIjyypWJwtRJF2g8SPHBegCgt3jM qXdx+hAjPoRyRc4YZal5h5Q= =E5hi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 6 22:34:55 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Sep 2011 22:34:55 +0000 Subject: [RHSA-2011:1267-01] Important: thunderbird security update Message-ID: <201109062234.p86MYt2c032277@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2011:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1267.html Issue date: 2011-09-06 ===================================================================== 1. Summary: An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority (CA) as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate signed by that CA as untrusted. (BZ#735483) All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 735483 - Additional certificates signed by DigiNotar CA certificate to be revoked (MFSA 2011-35) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-43.el4.src.rpm i386: thunderbird-1.5.0.12-43.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-43.el4.i386.rpm ia64: thunderbird-1.5.0.12-43.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.ia64.rpm ppc: thunderbird-1.5.0.12-43.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-43.el4.ppc.rpm s390: thunderbird-1.5.0.12-43.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-43.el4.s390.rpm s390x: thunderbird-1.5.0.12-43.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-43.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-43.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-43.el4.src.rpm i386: thunderbird-1.5.0.12-43.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-43.el4.i386.rpm x86_64: thunderbird-1.5.0.12-43.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-43.el4.src.rpm i386: thunderbird-1.5.0.12-43.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-43.el4.i386.rpm ia64: thunderbird-1.5.0.12-43.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-43.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-43.el4.src.rpm i386: thunderbird-1.5.0.12-43.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-43.el4.i386.rpm ia64: thunderbird-1.5.0.12-43.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-43.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-43.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-25.el5.src.rpm i386: thunderbird-2.0.0.24-25.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-25.el5.i386.rpm x86_64: thunderbird-2.0.0.24-25.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-25.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-25.el5.src.rpm i386: thunderbird-2.0.0.24-25.el5.i386.rpm thunderbird-debuginfo-2.0.0.24-25.el5.i386.rpm x86_64: thunderbird-2.0.0.24-25.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-25.el5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.14-1.el6_1.src.rpm i386: thunderbird-3.1.14-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.14-1.el6_1.i686.rpm x86_64: thunderbird-3.1.14-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.14-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.14-1.el6_1.src.rpm i386: thunderbird-3.1.14-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.14-1.el6_1.i686.rpm ppc64: thunderbird-3.1.14-1.el6_1.ppc64.rpm thunderbird-debuginfo-3.1.14-1.el6_1.ppc64.rpm s390x: thunderbird-3.1.14-1.el6_1.s390x.rpm thunderbird-debuginfo-3.1.14-1.el6_1.s390x.rpm x86_64: thunderbird-3.1.14-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.14-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.14-1.el6_1.src.rpm i386: thunderbird-3.1.14-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.14-1.el6_1.i686.rpm x86_64: thunderbird-3.1.14-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.14-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1243.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZqACXlSAg2UNWIIRAuFMAJ4vOor16r8aBJBsHiR+DGgRk855BgCff0O2 U/Jjjo5JqFhw6QXxttSZO3U= =/FYQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 6 22:35:47 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Sep 2011 22:35:47 +0000 Subject: [RHSA-2011:1268-01] Important: firefox security update Message-ID: <201109062235.p86MZlEM000554@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2011:1268-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1268.html Issue date: 2011-09-06 ===================================================================== 1. Summary: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority (CA) as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate signed by that CA as untrusted. (BZ#735483) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.22. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 735483 - Additional certificates signed by DigiNotar CA certificate to be revoked (MFSA 2011-35) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.22-1.el4.src.rpm i386: firefox-3.6.22-1.el4.i386.rpm firefox-debuginfo-3.6.22-1.el4.i386.rpm ia64: firefox-3.6.22-1.el4.ia64.rpm firefox-debuginfo-3.6.22-1.el4.ia64.rpm ppc: firefox-3.6.22-1.el4.ppc.rpm firefox-debuginfo-3.6.22-1.el4.ppc.rpm s390: firefox-3.6.22-1.el4.s390.rpm firefox-debuginfo-3.6.22-1.el4.s390.rpm s390x: firefox-3.6.22-1.el4.s390x.rpm firefox-debuginfo-3.6.22-1.el4.s390x.rpm x86_64: firefox-3.6.22-1.el4.x86_64.rpm firefox-debuginfo-3.6.22-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.22-1.el4.src.rpm i386: firefox-3.6.22-1.el4.i386.rpm firefox-debuginfo-3.6.22-1.el4.i386.rpm x86_64: firefox-3.6.22-1.el4.x86_64.rpm firefox-debuginfo-3.6.22-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.22-1.el4.src.rpm i386: firefox-3.6.22-1.el4.i386.rpm firefox-debuginfo-3.6.22-1.el4.i386.rpm ia64: firefox-3.6.22-1.el4.ia64.rpm firefox-debuginfo-3.6.22-1.el4.ia64.rpm x86_64: firefox-3.6.22-1.el4.x86_64.rpm firefox-debuginfo-3.6.22-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.22-1.el4.src.rpm i386: firefox-3.6.22-1.el4.i386.rpm firefox-debuginfo-3.6.22-1.el4.i386.rpm ia64: firefox-3.6.22-1.el4.ia64.rpm firefox-debuginfo-3.6.22-1.el4.ia64.rpm x86_64: firefox-3.6.22-1.el4.x86_64.rpm firefox-debuginfo-3.6.22-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.22-1.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.22-1.el5_7.src.rpm i386: firefox-3.6.22-1.el5_7.i386.rpm firefox-debuginfo-3.6.22-1.el5_7.i386.rpm xulrunner-1.9.2.22-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm x86_64: firefox-3.6.22-1.el5_7.i386.rpm firefox-3.6.22-1.el5_7.x86_64.rpm firefox-debuginfo-3.6.22-1.el5_7.i386.rpm firefox-debuginfo-3.6.22-1.el5_7.x86_64.rpm xulrunner-1.9.2.22-1.el5_7.i386.rpm xulrunner-1.9.2.22-1.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.22-1.el5_7.src.rpm i386: xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm xulrunner-devel-1.9.2.22-1.el5_7.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.x86_64.rpm xulrunner-devel-1.9.2.22-1.el5_7.i386.rpm xulrunner-devel-1.9.2.22-1.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.22-1.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.22-1.el5_7.src.rpm i386: firefox-3.6.22-1.el5_7.i386.rpm firefox-debuginfo-3.6.22-1.el5_7.i386.rpm xulrunner-1.9.2.22-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm xulrunner-devel-1.9.2.22-1.el5_7.i386.rpm ia64: firefox-3.6.22-1.el5_7.ia64.rpm firefox-debuginfo-3.6.22-1.el5_7.ia64.rpm xulrunner-1.9.2.22-1.el5_7.ia64.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.ia64.rpm xulrunner-devel-1.9.2.22-1.el5_7.ia64.rpm ppc: firefox-3.6.22-1.el5_7.ppc.rpm firefox-debuginfo-3.6.22-1.el5_7.ppc.rpm xulrunner-1.9.2.22-1.el5_7.ppc.rpm xulrunner-1.9.2.22-1.el5_7.ppc64.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.ppc.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.ppc64.rpm xulrunner-devel-1.9.2.22-1.el5_7.ppc.rpm xulrunner-devel-1.9.2.22-1.el5_7.ppc64.rpm s390x: firefox-3.6.22-1.el5_7.s390.rpm firefox-3.6.22-1.el5_7.s390x.rpm firefox-debuginfo-3.6.22-1.el5_7.s390.rpm firefox-debuginfo-3.6.22-1.el5_7.s390x.rpm xulrunner-1.9.2.22-1.el5_7.s390.rpm xulrunner-1.9.2.22-1.el5_7.s390x.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.s390.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.s390x.rpm xulrunner-devel-1.9.2.22-1.el5_7.s390.rpm xulrunner-devel-1.9.2.22-1.el5_7.s390x.rpm x86_64: firefox-3.6.22-1.el5_7.i386.rpm firefox-3.6.22-1.el5_7.x86_64.rpm firefox-debuginfo-3.6.22-1.el5_7.i386.rpm firefox-debuginfo-3.6.22-1.el5_7.x86_64.rpm xulrunner-1.9.2.22-1.el5_7.i386.rpm xulrunner-1.9.2.22-1.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.22-1.el5_7.x86_64.rpm xulrunner-devel-1.9.2.22-1.el5_7.i386.rpm xulrunner-devel-1.9.2.22-1.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.22-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: firefox-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm x86_64: firefox-3.6.22-1.el6_1.i686.rpm firefox-3.6.22-1.el6_1.x86_64.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.x86_64.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.22-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm x86_64: firefox-3.6.22-1.el6_1.i686.rpm firefox-3.6.22-1.el6_1.x86_64.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.x86_64.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.22-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: firefox-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm ppc64: firefox-3.6.22-1.el6_1.ppc.rpm firefox-3.6.22-1.el6_1.ppc64.rpm firefox-debuginfo-3.6.22-1.el6_1.ppc.rpm firefox-debuginfo-3.6.22-1.el6_1.ppc64.rpm xulrunner-1.9.2.22-1.el6_1.ppc.rpm xulrunner-1.9.2.22-1.el6_1.ppc64.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.ppc64.rpm s390x: firefox-3.6.22-1.el6_1.s390.rpm firefox-3.6.22-1.el6_1.s390x.rpm firefox-debuginfo-3.6.22-1.el6_1.s390.rpm firefox-debuginfo-3.6.22-1.el6_1.s390x.rpm xulrunner-1.9.2.22-1.el6_1.s390.rpm xulrunner-1.9.2.22-1.el6_1.s390x.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.s390x.rpm x86_64: firefox-3.6.22-1.el6_1.i686.rpm firefox-3.6.22-1.el6_1.x86_64.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.x86_64.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.22-1.el6_1.ppc.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.ppc64.rpm xulrunner-devel-1.9.2.22-1.el6_1.ppc.rpm xulrunner-devel-1.9.2.22-1.el6_1.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.22-1.el6_1.s390.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.s390x.rpm xulrunner-devel-1.9.2.22-1.el6_1.s390.rpm xulrunner-devel-1.9.2.22-1.el6_1.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.22-1.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: firefox-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm x86_64: firefox-3.6.22-1.el6_1.i686.rpm firefox-3.6.22-1.el6_1.x86_64.rpm firefox-debuginfo-3.6.22-1.el6_1.i686.rpm firefox-debuginfo-3.6.22-1.el6_1.x86_64.rpm xulrunner-1.9.2.22-1.el6_1.i686.rpm xulrunner-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.22-1.el6_1.src.rpm i386: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.22-1.el6_1.i686.rpm xulrunner-debuginfo-1.9.2.22-1.el6_1.x86_64.rpm xulrunner-devel-1.9.2.22-1.el6_1.i686.rpm xulrunner-devel-1.9.2.22-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1242.html http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.22 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZqAyXlSAg2UNWIIRAp6yAJ9KZu9lr88Y9baLBBo+YRQQKoFqDQCfcFH7 p0SVOXmAPKuWAG4IB9E9rRk= =MR1O -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 7 17:18:30 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Sep 2011 17:18:30 +0000 Subject: [RHSA-2011:1250-01] Moderate: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update Message-ID: <201109071718.p87HIVE9019862@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update Advisory ID: RHSA-2011:1250-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1250.html Issue date: 2011-09-07 CVE Names: CVE-2011-2925 ===================================================================== 1. Summary: Updated Grid component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.0 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 6 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. A flaw was discovered in Cumin where it would log broker authentication credentials to the Cumin log file. A local user exploiting this flaw could connect to the broker outside of Cumin's control and perform certain operations such as scheduling jobs, setting attributes on jobs, as well as holding, releasing or removing jobs. The user could also use this to, depending on the defined ACLs of the broker, manipulate message queues and other privileged operations. (CVE-2011-2925) In addition, these updated packages for Red Hat Enterprise Linux 6 provide numerous bug fixes and enhancements for the Grid component of MRG. Some of the most important enhancements include: * Expanded support of EC2 features, including EBS and VPC. * Improved negotiation performance. * Reduced shadow memory usage. * Integrated configuration and management experience, including real-time monitoring, diagnostics, and configuration templates. Release Notes: * When MRG Grid ran on a node with multiple network interfaces, it tried to estimate the correct interface for its communications with the remaining MRG Grid nodes. As a consequence, the node could have failed to communicate with other parts of MRG Grid correctly if the wrong interface had been chosen. As a workaround to this issue, MRG Grid can be forced to use a specific network interface by setting the NETWORK_INTERFACE parameter to the IP address of that interface. To determine which interface was used by MRG Grid when it fails to communicate with other parts of the grid, include the D_HOSTNAME variable in the logging configuration of the corresponding daemon. (BZ#728285) * The remote configuration database requires an update to include changes for MRG Grid version 2.0.1. But the database snapshot provided with MRG only contains a basic configuration, and thus loading the database snapshot would replace the existing pool configuration. To solve this issue, the upgrade-wallaby-db tool which upgrades an existing deployment's database has to be used. This tool can be downloaded from the following page: https://access.redhat.com/kb/docs/DOC-58404 * With this update, the Elastic Compute Cloud Grid ASCII Helper Protocol (EC2 GAHP) is preferred over AMAZON GAHP. The condor-ec2-enhanced-hooks package has been updated to detect the correct GAHP for the EC2 Enhanced feature based upon what GAHPs are available on the scheduler. To ensure that jobs are routed to the proper resources, the 'set_gridresource = "amazon"; \' setting should be removed from all existing EC2 Enhanced routes in a MRG Grid's configuration. (BZ#688717) Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2.0 Technical Notes document for information on these changes: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technica l_Notes/index.html All users of the Grid capabilities of Red Hat Enterprise MRG 2.0 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2.0 Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 731574 - CVE-2011-2925 cumin: broker username/password appears in the log file 6. Package List: MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.3-0.3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-1.