From bugzilla at redhat.com Tue Apr 3 18:10:41 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2012 18:10:41 +0000 Subject: [RHSA-2012:0451-01] Important: rpm security update Message-ID: <201204031810.q33IAhLK017763@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rpm security update Advisory ID: RHSA-2012:0451-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0451.html Issue date: 2012-04-03 CVE Names: CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 ===================================================================== 1. Summary: Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6.0.z) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 744104 - CVE-2012-0815 rpm: incorrect handling of negated offsets in headerVerifyInfo() 744858 - CVE-2012-0060 rpm: insufficient validation of region tags 798585 - CVE-2012-0061 rpm: improper validation of header contents total size in headerLoad() 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: rpm-4.2.3-36_nonptl.src.rpm i386: popt-1.8.2-36_nonptl.i386.rpm rpm-4.2.3-36_nonptl.i386.rpm rpm-build-4.2.3-36_nonptl.i386.rpm rpm-debuginfo-4.2.3-36_nonptl.i386.rpm rpm-devel-4.2.3-36_nonptl.i386.rpm rpm-libs-4.2.3-36_nonptl.i386.rpm rpm-python-4.2.3-36_nonptl.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: rpm-4.2.3-36_nonptl.src.rpm i386: popt-1.8.2-36_nonptl.i386.rpm rpm-4.2.3-36_nonptl.i386.rpm rpm-build-4.2.3-36_nonptl.i386.rpm rpm-debuginfo-4.2.3-36_nonptl.i386.rpm rpm-devel-4.2.3-36_nonptl.i386.rpm rpm-libs-4.2.3-36_nonptl.i386.rpm rpm-python-4.2.3-36_nonptl.i386.rpm Red Hat Enterprise Linux AS (v. 4 ELS): Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/rpm-4.3.3-36_nonptl.el4.src.rpm i386: popt-1.9.1-36_nonptl.el4.i386.rpm rpm-4.3.3-36_nonptl.el4.i386.rpm rpm-build-4.3.3-36_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.i386.rpm rpm-devel-4.3.3-36_nonptl.el4.i386.rpm rpm-libs-4.3.3-36_nonptl.el4.i386.rpm rpm-python-4.3.3-36_nonptl.el4.i386.rpm ia64: popt-1.9.1-36_nonptl.el4.i386.rpm popt-1.9.1-36_nonptl.el4.ia64.rpm rpm-4.3.3-36_nonptl.el4.ia64.rpm rpm-build-4.3.3-36_nonptl.el4.ia64.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.ia64.rpm rpm-devel-4.3.3-36_nonptl.el4.ia64.rpm rpm-libs-4.3.3-36_nonptl.el4.i386.rpm rpm-libs-4.3.3-36_nonptl.el4.ia64.rpm rpm-python-4.3.3-36_nonptl.el4.ia64.rpm x86_64: popt-1.9.1-36_nonptl.el4.i386.rpm popt-1.9.1-36_nonptl.el4.x86_64.rpm rpm-4.3.3-36_nonptl.el4.x86_64.rpm rpm-build-4.3.3-36_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-36_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-36_nonptl.el4.i386.rpm rpm-libs-4.3.3-36_nonptl.el4.x86_64.rpm rpm-python-4.3.3-36_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/rpm-4.3.3-36_nonptl.el4.src.rpm i386: popt-1.9.1-36_nonptl.el4.i386.rpm rpm-4.3.3-36_nonptl.el4.i386.rpm rpm-build-4.3.3-36_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.i386.rpm rpm-devel-4.3.3-36_nonptl.el4.i386.rpm rpm-libs-4.3.3-36_nonptl.el4.i386.rpm rpm-python-4.3.3-36_nonptl.el4.i386.rpm x86_64: popt-1.9.1-36_nonptl.el4.i386.rpm popt-1.9.1-36_nonptl.el4.x86_64.rpm rpm-4.3.3-36_nonptl.el4.x86_64.rpm rpm-build-4.3.3-36_nonptl.el4.x86_64.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.i386.rpm rpm-debuginfo-4.3.3-36_nonptl.el4.x86_64.rpm rpm-devel-4.3.3-36_nonptl.el4.x86_64.rpm rpm-libs-4.3.3-36_nonptl.el4.i386.rpm rpm-libs-4.3.3-36_nonptl.el4.x86_64.rpm rpm-python-4.3.3-36_nonptl.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-28.el5_8.src.rpm i386: popt-1.10.2.3-28.el5_8.i386.rpm rpm-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-libs-4.4.2.3-28.el5_8.i386.rpm rpm-python-4.4.2.3-28.el5_8.i386.rpm x86_64: popt-1.10.2.3-28.el5_8.i386.rpm popt-1.10.2.3-28.el5_8.x86_64.rpm rpm-4.4.2.3-28.el5_8.x86_64.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.x86_64.rpm rpm-libs-4.4.2.3-28.el5_8.i386.rpm rpm-libs-4.4.2.3-28.el5_8.x86_64.rpm rpm-python-4.4.2.3-28.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rpm-4.4.2.3-28.el5_8.src.rpm i386: rpm-apidocs-4.4.2.3-28.el5_8.i386.rpm rpm-build-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-devel-4.4.2.3-28.el5_8.i386.rpm x86_64: rpm-apidocs-4.4.2.3-28.el5_8.x86_64.rpm rpm-build-4.4.2.3-28.el5_8.x86_64.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.x86_64.rpm rpm-devel-4.4.2.3-28.el5_8.i386.rpm rpm-devel-4.4.2.3-28.el5_8.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: rpm-4.4.2.3-9.el5_3.3.src.rpm i386: popt-1.10.2.3-9.el5_3.3.i386.rpm rpm-4.4.2.3-9.el5_3.3.i386.rpm rpm-apidocs-4.4.2.3-9.el5_3.3.i386.rpm rpm-build-4.4.2.3-9.el5_3.3.i386.rpm rpm-debuginfo-4.4.2.3-9.el5_3.3.i386.rpm rpm-devel-4.4.2.3-9.el5_3.3.i386.rpm rpm-libs-4.4.2.3-9.el5_3.3.i386.rpm rpm-python-4.4.2.3-9.el5_3.3.i386.rpm ia64: popt-1.10.2.3-9.el5_3.3.ia64.rpm rpm-4.4.2.3-9.el5_3.3.ia64.rpm rpm-apidocs-4.4.2.3-9.el5_3.3.ia64.rpm rpm-build-4.4.2.3-9.el5_3.3.ia64.rpm rpm-debuginfo-4.4.2.3-9.el5_3.3.ia64.rpm rpm-devel-4.4.2.3-9.el5_3.3.ia64.rpm rpm-libs-4.4.2.3-9.el5_3.3.ia64.rpm rpm-python-4.4.2.3-9.el5_3.3.ia64.rpm x86_64: popt-1.10.2.3-9.el5_3.3.i386.rpm popt-1.10.2.3-9.el5_3.3.x86_64.rpm rpm-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-apidocs-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-build-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-debuginfo-4.4.2.3-9.el5_3.3.i386.rpm rpm-debuginfo-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-devel-4.4.2.3-9.el5_3.3.i386.rpm rpm-devel-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-libs-4.4.2.3-9.el5_3.3.i386.rpm rpm-libs-4.4.2.3-9.el5_3.3.x86_64.rpm rpm-python-4.4.2.3-9.el5_3.3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: rpm-4.4.2.3-22.el5_6.3.src.rpm i386: popt-1.10.2.3-22.el5_6.3.i386.rpm rpm-4.4.2.3-22.el5_6.3.i386.rpm rpm-apidocs-4.4.2.3-22.el5_6.3.i386.rpm rpm-build-4.4.2.3-22.el5_6.3.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.i386.rpm rpm-devel-4.4.2.3-22.el5_6.3.i386.rpm rpm-libs-4.4.2.3-22.el5_6.3.i386.rpm rpm-python-4.4.2.3-22.el5_6.3.i386.rpm ia64: popt-1.10.2.3-22.el5_6.3.ia64.rpm rpm-4.4.2.3-22.el5_6.3.ia64.rpm rpm-apidocs-4.4.2.3-22.el5_6.3.ia64.rpm rpm-build-4.4.2.3-22.el5_6.3.ia64.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.ia64.rpm rpm-devel-4.4.2.3-22.el5_6.3.ia64.rpm rpm-libs-4.4.2.3-22.el5_6.3.ia64.rpm rpm-python-4.4.2.3-22.el5_6.3.ia64.rpm ppc: popt-1.10.2.3-22.el5_6.3.ppc.rpm popt-1.10.2.3-22.el5_6.3.ppc64.rpm rpm-4.4.2.3-22.el5_6.3.ppc.rpm rpm-apidocs-4.4.2.3-22.el5_6.3.ppc.rpm rpm-build-4.4.2.3-22.el5_6.3.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.ppc.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.ppc64.rpm rpm-devel-4.4.2.3-22.el5_6.3.ppc.rpm rpm-devel-4.4.2.3-22.el5_6.3.ppc64.rpm rpm-libs-4.4.2.3-22.el5_6.3.ppc.rpm rpm-libs-4.4.2.3-22.el5_6.3.ppc64.rpm rpm-python-4.4.2.3-22.el5_6.3.ppc.rpm s390x: popt-1.10.2.3-22.el5_6.3.s390.rpm popt-1.10.2.3-22.el5_6.3.s390x.rpm rpm-4.4.2.3-22.el5_6.3.s390x.rpm rpm-apidocs-4.4.2.3-22.el5_6.3.s390x.rpm rpm-build-4.4.2.3-22.el5_6.3.s390x.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.s390.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.s390x.rpm rpm-devel-4.4.2.3-22.el5_6.3.s390.rpm rpm-devel-4.4.2.3-22.el5_6.3.s390x.rpm rpm-libs-4.4.2.3-22.el5_6.3.s390.rpm rpm-libs-4.4.2.3-22.el5_6.3.s390x.rpm rpm-python-4.4.2.3-22.el5_6.3.s390x.rpm x86_64: popt-1.10.2.3-22.el5_6.3.i386.rpm popt-1.10.2.3-22.el5_6.3.x86_64.rpm rpm-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-apidocs-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-build-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.i386.rpm rpm-debuginfo-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-devel-4.4.2.3-22.el5_6.3.i386.rpm rpm-devel-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-libs-4.4.2.3-22.el5_6.3.i386.rpm rpm-libs-4.4.2.3-22.el5_6.3.x86_64.rpm rpm-python-4.4.2.3-22.el5_6.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rpm-4.4.2.3-28.el5_8.src.rpm i386: popt-1.10.2.3-28.el5_8.i386.rpm rpm-4.4.2.3-28.el5_8.i386.rpm rpm-apidocs-4.4.2.3-28.el5_8.i386.rpm rpm-build-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-devel-4.4.2.3-28.el5_8.i386.rpm rpm-libs-4.4.2.3-28.el5_8.i386.rpm rpm-python-4.4.2.3-28.el5_8.i386.rpm ia64: popt-1.10.2.3-28.el5_8.ia64.rpm rpm-4.4.2.3-28.el5_8.ia64.rpm rpm-apidocs-4.4.2.3-28.el5_8.ia64.rpm rpm-build-4.4.2.3-28.el5_8.ia64.rpm rpm-debuginfo-4.4.2.3-28.el5_8.ia64.rpm rpm-devel-4.4.2.3-28.el5_8.ia64.rpm rpm-libs-4.4.2.3-28.el5_8.ia64.rpm rpm-python-4.4.2.3-28.el5_8.ia64.rpm ppc: popt-1.10.2.3-28.el5_8.ppc.rpm popt-1.10.2.3-28.el5_8.ppc64.rpm rpm-4.4.2.3-28.el5_8.ppc.rpm rpm-apidocs-4.4.2.3-28.el5_8.ppc.rpm rpm-build-4.4.2.3-28.el5_8.ppc.rpm rpm-debuginfo-4.4.2.3-28.el5_8.ppc.rpm rpm-debuginfo-4.4.2.3-28.el5_8.ppc64.rpm rpm-devel-4.4.2.3-28.el5_8.ppc.rpm rpm-devel-4.4.2.3-28.el5_8.ppc64.rpm rpm-libs-4.4.2.3-28.el5_8.ppc.rpm rpm-libs-4.4.2.3-28.el5_8.ppc64.rpm rpm-python-4.4.2.3-28.el5_8.ppc.rpm s390x: popt-1.10.2.3-28.el5_8.s390.rpm popt-1.10.2.3-28.el5_8.s390x.rpm rpm-4.4.2.3-28.el5_8.s390x.rpm rpm-apidocs-4.4.2.3-28.el5_8.s390x.rpm rpm-build-4.4.2.3-28.el5_8.s390x.rpm rpm-debuginfo-4.4.2.3-28.el5_8.s390.rpm rpm-debuginfo-4.4.2.3-28.el5_8.s390x.rpm rpm-devel-4.4.2.3-28.el5_8.s390.rpm rpm-devel-4.4.2.3-28.el5_8.s390x.rpm rpm-libs-4.4.2.3-28.el5_8.s390.rpm rpm-libs-4.4.2.3-28.el5_8.s390x.rpm rpm-python-4.4.2.3-28.el5_8.s390x.rpm x86_64: popt-1.10.2.3-28.el5_8.i386.rpm popt-1.10.2.3-28.el5_8.x86_64.rpm rpm-4.4.2.3-28.el5_8.x86_64.rpm rpm-apidocs-4.4.2.3-28.el5_8.x86_64.rpm rpm-build-4.4.2.3-28.el5_8.x86_64.rpm rpm-debuginfo-4.4.2.3-28.el5_8.i386.rpm rpm-debuginfo-4.4.2.3-28.el5_8.x86_64.rpm rpm-devel-4.4.2.3-28.el5_8.i386.rpm rpm-devel-4.4.2.3-28.el5_8.x86_64.rpm rpm-libs-4.4.2.3-28.el5_8.i386.rpm rpm-libs-4.4.2.3-28.el5_8.x86_64.rpm rpm-python-4.4.2.3-28.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm i386: rpm-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-python-4.8.0-19.el6_2.1.i686.rpm x86_64: rpm-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm rpm-python-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm i386: rpm-build-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm noarch: rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm rpm-cron-4.8.0-19.el6_2.1.noarch.rpm x86_64: rpm-build-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm x86_64: rpm-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm rpm-python-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm noarch: rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm rpm-cron-4.8.0-19.el6_2.1.noarch.rpm x86_64: rpm-build-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.0): Source: rpm-4.8.0-12.el6_0.2.src.rpm i386: rpm-4.8.0-12.el6_0.2.i686.rpm rpm-build-4.8.0-12.el6_0.2.i686.rpm rpm-debuginfo-4.8.0-12.el6_0.2.i686.rpm rpm-devel-4.8.0-12.el6_0.2.i686.rpm rpm-libs-4.8.0-12.el6_0.2.i686.rpm rpm-python-4.8.0-12.el6_0.2.i686.rpm ppc64: rpm-4.8.0-12.el6_0.2.ppc64.rpm rpm-build-4.8.0-12.el6_0.2.ppc64.rpm rpm-debuginfo-4.8.0-12.el6_0.2.ppc.rpm rpm-debuginfo-4.8.0-12.el6_0.2.ppc64.rpm rpm-devel-4.8.0-12.el6_0.2.ppc.rpm rpm-devel-4.8.0-12.el6_0.2.ppc64.rpm rpm-libs-4.8.0-12.el6_0.2.ppc.rpm rpm-libs-4.8.0-12.el6_0.2.ppc64.rpm rpm-python-4.8.0-12.el6_0.2.ppc64.rpm s390x: rpm-4.8.0-12.el6_0.2.s390x.rpm rpm-build-4.8.0-12.el6_0.2.s390x.rpm rpm-debuginfo-4.8.0-12.el6_0.2.s390.rpm rpm-debuginfo-4.8.0-12.el6_0.2.s390x.rpm rpm-devel-4.8.0-12.el6_0.2.s390.rpm rpm-devel-4.8.0-12.el6_0.2.s390x.rpm rpm-libs-4.8.0-12.el6_0.2.s390.rpm rpm-libs-4.8.0-12.el6_0.2.s390x.rpm rpm-python-4.8.0-12.el6_0.2.s390x.rpm x86_64: rpm-4.8.0-12.el6_0.2.x86_64.rpm rpm-build-4.8.0-12.el6_0.2.x86_64.rpm rpm-debuginfo-4.8.0-12.el6_0.2.i686.rpm rpm-debuginfo-4.8.0-12.el6_0.2.x86_64.rpm rpm-devel-4.8.0-12.el6_0.2.i686.rpm rpm-devel-4.8.0-12.el6_0.2.x86_64.rpm rpm-libs-4.8.0-12.el6_0.2.i686.rpm rpm-libs-4.8.0-12.el6_0.2.x86_64.rpm rpm-python-4.8.0-12.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.1): Source: rpm-4.8.0-16.el6_1.2.src.rpm i386: rpm-4.8.0-16.el6_1.2.i686.rpm rpm-build-4.8.0-16.el6_1.2.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.2.i686.rpm rpm-devel-4.8.0-16.el6_1.2.i686.rpm rpm-libs-4.8.0-16.el6_1.2.i686.rpm rpm-python-4.8.0-16.el6_1.2.i686.rpm ppc64: rpm-4.8.0-16.el6_1.2.ppc64.rpm rpm-build-4.8.0-16.el6_1.2.ppc64.rpm rpm-debuginfo-4.8.0-16.el6_1.2.ppc.rpm rpm-debuginfo-4.8.0-16.el6_1.2.ppc64.rpm rpm-devel-4.8.0-16.el6_1.2.ppc.rpm rpm-devel-4.8.0-16.el6_1.2.ppc64.rpm rpm-libs-4.8.0-16.el6_1.2.ppc.rpm rpm-libs-4.8.0-16.el6_1.2.ppc64.rpm rpm-python-4.8.0-16.el6_1.2.ppc64.rpm s390x: rpm-4.8.0-16.el6_1.2.s390x.rpm rpm-build-4.8.0-16.el6_1.2.s390x.rpm rpm-debuginfo-4.8.0-16.el6_1.2.s390.rpm rpm-debuginfo-4.8.0-16.el6_1.2.s390x.rpm rpm-devel-4.8.0-16.el6_1.2.s390.rpm rpm-devel-4.8.0-16.el6_1.2.s390x.rpm rpm-libs-4.8.0-16.el6_1.2.s390.rpm rpm-libs-4.8.0-16.el6_1.2.s390x.rpm rpm-python-4.8.0-16.el6_1.2.s390x.rpm x86_64: rpm-4.8.0-16.el6_1.2.x86_64.rpm rpm-build-4.8.0-16.el6_1.2.x86_64.rpm rpm-debuginfo-4.8.0-16.el6_1.2.i686.rpm rpm-debuginfo-4.8.0-16.el6_1.2.x86_64.rpm rpm-devel-4.8.0-16.el6_1.2.i686.rpm rpm-devel-4.8.0-16.el6_1.2.x86_64.rpm rpm-libs-4.8.0-16.el6_1.2.i686.rpm rpm-libs-4.8.0-16.el6_1.2.x86_64.rpm rpm-python-4.8.0-16.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm i386: rpm-4.8.0-19.el6_2.1.i686.rpm rpm-build-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-python-4.8.0-19.el6_2.1.i686.rpm ppc64: rpm-4.8.0-19.el6_2.1.ppc64.rpm rpm-build-4.8.0-19.el6_2.1.ppc64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.ppc.rpm rpm-debuginfo-4.8.0-19.el6_2.1.ppc64.rpm rpm-devel-4.8.0-19.el6_2.1.ppc.rpm rpm-devel-4.8.0-19.el6_2.1.ppc64.rpm rpm-libs-4.8.0-19.el6_2.1.ppc.rpm rpm-libs-4.8.0-19.el6_2.1.ppc64.rpm rpm-python-4.8.0-19.el6_2.1.ppc64.rpm s390x: rpm-4.8.0-19.el6_2.1.s390x.rpm rpm-build-4.8.0-19.el6_2.1.s390x.rpm rpm-debuginfo-4.8.0-19.el6_2.1.s390.rpm rpm-debuginfo-4.8.0-19.el6_2.1.s390x.rpm rpm-devel-4.8.0-19.el6_2.1.s390.rpm rpm-devel-4.8.0-19.el6_2.1.s390x.rpm rpm-libs-4.8.0-19.el6_2.1.s390.rpm rpm-libs-4.8.0-19.el6_2.1.s390x.rpm rpm-python-4.8.0-19.el6_2.1.s390x.rpm x86_64: rpm-4.8.0-19.el6_2.1.x86_64.rpm rpm-build-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm rpm-python-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6.0.z): Source: rpm-4.8.0-12.el6_0.2.src.rpm noarch: rpm-apidocs-4.8.0-12.el6_0.2.noarch.rpm rpm-cron-4.8.0-12.el6_0.2.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: rpm-4.8.0-16.el6_1.2.src.rpm noarch: rpm-apidocs-4.8.0-16.el6_1.2.noarch.rpm rpm-cron-4.8.0-16.el6_1.2.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm noarch: rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm rpm-cron-4.8.0-19.el6_2.1.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm i386: rpm-4.8.0-19.el6_2.1.i686.rpm rpm-build-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-python-4.8.0-19.el6_2.1.i686.rpm x86_64: rpm-4.8.0-19.el6_2.1.x86_64.rpm rpm-build-4.8.0-19.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-19.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-19.el6_2.1.x86_64.rpm rpm-devel-4.8.0-19.el6_2.1.i686.rpm rpm-devel-4.8.0-19.el6_2.1.x86_64.rpm rpm-libs-4.8.0-19.el6_2.1.i686.rpm rpm-libs-4.8.0-19.el6_2.1.x86_64.rpm rpm-python-4.8.0-19.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rpm-4.8.0-19.el6_2.1.src.rpm noarch: rpm-apidocs-4.8.0-19.el6_2.1.noarch.rpm rpm-cron-4.8.0-19.el6_2.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0060.html https://www.redhat.com/security/data/cve/CVE-2012-0061.html https://www.redhat.com/security/data/cve/CVE-2012-0815.