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-hooks-1.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-job-hooks-1.5-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-low-latency-1.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-4.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.14-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-rhubarb-0.4.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.10.5-6.el6.src.rpm i386: condor-7.6.3-0.3.el6.i686.rpm condor-aviary-7.6.3-0.3.el6.i686.rpm condor-classads-7.6.3-0.3.el6.i686.rpm condor-debuginfo-7.6.3-0.3.el6.i686.rpm condor-kbdd-7.6.3-0.3.el6.i686.rpm condor-qmf-7.6.3-0.3.el6.i686.rpm noarch: condor-ec2-enhanced-1.2-2.el6.noarch.rpm condor-ec2-enhanced-hooks-1.2-3.el6.noarch.rpm condor-job-hooks-1.5-4.el6.noarch.rpm condor-low-latency-1.2-2.el6.noarch.rpm condor-wallaby-base-db-1.14-1.el6.noarch.rpm condor-wallaby-client-4.1-4.el6.noarch.rpm condor-wallaby-tools-4.1-4.el6.noarch.rpm python-condorec2e-1.2-3.el6.noarch.rpm python-condorutils-1.5-4.el6.noarch.rpm python-wallabyclient-4.1-4.el6.noarch.rpm ruby-rhubarb-0.4.0-1.el6.noarch.rpm ruby-wallaby-0.10.5-6.el6.noarch.rpm wallaby-0.10.5-6.el6.noarch.rpm wallaby-utils-0.10.5-6.el6.noarch.rpm x86_64: condor-7.6.3-0.3.el6.x86_64.rpm condor-aviary-7.6.3-0.3.el6.x86_64.rpm condor-classads-7.6.3-0.3.el6.x86_64.rpm condor-debuginfo-7.6.3-0.3.el6.x86_64.rpm condor-kbdd-7.6.3-0.3.el6.x86_64.rpm condor-qmf-7.6.3-0.3.el6.x86_64.rpm condor-vm-gahp-7.6.3-0.3.el6.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.3-0.3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-1.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-hooks-1.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-job-hooks-1.5-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-low-latency-1.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-4.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.14-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-rhubarb-0.4.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.10.5-6.el6.src.rpm i386: condor-7.6.3-0.3.el6.i686.rpm condor-classads-7.6.3-0.3.el6.i686.rpm condor-debuginfo-7.6.3-0.3.el6.i686.rpm condor-kbdd-7.6.3-0.3.el6.i686.rpm condor-qmf-7.6.3-0.3.el6.i686.rpm noarch: condor-ec2-enhanced-1.2-2.el6.noarch.rpm condor-job-hooks-1.5-4.el6.noarch.rpm condor-low-latency-1.2-2.el6.noarch.rpm condor-wallaby-base-db-1.14-1.el6.noarch.rpm condor-wallaby-client-4.1-4.el6.noarch.rpm condor-wallaby-tools-4.1-4.el6.noarch.rpm python-condorec2e-1.2-3.el6.noarch.rpm python-condorutils-1.5-4.el6.noarch.rpm python-wallabyclient-4.1-4.el6.noarch.rpm ruby-rhubarb-0.4.0-1.el6.noarch.rpm ruby-wallaby-0.10.5-6.el6.noarch.rpm wallaby-utils-0.10.5-6.el6.noarch.rpm x86_64: condor-7.6.3-0.3.el6.x86_64.rpm condor-classads-7.6.3-0.3.el6.x86_64.rpm condor-debuginfo-7.6.3-0.3.el6.x86_64.rpm condor-kbdd-7.6.3-0.3.el6.x86_64.rpm condor-qmf-7.6.3-0.3.el6.x86_64.rpm condor-vm-gahp-7.6.3-0.3.el6.x86_64.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.4916-1.el6.src.rpm noarch: cumin-0.1.4916-1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2925.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/kb/docs/DOC-58404 https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZ6cwXlSAg2UNWIIRAl1MAJ0ZNJ158NPIhZ2UJIfHXHLasBN1TACgstdp JeW59kYXJDjX1OJ8PILhpP8= =raRR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 7 17:37:32 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Sep 2011 17:37:32 +0000 Subject: [RHSA-2011:1249-01] Moderate: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update Message-ID: <201109071737.p87HbWnU031755@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.0 security, bug fix and enhancement update Advisory ID: RHSA-2011:1249-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1249.html Issue date: 2011-09-07 CVE Names: CVE-2011-2925 ===================================================================== 1. Summary: Updated Grid component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.0 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 5 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. A flaw was discovered in Cumin where it would log broker authentication credentials to the Cumin log file. A local user exploiting this flaw could connect to the broker outside of Cumin's control and perform certain operations such as scheduling jobs, setting attributes on jobs, as well as holding, releasing or removing jobs. The user could also use this to, depending on the defined ACLs of the broker, manipulate message queues and other privileged operations. (CVE-2011-2925) In addition, these updated packages for Red Hat Enterprise Linux 5 provide numerous bug fixes and enhancements for the Grid component of MRG. Some of the most important enhancements include: * Expanded support of EC2 features, including EBS and VPC. * Improved negotiation performance. * Reduced shadow memory usage. * Integrated configuration and management experience, including real-time monitoring, diagnostics, and configuration templates. Release Notes: * When MRG Grid ran on a node with multiple network interfaces, it tried to estimate the correct interface for its communications with the remaining MRG Grid nodes. As a consequence, the node could have failed to communicate with other parts of MRG Grid correctly if the wrong interface had been chosen. As a workaround to this issue, MRG Grid can be forced to use a specific network interface by setting the NETWORK_INTERFACE parameter to the IP address of that interface. To determine which interface was used by MRG Grid when it fails to communicate with other parts of the grid, include the D_HOSTNAME variable in the logging configuration of the corresponding daemon. (BZ#728285) * The remote configuration database requires an update to include changes for MRG Grid version 2.0.1. But the database snapshot provided with MRG only contains a basic configuration, and thus loading the database snapshot would replace the existing pool configuration. To solve this issue, the upgrade-wallaby-db tool which upgrades an existing deployment's database has to be used. This tool can be downloaded from the following page: https://access.redhat.com/kb/docs/DOC-58404 * With this update, the Elastic Compute Cloud Grid ASCII Helper Protocol (EC2 GAHP) is preferred over AMAZON GAHP. The condor-ec2-enhanced-hooks package has been updated to detect the correct GAHP for the EC2 Enhanced feature based upon what GAHPs are available on the scheduler. To ensure that jobs are routed to the proper resources, the 'set_gridresource = "amazon"; \' setting should be removed from all existing EC2 Enhanced routes in a MRG Grid's configuration. (BZ#688717) Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2.0 Technical Notes document for information on these changes: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technica l_Notes/index.html All users of the Grid capabilities of Red Hat Enterprise MRG 2.0 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2.0 Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 631804 - condor_router_history not handled exception when bad option is passed 632109 - [RFE] list FQNDs in wallaby-inventory 637963 - RFE: Quota hierarchy to support mixed dynamic and static group quotas 652772 - SEC_* param cleanup in base-db 659247 - Delete queue dialog loop 673273 - cumin does not shut down during preuninstall 674598 - cumin cannot handle leading spaces in variable name 681648 - RFE: Update low-latency packaging to provide configuration file 681650 - RFE: Update ec2-enhanced packaging to drop config file 681651 - RFE: Update ec2-enhanced-hooks to drop config file 682447 - The text that indicates when the page was last updated doesn't show when the page update fails 696697 - Don't allow negative limit value to be set [RFE] 697016 - Add a mechanism to reset limits to unlimited [RFE] 697093 - Change y-axis labels on png flash charts to use units of 'M" for values >= 1 million 699413 - Cumin interaction with multiple hierarchical collectors 699643 - "condor reuse slot" users are on log-on screen 700540 - RFE: Human readable Up-time 700545 - AviaryScheduler feature missing dep on Scheduler 700595 - Unable to install wallaby w/o condor 700774 - [RFE] aviary doesn't insert default values into job classads 700863 - condor_configure_pool loses param settings if --schedd or --qmfbroker is used 701337 - Add UPDATE_INTERVAL to base-db 701966 - ccs incorrectly prompts for default values for params not to be added to the db & prints confusing error messages 702440 - Generate synthetic agent deletes in cumin based on heartbeats and agent list [RFE] 703196 - Unable to set non-numeric Args for job 703279 - Cumin does not return to beginning of page list when a search filter is applied 703283 - Job statistics overview under Grid User is not filtered for that user 703630 - Move fullpage chart link closer to graph [RFE] 703860 - Default sort order of columns with numerical values should be descending 703905 - wrong reject "group quota exceeded" 704490 - Condor platform Unknown 704597 - condor_configd hits "CRITICAL: Unable to get node information object" stops updating 704653 - Misleading/wrong error message on cumin service start by unprivileged user. 705437 - schedd crash on Windows due to bug in timed_queue<> 706108 - [RFE] wallaby Master feature 706977 - HGQ sanity check on recursive allocation is checking wrong variable 707078 - obsolete (and uninitialized) variable ignore_schedd_limit is being used in place of ignore_submitter_limit 707081 - groups are not sorted in starvation order 707335 - Negotiator crashes with hierarchical group quotas after reconfig 707576 - cumin doesn't redirect after the session times out 707584 - The Inventory page has checkboxes that do not serve a purpose 707770 - Dedicated scheduler releases half of claims 708944 - hold/release removes job from queue 709713 - [RFE] Add support for EBS storage 710215 - [RFE] set WantAWS = False in EC2 hooks 712529 - condor_router_* scripts incorrect in 7_6 series 712972 - negotiating groups with no submitters 712973 - negotiator overwhelmed with rejForSubmitterLimit rejections 712974 - [RFE]Limits table: Make the value the hyperlinked value rather than the name 712975 - enable additional GROUP_DYNAMIC_MACH_CONSTRAINT behavior 712987 - sort on most starved in negotiateWithGroup 713511 - Always run POST script, even if PRE script fails 715956 - Edit attributes page should not use update-interval 715973 - Multitude of "Edit Ad: OK" messages 716466 - RFE: Add ec2 support for vpc address 716519 - RFE: earlier spin halting when zero pie left 718265 - low-latency not expiring work 719019 - Startd RANK will only preempt if user priorities allow it 719050 - RFE: Allow condor_configure_store to edit groups 720374 - Files "condor_router_history", "condor_router_rm" and "condor_router_q" are not valid executable files for Windows 720507 - Schedd crash while asynchronously negotiating or claiming 723613 - Changing type of job attribute from int/float to another type causes Edit Attributes task to hang after submit 723971 - Daemons using read_condor_config crashes when _LOG is not specified 725826 - Force terminate-on-shutdown (instead of stop) for EC2 AMIs 731574 - CVE-2011-2925 cumin: broker username/password appears in the log file 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.3-0.3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-1.2-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-hooks-1.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-job-hooks-1.5-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-low-latency-1.2-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-4.1-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.14-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-rhubarb-0.4.0-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.10.5-6.el5.src.rpm i386: condor-7.6.3-0.3.el5.i386.rpm condor-aviary-7.6.3-0.3.el5.i386.rpm condor-classads-7.6.3-0.3.el5.i386.rpm condor-debuginfo-7.6.3-0.3.el5.i386.rpm condor-kbdd-7.6.3-0.3.el5.i386.rpm condor-qmf-7.6.3-0.3.el5.i386.rpm condor-vm-gahp-7.6.3-0.3.el5.i386.rpm noarch: condor-ec2-enhanced-1.2-2.el5.noarch.rpm condor-ec2-enhanced-hooks-1.2-3.el5.noarch.rpm condor-job-hooks-1.5-4.el5.noarch.rpm condor-low-latency-1.2-2.el5.noarch.rpm condor-wallaby-base-db-1.14-1.el5.noarch.rpm condor-wallaby-client-4.1-4.el5.noarch.rpm condor-wallaby-tools-4.1-4.el5.noarch.rpm python-condorec2e-1.2-3.el5.noarch.rpm python-condorutils-1.5-4.el5.noarch.rpm python-wallabyclient-4.1-4.el5.noarch.rpm ruby-rhubarb-0.4.0-1.el5.noarch.rpm ruby-wallaby-0.10.5-6.el5.noarch.rpm wallaby-0.10.5-6.el5.noarch.rpm wallaby-utils-0.10.5-6.el5.noarch.rpm x86_64: condor-7.6.3-0.3.el5.x86_64.rpm condor-aviary-7.6.3-0.3.el5.x86_64.rpm condor-classads-7.6.3-0.3.el5.x86_64.rpm condor-debuginfo-7.6.3-0.3.el5.x86_64.rpm condor-kbdd-7.6.3-0.3.el5.x86_64.rpm condor-qmf-7.6.3-0.3.el5.x86_64.rpm condor-vm-gahp-7.6.3-0.3.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.3-0.3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-1.2-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-hooks-1.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-job-hooks-1.5-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-low-latency-1.2-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-4.1-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.14-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-rhubarb-0.4.0-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.10.5-6.el5.src.rpm i386: condor-7.6.3-0.3.el5.i386.rpm condor-classads-7.6.3-0.3.el5.i386.rpm condor-debuginfo-7.6.3-0.3.el5.i386.rpm condor-kbdd-7.6.3-0.3.el5.i386.rpm condor-qmf-7.6.3-0.3.el5.i386.rpm condor-vm-gahp-7.6.3-0.3.el5.i386.rpm noarch: condor-ec2-enhanced-1.2-2.el5.noarch.rpm condor-job-hooks-1.5-4.el5.noarch.rpm condor-low-latency-1.2-2.el5.noarch.rpm condor-wallaby-base-db-1.14-1.el5.noarch.rpm condor-wallaby-client-4.1-4.el5.noarch.rpm condor-wallaby-tools-4.1-4.el5.noarch.rpm python-condorec2e-1.2-3.el5.noarch.rpm python-condorutils-1.5-4.el5.noarch.rpm python-wallabyclient-4.1-4.el5.noarch.rpm ruby-rhubarb-0.4.0-1.el5.noarch.rpm ruby-wallaby-0.10.5-6.el5.noarch.rpm wallaby-utils-0.10.5-6.el5.noarch.rpm x86_64: condor-7.6.3-0.3.el5.x86_64.rpm condor-classads-7.6.3-0.3.el5.x86_64.rpm condor-debuginfo-7.6.3-0.3.el5.x86_64.rpm condor-kbdd-7.6.3-0.3.el5.x86_64.rpm condor-qmf-7.6.3-0.3.el5.x86_64.rpm condor-vm-gahp-7.6.3-0.3.el5.x86_64.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.4916-1.el5.src.rpm noarch: cumin-0.1.4916-1.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2925.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technical_Notes/index.html https://access.redhat.com/kb/docs/DOC-58404 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZ6u8XlSAg2UNWIIRAsQKAKC9ABKCn6Rw4m1SvYMotNVq6CUCkgCffvs4 IifNR99dHY8TnUK2Cn8FQsQ= =UC/f -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 12 19:51:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Sep 2011 19:51:58 +0000 Subject: [RHSA-2011:1253-01] Important: kernel-rt security and bug fix update Message-ID: <201109121951.p8CJpwTY003699@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2011:1253-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1253.html Issue date: 2011-09-12 CVE Names: CVE-2010-4243 CVE-2010-4526 CVE-2011-1020 CVE-2011-1021 CVE-2011-1090 CVE-2011-1160 CVE-2011-1478 CVE-2011-1479 CVE-2011-1494 CVE-2011-1495 CVE-2011-1576 CVE-2011-1577 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1767 CVE-2011-1768 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 CVE-2011-2183 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2695 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: Security fixes: * A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important) * Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important) * A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges. (CVE-2011-2497, Important) * Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service. (CVE-2010-4243, Moderate) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate) * Inconsistency in the methods for allocating and freeing NFSv4 ACL data; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in the memory merging support; a flaw in the taskstats subsystem; and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate) * A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate) * napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service. (CVE-2011-1576, Moderate) * A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate) * Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low) * Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low) * While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776. 4. Solution: This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 625688 - CVE-2010-4243 kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads 664914 - CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() 680358 - CVE-2011-1020 kernel: no access restrictions of /proc/pid/* after setuid program exec 680841 - CVE-2011-1021 kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions 681987 - crash module required for RT kernel 682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab 684671 - CVE-2011-1160 kernel: tpm infoleaks 691270 - CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse 691793 - CVE-2011-1479 kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250) 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 697394 - CVE-2011-1585 kernel: cifs session reuse 697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap() 698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in can/bcm and can/raw socket releases 698996 - CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls 698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory() 702303 - CVE-2011-1767 CVE-2011-1768 kernel: netns vs proto registration ordering 703011 - CVE-2011-1770 kernel: dccp: handle invalid feature options length 703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace 703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 710158 - CONFIG_NF_CT_ACCT is deprecated in kernel-rt-2.6.33.9-rt31.66.el6rt 710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task 714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation 715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in listener mode can lead to DoS 716538 - CVE-2011-2496 kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions 716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file 728310 - MRG/RT 2.6.33.9-rt31.73 is missing cxgb3/t3fw-7.10.0.bin firmware files 728551 - add /sys/kernel/realtime entry 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-2.6.33.9-rt31.75.el6rt.src.rpm noarch: kernel-rt-doc-2.6.33.9-rt31.75.el6rt.noarch.rpm kernel-rt-firmware-2.6.33.9-rt31.75.el6rt.noarch.rpm x86_64: kernel-rt-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-debug-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-debug-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-trace-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-trace-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-vanilla-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4243.html https://www.redhat.com/security/data/cve/CVE-2010-4526.html https://www.redhat.com/security/data/cve/CVE-2011-1020.html https://www.redhat.com/security/data/cve/CVE-2011-1021.html https://www.redhat.com/security/data/cve/CVE-2011-1090.html https://www.redhat.com/security/data/cve/CVE-2011-1160.html https://www.redhat.com/security/data/cve/CVE-2011-1478.html https://www.redhat.com/security/data/cve/CVE-2011-1479.html https://www.redhat.com/security/data/cve/CVE-2011-1494.html https://www.redhat.com/security/data/cve/CVE-2011-1495.html https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://www.redhat.com/security/data/cve/CVE-2011-1577.html https://www.redhat.com/security/data/cve/CVE-2011-1585.html https://www.redhat.com/security/data/cve/CVE-2011-1593.html https://www.redhat.com/security/data/cve/CVE-2011-1598.html https://www.redhat.com/security/data/cve/CVE-2011-1745.html https://www.redhat.com/security/data/cve/CVE-2011-1746.html https://www.redhat.com/security/data/cve/CVE-2011-1748.html https://www.redhat.com/security/data/cve/CVE-2011-1767.html https://www.redhat.com/security/data/cve/CVE-2011-1768.html https://www.redhat.com/security/data/cve/CVE-2011-1770.html https://www.redhat.com/security/data/cve/CVE-2011-1776.html https://www.redhat.com/security/data/cve/CVE-2011-2022.html https://www.redhat.com/security/data/cve/CVE-2011-2183.html https://www.redhat.com/security/data/cve/CVE-2011-2213.html https://www.redhat.com/security/data/cve/CVE-2011-2484.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2492.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2496.html https://www.redhat.com/security/data/cve/CVE-2011-2497.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2695.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFObmKpXlSAg2UNWIIRAu/+AKC5klLY86rE+GjnaB/PpvDxdnA5JQCeMAh8 /3pm1OOL516ZQdr1dp5MUI0= =s43q -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 12 19:52:51 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Sep 2011 19:52:51 +0000 Subject: [RHSA-2011:1282-01] Important: nss and nspr security update Message-ID: <201109121952.p8CJqpcU003899@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss and nspr security update Advisory ID: RHSA-2011:1282-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1282.html Issue date: 2011-09-12 ===================================================================== 1. Summary: Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#734316) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. These updated packages upgrade NSS to version 3.12.10 on Red Hat Enterprise Linux 4 and 5. As well, they upgrade NSPR to version 4.8.8 on Red Hat Enterprise Linux 4 and 5, as required by the NSS update. The packages for Red Hat Enterprise Linux 6 include a backported patch. All NSS and NSPR users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nspr-4.8.8-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nss-3.12.10-4.el4.src.rpm i386: nspr-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-devel-4.8.8-1.el4.i386.rpm nss-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-devel-3.12.10-4.el4.i386.rpm nss-tools-3.12.10-4.el4.i386.rpm ia64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.ia64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.ia64.rpm nspr-devel-4.8.8-1.el4.ia64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.ia64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.ia64.rpm nss-devel-3.12.10-4.el4.ia64.rpm nss-tools-3.12.10-4.el4.ia64.rpm ppc: nspr-4.8.8-1.el4.ppc.rpm nspr-4.8.8-1.el4.ppc64.rpm nspr-debuginfo-4.8.8-1.el4.ppc.rpm nspr-debuginfo-4.8.8-1.el4.ppc64.rpm nspr-devel-4.8.8-1.el4.ppc.rpm nss-3.12.10-4.el4.ppc.rpm nss-3.12.10-4.el4.ppc64.rpm nss-debuginfo-3.12.10-4.el4.ppc.rpm nss-debuginfo-3.12.10-4.el4.ppc64.rpm nss-devel-3.12.10-4.el4.ppc.rpm nss-tools-3.12.10-4.el4.ppc.rpm s390: nspr-4.8.8-1.el4.s390.rpm nspr-debuginfo-4.8.8-1.el4.s390.rpm nspr-devel-4.8.8-1.el4.s390.rpm nss-3.12.10-4.el4.s390.rpm nss-debuginfo-3.12.10-4.el4.s390.rpm nss-devel-3.12.10-4.el4.s390.rpm nss-tools-3.12.10-4.el4.s390.rpm s390x: nspr-4.8.8-1.el4.s390.rpm nspr-4.8.8-1.el4.s390x.rpm nspr-debuginfo-4.8.8-1.el4.s390.rpm nspr-debuginfo-4.8.8-1.el4.s390x.rpm nspr-devel-4.8.8-1.el4.s390x.rpm nss-3.12.10-4.el4.s390.rpm nss-3.12.10-4.el4.s390x.rpm nss-debuginfo-3.12.10-4.el4.s390.rpm nss-debuginfo-3.12.10-4.el4.s390x.rpm nss-devel-3.12.10-4.el4.s390x.rpm nss-tools-3.12.10-4.el4.s390x.rpm x86_64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.x86_64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.x86_64.rpm nspr-devel-4.8.8-1.el4.x86_64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.x86_64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.x86_64.rpm nss-devel-3.12.10-4.el4.x86_64.rpm nss-tools-3.12.10-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nspr-4.8.8-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nss-3.12.10-4.el4.src.rpm i386: nspr-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-devel-4.8.8-1.el4.i386.rpm nss-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-devel-3.12.10-4.el4.i386.rpm nss-tools-3.12.10-4.el4.i386.rpm x86_64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.x86_64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.x86_64.rpm nspr-devel-4.8.8-1.el4.x86_64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.x86_64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.x86_64.rpm nss-devel-3.12.10-4.el4.x86_64.rpm nss-tools-3.12.10-4.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nspr-4.8.8-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nss-3.12.10-4.el4.src.rpm i386: nspr-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-devel-4.8.8-1.el4.i386.rpm nss-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-devel-3.12.10-4.el4.i386.rpm nss-tools-3.12.10-4.el4.i386.rpm ia64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.ia64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.ia64.rpm nspr-devel-4.8.8-1.el4.ia64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.ia64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.ia64.rpm nss-devel-3.12.10-4.el4.ia64.rpm nss-tools-3.12.10-4.el4.ia64.rpm x86_64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.x86_64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.x86_64.rpm nspr-devel-4.8.8-1.el4.x86_64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.x86_64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.x86_64.rpm nss-devel-3.12.10-4.el4.x86_64.rpm nss-tools-3.12.10-4.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nspr-4.8.8-1.