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPez0KXlSAg2UNWIIRAuIKAKClA+J6ZHa/bPG0bqQuaFH7Z7xDoQCffZWd nkYrgZtcNIItPwGSFzllQTc= =8gnW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 10 21:16:26 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2012 21:16:26 +0000 Subject: [RHSA-2012:0465-01] Critical: samba security update Message-ID: <201204102116.q3ALGSRB021531@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2012:0465-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0465.html Issue date: 2012-04-10 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6.0.z) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-3.0.33-3.39.el5_8.i386.rpm samba-3.0.33-3.39.el5_8.i386.rpm samba-client-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-swat-3.0.33-3.39.el5_8.i386.rpm x86_64: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm samba-3.0.33-3.39.el5_8.x86_64.rpm samba-client-3.0.33-3.39.el5_8.x86_64.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm samba-swat-3.0.33-3.39.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm x86_64: libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: samba-3.0.33-3.7.el5_3.5.src.rpm i386: samba-3.0.33-3.7.el5_3.5.i386.rpm samba-client-3.0.33-3.7.el5_3.5.i386.rpm samba-common-3.0.33-3.7.el5_3.5.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm samba-swat-3.0.33-3.7.el5_3.5.i386.rpm ia64: samba-3.0.33-3.7.el5_3.5.ia64.rpm samba-client-3.0.33-3.7.el5_3.5.ia64.rpm samba-common-3.0.33-3.7.el5_3.5.ia64.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.ia64.rpm samba-swat-3.0.33-3.7.el5_3.5.ia64.rpm x86_64: samba-3.0.33-3.7.el5_3.5.x86_64.rpm samba-client-3.0.33-3.7.el5_3.5.x86_64.rpm samba-common-3.0.33-3.7.el5_3.5.i386.rpm samba-common-3.0.33-3.7.el5_3.5.x86_64.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.x86_64.rpm samba-swat-3.0.33-3.7.el5_3.5.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: samba-3.0.33-3.29.el5_6.5.src.rpm i386: libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm samba-3.0.33-3.29.el5_6.5.i386.rpm samba-client-3.0.33-3.29.el5_6.5.i386.rpm samba-common-3.0.33-3.29.el5_6.5.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm samba-swat-3.0.33-3.29.el5_6.5.i386.rpm ia64: libsmbclient-3.0.33-3.29.el5_6.5.ia64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ia64.rpm samba-3.0.33-3.29.el5_6.5.ia64.rpm samba-client-3.0.33-3.29.el5_6.5.ia64.rpm samba-common-3.0.33-3.29.el5_6.5.ia64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ia64.rpm samba-swat-3.0.33-3.29.el5_6.5.ia64.rpm ppc: libsmbclient-3.0.33-3.29.el5_6.5.ppc.rpm libsmbclient-3.0.33-3.29.el5_6.5.ppc64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc64.rpm samba-3.0.33-3.29.el5_6.5.ppc.rpm samba-client-3.0.33-3.29.el5_6.5.ppc.rpm samba-common-3.0.33-3.29.el5_6.5.ppc.rpm samba-common-3.0.33-3.29.el5_6.5.ppc64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ppc.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ppc64.rpm samba-swat-3.0.33-3.29.el5_6.5.ppc.rpm s390x: libsmbclient-3.0.33-3.29.el5_6.5.s390.rpm libsmbclient-3.0.33-3.29.el5_6.5.s390x.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.s390.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.s390x.rpm samba-3.0.33-3.29.el5_6.5.s390x.rpm samba-client-3.0.33-3.29.el5_6.5.s390x.rpm samba-common-3.0.33-3.29.el5_6.5.s390.rpm samba-common-3.0.33-3.29.el5_6.5.s390x.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.s390.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.s390x.rpm samba-swat-3.0.33-3.29.el5_6.5.s390x.rpm x86_64: libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-3.0.33-3.29.el5_6.5.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.x86_64.rpm samba-3.0.33-3.29.el5_6.5.x86_64.rpm samba-client-3.0.33-3.29.el5_6.5.x86_64.rpm samba-common-3.0.33-3.29.el5_6.5.i386.rpm samba-common-3.0.33-3.29.el5_6.5.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.x86_64.rpm samba-swat-3.0.33-3.29.el5_6.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm samba-3.0.33-3.39.el5_8.i386.rpm samba-client-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-swat-3.0.33-3.39.el5_8.i386.rpm ia64: libsmbclient-3.0.33-3.39.el5_8.ia64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ia64.rpm samba-3.0.33-3.39.el5_8.ia64.rpm samba-client-3.0.33-3.39.el5_8.ia64.rpm samba-common-3.0.33-3.39.el5_8.ia64.rpm samba-debuginfo-3.0.33-3.39.el5_8.ia64.rpm samba-swat-3.0.33-3.39.el5_8.ia64.rpm ppc: libsmbclient-3.0.33-3.39.el5_8.ppc.rpm libsmbclient-3.0.33-3.39.el5_8.ppc64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ppc.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ppc64.rpm samba-3.0.33-3.39.el5_8.ppc.rpm samba-client-3.0.33-3.39.el5_8.ppc.rpm samba-common-3.0.33-3.39.el5_8.ppc.rpm samba-common-3.0.33-3.39.el5_8.ppc64.rpm samba-debuginfo-3.0.33-3.39.el5_8.ppc.rpm samba-debuginfo-3.0.33-3.39.el5_8.ppc64.rpm samba-swat-3.0.33-3.39.el5_8.ppc.rpm s390x: libsmbclient-3.0.33-3.39.el5_8.s390.rpm libsmbclient-3.0.33-3.39.el5_8.s390x.rpm libsmbclient-devel-3.0.33-3.39.el5_8.s390.rpm libsmbclient-devel-3.0.33-3.39.el5_8.s390x.rpm samba-3.0.33-3.39.el5_8.s390x.rpm samba-client-3.0.33-3.39.el5_8.s390x.rpm samba-common-3.0.33-3.39.el5_8.s390.rpm samba-common-3.0.33-3.39.el5_8.s390x.rpm samba-debuginfo-3.0.33-3.39.el5_8.s390.rpm samba-debuginfo-3.0.33-3.39.el5_8.s390x.rpm samba-swat-3.0.33-3.39.el5_8.s390x.rpm x86_64: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm samba-3.0.33-3.39.el5_8.x86_64.rpm samba-client-3.0.33-3.39.el5_8.x86_64.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm samba-swat-3.0.33-3.39.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm x86_64: samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.0): Source: samba-3.5.4-68.el6_0.3.src.rpm i386: libsmbclient-3.5.4-68.el6_0.3.i686.rpm samba-3.5.4-68.el6_0.3.i686.rpm samba-client-3.5.4-68.el6_0.3.i686.rpm samba-common-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-winbind-3.5.4-68.el6_0.3.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm ppc64: libsmbclient-3.5.4-68.el6_0.3.ppc.rpm libsmbclient-3.5.4-68.el6_0.3.ppc64.rpm samba-3.5.4-68.el6_0.3.ppc64.rpm samba-client-3.5.4-68.el6_0.3.ppc64.rpm samba-common-3.5.4-68.el6_0.3.ppc.rpm samba-common-3.5.4-68.el6_0.3.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-clients-3.5.4-68.el6_0.3.ppc.rpm samba-winbind-clients-3.5.4-68.el6_0.3.ppc64.rpm s390x: libsmbclient-3.5.4-68.el6_0.3.s390.rpm libsmbclient-3.5.4-68.el6_0.3.s390x.rpm samba-3.5.4-68.el6_0.3.s390x.rpm samba-client-3.5.4-68.el6_0.3.s390x.rpm samba-common-3.5.4-68.el6_0.3.s390.rpm samba-common-3.5.4-68.el6_0.3.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-clients-3.5.4-68.el6_0.3.s390.rpm samba-winbind-clients-3.5.4-68.el6_0.3.s390x.rpm x86_64: libsmbclient-3.5.4-68.el6_0.3.i686.rpm libsmbclient-3.5.4-68.el6_0.3.x86_64.rpm samba-3.5.4-68.el6_0.3.x86_64.rpm samba-client-3.5.4-68.el6_0.3.x86_64.rpm samba-common-3.5.4-68.el6_0.3.i686.rpm samba-common-3.5.4-68.el6_0.3.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.1): Source: samba-3.5.6-86.el6_1.5.src.rpm i386: libsmbclient-3.5.6-86.el6_1.5.i686.rpm samba-3.5.6-86.el6_1.5.i686.rpm samba-client-3.5.6-86.el6_1.5.i686.rpm samba-common-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-winbind-3.5.6-86.el6_1.5.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm ppc64: libsmbclient-3.5.6-86.el6_1.5.ppc.rpm libsmbclient-3.5.6-86.el6_1.5.ppc64.rpm samba-3.5.6-86.el6_1.5.ppc64.rpm samba-client-3.5.6-86.el6_1.5.ppc64.rpm samba-common-3.5.6-86.el6_1.5.ppc.rpm samba-common-3.5.6-86.el6_1.5.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-clients-3.5.6-86.el6_1.5.ppc.rpm samba-winbind-clients-3.5.6-86.el6_1.5.ppc64.rpm s390x: libsmbclient-3.5.6-86.el6_1.5.s390.rpm libsmbclient-3.5.6-86.el6_1.5.s390x.rpm samba-3.5.6-86.el6_1.5.s390x.rpm samba-client-3.5.6-86.el6_1.5.s390x.rpm samba-common-3.5.6-86.el6_1.5.s390.rpm samba-common-3.5.6-86.el6_1.5.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-clients-3.5.6-86.el6_1.5.s390.rpm samba-winbind-clients-3.5.6-86.el6_1.5.s390x.rpm x86_64: libsmbclient-3.5.6-86.el6_1.5.i686.rpm libsmbclient-3.5.6-86.el6_1.5.x86_64.rpm samba-3.5.6-86.el6_1.5.x86_64.rpm samba-client-3.5.6-86.el6_1.5.x86_64.rpm samba-common-3.5.6-86.el6_1.5.i686.rpm samba-common-3.5.6-86.el6_1.5.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm ppc64: libsmbclient-3.5.10-115.el6_2.ppc.rpm libsmbclient-3.5.10-115.el6_2.ppc64.rpm samba-3.5.10-115.el6_2.ppc64.rpm samba-client-3.5.10-115.el6_2.ppc64.rpm samba-common-3.5.10-115.el6_2.ppc.rpm samba-common-3.5.10-115.el6_2.ppc64.rpm samba-debuginfo-3.5.10-115.el6_2.ppc.rpm samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm samba-winbind-3.5.10-115.el6_2.ppc64.rpm samba-winbind-clients-3.5.10-115.el6_2.ppc.rpm samba-winbind-clients-3.5.10-115.el6_2.ppc64.rpm s390x: libsmbclient-3.5.10-115.el6_2.s390.rpm libsmbclient-3.5.10-115.el6_2.s390x.rpm samba-3.5.10-115.el6_2.s390x.rpm samba-client-3.5.10-115.el6_2.s390x.rpm samba-common-3.5.10-115.el6_2.s390.rpm samba-common-3.5.10-115.el6_2.s390x.rpm samba-debuginfo-3.5.10-115.el6_2.s390.rpm samba-debuginfo-3.5.10-115.el6_2.s390x.rpm samba-winbind-3.5.10-115.el6_2.s390x.rpm samba-winbind-clients-3.5.10-115.el6_2.s390.rpm samba-winbind-clients-3.5.10-115.el6_2.s390x.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6.0.z): Source: samba-3.5.4-68.el6_0.3.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-doc-3.5.4-68.el6_0.3.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.i686.rpm samba-swat-3.5.4-68.el6_0.3.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm ppc64: libsmbclient-devel-3.5.4-68.el6_0.3.ppc.rpm libsmbclient-devel-3.5.4-68.el6_0.3.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm samba-doc-3.5.4-68.el6_0.3.ppc64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.ppc64.rpm samba-swat-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-devel-3.5.4-68.el6_0.3.ppc.rpm samba-winbind-devel-3.5.4-68.el6_0.3.ppc64.rpm s390x: libsmbclient-devel-3.5.4-68.el6_0.3.s390.rpm libsmbclient-devel-3.5.4-68.el6_0.3.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm samba-doc-3.5.4-68.el6_0.3.s390x.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.s390x.rpm samba-swat-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-devel-3.5.4-68.el6_0.3.s390.rpm samba-winbind-devel-3.5.4-68.el6_0.3.s390x.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.3.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm samba-doc-3.5.4-68.el6_0.3.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.x86_64.rpm samba-swat-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: samba-3.5.6-86.el6_1.5.src.rpm i386: libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-doc-3.5.6-86.el6_1.5.i686.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.i686.rpm samba-swat-3.5.6-86.el6_1.5.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.i686.rpm ppc64: libsmbclient-devel-3.5.6-86.el6_1.5.ppc.rpm libsmbclient-devel-3.5.6-86.el6_1.5.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm samba-doc-3.5.6-86.el6_1.5.ppc64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.ppc64.rpm samba-swat-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-devel-3.5.6-86.el6_1.5.ppc.rpm samba-winbind-devel-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.ppc64.rpm s390x: libsmbclient-devel-3.5.6-86.el6_1.5.s390.rpm libsmbclient-devel-3.5.6-86.el6_1.5.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm samba-doc-3.5.6-86.el6_1.5.s390x.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.s390x.rpm samba-swat-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-devel-3.5.6-86.el6_1.5.s390.rpm samba-winbind-devel-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.s390x.rpm x86_64: libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.5.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm samba-doc-3.5.6-86.el6_1.5.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.x86_64.rpm samba-swat-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm ppc64: libsmbclient-devel-3.5.10-115.el6_2.ppc.rpm libsmbclient-devel-3.5.10-115.el6_2.ppc64.rpm samba-debuginfo-3.5.10-115.el6_2.ppc.rpm samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm samba-doc-3.5.10-115.el6_2.ppc64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.ppc64.rpm samba-swat-3.5.10-115.el6_2.ppc64.rpm samba-winbind-devel-3.5.10-115.el6_2.ppc.rpm samba-winbind-devel-3.5.10-115.el6_2.ppc64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.ppc64.rpm s390x: libsmbclient-devel-3.5.10-115.el6_2.s390.rpm libsmbclient-devel-3.5.10-115.el6_2.s390x.rpm samba-debuginfo-3.5.10-115.el6_2.s390.rpm samba-debuginfo-3.5.10-115.el6_2.s390x.rpm samba-doc-3.5.10-115.el6_2.s390x.rpm samba-domainjoin-gui-3.5.10-115.el6_2.s390x.rpm samba-swat-3.5.10-115.el6_2.s390x.rpm samba-winbind-devel-3.5.10-115.el6_2.s390.rpm samba-winbind-devel-3.5.10-115.el6_2.s390x.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.s390x.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKMWXlSAg2UNWIIRAk8XAKCPxrS7IDoIlqr0tNZZiZEE3bCLIwCfZ0DY qQZ8Iim8i5o7EbExdP7Kkjc= =Q/7p -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 10 21:17:29 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2012 21:17:29 +0000 Subject: [RHSA-2012:0466-01] Critical: samba3x security update Message-ID: <201204102117.q3ALHUiu021767@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba3x security update Advisory ID: RHSA-2012:0466-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0466.html Issue date: 2012-04-10 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.10-0.108.el5_8.src.rpm i386: samba3x-3.5.10-0.108.el5_8.i386.rpm samba3x-client-3.5.10-0.108.el5_8.i386.rpm samba3x-common-3.5.10-0.108.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-doc-3.5.10-0.108.el5_8.i386.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.i386.rpm samba3x-swat-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-3.5.10-0.108.el5_8.i386.rpm x86_64: samba3x-3.5.10-0.108.el5_8.x86_64.rpm samba3x-client-3.5.10-0.108.el5_8.x86_64.rpm samba3x-common-3.5.10-0.108.el5_8.x86_64.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.x86_64.rpm samba3x-doc-3.5.10-0.108.el5_8.x86_64.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.x86_64.rpm samba3x-swat-3.5.10-0.108.el5_8.x86_64.rpm samba3x-winbind-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-3.5.10-0.108.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.10-0.108.el5_8.src.rpm i386: samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.i386.rpm x86_64: samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.x86_64.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: samba3x-3.5.4-0.70.el5_6.2.src.rpm i386: samba3x-3.5.4-0.70.el5_6.2.i386.rpm samba3x-client-3.5.4-0.70.el5_6.2.i386.rpm samba3x-common-3.5.4-0.70.el5_6.2.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.i386.rpm samba3x-doc-3.5.4-0.70.el5_6.2.i386.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2.i386.rpm samba3x-swat-3.5.4-0.70.el5_6.2.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.i386.rpm ia64: samba3x-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-client-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-common-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-doc-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-swat-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.ia64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.ia64.rpm ppc: samba3x-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-client-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-common-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.ppc64.rpm samba3x-doc-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-swat-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.ppc64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.ppc.