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nss-3.12.10-4.el4.src.rpm i386: nspr-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-devel-4.8.8-1.el4.i386.rpm nss-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-devel-3.12.10-4.el4.i386.rpm nss-tools-3.12.10-4.el4.i386.rpm ia64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.ia64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.ia64.rpm nspr-devel-4.8.8-1.el4.ia64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.ia64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.ia64.rpm nss-devel-3.12.10-4.el4.ia64.rpm nss-tools-3.12.10-4.el4.ia64.rpm x86_64: nspr-4.8.8-1.el4.i386.rpm nspr-4.8.8-1.el4.x86_64.rpm nspr-debuginfo-4.8.8-1.el4.i386.rpm nspr-debuginfo-4.8.8-1.el4.x86_64.rpm nspr-devel-4.8.8-1.el4.x86_64.rpm nss-3.12.10-4.el4.i386.rpm nss-3.12.10-4.el4.x86_64.rpm nss-debuginfo-3.12.10-4.el4.i386.rpm nss-debuginfo-3.12.10-4.el4.x86_64.rpm nss-devel-3.12.10-4.el4.x86_64.rpm nss-tools-3.12.10-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.8-1.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.10-4.el5_7.src.rpm i386: nspr-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nss-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-tools-3.12.10-4.el5_7.i386.rpm x86_64: nspr-4.8.8-1.el5_7.i386.rpm nspr-4.8.8-1.el5_7.x86_64.rpm nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.x86_64.rpm nss-3.12.10-4.el5_7.i386.rpm nss-3.12.10-4.el5_7.x86_64.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.x86_64.rpm nss-tools-3.12.10-4.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.8.8-1.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.12.10-4.el5_7.src.rpm i386: nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-devel-4.8.8-1.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-devel-3.12.10-4.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-4.el5_7.i386.rpm x86_64: nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.x86_64.rpm nspr-devel-4.8.8-1.el5_7.i386.rpm nspr-devel-4.8.8-1.el5_7.x86_64.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.x86_64.rpm nss-devel-3.12.10-4.el5_7.i386.rpm nss-devel-3.12.10-4.el5_7.x86_64.rpm nss-pkcs11-devel-3.12.10-4.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-4.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.8.8-1.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.12.10-4.el5_7.src.rpm i386: nspr-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-devel-4.8.8-1.el5_7.i386.rpm nss-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-devel-3.12.10-4.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-4.el5_7.i386.rpm nss-tools-3.12.10-4.el5_7.i386.rpm ia64: nspr-4.8.8-1.el5_7.i386.rpm nspr-4.8.8-1.el5_7.ia64.rpm nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.ia64.rpm nspr-devel-4.8.8-1.el5_7.ia64.rpm nss-3.12.10-4.el5_7.i386.rpm nss-3.12.10-4.el5_7.ia64.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.ia64.rpm nss-devel-3.12.10-4.el5_7.ia64.rpm nss-pkcs11-devel-3.12.10-4.el5_7.ia64.rpm nss-tools-3.12.10-4.el5_7.ia64.rpm ppc: nspr-4.8.8-1.el5_7.ppc.rpm nspr-4.8.8-1.el5_7.ppc64.rpm nspr-debuginfo-4.8.8-1.el5_7.ppc.rpm nspr-debuginfo-4.8.8-1.el5_7.ppc64.rpm nspr-devel-4.8.8-1.el5_7.ppc.rpm nspr-devel-4.8.8-1.el5_7.ppc64.rpm nss-3.12.10-4.el5_7.ppc.rpm nss-3.12.10-4.el5_7.ppc64.rpm nss-debuginfo-3.12.10-4.el5_7.ppc.rpm nss-debuginfo-3.12.10-4.el5_7.ppc64.rpm nss-devel-3.12.10-4.el5_7.ppc.rpm nss-devel-3.12.10-4.el5_7.ppc64.rpm nss-pkcs11-devel-3.12.10-4.el5_7.ppc.rpm nss-pkcs11-devel-3.12.10-4.el5_7.ppc64.rpm nss-tools-3.12.10-4.el5_7.ppc.rpm s390x: nspr-4.8.8-1.el5_7.s390.rpm nspr-4.8.8-1.el5_7.s390x.rpm nspr-debuginfo-4.8.8-1.el5_7.s390.rpm nspr-debuginfo-4.8.8-1.el5_7.s390x.rpm nspr-devel-4.8.8-1.el5_7.s390.rpm nspr-devel-4.8.8-1.el5_7.s390x.rpm nss-3.12.10-4.el5_7.s390.rpm nss-3.12.10-4.el5_7.s390x.rpm nss-debuginfo-3.12.10-4.el5_7.s390.rpm nss-debuginfo-3.12.10-4.el5_7.s390x.rpm nss-devel-3.12.10-4.el5_7.s390.rpm nss-devel-3.12.10-4.el5_7.s390x.rpm nss-pkcs11-devel-3.12.10-4.el5_7.s390.rpm nss-pkcs11-devel-3.12.10-4.el5_7.s390x.rpm nss-tools-3.12.10-4.el5_7.s390x.rpm x86_64: nspr-4.8.8-1.el5_7.i386.rpm nspr-4.8.8-1.el5_7.x86_64.rpm nspr-debuginfo-4.8.8-1.el5_7.i386.rpm nspr-debuginfo-4.8.8-1.el5_7.x86_64.rpm nspr-devel-4.8.8-1.el5_7.i386.rpm nspr-devel-4.8.8-1.el5_7.x86_64.rpm nss-3.12.10-4.el5_7.i386.rpm nss-3.12.10-4.el5_7.x86_64.rpm nss-debuginfo-3.12.10-4.el5_7.i386.rpm nss-debuginfo-3.12.10-4.el5_7.x86_64.rpm nss-devel-3.12.10-4.el5_7.i386.rpm nss-devel-3.12.10-4.el5_7.x86_64.rpm nss-pkcs11-devel-3.12.10-4.el5_7.i386.rpm nss-pkcs11-devel-3.12.10-4.el5_7.x86_64.rpm nss-tools-3.12.10-4.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-sysinit-3.12.9-12.el6_1.i686.rpm nss-tools-3.12.9-12.el6_1.i686.rpm x86_64: nss-3.12.9-12.el6_1.i686.rpm nss-3.12.9-12.el6_1.x86_64.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-sysinit-3.12.9-12.el6_1.x86_64.rpm nss-tools-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm x86_64: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm x86_64: nss-3.12.9-12.el6_1.i686.rpm nss-3.12.9-12.el6_1.x86_64.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-sysinit-3.12.9-12.el6_1.x86_64.rpm nss-tools-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm x86_64: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-sysinit-3.12.9-12.el6_1.i686.rpm nss-tools-3.12.9-12.el6_1.i686.rpm ppc64: nss-3.12.9-12.el6_1.ppc.rpm nss-3.12.9-12.el6_1.ppc64.rpm nss-debuginfo-3.12.9-12.el6_1.ppc.rpm nss-debuginfo-3.12.9-12.el6_1.ppc64.rpm nss-devel-3.12.9-12.el6_1.ppc.rpm nss-devel-3.12.9-12.el6_1.ppc64.rpm nss-sysinit-3.12.9-12.el6_1.ppc64.rpm nss-tools-3.12.9-12.el6_1.ppc64.rpm s390x: nss-3.12.9-12.el6_1.s390.rpm nss-3.12.9-12.el6_1.s390x.rpm nss-debuginfo-3.12.9-12.el6_1.s390.rpm nss-debuginfo-3.12.9-12.el6_1.s390x.rpm nss-devel-3.12.9-12.el6_1.s390.rpm nss-devel-3.12.9-12.el6_1.s390x.rpm nss-sysinit-3.12.9-12.el6_1.s390x.rpm nss-tools-3.12.9-12.el6_1.s390x.rpm x86_64: nss-3.12.9-12.el6_1.i686.rpm nss-3.12.9-12.el6_1.x86_64.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.x86_64.rpm nss-sysinit-3.12.9-12.el6_1.x86_64.rpm nss-tools-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm ppc64: nss-debuginfo-3.12.9-12.el6_1.ppc.rpm nss-debuginfo-3.12.9-12.el6_1.ppc64.rpm nss-pkcs11-devel-3.12.9-12.el6_1.ppc.rpm nss-pkcs11-devel-3.12.9-12.el6_1.ppc64.rpm s390x: nss-debuginfo-3.12.9-12.el6_1.s390.rpm nss-debuginfo-3.12.9-12.el6_1.s390x.rpm nss-pkcs11-devel-3.12.9-12.el6_1.s390.rpm nss-pkcs11-devel-3.12.9-12.el6_1.s390x.rpm x86_64: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-sysinit-3.12.9-12.el6_1.i686.rpm nss-tools-3.12.9-12.el6_1.i686.rpm x86_64: nss-3.12.9-12.el6_1.i686.rpm nss-3.12.9-12.el6_1.x86_64.rpm nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-devel-3.12.9-12.el6_1.i686.rpm nss-devel-3.12.9-12.el6_1.x86_64.rpm nss-sysinit-3.12.9-12.el6_1.x86_64.rpm nss-tools-3.12.9-12.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.12.9-12.el6_1.src.rpm i386: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm x86_64: nss-debuginfo-3.12.9-12.el6_1.i686.rpm nss-debuginfo-3.12.9-12.el6_1.x86_64.rpm nss-pkcs11-devel-3.12.9-12.el6_1.i686.rpm nss-pkcs11-devel-3.12.9-12.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFObmMCXlSAg2UNWIIRAsOpAKClRezYsW2oGvhx2V2LFfqs7JWNaQCfaNsv AeVVmhXAEE6j2w4f1quEIks= =xkFl -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 13 19:24:34 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Sep 2011 19:24:34 +0000 Subject: [RHSA-2011:1289-01] Moderate: librsvg2 security update Message-ID: <201109131924.p8DJOYrL014129@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: librsvg2 security update Advisory ID: RHSA-2011:1289-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1289.html Issue date: 2011-09-13 CVE Names: CVE-2011-3146 ===================================================================== 1. Summary: Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734936 - CVE-2011-3146 librsvg: NULL pointer dereference flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm i386: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm x86_64: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm i386: librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm x86_64: librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm x86_64: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm x86_64: librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm i386: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm ppc64: librsvg2-2.26.0-5.el6_1.1.ppc.rpm librsvg2-2.26.0-5.el6_1.1.ppc64.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.ppc64.rpm librsvg2-devel-2.26.0-5.el6_1.1.ppc.rpm librsvg2-devel-2.26.0-5.el6_1.1.ppc64.rpm s390x: librsvg2-2.26.0-5.el6_1.1.s390.rpm librsvg2-2.26.0-5.el6_1.1.s390x.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.s390.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.s390x.rpm librsvg2-devel-2.26.0-5.el6_1.1.s390.rpm librsvg2-devel-2.26.0-5.el6_1.1.s390x.rpm x86_64: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/librsvg2-2.26.0-5.el6_1.1.src.rpm i386: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm x86_64: librsvg2-2.26.0-5.el6_1.1.i686.rpm librsvg2-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.i686.rpm librsvg2-debuginfo-2.26.0-5.el6_1.1.x86_64.rpm librsvg2-devel-2.26.0-5.el6_1.1.i686.rpm librsvg2-devel-2.26.0-5.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3146.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOb63kXlSAg2UNWIIRAqZgAKCfy+Zt4shQ1jGxAzw6xxf2/zpMcQCdF215 VNoWu4kYwF02Ee4dt5oMCDg= =PEEI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 14 19:04:33 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Sep 2011 19:04:33 +0000 Subject: [RHSA-2011:1293-01] Moderate: squid security update Message-ID: <201109141904.p8EJ4XHo002040@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2011:1293-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1293.html Issue date: 2011-09-14 CVE Names: CVE-2011-3205 ===================================================================== 1. Summary: An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734583 - CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm ppc64: squid-3.1.10-1.el6_1.1.ppc64.rpm squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm s390x: squid-3.1.10-1.el6_1.1.s390x.rpm squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-1.el6_1.1.src.rpm i386: squid-3.1.10-1.el6_1.1.i686.rpm squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm x86_64: squid-3.1.10-1.el6_1.1.x86_64.rpm squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3205.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOcPqzXlSAg2UNWIIRAutlAJ9nlG0w3FNBVqFtxSNe10FKir/WkACeNQAA rDOr/svPTfi23jLvkODeYbk= =0hIH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 14 19:09:42 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Sep 2011 19:09:42 +0000 Subject: [RHSA-2011:1294-01] Important: httpd security update Message-ID: <201109141909.p8EJ9gYY022376@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2011:1294-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1294.html Issue date: 2011-09-14 CVE Names: CVE-2011-3192 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64 3. Description: The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 732928 - CVE-2011-3192 httpd: multiple ranges DoS 6. Package List: Red Hat Enterprise Linux (v. 5.3.LL server): Source: httpd-2.2.3-22.el5_3.3.src.rpm i386: httpd-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-manual-2.2.3-22.el5_3.3.i386.rpm mod_ssl-2.2.3-22.el5_3.3.i386.rpm ia64: httpd-2.2.3-22.el5_3.3.ia64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm httpd-devel-2.2.3-22.el5_3.3.ia64.rpm httpd-manual-2.2.3-22.el5_3.3.ia64.rpm mod_ssl-2.2.3-22.el5_3.3.ia64.rpm x86_64: httpd-2.2.3-22.el5_3.3.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.x86_64.rpm httpd-manual-2.2.3-22.el5_3.3.x86_64.rpm mod_ssl-2.2.3-22.el5_3.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: httpd-2.2.3-45.el5_6.2.src.rpm i386: httpd-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-manual-2.2.3-45.el5_6.2.i386.rpm mod_ssl-2.2.3-45.el5_6.2.i386.rpm ia64: httpd-2.2.3-45.el5_6.2.ia64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm httpd-devel-2.2.3-45.el5_6.2.ia64.rpm httpd-manual-2.2.3-45.el5_6.2.ia64.rpm mod_ssl-2.2.3-45.el5_6.2.ia64.rpm ppc: httpd-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm httpd-devel-2.2.3-45.el5_6.2.ppc.rpm httpd-devel-2.2.3-45.el5_6.2.ppc64.rpm httpd-manual-2.2.3-45.el5_6.2.ppc.rpm mod_ssl-2.2.3-45.el5_6.2.ppc.rpm s390x: httpd-2.2.3-45.el5_6.2.s390x.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm httpd-devel-2.2.3-45.el5_6.2.s390.rpm httpd-devel-2.2.3-45.el5_6.2.s390x.rpm httpd-manual-2.2.3-45.el5_6.2.s390x.rpm mod_ssl-2.2.3-45.el5_6.2.s390x.rpm x86_64: httpd-2.2.3-45.el5_6.2.x86_64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.x86_64.rpm httpd-manual-2.2.3-45.el5_6.2.x86_64.rpm mod_ssl-2.2.3-45.el5_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6.0.z): Source: httpd-2.2.15-5.el6_0.1.src.rpm i386: httpd-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-tools-2.2.15-5.el6_0.1.i686.rpm mod_ssl-2.2.15-5.el6_0.1.i686.rpm noarch: httpd-manual-2.2.15-5.el6_0.1.noarch.rpm ppc64: httpd-2.2.15-5.el6_0.1.ppc64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm httpd-devel-2.2.15-5.el6_0.1.ppc.rpm httpd-devel-2.2.15-5.el6_0.1.ppc64.rpm httpd-tools-2.2.15-5.el6_0.1.ppc64.rpm mod_ssl-2.2.15-5.el6_0.1.ppc64.rpm s390x: httpd-2.2.15-5.el6_0.1.s390x.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm httpd-devel-2.2.15-5.el6_0.1.s390.rpm httpd-devel-2.2.15-5.el6_0.1.s390x.rpm httpd-tools-2.2.15-5.el6_0.1.s390x.rpm mod_ssl-2.2.15-5.el6_0.1.s390x.rpm x86_64: httpd-2.2.15-5.el6_0.1.x86_64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.x86_64.rpm httpd-tools-2.2.15-5.el6_0.1.x86_64.rpm mod_ssl-2.2.15-5.