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.ppc64.rpm s390x: samba3x-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-client-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-common-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.s390.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-doc-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-swat-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.s390.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.s390x.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.s390.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.s390x.rpm x86_64: samba3x-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-client-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-common-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.i386.rpm samba3x-debuginfo-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-doc-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-swat-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.i386.rpm samba3x-winbind-3.5.4-0.70.el5_6.2.x86_64.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.i386.rpm samba3x-winbind-devel-3.5.4-0.70.el5_6.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.10-0.108.el5_8.src.rpm i386: samba3x-3.5.10-0.108.el5_8.i386.rpm samba3x-client-3.5.10-0.108.el5_8.i386.rpm samba3x-common-3.5.10-0.108.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-doc-3.5.10-0.108.el5_8.i386.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.i386.rpm samba3x-swat-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.i386.rpm ia64: samba3x-3.5.10-0.108.el5_8.ia64.rpm samba3x-client-3.5.10-0.108.el5_8.ia64.rpm samba3x-common-3.5.10-0.108.el5_8.ia64.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.ia64.rpm samba3x-doc-3.5.10-0.108.el5_8.ia64.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.ia64.rpm samba3x-swat-3.5.10-0.108.el5_8.ia64.rpm samba3x-winbind-3.5.10-0.108.el5_8.ia64.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.ia64.rpm ppc: samba3x-3.5.10-0.108.el5_8.ppc.rpm samba3x-client-3.5.10-0.108.el5_8.ppc.rpm samba3x-common-3.5.10-0.108.el5_8.ppc.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.ppc.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.ppc64.rpm samba3x-doc-3.5.10-0.108.el5_8.ppc.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.ppc.rpm samba3x-swat-3.5.10-0.108.el5_8.ppc.rpm samba3x-winbind-3.5.10-0.108.el5_8.ppc.rpm samba3x-winbind-3.5.10-0.108.el5_8.ppc64.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.ppc.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.ppc64.rpm s390x: samba3x-3.5.10-0.108.el5_8.s390x.rpm samba3x-client-3.5.10-0.108.el5_8.s390x.rpm samba3x-common-3.5.10-0.108.el5_8.s390x.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.s390.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.s390x.rpm samba3x-doc-3.5.10-0.108.el5_8.s390x.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.s390x.rpm samba3x-swat-3.5.10-0.108.el5_8.s390x.rpm samba3x-winbind-3.5.10-0.108.el5_8.s390.rpm samba3x-winbind-3.5.10-0.108.el5_8.s390x.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.s390.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.s390x.rpm x86_64: samba3x-3.5.10-0.108.el5_8.x86_64.rpm samba3x-client-3.5.10-0.108.el5_8.x86_64.rpm samba3x-common-3.5.10-0.108.el5_8.x86_64.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.108.el5_8.x86_64.rpm samba3x-doc-3.5.10-0.108.el5_8.x86_64.rpm samba3x-domainjoin-gui-3.5.10-0.108.el5_8.x86_64.rpm samba3x-swat-3.5.10-0.108.el5_8.x86_64.rpm samba3x-winbind-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-3.5.10-0.108.el5_8.x86_64.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.108.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKNYXlSAg2UNWIIRAt9sAJ9Zi2fyXGT3hEgX4F4ZeISZkkAvwACeKcdL nyh/y/kvtJih41lqa/2hh2Y= =KzZJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 10 21:19:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2012 21:19:01 +0000 Subject: [RHSA-2012:0467-01] Important: freetype security update Message-ID: <201204102119.q3ALJ2bh008731@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2012:0467-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0467.html Issue date: 2012-04-10 CVE Names: CVE-2012-1126 CVE-2012-1127 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1134 CVE-2012-1136 CVE-2012-1137 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 ===================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font (TTF), Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142, CVE-2012-1144) Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. (CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143) Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 800581 - CVE-2012-1126 freetype: heap buffer over-read in BDF parsing _bdf_is_atom() (#35597, #35598) 800583 - CVE-2012-1127 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#35599, #35600) 800587 - CVE-2012-1130 freetype: heap buffer over-read in PCF parser pcf_get_properties() (#35603) 800589 - CVE-2012-1131 freetype: incorrect type cast allowing input sanity check bypass in ft_smooth_render_generic() (#35604) 800590 - CVE-2012-1132 freetype: heap buffer over-read in Type1 parser parse_subrs() (#35606) 800592 - CVE-2012-1134 freetype: limited heap buffer overflow in Type1 parser T1_Get_Private_Dict() (#35608) 800594 - CVE-2012-1136 freetype: uninitialized pointer use in BDF parser _bdf_parse_glyphs() (#35641) 800595 - CVE-2012-1137 freetype: heap buffer off-by-one in BDF parsing _bdf_list_ensure() (#35643) 800598 - CVE-2012-1139 freetype: data buffer underflow in BDF parser _bdf_parse_glyphs() (#35656) 800600 - CVE-2012-1140 freetype: multiple buffer over-read in PS parser conversion functions (#35657) 800602 - CVE-2012-1141 freetype: BDF parser _bdf_list_split() fails to properly initialize field array (#35658) 800604 - CVE-2012-1142 freetype: incorrect computation of number of glyphs in FNT_Face_Init() for FNT/FON files (#35659) 800606 - CVE-2012-1143 freetype: integer divide by zero in FT_DivFix() (#35660) 800607 - CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-31.el5_8.1.src.rpm i386: freetype-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm x86_64: freetype-2.2.1-31.el5_8.1.i386.rpm freetype-2.2.1-31.el5_8.1.x86_64.rpm freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-31.el5_8.1.src.rpm i386: freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-demos-2.2.1-31.el5_8.1.i386.rpm freetype-devel-2.2.1-31.el5_8.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.x86_64.rpm freetype-demos-2.2.1-31.el5_8.1.x86_64.rpm freetype-devel-2.2.1-31.el5_8.1.i386.rpm freetype-devel-2.2.1-31.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-31.el5_8.1.src.rpm i386: freetype-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-demos-2.2.1-31.el5_8.1.i386.rpm freetype-devel-2.2.1-31.el5_8.1.i386.rpm ia64: freetype-2.2.1-31.el5_8.1.i386.rpm freetype-2.2.1-31.el5_8.1.ia64.rpm freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.ia64.rpm freetype-demos-2.2.1-31.el5_8.1.ia64.rpm freetype-devel-2.2.1-31.el5_8.1.ia64.rpm ppc: freetype-2.2.1-31.el5_8.1.ppc.rpm freetype-2.2.1-31.el5_8.1.ppc64.rpm freetype-debuginfo-2.2.1-31.el5_8.1.ppc.rpm freetype-debuginfo-2.2.1-31.el5_8.1.ppc64.rpm freetype-demos-2.2.1-31.el5_8.1.ppc.rpm freetype-devel-2.2.1-31.el5_8.1.ppc.rpm freetype-devel-2.2.1-31.el5_8.1.ppc64.rpm s390x: freetype-2.2.1-31.el5_8.1.s390.rpm freetype-2.2.1-31.el5_8.1.s390x.rpm freetype-debuginfo-2.2.1-31.el5_8.1.s390.rpm freetype-debuginfo-2.2.1-31.el5_8.1.s390x.rpm freetype-demos-2.2.1-31.el5_8.1.s390x.rpm freetype-devel-2.2.1-31.el5_8.1.s390.rpm freetype-devel-2.2.1-31.el5_8.1.s390x.rpm x86_64: freetype-2.2.1-31.el5_8.1.i386.rpm freetype-2.2.1-31.el5_8.1.x86_64.rpm freetype-debuginfo-2.2.1-31.el5_8.1.i386.rpm freetype-debuginfo-2.2.1-31.el5_8.1.x86_64.rpm freetype-demos-2.2.1-31.el5_8.1.x86_64.rpm freetype-devel-2.2.1-31.el5_8.1.i386.rpm freetype-devel-2.2.1-31.el5_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm x86_64: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-2.3.11-6.el6_2.9.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-demos-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-demos-2.3.11-6.el6_2.9.x86_64.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm x86_64: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-2.3.11-6.el6_2.9.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-demos-2.3.11-6.el6_2.9.x86_64.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm ppc64: freetype-2.3.11-6.el6_2.9.ppc.rpm freetype-2.3.11-6.el6_2.9.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_2.9.ppc.rpm freetype-debuginfo-2.3.11-6.el6_2.9.ppc64.rpm freetype-devel-2.3.11-6.el6_2.9.ppc.rpm freetype-devel-2.3.11-6.el6_2.9.ppc64.rpm s390x: freetype-2.3.11-6.el6_2.9.s390.rpm freetype-2.3.11-6.el6_2.9.s390x.rpm freetype-debuginfo-2.3.11-6.el6_2.9.s390.rpm freetype-debuginfo-2.3.11-6.el6_2.9.s390x.rpm freetype-devel-2.3.11-6.el6_2.9.s390.rpm freetype-devel-2.3.11-6.el6_2.9.s390x.rpm x86_64: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-2.3.11-6.el6_2.9.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-demos-2.3.11-6.el6_2.9.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_2.9.ppc64.rpm freetype-demos-2.3.11-6.el6_2.9.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_2.9.s390x.rpm freetype-demos-2.3.11-6.el6_2.9.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-demos-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm x86_64: freetype-2.3.11-6.el6_2.9.i686.rpm freetype-2.3.11-6.el6_2.9.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-devel-2.3.11-6.el6_2.9.i686.rpm freetype-devel-2.3.11-6.el6_2.9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_2.9.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_2.9.i686.rpm freetype-demos-2.3.11-6.el6_2.9.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_2.9.x86_64.rpm freetype-demos-2.3.11-6.el6_2.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1126.html https://www.redhat.com/security/data/cve/CVE-2012-1127.html https://www.redhat.com/security/data/cve/CVE-2012-1130.html https://www.redhat.com/security/data/cve/CVE-2012-1131.html https://www.redhat.com/security/data/cve/CVE-2012-1132.html https://www.redhat.com/security/data/cve/CVE-2012-1134.html https://www.redhat.com/security/data/cve/CVE-2012-1136.html https://www.redhat.com/security/data/cve/CVE-2012-1137.html https://www.redhat.com/security/data/cve/CVE-2012-1139.html https://www.redhat.com/security/data/cve/CVE-2012-1140.html https://www.redhat.com/security/data/cve/CVE-2012-1141.html https://www.redhat.com/security/data/cve/CVE-2012-1142.html https://www.redhat.com/security/data/cve/CVE-2012-1143.html https://www.redhat.com/security/data/cve/CVE-2012-1144.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKO4XlSAg2UNWIIRAkYbAJ9xLRNSwoqaT/UmeEtaHCG0Ls2nnQCfQrVk 6uA4nbkNHr9Z6eYWCYbu0x4= =hc+h -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 10 21:20:36 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2012 21:20:36 +0000 Subject: [RHSA-2012:0468-01] Important: libtiff security update Message-ID: <201204102120.q3ALKcfR016270@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2012:0468-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0468.html Issue date: 2012-04-10 CVE Names: CVE-2012-1173 ===================================================================== 1. Summary: Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 803078 - CVE-2012-1173 libtiff: Heap-buffer overflow due to TileSize calculation when parsing tiff files 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-14.el5_8.src.rpm i386: libtiff-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm x86_64: libtiff-3.8.2-14.el5_8.i386.rpm libtiff-3.8.2-14.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-14.el5_8.src.rpm i386: libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-devel-3.8.2-14.el5_8.i386.rpm x86_64: libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.x86_64.rpm libtiff-devel-3.8.2-14.el5_8.i386.rpm libtiff-devel-3.8.2-14.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-14.el5_8.src.rpm i386: libtiff-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-devel-3.8.2-14.el5_8.i386.rpm ia64: libtiff-3.8.2-14.el5_8.i386.rpm libtiff-3.8.2-14.el5_8.ia64.rpm libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.ia64.rpm libtiff-devel-3.8.2-14.el5_8.ia64.rpm ppc: libtiff-3.8.2-14.el5_8.ppc.rpm libtiff-3.8.2-14.el5_8.ppc64.rpm libtiff-debuginfo-3.8.2-14.el5_8.ppc.rpm libtiff-debuginfo-3.8.2-14.el5_8.ppc64.rpm libtiff-devel-3.8.2-14.el5_8.ppc.rpm libtiff-devel-3.8.2-14.el5_8.ppc64.rpm s390x: libtiff-3.8.2-14.el5_8.s390.rpm libtiff-3.8.2-14.el5_8.s390x.rpm libtiff-debuginfo-3.8.2-14.el5_8.s390.rpm libtiff-debuginfo-3.8.2-14.el5_8.s390x.rpm libtiff-devel-3.8.2-14.el5_8.s390.rpm libtiff-devel-3.8.2-14.el5_8.s390x.rpm x86_64: libtiff-3.8.2-14.el5_8.i386.rpm libtiff-3.8.2-14.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-14.el5_8.i386.rpm libtiff-debuginfo-3.8.2-14.el5_8.x86_64.rpm libtiff-devel-3.8.2-14.el5_8.i386.rpm libtiff-devel-3.8.2-14.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm x86_64: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-3.9.4-5.el6_2.x86_64.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm libtiff-static-3.9.4-5.el6_2.i686.rpm x86_64: libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.x86_64.rpm libtiff-static-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm x86_64: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-3.9.4-5.el6_2.x86_64.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm x86_64: libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.x86_64.rpm libtiff-static-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm ppc64: libtiff-3.9.4-5.el6_2.ppc.rpm libtiff-3.9.4-5.el6_2.ppc64.rpm libtiff-debuginfo-3.9.4-5.el6_2.ppc.rpm libtiff-debuginfo-3.9.4-5.el6_2.ppc64.rpm libtiff-devel-3.9.4-5.el6_2.ppc.rpm libtiff-devel-3.9.4-5.el6_2.ppc64.rpm s390x: libtiff-3.9.4-5.el6_2.s390.rpm libtiff-3.9.4-5.el6_2.s390x.rpm libtiff-debuginfo-3.9.4-5.el6_2.s390.rpm libtiff-debuginfo-3.9.4-5.el6_2.s390x.rpm libtiff-devel-3.9.4-5.el6_2.s390.rpm libtiff-devel-3.9.4-5.el6_2.s390x.rpm x86_64: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-3.9.4-5.el6_2.x86_64.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-static-3.9.4-5.el6_2.i686.rpm ppc64: libtiff-debuginfo-3.9.4-5.el6_2.ppc64.rpm libtiff-static-3.9.4-5.el6_2.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-5.el6_2.s390x.rpm libtiff-static-3.9.4-5.el6_2.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-static-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm x86_64: libtiff-3.9.4-5.el6_2.i686.rpm libtiff-3.9.4-5.el6_2.x86_64.rpm libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-devel-3.9.4-5.el6_2.i686.rpm libtiff-devel-3.9.4-5.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-5.el6_2.src.rpm i386: libtiff-debuginfo-3.9.4-5.el6_2.i686.rpm libtiff-static-3.9.4-5.el6_2.i686.rpm x86_64: libtiff-debuginfo-3.9.4-5.el6_2.x86_64.rpm libtiff-static-3.9.4-5.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1173.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKQSXlSAg2UNWIIRAtSTAJ4ohB8vRx2RNUHLb6IiQ2u3leD+fACgwhQO 2eFOMs/nz8Ytn/QcRtfrm4E= =+rOO -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 10 21:21:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2012 21:21:32 +0000 Subject: [RHSA-2012:0469-01] Critical: acroread security update Message-ID: <201204102121.q3ALLYoH016430@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0469-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0469.html Issue date: 2012-04-10 CVE Names: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2012-0774, CVE-2012-0775, CVE-2012-0777) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.1, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 810397 - CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0774.html https://www.redhat.com/security/data/cve/CVE-2012-0775.html https://www.redhat.com/security/data/cve/CVE-2012-0777.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-08.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKRJXlSAg2UNWIIRAsVrAJ9UzVzzjYFWUh47R5dgHQiRssfFOgCfWmLi Icw8el8KnX3f3bgyqMCsWO0= =NK8r -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 11 18:20:02 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Apr 2012 18:20:02 +0000 Subject: [RHSA-2012:0474-01] Moderate: tomcat5 security update Message-ID: <201204111820.q3BIK3Ec012528@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat5 security update Advisory ID: RHSA-2012:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0474.html Issue date: 2012-04-11 CVE Names: CVE-2011-4858 CVE-2012-0022 ===================================================================== 1. Summary: Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 783359 - CVE-2012-0022 tomcat: large number of parameters DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm i386: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm i386: tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm x86_64: tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm i386: tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm ia64: tomcat5-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.ia64.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.ia64.rpm ppc: tomcat5-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-5.5.23-0jpp.31.el5_8.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.ppc.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.ppc.rpm s390x: tomcat5-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.s390x.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-5.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhctDXlSAg2UNWIIRAnmwAKCG8ANIA6BMLPlUE4o+l6DV8EXkOgCgopJx Iouhu7nObQ+2gvPAV+Vvp7o= =WA/1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 11 18:21:24 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Apr 2012 18:21:24 +0000 Subject: [RHSA-2012:0475-01] Moderate: tomcat6 security update Message-ID: <201204111821.q3BILPXX030445@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security update Advisory ID: RHSA-2012:0475-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0475.html Issue date: 2012-04-11 CVE Names: CVE-2011-4858 CVE-2012-0022 ===================================================================== 1. Summary: Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 783359 - CVE-2012-0022 tomcat: large number of parameters DoS 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-6.0.24-36.el6_2.noarch.rpm tomcat6-admin-webapps-6.0.24-36.el6_2.noarch.rpm tomcat6-docs-webapp-6.0.24-36.el6_2.noarch.rpm tomcat6-el-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-javadoc-6.0.24-36.el6_2.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-lib-6.0.24-36.el6_2.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-36.el6_2.noarch.rpm tomcat6-webapps-6.0.24-36.el6_2.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-6.0.24-36.el6_2.noarch.rpm tomcat6-admin-webapps-6.0.24-36.el6_2.noarch.rpm tomcat6-docs-webapp-6.0.24-36.el6_2.noarch.rpm tomcat6-el-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-javadoc-6.0.24-36.el6_2.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-lib-6.0.24-36.el6_2.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-36.el6_2.noarch.rpm tomcat6-webapps-6.0.24-36.el6_2.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-6.0.24-36.el6_2.noarch.rpm tomcat6-el-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-lib-6.0.24-36.el6_2.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-36.el6_2.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-admin-webapps-6.0.24-36.el6_2.noarch.rpm tomcat6-docs-webapp-6.0.24-36.el6_2.noarch.rpm tomcat6-javadoc-6.0.24-36.el6_2.noarch.rpm tomcat6-webapps-6.0.24-36.el6_2.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-6.0.24-36.el6_2.noarch.rpm tomcat6-el-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-36.el6_2.noarch.rpm tomcat6-lib-6.0.24-36.el6_2.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-36.el6_2.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-36.el6_2.src.rpm noarch: tomcat6-admin-webapps-6.0.24-36.el6_2.noarch.rpm tomcat6-docs-webapp-6.0.24-36.el6_2.noarch.rpm tomcat6-javadoc-6.0.24-36.el6_2.noarch.rpm tomcat6-webapps-6.0.24-36.el6_2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhcuMXlSAg2UNWIIRAmgcAKCvoGLuPZCqAHY7u1xm60u7il7bEACfQGBI 8HSOguJdUvIJBrIr8kyWHpc= =1ReJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 12 16:40:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Apr 2012 16:40:25 +0000 Subject: [RHSA-2012:0476-01] Moderate: Red Hat Enterprise MRG Management Console security update Message-ID: <201204121640.q3CGeRoI016905@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Management Console security update Advisory ID: RHSA-2012:0476-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0476.html Issue date: 2012-04-12 CVE Names: CVE-2012-1575 ===================================================================== 1. Summary: An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid for RHEL 5 Server v.2 - noarch MRG Management for RHEL 5 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting (XSS) flaws were found in the MRG Management Console (Cumin). An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users. Note: Refer to the MRG Messaging User Guide for information on configuring authentication and authorization in the MRG Messaging broker. (CVE-2012-1575) Users of Red Hat Enterprise MRG Management Console are advised to upgrade to this updated package, which corrects these issues. The MRG Management Console must be restarted ("service cumin restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 805712 - CVE-2012-1575 cumin: multiple XSS flaws 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5192-4.el5.src.rpm noarch: cumin-0.1.5192-4.el5.noarch.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5192-4.el5.src.rpm noarch: cumin-0.1.5192-4.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1575.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhwVqXlSAg2UNWIIRAjaHAJ94h8D89Ki7naGDI9pP5L7DaAPSwACeNfh/ HPJQbZwZjPXXb362rlkJHzU= =aq5j -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 12 16:41:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Apr 2012 16:41:05 +0000 Subject: [RHSA-2012:0477-01] Moderate: Red Hat Enterprise MRG Management Console security update Message-ID: <201204121641.q3CGf7f1017612@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Management Console security update Advisory ID: RHSA-2012:0477-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0477.html Issue date: 2012-04-12 CVE Names: CVE-2012-1575 ===================================================================== 1. Summary: An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid for RHEL 6 Server v.2 - noarch MRG Management for RHEL 6 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting (XSS) flaws were found in the MRG Management Console (Cumin). An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users. Note: Refer to the MRG Messaging User Guide for information on configuring authentication and authorization in the MRG Messaging broker. (CVE-2012-1575) Users of Red Hat Enterprise MRG Management Console are advised to upgrade to this updated package, which corrects these issues. The MRG Management Console must be restarted ("service cumin restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 805712 - CVE-2012-1575 cumin: multiple XSS flaws 6. Package List: MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5192-5.el6.src.rpm noarch: cumin-0.1.5192-5.el6.noarch.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5192-5.el6.src.rpm noarch: cumin-0.1.5192-5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1575.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhwWWXlSAg2UNWIIRAmJuAKCPwJ8b+Vgux4L3oF5vsGXo9B0L1wCghqmJ 9aFT9+Oxgy2xytiEgkYlZto= =0WdP -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 13 14:02:37 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 Apr 2012 14:02:37 +0000 Subject: [RHSA-2012:0478-01] Critical: samba security update Message-ID: <201204131402.q3DE2cLP016925@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2012:0478-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0478.html Issue date: 2012-04-13 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-3.36.el4.src.rpm i386: samba-3.0.33-3.36.el4.i386.rpm samba-client-3.0.33-3.36.el4.i386.rpm samba-common-3.0.33-3.36.el4.i386.rpm samba-debuginfo-3.0.33-3.36.el4.i386.rpm samba-swat-3.0.33-3.36.el4.i386.rpm ia64: samba-3.0.33-3.36.el4.ia64.rpm samba-client-3.0.33-3.36.el4.ia64.rpm samba-common-3.0.33-3.36.el4.i386.rpm samba-common-3.0.33-3.36.el4.ia64.rpm samba-debuginfo-3.0.33-3.36.el4.i386.rpm samba-debuginfo-3.0.33-3.36.el4.ia64.rpm samba-swat-3.0.33-3.36.el4.ia64.rpm x86_64: samba-3.0.33-3.36.el4.x86_64.rpm samba-client-3.0.33-3.36.el4.x86_64.rpm samba-common-3.0.33-3.36.el4.i386.rpm samba-common-3.0.33-3.36.el4.x86_64.rpm samba-debuginfo-3.0.33-3.36.el4.i386.rpm samba-debuginfo-3.0.33-3.36.el4.x86_64.rpm samba-swat-3.0.33-3.36.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-3.36.el4.src.rpm i386: samba-3.0.33-3.36.el4.i386.rpm samba-client-3.0.33-3.36.el4.i386.rpm samba-common-3.0.33-3.36.el4.i386.rpm samba-debuginfo-3.0.33-3.36.el4.i386.rpm samba-swat-3.0.33-3.36.el4.i386.rpm x86_64: samba-3.0.33-3.36.el4.x86_64.rpm samba-client-3.0.33-3.36.el4.x86_64.rpm samba-common-3.0.33-3.36.el4.i386.rpm samba-common-3.0.33-3.36.el4.x86_64.rpm samba-debuginfo-3.0.33-3.36.el4.i386.rpm samba-debuginfo-3.0.33-3.36.el4.x86_64.rpm samba-swat-3.0.33-3.36.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPiDHOXlSAg2UNWIIRAjDmAKC6f7I98f8bX+qs0vni8oyunjqlLACgpCaB y5LlsaQn4EKlwyXstAgmC9E= =IuC6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 17 18:58:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Apr 2012 18:58:01 +0000 Subject: [RHSA-2012:0480-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201204171858.q3HIw2cT015736@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2012:0480-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0480.html Issue date: 2012-04-17 CVE Names: CVE-2012-1583 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash. (CVE-2012-1583, Important) If you do not run applications that use xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a "/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to it: blacklist xfrm6_tunnel This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect. This update also fixes various bugs and adds an enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 752304 - CVE-2012-1583 kernel: ipv6: panic using raw sockets 801726 - RHEL5.8 NFSv4 regression - "ls" returns "-ENOTDIR" when listing a subdirectory of exported mount [rhel-5.8.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.4.1.el5.src.rpm i386: kernel-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.4.1.el5.i686.rpm kernel-debug-2.6.18-308.4.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.4.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.i686.rpm kernel-devel-2.6.18-308.4.1.el5.i686.rpm kernel-headers-2.6.18-308.4.1.el5.i386.rpm kernel-xen-2.6.18-308.4.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.4.1.el5.i686.rpm noarch: kernel-doc-2.6.18-308.4.1.el5.noarch.rpm x86_64: kernel-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.4.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.x86_64.rpm kernel-devel-2.6.18-308.4.1.el5.x86_64.rpm kernel-headers-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.4.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.4.1.el5.src.rpm i386: kernel-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.4.1.el5.i686.rpm kernel-debug-2.6.18-308.4.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.4.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.i686.rpm kernel-devel-2.6.18-308.4.1.el5.i686.rpm kernel-headers-2.6.18-308.4.1.el5.i386.rpm kernel-xen-2.6.18-308.4.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.4.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.4.1.el5.i686.rpm ia64: kernel-2.6.18-308.4.1.el5.ia64.rpm kernel-debug-2.6.18-308.4.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.ia64.rpm kernel-debug-devel-2.6.18-308.4.1.el5.ia64.rpm kernel-debuginfo-2.6.18-308.4.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.ia64.rpm kernel-devel-2.6.18-308.4.1.el5.ia64.rpm kernel-headers-2.6.18-308.4.1.el5.ia64.rpm kernel-xen-2.6.18-308.4.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-308.4.1.el5.ia64.rpm kernel-xen-devel-2.6.18-308.4.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-308.4.1.el5.noarch.rpm ppc: kernel-2.6.18-308.4.1.el5.ppc64.rpm kernel-debug-2.6.18-308.4.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-308.4.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-308.4.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.ppc64.rpm kernel-devel-2.6.18-308.4.1.el5.ppc64.rpm kernel-headers-2.6.18-308.4.1.el5.ppc.rpm kernel-headers-2.6.18-308.4.1.el5.ppc64.rpm kernel-kdump-2.6.18-308.4.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-308.4.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-308.4.1.el5.ppc64.rpm s390x: kernel-2.6.18-308.4.1.el5.s390x.rpm kernel-debug-2.6.18-308.4.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.s390x.rpm kernel-debug-devel-2.6.18-308.4.1.el5.s390x.rpm kernel-debuginfo-2.6.18-308.4.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.s390x.rpm kernel-devel-2.6.18-308.4.1.el5.s390x.rpm kernel-headers-2.6.18-308.4.1.el5.s390x.rpm kernel-kdump-2.6.18-308.4.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-308.4.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-308.4.1.el5.s390x.rpm x86_64: kernel-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.4.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.4.1.el5.x86_64.rpm kernel-devel-2.6.18-308.4.1.el5.x86_64.rpm kernel-headers-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.4.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.4.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1583.