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOcPvoXlSAg2UNWIIRAmGBAJwI2Fw6a21y6sQIufKOTMSqJsa8iwCghpOw pVtt5SPsKbyHm0L/nXt0ZQM= =shA7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 15 19:52:12 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Sep 2011 19:52:12 +0000 Subject: [RHSA-2011:1300-01] Important: httpd security update Message-ID: <201109151952.p8FJqC7j020297@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2011:1300-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1300.html Issue date: 2011-09-15 CVE Names: CVE-2011-3192 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 732928 - CVE-2011-3192 httpd: multiple ranges DoS 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: httpd-2.0.46-78.ent.src.rpm i386: httpd-2.0.46-78.ent.i386.rpm httpd-debuginfo-2.0.46-78.ent.i386.rpm httpd-devel-2.0.46-78.ent.i386.rpm mod_ssl-2.0.46-78.ent.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: httpd-2.0.46-78.ent.src.rpm i386: httpd-2.0.46-78.ent.i386.rpm httpd-debuginfo-2.0.46-78.ent.i386.rpm httpd-devel-2.0.46-78.ent.i386.rpm mod_ssl-2.0.46-78.ent.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOcldeXlSAg2UNWIIRAlabAJ9GYPmmfXH9nmkPLpRRjtjlVApa0ACgigo8 Rt5rx0Q27YAm3WKwu+j1w/A= =sP5U -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 19 17:58:05 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 19 Sep 2011 17:58:05 +0000 Subject: [RHSA-2011:1317-01] Important: cyrus-imapd security update Message-ID: <201109191758.p8JHw5WA003625@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cyrus-imapd security update Advisory ID: RHSA-2011:1317-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1317.html Issue date: 2011-09-19 CVE Names: CVE-2011-3208 ===================================================================== 1. Summary: Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user. (CVE-2011-3208) Red Hat would like to thank Greg Banks for reporting this issue. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 734926 - CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-imapd-2.2.12-16.el4.src.rpm i386: cyrus-imapd-2.2.12-16.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.i386.rpm cyrus-imapd-devel-2.2.12-16.el4.i386.rpm cyrus-imapd-murder-2.2.12-16.el4.i386.rpm cyrus-imapd-nntp-2.2.12-16.el4.i386.rpm cyrus-imapd-utils-2.2.12-16.el4.i386.rpm perl-Cyrus-2.2.12-16.el4.i386.rpm ia64: cyrus-imapd-2.2.12-16.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.ia64.rpm cyrus-imapd-devel-2.2.12-16.el4.ia64.rpm cyrus-imapd-murder-2.2.12-16.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-16.el4.ia64.rpm cyrus-imapd-utils-2.2.12-16.el4.ia64.rpm perl-Cyrus-2.2.12-16.el4.ia64.rpm ppc: cyrus-imapd-2.2.12-16.el4.ppc.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.ppc.rpm cyrus-imapd-devel-2.2.12-16.el4.ppc.rpm cyrus-imapd-murder-2.2.12-16.el4.ppc.rpm cyrus-imapd-nntp-2.2.12-16.el4.ppc.rpm cyrus-imapd-utils-2.2.12-16.el4.ppc.rpm perl-Cyrus-2.2.12-16.el4.ppc.rpm s390: cyrus-imapd-2.2.12-16.el4.s390.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.s390.rpm cyrus-imapd-devel-2.2.12-16.el4.s390.rpm cyrus-imapd-murder-2.2.12-16.el4.s390.rpm cyrus-imapd-nntp-2.2.12-16.el4.s390.rpm cyrus-imapd-utils-2.2.12-16.el4.s390.rpm perl-Cyrus-2.2.12-16.el4.s390.rpm s390x: cyrus-imapd-2.2.12-16.el4.s390x.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.s390x.rpm cyrus-imapd-devel-2.2.12-16.el4.s390x.rpm cyrus-imapd-murder-2.2.12-16.el4.s390x.rpm cyrus-imapd-nntp-2.2.12-16.el4.s390x.rpm cyrus-imapd-utils-2.2.12-16.el4.s390x.rpm perl-Cyrus-2.2.12-16.el4.s390x.rpm x86_64: cyrus-imapd-2.2.12-16.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-16.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-16.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-16.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-16.el4.x86_64.rpm perl-Cyrus-2.2.12-16.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-imapd-2.2.12-16.el4.src.rpm i386: cyrus-imapd-2.2.12-16.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.i386.rpm cyrus-imapd-devel-2.2.12-16.el4.i386.rpm cyrus-imapd-murder-2.2.12-16.el4.i386.rpm cyrus-imapd-nntp-2.2.12-16.el4.i386.rpm cyrus-imapd-utils-2.2.12-16.el4.i386.rpm perl-Cyrus-2.2.12-16.el4.i386.rpm x86_64: cyrus-imapd-2.2.12-16.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-16.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-16.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-16.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-16.el4.x86_64.rpm perl-Cyrus-2.2.12-16.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-imapd-2.2.12-16.el4.src.rpm i386: cyrus-imapd-2.2.12-16.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.i386.rpm cyrus-imapd-devel-2.2.12-16.el4.i386.rpm cyrus-imapd-murder-2.2.12-16.el4.i386.rpm cyrus-imapd-nntp-2.2.12-16.el4.i386.rpm cyrus-imapd-utils-2.2.12-16.el4.i386.rpm perl-Cyrus-2.2.12-16.el4.i386.rpm ia64: cyrus-imapd-2.2.12-16.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.ia64.rpm cyrus-imapd-devel-2.2.12-16.el4.ia64.rpm cyrus-imapd-murder-2.2.12-16.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-16.el4.ia64.rpm cyrus-imapd-utils-2.2.12-16.el4.ia64.rpm perl-Cyrus-2.2.12-16.el4.ia64.rpm x86_64: cyrus-imapd-2.2.12-16.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-16.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-16.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-16.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-16.el4.x86_64.rpm perl-Cyrus-2.2.12-16.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-imapd-2.2.12-16.el4.src.rpm i386: cyrus-imapd-2.2.12-16.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.i386.rpm cyrus-imapd-devel-2.2.12-16.el4.i386.rpm cyrus-imapd-murder-2.2.12-16.el4.i386.rpm cyrus-imapd-nntp-2.2.12-16.el4.i386.rpm cyrus-imapd-utils-2.2.12-16.el4.i386.rpm perl-Cyrus-2.2.12-16.el4.i386.rpm ia64: cyrus-imapd-2.2.12-16.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.ia64.rpm cyrus-imapd-devel-2.2.12-16.el4.ia64.rpm cyrus-imapd-murder-2.2.12-16.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-16.el4.ia64.rpm cyrus-imapd-utils-2.2.12-16.el4.ia64.rpm perl-Cyrus-2.2.12-16.el4.ia64.rpm x86_64: cyrus-imapd-2.2.12-16.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-16.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-16.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-16.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-16.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-16.el4.x86_64.rpm perl-Cyrus-2.2.12-16.el4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cyrus-imapd-2.3.7-12.el5_7.1.src.rpm i386: cyrus-imapd-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.i386.rpm x86_64: cyrus-imapd-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cyrus-imapd-2.3.7-12.el5_7.1.src.rpm i386: cyrus-imapd-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.i386.rpm ia64: cyrus-imapd-2.3.7-12.el5_7.1.ia64.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.ia64.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.ia64.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.ia64.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.ia64.rpm ppc: cyrus-imapd-2.3.7-12.el5_7.1.ppc.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.ppc.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.ppc64.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.ppc.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.ppc64.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.ppc.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.ppc.rpm s390x: cyrus-imapd-2.3.7-12.el5_7.1.s390x.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.s390.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.s390x.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.s390.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.s390x.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.s390x.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.s390x.rpm x86_64: cyrus-imapd-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-debuginfo-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.i386.rpm cyrus-imapd-devel-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-perl-2.3.7-12.el5_7.1.x86_64.rpm cyrus-imapd-utils-2.3.7-12.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.3.src.rpm i386: cyrus-imapd-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.i686.rpm ppc64: cyrus-imapd-2.3.16-6.el6_1.3.ppc64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.ppc64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.ppc64.rpm s390x: cyrus-imapd-2.3.16-6.el6_1.3.s390x.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.s390x.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.s390x.rpm x86_64: cyrus-imapd-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.3.src.rpm i386: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.i686.rpm ppc64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.ppc.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.ppc64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.ppc.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.ppc64.rpm s390x: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.s390.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.s390x.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.s390.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.s390x.rpm x86_64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.3.src.rpm i386: cyrus-imapd-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.i686.rpm x86_64: cyrus-imapd-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.3.src.rpm i386: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.i686.rpm x86_64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.3.x86_64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3208.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOd4KXXlSAg2UNWIIRAgoSAJoCfWEtJJjNL5oZamrif4wfg9eZ4gCfbiyx 3XhihHREknw8w7xJsCIWOTc= =DP5O -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 20 17:55:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Sep 2011 17:55:58 +0000 Subject: [RHSA-2011:1321-01] Moderate: kernel security and bug fix update Message-ID: <201109201755.p8KHtw41002642@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2011:1321-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1321.html Issue date: 2011-09-20 CVE Names: CVE-2011-2723 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel. Security fix: * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. (CVE-2011-2723, Moderate) Red Hat would like to thank Brent Meshier for reporting this issue. Bug fixes: * When reading a file from a subdirectory in /proc/bus/pci/ while hot-unplugging the device related to that file, the system will crash. Now, the kernel correctly handles the simultaneous removal of a device and access to the representation of that device in the proc file system. (BZ#713454) * RHSA-2011:0017 introduced a regression: Non-disk SCSI devices (except for tape drives) such as enclosure or CD-ROM devices were hidden when attached to a SAS based RAID controller that uses the megaraid_sas driver. With this update, such devices are accessible, as expected. (BZ#726487) * The fix for CVE-2010-3432 provided in RHSA-2011:0004 introduced a regression: Information in sctp_packet_config(), which was called before appending data chunks to a packet, was not reset, causing considerably poor SCTP (Stream Control Transmission Protocol) performance. With this update, the packet information is reset after transmission. (BZ#727591) * Certain systems do not correctly set the ACPI FADT APIC mode bit. They set the bit to "cluster" mode instead of "physical" mode which caused these systems to boot without the TSC (Time Stamp Counter). With this update, the ACPI FADT check has been removed due to its unreliability. (BZ#728162) * Performance when invalidating and rereading cached data as a glock moves around the cluster with GFS2 is improved. (BZ#729082) * Performance issues occurred when multiple nodes attempted to call mmap() on the same inode at the same time on a GFS2 file system, as it was using an exclusive glock. With this update, a shared lock is used when "noatime" is set on the mount, allowing mmap() operations to occur in parallel, fixing this bug. Note that this issue only refers to mmap() system calls, and not to subsequent page faults. (BZ#729090) * Some of the functions in the GFS2 file system were not reserving enough space for the resource group header in a transaction and for resource groups bit blocks that get added when a memory allocation is performed. That resulted in failed write and allocation operations. With this update, GFS2 makes sure to reserve space in the described scenario, using the new gfs2_rg_blocks() inline function. (BZ#729092) * When GFS2 grew the file system, it never reread the rindex file during the grow. This is necessary for large grows when the file system is almost full, and GFS2 needs to use some of the space allocated earlier in the grow to complete it. Now, if GFS2 fails to reserve the necessary space and the rindex data is not up-to-date, it rereads it. (BZ#729094) * Previously, when the Xen hypervisor split a 2 MB page into 4 KB pages, it linked the new page from PDE (Page Directory Entry) before it filled entries of the page with appropriate data. Consequently, when doing a live migration with EPT (Extended Page Tables) enabled on a non-idle guest running with more than two virtual CPUs, the guest often terminated unexpectedly. With this update, the Xen hypervisor prepares the page table entry first, and then links it in. (BZ#730684) * Changes made to TSC as a clock source for IRQs caused virtual machines running under the VMware ESX or ESXi hypervisors to become unresponsive during the initial kernel boot process. With this update, the enable_tsc_timer flag enables the do_timer_tsc_timekeeping() function to be called in the do_timer_interrupt_hook() function, preventing a deadlock in the timer interrupt handler. (BZ#730688) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 726552 - CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled 729090 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock 729092 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere. 729094 - GFS2: Kernel changes necessary to allow growing completely full filesystems. 