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kernel.html#RHSA-2012-0480 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPjb0hXlSAg2UNWIIRAjiSAKCo2/sv25aI+XcZZbuMgj6DL0AujQCcDYKm TI5pRLCMawNZ+u30AkZLRaE= =+A4/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 17 18:59:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Apr 2012 18:59:28 +0000 Subject: [RHSA-2012:0481-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201204171859.q3HIxTGk013025@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2012:0481-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0481.html Issue date: 2012-04-17 CVE Names: CVE-2012-0879 CVE-2012-1090 CVE-2012-1097 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2012-0879, Moderate) * A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files (for example, a named (FIFO) pipe or other special files) are opened on lookup, it could cause a denial of service. (CVE-2012-1090, Moderate) * It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) Red Hat would like to thank H. Peter Anvin for reporting CVE-2012-1097. This update also fixes several bugs and adds various enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 789373 - cifs: multiple process stuck waiting for page lock [rhel-6.2.z] 796829 - CVE-2012-0879 kernel: block: CLONE_IO io_context refcounting issues 798293 - CVE-2012-1090 kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount 799209 - CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets 802379 - Anomaly in mbind memory map causing Java Hotspot JVM Seg fault with NUMA aware ParallelScavange GC [rhel-6.2.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-2.6.32-220.13.1.el6.i686.rpm kernel-debug-2.6.32-220.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm kernel-devel-2.6.32-220.13.1.el6.i686.rpm kernel-headers-2.6.32-220.13.1.el6.i686.rpm perf-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm perf-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm python-perf-2.6.32-220.13.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm python-perf-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm perf-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm python-perf-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-2.6.32-220.13.1.el6.i686.rpm kernel-debug-2.6.32-220.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm kernel-devel-2.6.32-220.13.1.el6.i686.rpm kernel-headers-2.6.32-220.13.1.el6.i686.rpm perf-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.13.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.13.1.el6.ppc64.rpm kernel-debug-2.6.32-220.13.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.13.1.el6.ppc64.rpm kernel-devel-2.6.32-220.13.1.el6.ppc64.rpm kernel-headers-2.6.32-220.13.1.el6.ppc64.rpm perf-2.6.32-220.13.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.13.1.el6.s390x.rpm kernel-debug-2.6.32-220.13.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.13.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.13.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.13.1.el6.s390x.rpm kernel-devel-2.6.32-220.13.1.el6.s390x.rpm kernel-headers-2.6.32-220.13.1.el6.s390x.rpm kernel-kdump-2.6.32-220.13.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.13.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.13.1.el6.s390x.rpm perf-2.6.32-220.13.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.13.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm perf-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm python-perf-2.6.32-220.13.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.13.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.13.1.el6.ppc64.rpm python-perf-2.6.32-220.13.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.13.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.13.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.13.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.13.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.13.1.el6.s390x.rpm python-perf-2.6.32-220.13.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm python-perf-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-2.6.32-220.13.1.el6.i686.rpm kernel-debug-2.6.32-220.13.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm kernel-devel-2.6.32-220.13.1.el6.i686.rpm kernel-headers-2.6.32-220.13.1.el6.i686.rpm perf-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm perf-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.13.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.13.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.13.1.el6.i686.rpm perf-debuginfo-2.6.32-220.13.1.el6.i686.rpm python-perf-2.6.32-220.13.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.13.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.13.1.el6.x86_64.rpm python-perf-2.6.32-220.13.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0879.html https://www.redhat.com/security/data/cve/CVE-2012-1090.html https://www.redhat.com/security/data/cve/CVE-2012-1097.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/kernel.html#RHSA-2012-0481 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPjb1qXlSAg2UNWIIRAr1bAKCgIyiDDlsHDSJ6FZgqP8HKyYm/egCfbHqC 0nrzFoFt2HRHC+gcPKO4aik= =9SK/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 23 17:02:58 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2012 17:02:58 +0000 Subject: [RHSA-2012:0508-01] Critical: java-1.5.0-ibm security update Message-ID: <201204231702.q3NH2xn0030158@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2012:0508-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0508.html Issue date: 2012-04-23 CVE Names: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560 CVE-2011-3563 CVE-2012-0498 CVE-2012-0499 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.s390.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.1-1jpp.2.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://www.redhat.com/security/data/cve/CVE-2012-0507.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlYszXlSAg2UNWIIRAuJTAKCPRZxk+0bWKTvZiCsltv30xO03hQCghJdm r0hFBLP7N8YIpGTvj/Dj1zY= =PHoP -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 23 17:04:22 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2012 17:04:22 +0000 Subject: [RHSA-2012:0509-01] Moderate: wireshark security update Message-ID: <201204231704.q3NH4NsR000430@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security update Advisory ID: RHSA-2012:0509-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0509.html Issue date: 2012-04-23 CVE Names: CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-1595 ===================================================================== 1. Summary: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 681760 - CVE-2011-1143 Wireshark: Null pointer dereference causing application crash when reading malformed pcap file 697741 - CVE-2011-1590 Wireshark: Use-after-free causes heap-based buffer overflow in X.509if dissector 710021 - CVE-2011-1957 wireshark: Infinite loop in the DICOM dissector 710039 - CVE-2011-1959 wireshark: Stack-based buffer over-read from tvbuff buffer when reading snoop capture files 710097 - CVE-2011-2174 wireshark: Double-free flaw by uncompressing of a zlib compressed packet 710109 - CVE-2011-2175 wireshark: Heap-based buffer over-read in Visual Networks dissector 710184 - CVE-2011-1958 wireshark (64bit): NULL pointer dereference by processing of a corrupted Diameter dictionary file 719753 - CVE-2011-2597 wireshark: infinite loop DoS in lucent/ascend file parser 723215 - CVE-2011-2698 wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector 750648 - CVE-2011-4102 wireshark: buffer overflow in the ERF file reader 773726 - CVE-2012-0041 wireshark: multiple file parser vulnerabilities (wnpa-sec-2012-01) 773728 - CVE-2012-0042 wireshark: NULL pointer vulnerabilities (wnpa-sec-2012-02) 783360 - CVE-2012-0066 Wireshark: Dos via large buffer allocation request 783363 - CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser 807644 - CVE-2012-1595 wireshark: Heap-based buffer overflow when reading ERF packets from pcap/pcap-ng trace files 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm x86_64: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-1.2.15-2.el6_2.1.x86_64.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-gnome-1.2.15-2.el6_2.1.i686.rpm x86_64: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.x86_64.rpm wireshark-gnome-1.2.15-2.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm ppc64: wireshark-1.2.15-2.el6_2.1.ppc.rpm wireshark-1.2.15-2.el6_2.1.ppc64.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.ppc.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.ppc64.rpm s390x: wireshark-1.2.15-2.el6_2.1.s390.rpm wireshark-1.2.15-2.el6_2.1.s390x.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.s390.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.s390x.rpm x86_64: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-1.2.15-2.el6_2.1.x86_64.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-gnome-1.2.15-2.el6_2.1.i686.rpm ppc64: wireshark-debuginfo-1.2.15-2.el6_2.1.ppc.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.ppc64.rpm wireshark-devel-1.2.15-2.el6_2.1.ppc.rpm wireshark-devel-1.2.15-2.el6_2.1.ppc64.rpm wireshark-gnome-1.2.15-2.el6_2.1.ppc64.rpm s390x: wireshark-debuginfo-1.2.15-2.el6_2.1.s390.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.s390x.rpm wireshark-devel-1.2.15-2.el6_2.1.s390.rpm wireshark-devel-1.2.15-2.el6_2.1.s390x.rpm wireshark-gnome-1.2.15-2.el6_2.1.s390x.rpm x86_64: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.x86_64.rpm wireshark-gnome-1.2.15-2.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm x86_64: wireshark-1.2.15-2.el6_2.1.i686.rpm wireshark-1.2.15-2.el6_2.1.x86_64.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.2.15-2.el6_2.1.src.rpm i386: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-gnome-1.2.15-2.el6_2.1.i686.rpm x86_64: wireshark-debuginfo-1.2.15-2.el6_2.1.i686.rpm wireshark-debuginfo-1.2.15-2.el6_2.1.x86_64.rpm wireshark-devel-1.2.15-2.el6_2.1.i686.rpm wireshark-devel-1.2.15-2.el6_2.1.x86_64.rpm wireshark-gnome-1.2.15-2.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1143.html https://www.redhat.com/security/data/cve/CVE-2011-1590.html https://www.redhat.com/security/data/cve/CVE-2011-1957.html https://www.redhat.com/security/data/cve/CVE-2011-1958.html https://www.redhat.com/security/data/cve/CVE-2011-1959.html https://www.redhat.com/security/data/cve/CVE-2011-2174.html https://www.redhat.com/security/data/cve/CVE-2011-2175.html https://www.redhat.com/security/data/cve/CVE-2011-2597.html https://www.redhat.com/security/data/cve/CVE-2011-2698.html https://www.redhat.com/security/data/cve/CVE-2011-4102.html https://www.redhat.com/security/data/cve/CVE-2012-0041.html https://www.redhat.com/security/data/cve/CVE-2012-0042.html https://www.redhat.com/security/data/cve/CVE-2012-0066.html https://www.redhat.com/security/data/cve/CVE-2012-0067.html https://www.redhat.com/security/data/cve/CVE-2012-1595.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlYtyXlSAg2UNWIIRArdgAKC/2C+7cHJaWZwkGtXxrQ5cJyLbNQCgk9AP 0SX3X6wim+7w75gMnYnQu78= =7aJp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 24 20:35:10 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2012 20:35:10 +0000 Subject: [RHSA-2012:0514-01] Critical: java-1.6.0-ibm security update Message-ID: <201204242035.q3OKZCXG014090@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2012:0514-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0514.html Issue date: 2012-04-24 CVE Names: CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0500.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://www.redhat.com/security/data/cve/CVE-2012-0507.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlw5rXlSAg2UNWIIRAldKAKC7OdjIpVAFu5MrW0lG1jFHFHzI9gCfWzbN SE8HYoxhvF72EszgwBS3Iy8= =WeNz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 24 20:36:15 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2012 20:36:15 +0000 Subject: [RHSA-2012:0515-01] Critical: firefox security update Message-ID: <201204242036.q3OKaHuC017516@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2012:0515-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0515.html Issue date: 2012-04-24 CVE Names: CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3062) A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469) A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0470) A flaw was found in the way Firefox used its embedded Cairo library to render certain fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0472) A flaw was found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0478) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0471) A flaw was found in the way Firefox rendered certain graphics using WebGL. A web page containing malicious content could cause Firefox to crash. (CVE-2012-0473) A flaw in Firefox allowed the address bar to display a different website than the one the user was visiting. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site, or allowing scripts to be loaded from the attacker's site, possibly leading to cross-site scripting (XSS) attacks. (CVE-2012-0474) A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0477) A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Firefox to display the address of said content in the location bar, but not the content in the main window. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2012-0479) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2011-3062; Aki Helin from OUSPG as the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original reporter of CVE-2012-0470; wushi of team509 via iDefense as the original reporter of CVE-2012-0472; Ms2ger as the original reporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter of CVE-2012-0471; Matias Juntunen as the original reporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as the original reporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter of CVE-2012-0479. 4. Solution: All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.4 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 815000 - CVE-2012-0467 CVE-2012-0468 Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20) 815019 - CVE-2012-0469 Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22) 815020 - CVE-2012-0470 Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23) 815021 - CVE-2012-0471 Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24) 815022 - CVE-2012-0472 Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25) 815023 - CVE-2012-0473 Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26) 815024 - CVE-2012-0474 Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27) 815026 - CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29) 815037 - CVE-2012-0478 Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30) 815042 - CVE-2011-3062 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31) 815044 - CVE-2012-0479 Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.4-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.4-1.el5_8.src.rpm i386: firefox-10.0.4-1.el5_8.i386.rpm firefox-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-10.0.4-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm x86_64: firefox-10.0.4-1.el5_8.i386.rpm firefox-10.0.4-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.4-1.el5_8.i386.rpm firefox-debuginfo-10.0.4-1.el5_8.x86_64.rpm xulrunner-10.0.4-1.el5_8.i386.rpm xulrunner-10.0.4-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.4-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.4-1.el5_8.src.rpm i386: xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-devel-10.0.4-1.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.4-1.el5_8.x86_64.rpm xulrunner-devel-10.0.4-1.el5_8.i386.rpm xulrunner-devel-10.0.4-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.4-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.4-1.el5_8.src.rpm i386: firefox-10.0.4-1.el5_8.i386.rpm firefox-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-10.0.4-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-devel-10.0.4-1.el5_8.i386.rpm ia64: firefox-10.0.4-1.el5_8.ia64.rpm firefox-debuginfo-10.0.4-1.el5_8.ia64.rpm xulrunner-10.0.4-1.el5_8.ia64.rpm xulrunner-debuginfo-10.0.4-1.el5_8.ia64.rpm xulrunner-devel-10.0.4-1.el5_8.ia64.rpm ppc: firefox-10.0.4-1.el5_8.ppc.rpm firefox-debuginfo-10.0.4-1.el5_8.ppc.rpm xulrunner-10.0.4-1.el5_8.ppc.rpm xulrunner-10.0.4-1.