6. Package List: Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-238.27.1.el5.src.rpm i386: kernel-2.6.18-238.27.1.el5.i686.rpm kernel-PAE-2.6.18-238.27.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.27.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.27.1.el5.i686.rpm kernel-debug-2.6.18-238.27.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.27.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.27.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.27.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.27.1.el5.i686.rpm kernel-devel-2.6.18-238.27.1.el5.i686.rpm kernel-headers-2.6.18-238.27.1.el5.i386.rpm kernel-xen-2.6.18-238.27.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.27.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.27.1.el5.i686.rpm ia64: kernel-2.6.18-238.27.1.el5.ia64.rpm kernel-debug-2.6.18-238.27.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.27.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.27.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.27.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.27.1.el5.ia64.rpm kernel-devel-2.6.18-238.27.1.el5.ia64.rpm kernel-headers-2.6.18-238.27.1.el5.ia64.rpm kernel-xen-2.6.18-238.27.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.27.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.27.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.27.1.el5.noarch.rpm ppc: kernel-2.6.18-238.27.1.el5.ppc64.rpm kernel-debug-2.6.18-238.27.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.27.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.27.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.27.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.27.1.el5.ppc64.rpm kernel-devel-2.6.18-238.27.1.el5.ppc64.rpm kernel-headers-2.6.18-238.27.1.el5.ppc.rpm kernel-headers-2.6.18-238.27.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.27.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.27.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.27.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.27.1.el5.s390x.rpm kernel-debug-2.6.18-238.27.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.27.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.27.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.27.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.27.1.el5.s390x.rpm kernel-devel-2.6.18-238.27.1.el5.s390x.rpm kernel-headers-2.6.18-238.27.1.el5.s390x.rpm kernel-kdump-2.6.18-238.27.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.27.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.27.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.27.1.el5.x86_64.rpm kernel-debug-2.6.18-238.27.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.27.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.27.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.27.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.27.1.el5.x86_64.rpm kernel-devel-2.6.18-238.27.1.el5.x86_64.rpm kernel-headers-2.6.18-238.27.1.el5.x86_64.rpm kernel-xen-2.6.18-238.27.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.27.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.27.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2723.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeNOfXlSAg2UNWIIRAuD/AKCPLlBb/lR2p2PKXQGw04z92cTe1QCfTy/R CvpPf99efqe7jE5kA3+wqXk= =kMLb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 21 18:09:58 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Sep 2011 18:09:58 +0000 Subject: [RHSA-2011:1323-01] Moderate: qt security update Message-ID: <201109211809.p8LI9wwJ025814@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qt security update Advisory ID: RHSA-2011:1323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1323.html Issue date: 2011-09-21 CVE Names: CVE-2011-3193 CVE-2011-3194 ===================================================================== 1. Summary: Updated qt packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3194) Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 733119 - CVE-2011-3194 qt buffer overflow in greyscale images 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm x86_64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.x86_64.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-demos-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-examples-4.6.2-17.el6_1.1.i686.rpm noarch: qt-doc-4.6.2-17.el6_1.1.noarch.rpm x86_64: qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-demos-4.6.2-17.el6_1.1.x86_64.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.x86_64.rpm qt-examples-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm x86_64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm qt-4.6.2-17.el6_1.1.x86_64.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm qt-x11-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm noarch: qt-doc-4.6.2-17.el6_1.1.noarch.rpm x86_64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-demos-4.6.2-17.el6_1.1.x86_64.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.x86_64.rpm qt-examples-4.6.2-17.el6_1.1.x86_64.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm noarch: qt-doc-4.6.2-17.el6_1.1.noarch.rpm ppc64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.ppc.rpm phonon-backend-gstreamer-4.6.2-17.el6_1.1.ppc64.rpm qt-4.6.2-17.el6_1.1.ppc.rpm qt-4.6.2-17.el6_1.1.ppc64.rpm qt-debuginfo-4.6.2-17.el6_1.1.ppc.rpm qt-debuginfo-4.6.2-17.el6_1.1.ppc64.rpm qt-devel-4.6.2-17.el6_1.1.ppc.rpm qt-devel-4.6.2-17.el6_1.1.ppc64.rpm qt-mysql-4.6.2-17.el6_1.1.ppc.rpm qt-mysql-4.6.2-17.el6_1.1.ppc64.rpm qt-odbc-4.6.2-17.el6_1.1.ppc.rpm qt-odbc-4.6.2-17.el6_1.1.ppc64.rpm qt-postgresql-4.6.2-17.el6_1.1.ppc.rpm qt-postgresql-4.6.2-17.el6_1.1.ppc64.rpm qt-sqlite-4.6.2-17.el6_1.1.ppc.rpm qt-sqlite-4.6.2-17.el6_1.1.ppc64.rpm qt-x11-4.6.2-17.el6_1.1.ppc.rpm qt-x11-4.6.2-17.el6_1.1.ppc64.rpm s390x: phonon-backend-gstreamer-4.6.2-17.el6_1.1.s390.rpm phonon-backend-gstreamer-4.6.2-17.el6_1.1.s390x.rpm qt-4.6.2-17.el6_1.1.s390.rpm qt-4.6.2-17.el6_1.1.s390x.rpm qt-debuginfo-4.6.2-17.el6_1.1.s390.rpm qt-debuginfo-4.6.2-17.el6_1.1.s390x.rpm qt-devel-4.6.2-17.el6_1.1.s390.rpm qt-devel-4.6.2-17.el6_1.1.s390x.rpm qt-mysql-4.6.2-17.el6_1.1.s390.rpm qt-mysql-4.6.2-17.el6_1.1.s390x.rpm qt-odbc-4.6.2-17.el6_1.1.s390.rpm qt-odbc-4.6.2-17.el6_1.1.s390x.rpm qt-postgresql-4.6.2-17.el6_1.1.s390.rpm qt-postgresql-4.6.2-17.el6_1.1.s390x.rpm qt-sqlite-4.6.2-17.el6_1.1.s390.rpm qt-sqlite-4.6.2-17.el6_1.1.s390x.rpm qt-x11-4.6.2-17.el6_1.1.s390.rpm qt-x11-4.6.2-17.el6_1.1.s390x.rpm x86_64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.x86_64.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.x86_64.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-demos-4.6.2-17.el6_1.1.i686.rpm qt-examples-4.6.2-17.el6_1.1.i686.rpm ppc64: qt-debuginfo-4.6.2-17.el6_1.1.ppc64.rpm qt-demos-4.6.2-17.el6_1.1.ppc64.rpm qt-examples-4.6.2-17.el6_1.1.ppc64.rpm s390x: qt-debuginfo-4.6.2-17.el6_1.1.s390x.rpm qt-demos-4.6.2-17.el6_1.1.s390x.rpm qt-examples-4.6.2-17.el6_1.1.s390x.rpm x86_64: qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-demos-4.6.2-17.el6_1.1.x86_64.rpm qt-examples-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm noarch: qt-doc-4.6.2-17.el6_1.1.noarch.rpm x86_64: phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm qt-4.6.2-17.el6_1.1.i686.rpm qt-4.6.2-17.el6_1.1.x86_64.rpm qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-devel-4.6.2-17.el6_1.1.i686.rpm qt-devel-4.6.2-17.el6_1.1.x86_64.rpm qt-mysql-4.6.2-17.el6_1.1.i686.rpm qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm qt-odbc-4.6.2-17.el6_1.1.i686.rpm qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm qt-postgresql-4.6.2-17.el6_1.1.i686.rpm qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm qt-sqlite-4.6.2-17.el6_1.1.i686.rpm qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm qt-x11-4.6.2-17.el6_1.1.i686.rpm qt-x11-4.6.2-17.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-17.el6_1.1.src.rpm i386: qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm qt-demos-4.6.2-17.el6_1.1.i686.rpm qt-examples-4.6.2-17.el6_1.1.i686.rpm x86_64: qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm qt-demos-4.6.2-17.el6_1.1.x86_64.rpm qt-examples-4.6.2-17.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3193.html https://www.redhat.com/security/data/cve/CVE-2011-3194.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeihaXlSAg2UNWIIRArzpAKC0tANaJqlqOnVERhlmyGxse1+ApwCgqRK8 I3lkSpS2oT1x4QUE6nBIL94= =jt0E -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 21 18:10:43 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Sep 2011 18:10:43 +0000 Subject: [RHSA-2011:1324-01] Moderate: qt4 security update Message-ID: <201109211810.p8LIAhDR026317@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qt4 security update Advisory ID: RHSA-2011:1324-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1324.html Issue date: 2011-09-21 CVE Names: CVE-2007-0242 CVE-2011-3193 ===================================================================== 1. Summary: Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 234633 - CVE-2007-0242 QT UTF8 improper character expansion 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/qt4-4.2.1-1.el5_7.1.src.rpm i386: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-doc-4.2.1-1.el5_7.1.i386.rpm qt4-mysql-4.2.1-1.el5_7.1.i386.rpm qt4-odbc-4.2.1-1.el5_7.1.i386.rpm qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm x86_64: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-4.2.1-1.el5_7.1.x86_64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/qt4-4.2.1-1.el5_7.1.src.rpm i386: qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm x86_64: qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/qt4-4.2.1-1.el5_7.1.src.rpm i386: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-doc-4.2.1-1.el5_7.1.i386.rpm qt4-mysql-4.2.1-1.el5_7.1.i386.rpm qt4-odbc-4.2.1-1.el5_7.1.i386.rpm qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm ia64: qt4-4.2.1-1.el5_7.1.ia64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ia64.rpm qt4-devel-4.2.1-1.el5_7.1.ia64.rpm qt4-doc-4.2.1-1.el5_7.1.ia64.rpm qt4-mysql-4.2.1-1.el5_7.1.ia64.rpm qt4-odbc-4.2.1-1.el5_7.1.ia64.rpm qt4-postgresql-4.2.1-1.el5_7.1.ia64.rpm qt4-sqlite-4.2.1-1.el5_7.1.ia64.rpm ppc: qt4-4.2.1-1.el5_7.1.ppc.rpm qt4-4.2.1-1.el5_7.1.ppc64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ppc.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ppc64.rpm qt4-devel-4.2.1-1.el5_7.1.ppc.rpm qt4-devel-4.2.1-1.el5_7.1.ppc64.rpm qt4-doc-4.2.1-1.el5_7.1.ppc.rpm qt4-mysql-4.2.1-1.el5_7.1.ppc.rpm qt4-odbc-4.2.1-1.el5_7.1.ppc.rpm qt4-postgresql-4.2.1-1.el5_7.1.ppc.rpm qt4-sqlite-4.2.1-1.el5_7.1.ppc.rpm s390x: qt4-4.2.1-1.el5_7.1.s390.rpm qt4-4.2.1-1.el5_7.1.s390x.rpm qt4-debuginfo-4.2.1-1.el5_7.1.s390.rpm qt4-debuginfo-4.2.1-1.el5_7.1.s390x.rpm qt4-devel-4.2.1-1.el5_7.1.s390.rpm qt4-devel-4.2.1-1.el5_7.1.s390x.rpm qt4-doc-4.2.1-1.el5_7.1.s390x.rpm qt4-mysql-4.2.1-1.el5_7.1.s390x.rpm qt4-odbc-4.2.1-1.el5_7.1.s390x.rpm qt4-postgresql-4.2.1-1.el5_7.1.s390x.rpm qt4-sqlite-4.2.1-1.el5_7.1.s390x.rpm x86_64: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-4.2.1-1.el5_7.1.x86_64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-0242.html https://www.redhat.com/security/data/cve/CVE-2011-3193.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeiiFXlSAg2UNWIIRAjjUAJ9rg/DAsKiCaBzpimfDXYtb2SeC9ACglQdk s669t10+b0vFWbTleNEVLmk= =YK8A -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 21 18:11:13 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Sep 2011 18:11:13 +0000 Subject: [RHSA-2011:1325-01] Moderate: evolution28-pango security update Message-ID: <201109211811.p8LIBDAV001376@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: evolution28-pango security update Advisory ID: RHSA-2011:1325-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1325.html Issue date: 2011-09-21 CVE Names: CVE-2011-3193 ===================================================================== 1. Summary: Updated evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_11.src.rpm i386: evolution28-pango-1.14.9-13.el4_11.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.i386.rpm evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_11.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm ppc: evolution28-pango-1.14.9-13.el4_11.ppc.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.ppc.rpm evolution28-pango-devel-1.14.9-13.el4_11.ppc.rpm s390: evolution28-pango-1.14.9-13.el4_11.s390.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.s390.rpm evolution28-pango-devel-1.14.9-13.el4_11.s390.rpm s390x: evolution28-pango-1.14.9-13.el4_11.s390x.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.s390x.rpm evolution28-pango-devel-1.14.9-13.el4_11.s390x.rpm x86_64: evolution28-pango-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_11.src.rpm i386: evolution28-pango-1.14.9-13.el4_11.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.i386.rpm evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm x86_64: evolution28-pango-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_11.src.rpm i386: evolution28-pango-1.14.9-13.el4_11.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.i386.rpm evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_11.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution28-pango-1.14.9-13.el4_11.src.rpm i386: evolution28-pango-1.14.9-13.el4_11.i386.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.i386.rpm evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm ia64: evolution28-pango-1.14.9-13.el4_11.ia64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.ia64.rpm evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm x86_64: evolution28-pango-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-debuginfo-1.14.9-13.el4_11.x86_64.rpm evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3193.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeii1XlSAg2UNWIIRAkyfAJwJfNzB+uqA0Kzm336LVMwRAS7j8gCgv4bW qxZLJYIOuTWrVK3IQdP4XCg= =WX+3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 21 18:11:36 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Sep 2011 18:11:36 +0000 Subject: [RHSA-2011:1326-01] Moderate: pango security update Message-ID: <201109211811.p8LIBaEx019993@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pango security update Advisory ID: RHSA-2011:1326-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1326.html Issue date: 2011-09-21 CVE Names: CVE-2011-3193 ===================================================================== 1. Summary: Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5_7.3.src.rpm i386: pango-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm x86_64: pango-1.14.9-8.el5_7.3.i386.rpm pango-1.14.9-8.el5_7.3.x86_64.rpm pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pango-1.14.9-8.el5_7.3.src.rpm i386: pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-devel-1.14.9-8.el5_7.3.i386.rpm x86_64: pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.x86_64.rpm pango-devel-1.14.9-8.el5_7.3.i386.rpm pango-devel-1.14.9-8.el5_7.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pango-1.14.9-8.el5_7.3.src.rpm i386: pango-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-devel-1.14.9-8.el5_7.3.i386.rpm ia64: pango-1.14.9-8.el5_7.3.i386.rpm pango-1.14.9-8.el5_7.3.ia64.rpm pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.ia64.rpm pango-devel-1.14.9-8.el5_7.3.ia64.rpm ppc: pango-1.14.9-8.el5_7.3.ppc.rpm pango-1.14.9-8.el5_7.3.ppc64.rpm pango-debuginfo-1.14.9-8.el5_7.3.ppc.rpm pango-debuginfo-1.14.9-8.el5_7.3.ppc64.rpm pango-devel-1.14.9-8.el5_7.3.ppc.rpm pango-devel-1.14.9-8.el5_7.3.ppc64.rpm s390x: pango-1.14.9-8.el5_7.3.s390.rpm pango-1.14.9-8.el5_7.3.s390x.rpm pango-debuginfo-1.14.9-8.el5_7.3.s390.rpm pango-debuginfo-1.14.9-8.el5_7.3.s390x.rpm pango-devel-1.14.9-8.el5_7.3.s390.rpm pango-devel-1.14.9-8.el5_7.3.s390x.rpm x86_64: pango-1.14.9-8.el5_7.3.i386.rpm pango-1.14.9-8.el5_7.3.x86_64.rpm pango-debuginfo-1.14.9-8.el5_7.3.i386.rpm pango-debuginfo-1.14.9-8.el5_7.3.x86_64.rpm pango-devel-1.14.9-8.el5_7.3.i386.rpm pango-devel-1.14.9-8.el5_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3193.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeijPXlSAg2UNWIIRAuo0AJ9yFLltkCS+m+YHmTuQFUeIDKKb4QCfZxWZ 4Bg8VueQOav997ERZfa0ruE= =AXCY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 21 18:12:00 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Sep 2011 18:12:00 +0000 Subject: [RHSA-2011:1327-01] Moderate: frysk security update Message-ID: <201109211812.p8LIC0hv020091@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: frysk security update Advisory ID: RHSA-2011:1327-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1327.html Issue date: 2011-09-21 CVE Names: CVE-2011-3193 ===================================================================== 1. Summary: An updated frysk package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Description: frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of frysk are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running frysk applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/frysk-0.0.1.2007.08.03-8.el4.src.rpm i386: frysk-0.0.1.2007.08.03-8.el4.i386.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm x86_64: frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/frysk-0.0.1.2007.08.03-8.el4.src.rpm i386: frysk-0.0.1.2007.08.03-8.el4.i386.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm x86_64: frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/frysk-0.0.1.2007.08.03-8.el4.src.rpm i386: frysk-0.0.1.2007.08.03-8.el4.i386.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm x86_64: frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/frysk-0.0.1.2007.08.03-8.el4.src.rpm i386: frysk-0.0.1.2007.08.03-8.el4.i386.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.i386.rpm x86_64: frysk-0.0.1.2007.08.03-8.el4.x86_64.rpm frysk-debuginfo-0.0.1.2007.08.03-8.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3193.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeijlXlSAg2UNWIIRAuR+AJ9mkkkACA9/nQH3lbb6ydIM9JkDqQCgj/Xv J8qsJB3q9DHaErKSVu2GAEI= =w3MU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 22 17:09:00 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Sep 2011 17:09:00 +0000 Subject: [RHSA-2011:1333-01] Critical: flash-plugin security update Message-ID: <201109221709.p8MH90S3027393@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:1333-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1333.html Issue date: 2011-09-22 CVE Names: CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2444 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2444) This update also fixes an information disclosure flaw in flash-plugin. (CVE-2011-2429) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.10. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 740201 - CVE-2011-2444 flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 flash-plugin: critical flaws fixed in APSB11-26 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.10-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.10-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.10-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.10-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.10-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.10-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.10-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.10-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.10-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.10-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOe2ukXlSAg2UNWIIRAvd4AJ9LakEbs0iFv6Y3mSqs+JROc06kawCffnq2 H0DvJohnHlusgDRu/1iCPiE= =4DcA -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 26 18:55:24 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Sep 2011 18:55:24 +0000 Subject: [RHSA-2011:1338-01] Moderate: NetworkManager security update Message-ID: <201109261855.p8QItOas015892@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: NetworkManager security update Advisory ID: RHSA-2011:1338-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1338.html Issue date: 2011-09-26 CVE Names: CVE-2011-3364 ===================================================================== 1. Summary: Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections. (CVE-2011-3364) Red Hat would like to thank Matt McCutchen for reporting this issue. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ("service NetworkManager restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737338 - CVE-2011-3364 NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.i686.rpm x86_64: NetworkManager-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm x86_64: NetworkManager-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.i686.rpm ppc64: NetworkManager-0.8.1-9.el6_1.3.ppc64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.ppc.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.ppc64.rpm NetworkManager-glib-0.8.1-9.el6_1.3.ppc.rpm NetworkManager-glib-0.8.1-9.el6_1.3.ppc64.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.ppc64.rpm s390x: NetworkManager-0.8.1-9.el6_1.3.s390x.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.s390.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.s390x.rpm NetworkManager-glib-0.8.1-9.el6_1.3.s390.rpm NetworkManager-glib-0.8.1-9.el6_1.3.s390x.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.s390x.rpm x86_64: NetworkManager-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm ppc64: NetworkManager-debuginfo-0.8.1-9.el6_1.3.ppc.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.ppc64.rpm NetworkManager-devel-0.8.1-9.el6_1.3.ppc.rpm NetworkManager-devel-0.8.1-9.el6_1.3.ppc64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.ppc.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.ppc64.rpm s390x: NetworkManager-debuginfo-0.8.1-9.el6_1.3.s390.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.s390x.rpm NetworkManager-devel-0.8.1-9.el6_1.3.s390.rpm NetworkManager-devel-0.8.1-9.el6_1.3.s390x.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.s390.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.s390x.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.i686.rpm x86_64: NetworkManager-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-gnome-0.8.1-9.el6_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/NetworkManager-0.8.1-9.el6_1.3.src.rpm i386: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm x86_64: NetworkManager-debuginfo-0.8.1-9.el6_1.3.i686.rpm NetworkManager-debuginfo-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-devel-0.8.1-9.el6_1.3.x86_64.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpm NetworkManager-glib-devel-0.8.1-9.el6_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3364.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOgMqCXlSAg2UNWIIRAoEAAKCxWv5zlF3EBXeHiSPWUmxbFmGXugCgoACw 4Sho1dsv0RgixOwaazQo4fc= =gbJn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 28 23:57:57 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Sep 2011 23:57:57 +0000 Subject: [RHSA-2011:1341-01] Critical: firefox security update Message-ID: <201109282357.p8SNvvYI011232@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2011:1341-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1341.html Issue date: 2011-09-28 CVE Names: CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2995) A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content. (CVE-2011-2372) A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition. (CVE-2011-3000) A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2998) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.23. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.23, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741902 - CVE-2011-2995 Mozilla: Miscellaneous memory safety hazards (MFSA 2011-36) 741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38) 741905 - CVE-2011-3000 Mozilla:Defense against multiple Location headers due to CRLF Injection (MFSA 2011-39) 741917 - CVE-2011-2372 Mozilla:Code installation through holding down Enter (MFSA 2011-40) 741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm i386: firefox-3.6.23-1.el4.i386.rpm firefox-debuginfo-3.6.23-1.el4.i386.rpm ia64: firefox-3.6.23-1.el4.ia64.rpm firefox-debuginfo-3.6.23-1.el4.ia64.rpm ppc: firefox-3.6.23-1.el4.ppc.rpm firefox-debuginfo-3.6.23-1.el4.ppc.rpm s390: firefox-3.6.23-1.el4.s390.rpm firefox-debuginfo-3.6.23-1.el4.s390.rpm s390x: firefox-3.6.23-1.el4.s390x.rpm firefox-debuginfo-3.6.23-1.el4.s390x.rpm x86_64: firefox-3.6.23-1.el4.x86_64.rpm firefox-debuginfo-3.6.23-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm i386: firefox-3.6.23-1.el4.i386.rpm firefox-debuginfo-3.6.23-1.el4.i386.rpm x86_64: firefox-3.6.23-1.el4.x86_64.rpm firefox-debuginfo-3.6.23-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm i386: firefox-3.6.23-1.el4.i386.rpm firefox-debuginfo-3.6.23-1.el4.i386.rpm ia64: firefox-3.6.23-1.el4.ia64.rpm firefox-debuginfo-3.6.23-1.el4.ia64.rpm x86_64: firefox-3.6.23-1.el4.x86_64.rpm firefox-debuginfo-3.6.23-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-3.6.23-1.el4.src.rpm i386: firefox-3.6.23-1.el4.i386.rpm firefox-debuginfo-3.6.23-1.el4.i386.rpm ia64: firefox-3.6.23-1.el4.ia64.rpm firefox-debuginfo-3.6.23-1.el4.ia64.rpm x86_64: firefox-3.6.23-1.el4.x86_64.rpm firefox-debuginfo-3.6.23-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-3.6.23-2.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm i386: firefox-3.6.23-2.el5_7.i386.rpm firefox-debuginfo-3.6.23-2.el5_7.i386.rpm xulrunner-1.9.2.23-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm x86_64: firefox-3.6.23-2.el5_7.i386.rpm firefox-3.6.23-2.el5_7.x86_64.rpm firefox-debuginfo-3.6.23-2.el5_7.i386.rpm firefox-debuginfo-3.6.23-2.el5_7.x86_64.rpm xulrunner-1.9.2.23-1.el5_7.i386.rpm xulrunner-1.9.2.23-1.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm i386: xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm x86_64: xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm xulrunner-devel-1.9.2.23-1.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-3.6.23-2.el5_7.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el5_7.src.rpm i386: firefox-3.6.23-2.el5_7.i386.rpm firefox-debuginfo-3.6.23-2.el5_7.i386.rpm xulrunner-1.9.2.23-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm ia64: firefox-3.6.23-2.el5_7.ia64.rpm firefox-debuginfo-3.6.23-2.el5_7.ia64.rpm xulrunner-1.9.2.23-1.el5_7.ia64.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.ia64.rpm xulrunner-devel-1.9.2.23-1.el5_7.ia64.rpm ppc: firefox-3.6.23-2.el5_7.ppc.rpm firefox-debuginfo-3.6.23-2.el5_7.ppc.rpm xulrunner-1.9.2.23-1.el5_7.ppc.rpm xulrunner-1.9.2.23-1.el5_7.ppc64.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.ppc.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.ppc64.rpm xulrunner-devel-1.9.2.23-1.el5_7.ppc.rpm xulrunner-devel-1.9.2.23-1.el5_7.ppc64.rpm s390x: firefox-3.6.23-2.el5_7.s390.rpm firefox-3.6.23-2.el5_7.s390x.rpm firefox-debuginfo-3.6.23-2.el5_7.s390.rpm firefox-debuginfo-3.6.23-2.el5_7.s390x.rpm xulrunner-1.9.2.23-1.el5_7.s390.rpm xulrunner-1.9.2.23-1.el5_7.s390x.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.s390.