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.4-1.el5_8.ppc.rpm xulrunner-debuginfo-10.0.4-1.el5_8.ppc64.rpm xulrunner-devel-10.0.4-1.el5_8.ppc.rpm xulrunner-devel-10.0.4-1.el5_8.ppc64.rpm s390x: firefox-10.0.4-1.el5_8.s390.rpm firefox-10.0.4-1.el5_8.s390x.rpm firefox-debuginfo-10.0.4-1.el5_8.s390.rpm firefox-debuginfo-10.0.4-1.el5_8.s390x.rpm xulrunner-10.0.4-1.el5_8.s390.rpm xulrunner-10.0.4-1.el5_8.s390x.rpm xulrunner-debuginfo-10.0.4-1.el5_8.s390.rpm xulrunner-debuginfo-10.0.4-1.el5_8.s390x.rpm xulrunner-devel-10.0.4-1.el5_8.s390.rpm xulrunner-devel-10.0.4-1.el5_8.s390x.rpm x86_64: firefox-10.0.4-1.el5_8.i386.rpm firefox-10.0.4-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.4-1.el5_8.i386.rpm firefox-debuginfo-10.0.4-1.el5_8.x86_64.rpm xulrunner-10.0.4-1.el5_8.i386.rpm xulrunner-10.0.4-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.4-1.el5_8.x86_64.rpm xulrunner-devel-10.0.4-1.el5_8.i386.rpm xulrunner-devel-10.0.4-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.4-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: firefox-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm x86_64: firefox-10.0.4-1.el6_2.i686.rpm firefox-10.0.4-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm x86_64: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.4-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm x86_64: firefox-10.0.4-1.el6_2.i686.rpm firefox-10.0.4-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.4-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: firefox-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm ppc64: firefox-10.0.4-1.el6_2.ppc.rpm firefox-10.0.4-1.el6_2.ppc64.rpm firefox-debuginfo-10.0.4-1.el6_2.ppc.rpm firefox-debuginfo-10.0.4-1.el6_2.ppc64.rpm xulrunner-10.0.4-1.el6_2.ppc.rpm xulrunner-10.0.4-1.el6_2.ppc64.rpm xulrunner-debuginfo-10.0.4-1.el6_2.ppc.rpm xulrunner-debuginfo-10.0.4-1.el6_2.ppc64.rpm s390x: firefox-10.0.4-1.el6_2.s390.rpm firefox-10.0.4-1.el6_2.s390x.rpm firefox-debuginfo-10.0.4-1.el6_2.s390.rpm firefox-debuginfo-10.0.4-1.el6_2.s390x.rpm xulrunner-10.0.4-1.el6_2.s390.rpm xulrunner-10.0.4-1.el6_2.s390x.rpm xulrunner-debuginfo-10.0.4-1.el6_2.s390.rpm xulrunner-debuginfo-10.0.4-1.el6_2.s390x.rpm x86_64: firefox-10.0.4-1.el6_2.i686.rpm firefox-10.0.4-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm ppc64: xulrunner-debuginfo-10.0.4-1.el6_2.ppc.rpm xulrunner-debuginfo-10.0.4-1.el6_2.ppc64.rpm xulrunner-devel-10.0.4-1.el6_2.ppc.rpm xulrunner-devel-10.0.4-1.el6_2.ppc64.rpm s390x: xulrunner-debuginfo-10.0.4-1.el6_2.s390.rpm xulrunner-debuginfo-10.0.4-1.el6_2.s390x.rpm xulrunner-devel-10.0.4-1.el6_2.s390.rpm xulrunner-devel-10.0.4-1.el6_2.s390x.rpm x86_64: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.4-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: firefox-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm x86_64: firefox-10.0.4-1.el6_2.i686.rpm firefox-10.0.4-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.4-1.el6_2.i686.rpm firefox-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-10.0.4-1.el6_2.i686.rpm xulrunner-10.0.4-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.4-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm x86_64: xulrunner-debuginfo-10.0.4-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.4-1.el6_2.x86_64.rpm xulrunner-devel-10.0.4-1.el6_2.i686.rpm xulrunner-devel-10.0.4-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3062.html https://www.redhat.com/security/data/cve/CVE-2012-0467.html https://www.redhat.com/security/data/cve/CVE-2012-0468.html https://www.redhat.com/security/data/cve/CVE-2012-0469.html https://www.redhat.com/security/data/cve/CVE-2012-0470.html https://www.redhat.com/security/data/cve/CVE-2012-0471.html https://www.redhat.com/security/data/cve/CVE-2012-0472.html https://www.redhat.com/security/data/cve/CVE-2012-0473.html https://www.redhat.com/security/data/cve/CVE-2012-0474.html https://www.redhat.com/security/data/cve/CVE-2012-0477.html https://www.redhat.com/security/data/cve/CVE-2012-0478.html https://www.redhat.com/security/data/cve/CVE-2012-0479.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlw62XlSAg2UNWIIRArmEAKCSd5lJjEqrwSpuOmavwiq8kAkZrQCaAzex eQCY56KuDhHyEmXgEzXMkmE= =ctMo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 24 20:37:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2012 20:37:01 +0000 Subject: [RHSA-2012:0516-01] Critical: thunderbird security update Message-ID: <201204242037.q3OKb3JK001784@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:0516-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0516.html Issue date: 2012-04-24 CVE Names: CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3062) Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469) Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0470) A flaw was found in the way Thunderbird used its embedded Cairo library to render certain fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0472) A flaw was found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0478) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-0471) A flaw was found in the way Thunderbird rendered certain graphics using WebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473) A flaw in the built-in feed reader in Thunderbird allowed the Website field to display the address of different content than the content the user was visiting. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site, or allowing scripts to be loaded from the attacker's site, possibly leading to cross-site scripting (XSS) attacks. (CVE-2012-0474) A flaw was found in the way Thunderbird decoded the ISO-2022-KR and ISO-2022-CN character sets. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-0477) A flaw was found in the way the built-in feed reader in Thunderbird handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Thunderbird to display the address of said content, but not the content. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the Website field, when the page is actually content controlled by an attacker. (CVE-2012-0479) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2011-3062; Aki Helin from OUSPG as the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original reporter of CVE-2012-0470; wushi of team509 via iDefense as the original reporter of CVE-2012-0472; Ms2ger as the original reporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter of CVE-2012-0471; Matias Juntunen as the original reporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as the original reporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter of CVE-2012-0479. Note: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. 4. Solution: All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.4 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 815000 - CVE-2012-0467 CVE-2012-0468 Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20) 815019 - CVE-2012-0469 Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22) 815020 - CVE-2012-0470 Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23) 815021 - CVE-2012-0471 Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24) 815022 - CVE-2012-0472 Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25) 815023 - CVE-2012-0473 Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26) 815024 - CVE-2012-0474 Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27) 815026 - CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29) 815037 - CVE-2012-0478 Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30) 815042 - CVE-2011-3062 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31) 815044 - CVE-2012-0479 Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-10.0.4-1.el5_8.src.rpm i386: thunderbird-10.0.4-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.4-1.el5_8.i386.rpm x86_64: thunderbird-10.0.4-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.4-1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-10.0.4-1.el5_8.src.rpm i386: thunderbird-10.0.4-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.4-1.el5_8.i386.rpm x86_64: thunderbird-10.0.4-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.4-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-10.0.4-1.el6_2.src.rpm i386: thunderbird-10.0.4-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.4-1.el6_2.i686.rpm x86_64: thunderbird-10.0.4-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-10.0.4-1.el6_2.src.rpm i386: thunderbird-10.0.4-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.4-1.el6_2.i686.rpm ppc64: thunderbird-10.0.4-1.el6_2.ppc64.rpm thunderbird-debuginfo-10.0.4-1.el6_2.ppc64.rpm s390x: thunderbird-10.0.4-1.el6_2.s390x.rpm thunderbird-debuginfo-10.0.4-1.el6_2.s390x.rpm x86_64: thunderbird-10.0.4-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.4-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-10.0.4-1.el6_2.src.rpm i386: thunderbird-10.0.4-1.el6_2.i686.rpm thunderbird-debuginfo-10.0.4-1.el6_2.i686.rpm x86_64: thunderbird-10.0.4-1.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.4-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3062.html https://www.redhat.com/security/data/cve/CVE-2012-0467.html https://www.redhat.com/security/data/cve/CVE-2012-0468.html https://www.redhat.com/security/data/cve/CVE-2012-0469.html https://www.redhat.com/security/data/cve/CVE-2012-0470.html https://www.redhat.com/security/data/cve/CVE-2012-0471.html https://www.redhat.com/security/data/cve/CVE-2012-0472.html https://www.redhat.com/security/data/cve/CVE-2012-0473.html https://www.redhat.com/security/data/cve/CVE-2012-0474.html https://www.redhat.com/security/data/cve/CVE-2012-0477.html https://www.redhat.com/security/data/cve/CVE-2012-0478.html https://www.redhat.com/security/data/cve/CVE-2012-0479.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlw7kXlSAg2UNWIIRAuS2AJ9yxnj1Yj8jt5Jb00p0oihCEAK/VQCeLEd1 01wcVsKBlaqaikeaenRRoxI= =dTEl -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 24 20:37:51 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2012 20:37:51 +0000 Subject: [RHSA-2012:0517-01] Moderate: kernel security and bug fix update Message-ID: <201204242037.q3OKbr2I020585@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2012:0517-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0517.html Issue date: 2012-04-24 CVE Names: CVE-2011-3638 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) Red Hat would like to thank Zheng Liu for reporting this issue. This update also fixes the following bug: * Starting with Red Hat Enterprise Linux 5.6, all devices that used the ixgbe driver would stop stripping VLAN tags when the device entered promiscuous mode. Placing a device in a bridge group causes the device to enter promiscuous mode. This caused various issues under certain configurations of bridging and VLANs. A patch has been provided to address this issue and the devices now properly strip VLAN tags in the driver whether in promiscuous mode or not. (BZ#809790) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 747942 - CVE-2011-3638 kernel: ext4: ext4_ext_insert_extent() kernel oops 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: kernel-2.6.18-238.37.1.el5.src.rpm i386: kernel-2.6.18-238.37.1.el5.i686.rpm kernel-PAE-2.6.18-238.37.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.37.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.37.1.el5.i686.rpm kernel-debug-2.6.18-238.37.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.37.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.37.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.37.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.37.1.el5.i686.rpm kernel-devel-2.6.18-238.37.1.el5.i686.rpm kernel-headers-2.6.18-238.37.1.el5.i386.rpm kernel-xen-2.6.18-238.37.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.37.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.37.1.el5.i686.rpm ia64: kernel-2.6.18-238.37.1.el5.ia64.rpm kernel-debug-2.6.18-238.37.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.37.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.37.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.37.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.37.1.el5.ia64.rpm kernel-devel-2.6.18-238.37.1.el5.ia64.rpm kernel-headers-2.6.18-238.37.1.el5.ia64.rpm kernel-xen-2.6.18-238.37.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.37.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.37.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.37.1.el5.noarch.rpm ppc: kernel-2.6.18-238.37.1.el5.ppc64.rpm kernel-debug-2.6.18-238.37.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.37.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.37.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.37.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.37.1.el5.ppc64.rpm kernel-devel-2.6.18-238.37.1.el5.ppc64.rpm kernel-headers-2.6.18-238.37.1.el5.ppc.rpm kernel-headers-2.6.18-238.37.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.37.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.37.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.37.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.37.1.el5.s390x.rpm kernel-debug-2.6.18-238.37.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.37.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.37.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.37.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.37.1.el5.s390x.rpm kernel-devel-2.6.18-238.37.1.el5.s390x.rpm kernel-headers-2.6.18-238.37.1.el5.s390x.rpm kernel-kdump-2.6.18-238.37.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.37.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.37.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.37.1.el5.x86_64.rpm kernel-debug-2.6.18-238.37.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.37.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.37.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.37.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.37.1.el5.x86_64.rpm kernel-devel-2.6.18-238.37.1.el5.x86_64.rpm kernel-headers-2.6.18-238.37.1.el5.x86_64.rpm kernel-xen-2.6.18-238.37.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.37.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.37.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3638.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlw8SXlSAg2UNWIIRAgl2AJ0aMbX3iOZKxi84P4UDZOS89fXWngCcDI9+ dJTMUD5d7I7lbnUtLGVnBNI= =212w -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 24 20:39:07 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2012 20:39:07 +0000 Subject: [RHSA-2012:0518-01] Important: openssl security update Message-ID: <201204242039.q3OKd9I5020817@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2012:0518-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0518.html Issue date: 2012-04-24 CVE Names: CVE-2012-2110 ===================================================================== 1. Summary: Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 814185 - CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-22.el5_8.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl097a-0.9.7a-11.el5_8.2.src.rpm i386: openssl-0.9.8e-22.el5_8.3.i386.rpm openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-perl-0.9.8e-22.el5_8.3.i386.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm x86_64: openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-0.9.8e-22.el5_8.3.x86_64.