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.s390x.rpm xulrunner-devel-1.9.2.23-1.el5_7.s390.rpm xulrunner-devel-1.9.2.23-1.el5_7.s390x.rpm x86_64: firefox-3.6.23-2.el5_7.i386.rpm firefox-3.6.23-2.el5_7.x86_64.rpm firefox-debuginfo-3.6.23-2.el5_7.i386.rpm firefox-debuginfo-3.6.23-2.el5_7.x86_64.rpm xulrunner-1.9.2.23-1.el5_7.i386.rpm xulrunner-1.9.2.23-1.el5_7.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.i386.rpm xulrunner-debuginfo-1.9.2.23-1.el5_7.x86_64.rpm xulrunner-devel-1.9.2.23-1.el5_7.i386.rpm xulrunner-devel-1.9.2.23-1.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: firefox-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm x86_64: firefox-3.6.23-2.el6_1.i686.rpm firefox-3.6.23-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm x86_64: firefox-3.6.23-2.el6_1.i686.rpm firefox-3.6.23-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: firefox-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm ppc64: firefox-3.6.23-2.el6_1.ppc.rpm firefox-3.6.23-2.el6_1.ppc64.rpm firefox-debuginfo-3.6.23-2.el6_1.ppc.rpm firefox-debuginfo-3.6.23-2.el6_1.ppc64.rpm xulrunner-1.9.2.23-1.el6_1.1.ppc.rpm xulrunner-1.9.2.23-1.el6_1.1.ppc64.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc64.rpm s390x: firefox-3.6.23-2.el6_1.s390.rpm firefox-3.6.23-2.el6_1.s390x.rpm firefox-debuginfo-3.6.23-2.el6_1.s390.rpm firefox-debuginfo-3.6.23-2.el6_1.s390x.rpm xulrunner-1.9.2.23-1.el6_1.1.s390.rpm xulrunner-1.9.2.23-1.el6_1.1.s390x.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390x.rpm x86_64: firefox-3.6.23-2.el6_1.i686.rpm firefox-3.6.23-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm ppc64: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.ppc64.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.ppc.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.ppc64.rpm s390x: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.s390x.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.s390.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.s390x.rpm x86_64: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-3.6.23-2.el6_1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: firefox-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm x86_64: firefox-3.6.23-2.el6_1.i686.rpm firefox-3.6.23-2.el6_1.x86_64.rpm firefox-debuginfo-3.6.23-2.el6_1.i686.rpm firefox-debuginfo-3.6.23-2.el6_1.x86_64.rpm xulrunner-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-1.9.2.23-1.el6_1.1.src.rpm i386: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm x86_64: xulrunner-debuginfo-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-debuginfo-1.9.2.23-1.el6_1.1.x86_64.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.i686.rpm xulrunner-devel-1.9.2.23-1.el6_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2372.html https://www.redhat.com/security/data/cve/CVE-2011-2995.html https://www.redhat.com/security/data/cve/CVE-2011-2998.html https://www.redhat.com/security/data/cve/CVE-2011-2999.html https://www.redhat.com/security/data/cve/CVE-2011-3000.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOg7R3XlSAg2UNWIIRAsf9AKCsT7B8ZVPN1E4p4L9crzXyWgmjjwCcCsjc Y4TMx6iv+uO3sVsIkI5MEIw= =+PaX -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 28 23:58:23 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Sep 2011 23:58:23 +0000 Subject: [RHSA-2011:1342-01] Critical: thunderbird security update Message-ID: <201109282358.p8SNwOlm018709@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:1342-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1342.html Issue date: 2011-09-28 CVE Names: CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2995) A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content. (CVE-2011-2372) A flaw was found in the way Thunderbird handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Thunderbird now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition. (CVE-2011-3000) A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2998) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741902 - CVE-2011-2995 Mozilla: Miscellaneous memory safety hazards (MFSA 2011-36) 741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38) 741905 - CVE-2011-3000 Mozilla:Defense against multiple Location headers due to CRLF Injection (MFSA 2011-39) 741917 - CVE-2011-2372 Mozilla:Code installation through holding down Enter (MFSA 2011-40) 741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-3.1.15-1.el6_1.src.rpm i386: thunderbird-3.1.15-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm x86_64: thunderbird-3.1.15-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-3.1.15-1.el6_1.src.rpm i386: thunderbird-3.1.15-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm ppc64: thunderbird-3.1.15-1.el6_1.ppc64.rpm thunderbird-debuginfo-3.1.15-1.el6_1.ppc64.rpm s390x: thunderbird-3.1.15-1.el6_1.s390x.rpm thunderbird-debuginfo-3.1.15-1.el6_1.s390x.rpm x86_64: thunderbird-3.1.15-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-3.1.15-1.el6_1.src.rpm i386: thunderbird-3.1.15-1.el6_1.i686.rpm thunderbird-debuginfo-3.1.15-1.el6_1.i686.rpm x86_64: thunderbird-3.1.15-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.15-1.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2372.html https://www.redhat.com/security/data/cve/CVE-2011-2995.html https://www.redhat.com/security/data/cve/CVE-2011-2998.html https://www.redhat.com/security/data/cve/CVE-2011-2999.html https://www.redhat.com/security/data/cve/CVE-2011-3000.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOg7SRXlSAg2UNWIIRAvXNAJ9A5WTk9dnUM9pjIPqVEGNIztvAJgCfaNNf ziYA0fTwhL8zzAykZqwxpeo= =OK/t -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 28 23:59:01 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Sep 2011 23:59:01 +0000 Subject: [RHSA-2011:1343-01] Critical: thunderbird security update Message-ID: <201109282359.p8SNx1R6009898@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2011:1343-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1343.html Issue date: 2011-09-28 CVE Names: CVE-2011-2998 CVE-2011-2999 ===================================================================== 1. Summary: An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2998) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38) 741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-44.el4.src.rpm i386: thunderbird-1.5.0.12-44.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-44.el4.i386.rpm ia64: thunderbird-1.5.0.12-44.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.ia64.rpm ppc: thunderbird-1.5.0.12-44.el4.ppc.rpm thunderbird-debuginfo-1.5.0.12-44.el4.ppc.rpm s390: thunderbird-1.5.0.12-44.el4.s390.rpm thunderbird-debuginfo-1.5.0.12-44.el4.s390.rpm s390x: thunderbird-1.5.0.12-44.el4.s390x.rpm thunderbird-debuginfo-1.5.0.12-44.el4.s390x.rpm x86_64: thunderbird-1.5.0.12-44.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-44.el4.src.rpm i386: thunderbird-1.5.0.12-44.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-44.el4.i386.rpm x86_64: thunderbird-1.5.0.12-44.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-44.el4.src.rpm i386: thunderbird-1.5.0.12-44.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-44.el4.i386.rpm ia64: thunderbird-1.5.0.12-44.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-44.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-44.el4.src.rpm i386: thunderbird-1.5.0.12-44.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-44.el4.i386.rpm ia64: thunderbird-1.5.0.12-44.el4.ia64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.ia64.rpm x86_64: thunderbird-1.5.0.12-44.el4.x86_64.rpm thunderbird-debuginfo-1.5.0.12-44.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.24-26.el5_7.src.rpm i386: thunderbird-2.0.0.24-26.el5_7.i386.rpm thunderbird-debuginfo-2.0.0.24-26.el5_7.i386.rpm x86_64: thunderbird-2.0.0.24-26.el5_7.x86_64.rpm thunderbird-debuginfo-2.0.0.24-26.el5_7.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-2.0.0.24-26.el5_7.src.rpm i386: thunderbird-2.0.0.24-26.el5_7.i386.rpm thunderbird-debuginfo-2.0.0.24-26.el5_7.i386.rpm x86_64: thunderbird-2.0.0.24-26.el5_7.x86_64.rpm thunderbird-debuginfo-2.0.0.24-26.el5_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2998.html https://www.redhat.com/security/data/cve/CVE-2011-2999.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOg7SyXlSAg2UNWIIRAhfAAKCqsYz45BKwoG31J2wcnQYPo7v9VACaAwGk MD8EPt+QqkmcNaYzh4P+ZCc= =9hnI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 28 23:59:29 2011 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Sep 2011 23:59:29 +0000 Subject: [RHSA-2011:1344-01] Critical: seamonkey security update Message-ID: <201109282359.p8SNxU4r029948@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: seamonkey security update Advisory ID: RHSA-2011:1344-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1344.html Issue date: 2011-09-28 CVE Names: CVE-2011-2998 CVE-2011-2999 ===================================================================== 1. Summary: Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2998) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38) 741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/seamonkey-1.0.9-76.el4.src.rpm i386: seamonkey-1.0.9-76.el4.i386.rpm seamonkey-chat-1.0.9-76.el4.i386.rpm seamonkey-debuginfo-1.0.9-76.el4.i386.rpm seamonkey-devel-1.0.9-76.el4.i386.rpm seamonkey-dom-inspector-1.0.9-76.el4.i386.rpm seamonkey-js-debugger-1.0.9-76.el4.i386.rpm seamonkey-mail-1.0.9-76.el4.i386.rpm ia64: seamonkey-1.0.9-76.el4.ia64.rpm seamonkey-chat-1.0.9-76.el4.ia64.rpm seamonkey-debuginfo-1.0.9-76.el4.ia64.rpm seamonkey-devel-1.0.9-76.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-76.el4.ia64.rpm seamonkey-js-debugger-1.0.9-76.el4.ia64.rpm seamonkey-mail-1.0.9-76.el4.ia64.rpm ppc: seamonkey-1.0.9-76.el4.ppc.rpm seamonkey-chat-1.0.9-76.el4.ppc.rpm seamonkey-debuginfo-1.0.9-76.el4.ppc.rpm seamonkey-devel-1.0.9-76.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-76.el4.ppc.rpm seamonkey-js-debugger-1.0.9-76.el4.ppc.rpm seamonkey-mail-1.0.9-76.el4.ppc.rpm s390: seamonkey-1.0.9-76.el4.s390.rpm seamonkey-chat-1.0.9-76.el4.s390.rpm seamonkey-debuginfo-1.0.9-76.el4.s390.rpm seamonkey-devel-1.0.9-76.el4.s390.rpm seamonkey-dom-inspector-1.0.9-76.el4.s390.rpm seamonkey-js-debugger-1.0.9-76.el4.s390.rpm seamonkey-mail-1.0.9-76.el4.s390.rpm s390x: seamonkey-1.0.9-76.el4.s390x.rpm seamonkey-chat-1.0.9-76.el4.s390x.rpm seamonkey-debuginfo-1.0.9-76.el4.s390x.rpm seamonkey-devel-1.0.9-76.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-76.el4.s390x.rpm seamonkey-js-debugger-1.0.9-76.el4.s390x.rpm seamonkey-mail-1.0.9-76.el4.s390x.rpm x86_64: seamonkey-1.0.9-76.el4.x86_64.rpm seamonkey-chat-1.0.9-76.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-76.el4.x86_64.rpm seamonkey-devel-1.0.9-76.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-76.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-76.el4.x86_64.rpm seamonkey-mail-1.0.9-76.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/seamonkey-1.0.9-76.el4.src.rpm i386: seamonkey-1.0.9-76.el4.i386.rpm seamonkey-chat-1.0.9-76.el4.i386.rpm seamonkey-debuginfo-1.0.9-76.el4.i386.rpm seamonkey-devel-1.0.9-76.el4.i386.rpm seamonkey-dom-inspector-1.0.9-76.el4.i386.rpm seamonkey-js-debugger-1.0.9-76.el4.i386.rpm seamonkey-mail-1.0.9-76.el4.i386.rpm x86_64: seamonkey-1.0.9-76.el4.x86_64.rpm seamonkey-chat-1.0.9-76.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-76.el4.x86_64.rpm seamonkey-devel-1.0.9-76.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-76.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-76.el4.x86_64.rpm seamonkey-mail-1.0.9-76.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/seamonkey-1.0.9-76.el4.src.rpm i386: seamonkey-1.0.9-76.el4.i386.rpm seamonkey-chat-1.0.9-76.el4.i386.rpm seamonkey-debuginfo-1.0.9-76.el4.i386.rpm seamonkey-devel-1.0.9-76.el4.i386.rpm seamonkey-dom-inspector-1.0.9-76.el4.i386.rpm seamonkey-js-debugger-1.0.9-76.el4.i386.rpm seamonkey-mail-1.0.9-76.el4.i386.rpm ia64: seamonkey-1.0.9-76.el4.ia64.rpm seamonkey-chat-1.0.9-76.el4.ia64.rpm seamonkey-debuginfo-1.0.9-76.el4.ia64.rpm seamonkey-devel-1.0.9-76.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-76.el4.ia64.rpm seamonkey-js-debugger-1.0.9-76.el4.ia64.rpm seamonkey-mail-1.0.9-76.el4.ia64.rpm x86_64: seamonkey-1.0.9-76.el4.x86_64.rpm seamonkey-chat-1.0.9-76.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-76.el4.x86_64.rpm seamonkey-devel-1.0.9-76.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-76.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-76.el4.x86_64.rpm seamonkey-mail-1.0.9-76.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/seamonkey-1.0.9-76.el4.src.rpm i386: seamonkey-1.0.9-76.el4.i386.rpm seamonkey-chat-1.0.9-76.el4.i386.rpm seamonkey-debuginfo-1.0.9-76.el4.i386.rpm seamonkey-devel-1.0.9-76.el4.i386.rpm seamonkey-dom-inspector-1.0.9-76.el4.i386.rpm seamonkey-js-debugger-1.0.9-76.el4.i386.rpm seamonkey-mail-1.0.9-76.el4.i386.rpm ia64: seamonkey-1.0.9-76.el4.ia64.rpm seamonkey-chat-1.0.9-76.el4.ia64.rpm seamonkey-debuginfo-1.0.9-76.el4.ia64.rpm seamonkey-devel-1.0.9-76.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-76.el4.ia64.rpm seamonkey-js-debugger-1.0.9-76.el4.ia64.rpm seamonkey-mail-1.0.9-76.el4.ia64.rpm x86_64: seamonkey-1.0.9-76.el4.x86_64.rpm seamonkey-chat-1.0.9-76.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-76.el4.x86_64.rpm seamonkey-devel-1.0.9-76.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-76.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-76.el4.x86_64.rpm seamonkey-mail-1.0.9-76.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2998.html https://www.redhat.com/security/data/cve/CVE-2011-2999.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOg7TUXlSAg2UNWIIRAutIAJ9VRR9wJ7X3EeMhl2mOH7qDj+6vnACdEXst A8YfyqP4L6d/3mUiTK4TjQE= =gZu1 -----END PGP SIGNATURE-----