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.x86_64.rpm openssl-perl-0.9.8e-22.el5_8.3.x86_64.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-0.9.7a-11.el5_8.2.x86_64.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-22.el5_8.3.src.rpm i386: openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm x86_64: openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.x86_64.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm openssl-devel-0.9.8e-22.el5_8.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-22.el5_8.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl097a-0.9.7a-11.el5_8.2.src.rpm i386: openssl-0.9.8e-22.el5_8.3.i386.rpm openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm openssl-perl-0.9.8e-22.el5_8.3.i386.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm ia64: openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-0.9.8e-22.el5_8.3.ia64.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.ia64.rpm openssl-devel-0.9.8e-22.el5_8.3.ia64.rpm openssl-perl-0.9.8e-22.el5_8.3.ia64.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-0.9.7a-11.el5_8.2.ia64.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.ia64.rpm ppc: openssl-0.9.8e-22.el5_8.3.ppc.rpm openssl-0.9.8e-22.el5_8.3.ppc64.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.ppc.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.ppc64.rpm openssl-devel-0.9.8e-22.el5_8.3.ppc.rpm openssl-devel-0.9.8e-22.el5_8.3.ppc64.rpm openssl-perl-0.9.8e-22.el5_8.3.ppc.rpm openssl097a-0.9.7a-11.el5_8.2.ppc.rpm openssl097a-0.9.7a-11.el5_8.2.ppc64.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.ppc.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.ppc64.rpm s390x: openssl-0.9.8e-22.el5_8.3.s390.rpm openssl-0.9.8e-22.el5_8.3.s390x.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.s390.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.s390x.rpm openssl-devel-0.9.8e-22.el5_8.3.s390.rpm openssl-devel-0.9.8e-22.el5_8.3.s390x.rpm openssl-perl-0.9.8e-22.el5_8.3.s390x.rpm openssl097a-0.9.7a-11.el5_8.2.s390.rpm openssl097a-0.9.7a-11.el5_8.2.s390x.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.s390.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.s390x.rpm x86_64: openssl-0.9.8e-22.el5_8.3.i686.rpm openssl-0.9.8e-22.el5_8.3.x86_64.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i386.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.i686.rpm openssl-debuginfo-0.9.8e-22.el5_8.3.x86_64.rpm openssl-devel-0.9.8e-22.el5_8.3.i386.rpm openssl-devel-0.9.8e-22.el5_8.3.x86_64.rpm openssl-perl-0.9.8e-22.el5_8.3.x86_64.rpm openssl097a-0.9.7a-11.el5_8.2.i386.rpm openssl097a-0.9.7a-11.el5_8.2.x86_64.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.i386.rpm openssl097a-debuginfo-0.9.7a-11.el5_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl098e-0.9.8e-17.el6_2.2.src.rpm i386: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm x86_64: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-1.0.0-20.el6_2.4.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-perl-1.0.0-20.el6_2.4.i686.rpm openssl-static-1.0.0-20.el6_2.4.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm openssl-static-1.0.0-20.el6_2.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl098e-0.9.8e-17.el6_2.2.src.rpm x86_64: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-1.0.0-20.el6_2.4.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm openssl-static-1.0.0-20.el6_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl098e-0.9.8e-17.el6_2.2.src.rpm i386: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm ppc64: openssl-1.0.0-20.el6_2.4.ppc.rpm openssl-1.0.0-20.el6_2.4.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.4.ppc64.rpm openssl-devel-1.0.0-20.el6_2.4.ppc.rpm openssl-devel-1.0.0-20.el6_2.4.ppc64.rpm openssl098e-0.9.8e-17.el6_2.2.ppc.rpm openssl098e-0.9.8e-17.el6_2.2.ppc64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.ppc.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.ppc64.rpm s390x: openssl-1.0.0-20.el6_2.4.s390.rpm openssl-1.0.0-20.el6_2.4.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.4.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.4.s390x.rpm openssl-devel-1.0.0-20.el6_2.4.s390.rpm openssl-devel-1.0.0-20.el6_2.4.s390x.rpm openssl098e-0.9.8e-17.el6_2.2.s390.rpm openssl098e-0.9.8e-17.el6_2.2.s390x.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.s390.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.s390x.rpm x86_64: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-1.0.0-20.el6_2.4.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-perl-1.0.0-20.el6_2.4.i686.rpm openssl-static-1.0.0-20.el6_2.4.i686.rpm ppc64: openssl-debuginfo-1.0.0-20.el6_2.4.ppc64.rpm openssl-perl-1.0.0-20.el6_2.4.ppc64.rpm openssl-static-1.0.0-20.el6_2.4.ppc64.rpm s390x: openssl-debuginfo-1.0.0-20.el6_2.4.s390x.rpm openssl-perl-1.0.0-20.el6_2.4.s390x.rpm openssl-static-1.0.0-20.el6_2.4.s390x.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm openssl-static-1.0.0-20.el6_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl098e-0.9.8e-17.el6_2.2.src.rpm i386: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm x86_64: openssl-1.0.0-20.el6_2.4.i686.rpm openssl-1.0.0-20.el6_2.4.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-devel-1.0.0-20.el6_2.4.i686.rpm openssl-devel-1.0.0-20.el6_2.4.x86_64.rpm openssl098e-0.9.8e-17.el6_2.2.i686.rpm openssl098e-0.9.8e-17.el6_2.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.i686.rpm openssl098e-debuginfo-0.9.8e-17.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.4.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.4.i686.rpm openssl-perl-1.0.0-20.el6_2.4.i686.rpm openssl-static-1.0.0-20.el6_2.4.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.4.x86_64.rpm openssl-perl-1.0.0-20.el6_2.4.x86_64.rpm openssl-static-1.0.0-20.el6_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2110.html https://access.redhat.com/security/updates/classification/#important http://www.openssl.org/news/secadv_20120419.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPlw9VXlSAg2UNWIIRArlCAKCxAgDv0hKU6MHPjoCwhfxwH0JzfgCeMBzo DHkpSHQqP0JjM+wzIyDuj4s= =ImWV -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 25 12:48:12 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Apr 2012 12:48:12 +0000 Subject: [RHSA-2012:0522-01] Important: openssl security update Message-ID: <201204251248.q3PCmDgW025776@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2012:0522-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0522.html Issue date: 2012-04-25 CVE Names: CVE-2012-2110 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 814185 - CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: openssl-0.9.7a-33.28.src.rpm i386: openssl-0.9.7a-33.28.i386.rpm openssl-0.9.7a-33.28.i686.rpm openssl-debuginfo-0.9.7a-33.28.i386.rpm openssl-debuginfo-0.9.7a-33.28.i686.rpm openssl-devel-0.9.7a-33.28.i386.rpm openssl-perl-0.9.7a-33.28.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: openssl-0.9.7a-33.28.src.rpm i386: openssl-0.9.7a-33.28.i386.rpm openssl-0.9.7a-33.28.i686.rpm openssl-debuginfo-0.9.7a-33.28.i386.rpm openssl-debuginfo-0.9.7a-33.28.i686.rpm openssl-devel-0.9.7a-33.28.i386.rpm openssl-perl-0.9.7a-33.28.i386.rpm Red Hat Enterprise Linux AS (v. 4 ELS): Source: openssl-0.9.7a-43.20.el4.src.rpm i386: openssl-0.9.7a-43.20.el4.i386.rpm openssl-0.9.7a-43.20.el4.i686.rpm openssl-debuginfo-0.9.7a-43.20.el4.i386.rpm openssl-debuginfo-0.9.7a-43.20.el4.i686.rpm openssl-devel-0.9.7a-43.20.el4.i386.rpm openssl-perl-0.9.7a-43.20.el4.i386.rpm ia64: openssl-0.9.7a-43.20.el4.i686.rpm openssl-0.9.7a-43.20.el4.ia64.rpm openssl-debuginfo-0.9.7a-43.20.el4.i686.rpm openssl-debuginfo-0.9.7a-43.20.el4.ia64.rpm openssl-devel-0.9.7a-43.20.el4.ia64.rpm openssl-perl-0.9.7a-43.20.el4.ia64.rpm x86_64: openssl-0.9.7a-43.20.el4.i686.rpm openssl-0.9.7a-43.20.el4.x86_64.rpm openssl-debuginfo-0.9.7a-43.20.el4.i386.rpm openssl-debuginfo-0.9.7a-43.20.el4.i686.rpm openssl-debuginfo-0.9.7a-43.20.el4.x86_64.rpm openssl-devel-0.9.7a-43.20.el4.i386.rpm openssl-devel-0.9.7a-43.20.el4.x86_64.rpm openssl-perl-0.9.7a-43.20.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: openssl-0.9.7a-43.20.el4.src.rpm i386: openssl-0.9.7a-43.20.el4.i386.rpm openssl-0.9.7a-43.20.el4.i686.rpm openssl-debuginfo-0.9.7a-43.20.el4.i386.rpm openssl-debuginfo-0.9.7a-43.20.el4.i686.rpm openssl-devel-0.9.7a-43.20.el4.i386.rpm openssl-perl-0.9.7a-43.20.el4.i386.rpm x86_64: openssl-0.9.7a-43.20.el4.i686.rpm openssl-0.9.7a-43.20.el4.x86_64.rpm openssl-debuginfo-0.9.7a-43.20.el4.i386.rpm openssl-debuginfo-0.9.7a-43.20.el4.i686.rpm openssl-debuginfo-0.9.7a-43.20.el4.x86_64.rpm openssl-devel-0.9.7a-43.20.el4.i386.rpm openssl-devel-0.9.7a-43.20.el4.x86_64.rpm openssl-perl-0.9.7a-43.20.el4.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: openssl-0.9.8e-7.el5_3.2.src.rpm i386: openssl-0.9.8e-7.el5_3.2.i386.rpm openssl-0.9.8e-7.el5_3.2.i686.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.i386.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.i686.rpm openssl-devel-0.9.8e-7.el5_3.2.i386.rpm openssl-perl-0.9.8e-7.el5_3.2.i386.rpm ia64: openssl-0.9.8e-7.el5_3.2.i686.rpm openssl-0.9.8e-7.el5_3.2.ia64.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.i686.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.ia64.rpm openssl-devel-0.9.8e-7.el5_3.2.ia64.rpm openssl-perl-0.9.8e-7.el5_3.2.ia64.rpm x86_64: openssl-0.9.8e-7.el5_3.2.i686.rpm openssl-0.9.8e-7.el5_3.2.x86_64.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.i386.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.i686.rpm openssl-debuginfo-0.9.8e-7.el5_3.2.x86_64.rpm openssl-devel-0.9.8e-7.el5_3.2.i386.rpm openssl-devel-0.9.8e-7.el5_3.2.x86_64.rpm openssl-perl-0.9.8e-7.el5_3.2.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: openssl-0.9.8e-12.el5_6.9.src.rpm i386: openssl-0.9.8e-12.el5_6.9.i386.rpm openssl-0.9.8e-12.el5_6.9.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.i386.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.i686.rpm openssl-devel-0.9.8e-12.el5_6.9.i386.rpm openssl-perl-0.9.8e-12.el5_6.9.i386.rpm ia64: openssl-0.9.8e-12.el5_6.9.i686.rpm openssl-0.9.8e-12.el5_6.9.ia64.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.ia64.rpm openssl-devel-0.9.8e-12.el5_6.9.ia64.rpm openssl-perl-0.9.8e-12.el5_6.9.ia64.rpm ppc: openssl-0.9.8e-12.el5_6.9.ppc.rpm openssl-0.9.8e-12.el5_6.9.ppc64.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.ppc.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.ppc64.rpm openssl-devel-0.9.8e-12.el5_6.9.ppc.rpm openssl-devel-0.9.8e-12.el5_6.9.ppc64.rpm openssl-perl-0.9.8e-12.el5_6.9.ppc.rpm s390x: openssl-0.9.8e-12.el5_6.9.s390.rpm openssl-0.9.8e-12.el5_6.9.s390x.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.s390.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.s390x.rpm openssl-devel-0.9.8e-12.el5_6.9.s390.rpm openssl-devel-0.9.8e-12.el5_6.9.s390x.rpm openssl-perl-0.9.8e-12.el5_6.9.s390x.rpm x86_64: openssl-0.9.8e-12.el5_6.9.i686.rpm openssl-0.9.8e-12.el5_6.9.x86_64.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.i386.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.i686.rpm openssl-debuginfo-0.9.8e-12.el5_6.9.x86_64.rpm openssl-devel-0.9.8e-12.el5_6.9.i386.rpm openssl-devel-0.9.8e-12.el5_6.9.x86_64.rpm openssl-perl-0.9.8e-12.el5_6.9.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.0): Source: openssl-1.0.0-4.el6_0.3.src.rpm i386: openssl-1.0.0-4.el6_0.3.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.3.i686.rpm openssl-devel-1.0.0-4.el6_0.3.i686.rpm ppc64: openssl-1.0.0-4.el6_0.3.ppc.rpm openssl-1.0.0-4.el6_0.3.ppc64.rpm openssl-debuginfo-1.0.0-4.el6_0.3.ppc.rpm openssl-debuginfo-1.0.0-4.el6_0.3.ppc64.rpm openssl-devel-1.0.0-4.el6_0.3.ppc.rpm openssl-devel-1.0.0-4.el6_0.3.ppc64.rpm s390x: openssl-1.0.0-4.el6_0.3.s390.rpm openssl-1.0.0-4.el6_0.3.s390x.rpm openssl-debuginfo-1.0.0-4.el6_0.3.s390.rpm openssl-debuginfo-1.0.0-4.el6_0.3.s390x.rpm openssl-devel-1.0.0-4.el6_0.3.s390.rpm openssl-devel-1.0.0-4.el6_0.3.s390x.rpm x86_64: openssl-1.0.0-4.el6_0.3.i686.rpm openssl-1.0.0-4.el6_0.3.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.3.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.3.x86_64.rpm openssl-devel-1.0.0-4.el6_0.3.i686.rpm openssl-devel-1.0.0-4.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.1): Source: openssl-1.0.0-10.el6_1.6.src.rpm i386: openssl-1.0.0-10.el6_1.6.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.6.i686.rpm openssl-devel-1.0.0-10.el6_1.6.i686.rpm ppc64: openssl-1.0.0-10.el6_1.6.ppc.rpm openssl-1.0.0-10.el6_1.6.ppc64.rpm openssl-debuginfo-1.0.0-10.el6_1.6.ppc.rpm openssl-debuginfo-1.0.0-10.el6_1.6.ppc64.rpm openssl-devel-1.0.0-10.el6_1.6.ppc.rpm openssl-devel-1.0.0-10.el6_1.6.ppc64.rpm s390x: openssl-1.0.0-10.el6_1.6.s390.rpm openssl-1.0.0-10.el6_1.6.s390x.rpm openssl-debuginfo-1.0.0-10.el6_1.6.s390.rpm openssl-debuginfo-1.0.0-10.el6_1.6.s390x.rpm openssl-devel-1.0.0-10.el6_1.6.s390.rpm openssl-devel-1.0.0-10.el6_1.6.s390x.rpm x86_64: openssl-1.0.0-10.el6_1.6.i686.rpm openssl-1.0.0-10.el6_1.6.x86_64.rpm openssl-debuginfo-1.0.0-10.el6_1.6.i686.rpm openssl-debuginfo-1.0.0-10.el6_1.6.x86_64.rpm openssl-devel-1.0.0-10.el6_1.6.i686.rpm openssl-devel-1.0.0-10.el6_1.6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.0): Source: openssl-1.0.0-4.el6_0.3.src.rpm i386: openssl-debuginfo-1.0.0-4.el6_0.3.i686.rpm openssl-perl-1.0.0-4.el6_0.3.i686.rpm openssl-static-1.0.0-4.el6_0.3.i686.rpm ppc64: openssl-debuginfo-1.0.0-4.el6_0.3.ppc64.rpm openssl-perl-1.0.0-4.el6_0.3.ppc64.rpm openssl-static-1.0.0-4.el6_0.3.ppc64.rpm s390x: openssl-debuginfo-1.0.0-4.el6_0.3.s390x.rpm openssl-perl-1.0.0-4.el6_0.3.s390x.rpm openssl-static-1.0.0-4.el6_0.3.s390x.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.3.x86_64.rpm openssl-perl-1.0.0-4.el6_0.3.x86_64.rpm openssl-static-1.0.0-4.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.1): Source: openssl-1.0.0-10.el6_1.6.src.rpm i386: openssl-debuginfo-1.0.0-10.el6_1.6.i686.rpm openssl-perl-1.0.0-10.el6_1.6.i686.rpm openssl-static-1.0.0-10.el6_1.6.i686.rpm ppc64: openssl-debuginfo-1.0.0-10.el6_1.6.ppc64.rpm openssl-perl-1.0.0-10.el6_1.6.ppc64.rpm openssl-static-1.0.0-10.el6_1.6.ppc64.rpm s390x: openssl-debuginfo-1.0.0-10.el6_1.6.s390x.rpm openssl-perl-1.0.0-10.el6_1.6.s390x.rpm openssl-static-1.0.0-10.el6_1.6.s390x.rpm x86_64: openssl-debuginfo-1.0.0-10.el6_1.6.x86_64.rpm openssl-perl-1.0.0-10.el6_1.6.x86_64.rpm openssl-static-1.0.0-10.el6_1.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2110.html https://access.redhat.com/security/updates/classification/#important http://www.openssl.org/news/secadv_20120419.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPl/I1XlSAg2UNWIIRAhppAKC9ayZPWIpcHisigISpnlmPMHvXWQCeIDIm hk+py0IUiauQgLB7ltS7um0= =N/6r -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 25 12:49:40 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Apr 2012 12:49:40 +0000 Subject: [RHSA-2012:0523-01] Moderate: libpng security update Message-ID: <201204251249.q3PCnexO005916@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libpng security update Advisory ID: RHSA-2012:0523-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0523.html Issue date: 2012-04-25 CVE Names: CVE-2011-3048 ===================================================================== 1. Summary: Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 808139 - CVE-2011-3048 libpng: memory corruption flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-17.el5_8.src.rpm i386: libpng-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.i386.rpm x86_64: libpng-1.2.10-17.el5_8.i386.rpm libpng-1.2.10-17.el5_8.x86_64.rpm libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-17.el5_8.src.rpm i386: libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-devel-1.2.10-17.el5_8.i386.rpm x86_64: libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.x86_64.rpm libpng-devel-1.2.10-17.el5_8.i386.rpm libpng-devel-1.2.10-17.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-17.el5_8.src.rpm i386: libpng-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-devel-1.2.10-17.el5_8.i386.rpm ia64: libpng-1.2.10-17.el5_8.i386.rpm libpng-1.2.10-17.el5_8.ia64.rpm libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.ia64.rpm libpng-devel-1.2.10-17.el5_8.ia64.rpm ppc: libpng-1.2.10-17.el5_8.ppc.rpm libpng-1.2.10-17.el5_8.ppc64.rpm libpng-debuginfo-1.2.10-17.el5_8.ppc.rpm libpng-debuginfo-1.2.10-17.el5_8.ppc64.rpm libpng-devel-1.2.10-17.el5_8.ppc.rpm libpng-devel-1.2.10-17.el5_8.ppc64.rpm s390x: libpng-1.2.10-17.el5_8.s390.rpm libpng-1.2.10-17.el5_8.s390x.rpm libpng-debuginfo-1.2.10-17.el5_8.s390.rpm libpng-debuginfo-1.2.10-17.el5_8.s390x.rpm libpng-devel-1.2.10-17.el5_8.s390.rpm libpng-devel-1.2.10-17.el5_8.s390x.rpm x86_64: libpng-1.2.10-17.el5_8.i386.rpm libpng-1.2.10-17.el5_8.x86_64.rpm libpng-debuginfo-1.2.10-17.el5_8.i386.rpm libpng-debuginfo-1.2.10-17.el5_8.x86_64.rpm libpng-devel-1.2.10-17.el5_8.i386.rpm libpng-devel-1.2.10-17.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm x86_64: libpng-1.2.49-1.el6_2.i686.rpm libpng-1.2.49-1.el6_2.x86_64.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm libpng-static-1.2.49-1.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.x86_64.rpm libpng-static-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm x86_64: libpng-1.2.49-1.el6_2.i686.rpm libpng-1.2.49-1.el6_2.x86_64.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm x86_64: libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.x86_64.rpm libpng-static-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm ppc64: libpng-1.2.49-1.el6_2.ppc.rpm libpng-1.2.49-1.el6_2.ppc64.rpm libpng-debuginfo-1.2.49-1.el6_2.ppc.rpm libpng-debuginfo-1.2.49-1.el6_2.ppc64.rpm libpng-devel-1.2.49-1.el6_2.ppc.rpm libpng-devel-1.2.49-1.el6_2.ppc64.rpm s390x: libpng-1.2.49-1.el6_2.s390.rpm libpng-1.2.49-1.el6_2.s390x.rpm libpng-debuginfo-1.2.49-1.el6_2.s390.rpm libpng-debuginfo-1.2.49-1.el6_2.s390x.rpm libpng-devel-1.2.49-1.el6_2.s390.rpm libpng-devel-1.2.49-1.el6_2.s390x.rpm x86_64: libpng-1.2.49-1.el6_2.i686.rpm libpng-1.2.49-1.el6_2.x86_64.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-static-1.2.49-1.el6_2.i686.rpm ppc64: libpng-debuginfo-1.2.49-1.el6_2.ppc64.rpm libpng-static-1.2.49-1.el6_2.ppc64.rpm s390x: libpng-debuginfo-1.2.49-1.el6_2.s390x.rpm libpng-static-1.2.49-1.el6_2.s390x.rpm x86_64: libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-static-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm x86_64: libpng-1.2.49-1.el6_2.i686.rpm libpng-1.2.49-1.el6_2.x86_64.rpm libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-devel-1.2.49-1.el6_2.i686.rpm libpng-devel-1.2.49-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.49-1.el6_2.src.rpm i386: libpng-debuginfo-1.2.49-1.el6_2.i686.rpm libpng-static-1.2.49-1.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.49-1.el6_2.x86_64.rpm libpng-static-1.2.49-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3048.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPl/KzXlSAg2UNWIIRAp33AKCr3bfKTP8YB0hxYoOxeEHtAh3a5wCgusva wjqyz1LnLUgrlhyLcd8NhG0= =lWKS -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 30 18:00:29 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Apr 2012 18:00:29 +0000 Subject: [RHSA-2012:0528-01] Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update Message-ID: <201204301800.q3UI0U7Q004887@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update Advisory ID: RHSA-2012:0528-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0528.html Issue date: 2012-04-30 CVE Names: CVE-2011-3620 ===================================================================== 1. Summary: Updated Messaging packages that resolve one security issue, fix multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, x86_64 MRG Management for RHEL 6 ComputeNode v.2 - x86_64 MRG Management for RHEL 6 Server v.2 - i386, x86_64 Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was found that Qpid accepted any password or SASL mechanism, provided the remote user knew a valid cluster username. This could give a remote attacker unauthorized access to the cluster, exposing cluster messages and internal Qpid/MRG configurations. (CVE-2011-3620) Note: If you are using an ACL, the cluster-username must be allowed to publish to the qpid.cluster-credentials exchange. For example, if your cluster-username is "foo", in your ACL file: acl allow foo at QPID publish exchange name=qpid.cluster-credentials The CVE-2011-3620 fix changes the cluster initialization protocol. As such, the cluster with all new version brokers must be restarted for the changes to take effect. Refer below for details. These updated packages provide numerous enhancements and bug fixes for the Messaging component of MRG. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly in the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG 2.1 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 747078 - CVE-2011-3620 qpid-cpp: cluster authentication ignores cluster-* settings 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.el6.src.rpm x86_64: condor-7.6.5-0.14.el6.x86_64.rpm condor-classads-7.6.5-0.14.el6.x86_64.rpm condor-debuginfo-7.6.5-0.14.el6.x86_64.rpm condor-kbdd-7.6.5-0.14.el6.x86_64.rpm condor-qmf-7.6.5-0.14.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.14.el6.x86_64.rpm MRG Management for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-5.el6.src.rpm x86_64: sesame-1.0-5.el6.x86_64.rpm sesame-debuginfo-1.0-5.el6.x86_64.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-5.el6.src.rpm i386: condor-7.6.5-0.14.el6.i686.rpm condor-aviary-7.6.5-0.14.el6.i686.rpm condor-classads-7.6.5-0.14.el6.i686.rpm condor-debuginfo-7.6.5-0.14.el6.i686.rpm condor-kbdd-7.6.5-0.14.el6.i686.rpm condor-plumage-7.6.5-0.14.el6.i686.rpm condor-qmf-7.6.5-0.14.el6.i686.rpm sesame-1.0-5.el6.i686.rpm sesame-debuginfo-1.0-5.el6.i686.rpm x86_64: condor-7.6.5-0.14.el6.x86_64.rpm condor-aviary-7.6.5-0.14.el6.x86_64.rpm condor-classads-7.6.5-0.14.el6.x86_64.rpm condor-debuginfo-7.6.5-0.14.el6.x86_64.rpm condor-kbdd-7.6.5-0.14.el6.x86_64.rpm condor-plumage-7.6.5-0.14.el6.x86_64.rpm condor-qmf-7.6.5-0.14.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.14.el6.x86_64.rpm sesame-1.0-5.el6.x86_64.rpm sesame-debuginfo-1.0-5.el6.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.el6.src.rpm i386: condor-7.6.5-0.14.el6.i686.rpm condor-classads-7.6.5-0.14.el6.i686.rpm condor-debuginfo-7.6.5-0.14.el6.i686.rpm condor-kbdd-7.6.5-0.14.el6.i686.rpm condor-qmf-7.6.5-0.14.el6.i686.rpm x86_64: condor-7.6.5-0.14.el6.x86_64.rpm condor-classads-7.6.5-0.14.el6.x86_64.rpm condor-debuginfo-7.6.5-0.14.el6.x86_64.rpm condor-kbdd-7.6.5-0.14.el6.x86_64.rpm condor-qmf-7.6.5-0.14.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.14.el6.x86_64.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-5.el6.src.rpm i386: sesame-1.0-5.el6.i686.rpm sesame-debuginfo-1.0-5.el6.i686.rpm x86_64: sesame-1.0-5.el6.x86_64.rpm sesame-debuginfo-1.0-5.el6.x86_64.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.14-14.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-java-0.14-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-jca-0.14-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.14-7.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-5.el6.src.rpm i386: qpid-cpp-client-devel-0.14-14.el6_2.i686.rpm qpid-cpp-client-rdma-0.14-14.el6_2.i686.rpm qpid-cpp-debuginfo-0.14-14.el6_2.i686.rpm qpid-cpp-server-cluster-0.14-14.el6_2.i686.rpm qpid-cpp-server-devel-0.14-14.el6_2.i686.rpm qpid-cpp-server-rdma-0.14-14.el6_2.i686.rpm qpid-cpp-server-store-0.14-14.el6_2.i686.rpm qpid-cpp-server-xml-0.14-14.el6_2.i686.rpm qpid-qmf-debuginfo-0.14-7.el6_2.i686.rpm qpid-qmf-devel-0.14-7.el6_2.i686.rpm sesame-1.0-5.el6.i686.rpm sesame-debuginfo-1.0-5.el6.i686.rpm noarch: qpid-cpp-client-devel-docs-0.14-14.el6_2.noarch.rpm qpid-java-client-0.14-3.el6.noarch.rpm qpid-java-common-0.14-3.el6.noarch.rpm qpid-java-example-0.14-3.el6.noarch.rpm qpid-jca-0.14-9.el6.noarch.rpm qpid-jca-xarecovery-0.14-9.el6.noarch.rpm x86_64: qpid-cpp-client-devel-0.14-14.el6_2.x86_64.rpm qpid-cpp-client-rdma-0.14-14.el6_2.x86_64.rpm qpid-cpp-debuginfo-0.14-14.el6_2.x86_64.rpm qpid-cpp-server-cluster-0.14-14.el6_2.x86_64.rpm qpid-cpp-server-devel-0.14-14.el6_2.x86_64.rpm qpid-cpp-server-rdma-0.14-14.el6_2.x86_64.rpm qpid-cpp-server-store-0.14-14.el6_2.x86_64.rpm qpid-cpp-server-xml-0.14-14.el6_2.x86_64.rpm qpid-qmf-debuginfo-0.14-7.el6_2.x86_64.rpm qpid-qmf-devel-0.14-7.el6_2.x86_64.rpm sesame-1.0-5.el6.x86_64.rpm sesame-debuginfo-1.0-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3620.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Technical_Notes/index.html#RHSA-2012-0528 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPntMkXlSAg2UNWIIRAulIAKChC049f+WjkpwXSbJ6o7l7L+g4KACeOYpu ruj60K9EwFohDOKbYsq/N8I= =jIKp -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 30 18:01:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Apr 2012 18:01:14 +0000 Subject: [RHSA-2012:0529-01] Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update Message-ID: <201204301801.q3UI1FJM001260@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update Advisory ID: RHSA-2012:0529-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0529.html Issue date: 2012-04-30 CVE Names: CVE-2011-3620 ===================================================================== 1. Summary: Updated Messaging packages that resolve one security issue, fix multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, x86_64 MRG Management for RHEL 5 Server v.2 - i386, x86_64 Red Hat MRG Messaging for RHEL 5 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was found that Qpid accepted any password or SASL mechanism, provided the remote user knew a valid cluster username. This could give a remote attacker unauthorized access to the cluster, exposing cluster messages and internal Qpid/MRG configurations. (CVE-2011-3620) Note: If you are using an ACL, the cluster-username must be allowed to publish to the qpid.cluster-credentials exchange. For example, if your cluster-username is "foo", in your ACL file: acl allow foo at QPID publish exchange name=qpid.cluster-credentials The CVE-2011-3620 fix changes the cluster initialization protocol. As such, the cluster with all new version brokers must be restarted for the changes to take effect. Refer below for details. These updated packages provide numerous enhancements and bug fixes for the Messaging component of MRG. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly in the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG 2.1 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 650969 - [RFE] qpid-winsdk should support Microsoft Visual Studio 2010 674379 - [RFE] IPv6 support for qpid C++ messaging 691654 - qpidd broker triggers SELinux AVCs avc: denied { search } for pid=27642 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir 700632 - qpid-java-common rpm erroneously includes qpid-ra-0.10.jar 704596 - The toString() representation of the JMSDestination of a received message is different from the toString() representation on the sender side. 705418 - Ability to acknowledge all messages up to and including a given message for a Session 726102 - cpp client parsing error when dealing with empty strings 727182 - Support DTX transactions in a cluster. 730981 - Unable to create binding while sending messages on default exchange using addressing 731368 - Only one message is consumed using c++ drain by default 733241 - 'qpid-config queues ' should return proper error code 733383 - Single message can be delivered to multiple client 734729 - qpidd broker crash during shutdown 735208 - management of store/journal no longer available 747078 - CVE-2011-3620 qpid-cpp: cluster authentication ignores cluster-* settings 751845 - Allow SSL and non-SSL connections on the same port 760112 - Journal management stats not available for recovered queues 760636 - Message Group query method should include message timestamp if present. 761186 - Java client mishandles tcp_nodelay when specified as part of the broker URL 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-3.el5.src.rpm i386: condor-7.6.5-0.14.el5.i386.rpm condor-aviary-7.6.5-0.14.el5.i386.rpm condor-classads-7.6.5-0.14.el5.i386.rpm condor-debuginfo-7.6.5-0.14.el5.i386.rpm condor-kbdd-7.6.5-0.14.el5.i386.rpm condor-qmf-7.6.5-0.14.el5.i386.rpm condor-vm-gahp-7.6.5-0.14.el5.i386.rpm sesame-1.0-3.el5.i386.rpm sesame-debuginfo-1.0-3.el5.i386.rpm x86_64: condor-7.6.5-0.14.el5.x86_64.rpm condor-aviary-7.6.5-0.14.el5.x86_64.rpm condor-classads-7.6.5-0.14.el5.x86_64.rpm condor-debuginfo-7.6.5-0.14.el5.x86_64.rpm condor-kbdd-7.6.5-0.14.el5.x86_64.rpm condor-qmf-7.6.5-0.14.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.14.el5.x86_64.rpm sesame-1.0-3.el5.x86_64.rpm sesame-debuginfo-1.0-3.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.14.el5.src.rpm i386: condor-7.6.5-0.14.el5.i386.rpm condor-classads-7.6.5-0.14.el5.i386.rpm condor-debuginfo-7.6.5-0.14.el5.i386.rpm condor-kbdd-7.6.5-0.14.el5.i386.rpm condor-qmf-7.6.5-0.14.el5.i386.rpm condor-vm-gahp-7.6.5-0.14.el5.i386.rpm x86_64: condor-7.6.5-0.14.el5.x86_64.rpm condor-classads-7.6.5-0.14.el5.x86_64.rpm condor-debuginfo-7.6.5-0.14.el5.x86_64.rpm condor-kbdd-7.6.5-0.14.el5.x86_64.rpm condor-qmf-7.6.5-0.14.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.14.el5.x86_64.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-3.el5.src.rpm i386: sesame-1.0-3.el5.i386.rpm sesame-debuginfo-1.0-3.el5.i386.rpm x86_64: sesame-1.0-3.el5.x86_64.rpm sesame-debuginfo-1.0-3.el5.x86_64.rpm Red Hat MRG Messaging for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-qpid-0.14-6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.14-14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-java-0.14-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-jca-0.14-9.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-qmf-0.14-9.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-tests-0.14-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-tools-0.14-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-3.el5.src.rpm i386: python-qpid-qmf-0.14-9.el5.i386.rpm qpid-cpp-client-0.14-14.el5.i386.rpm qpid-cpp-client-devel-0.14-14.el5.i386.rpm qpid-cpp-client-devel-docs-0.14-14.el5.i386.rpm qpid-cpp-client-rdma-0.14-14.el5.i386.rpm qpid-cpp-client-ssl-0.14-14.el5.i386.rpm qpid-cpp-mrg-debuginfo-0.14-14.el5.i386.rpm qpid-cpp-server-0.14-14.el5.i386.rpm qpid-cpp-server-cluster-0.14-14.el5.i386.rpm qpid-cpp-server-devel-0.14-14.el5.i386.rpm qpid-cpp-server-rdma-0.14-14.el5.i386.rpm qpid-cpp-server-ssl-0.14-14.el5.i386.rpm qpid-cpp-server-store-0.14-14.el5.i386.rpm qpid-cpp-server-xml-0.14-14.el5.i386.rpm qpid-qmf-0.14-9.el5.i386.rpm qpid-qmf-debuginfo-0.14-9.el5.i386.rpm qpid-qmf-devel-0.14-9.el5.i386.rpm ruby-qpid-qmf-0.14-9.el5.i386.rpm sesame-1.0-3.el5.i386.rpm sesame-debuginfo-1.0-3.el5.i386.rpm noarch: python-qpid-0.14-6.el5.noarch.rpm qpid-java-client-0.14-3.el5.noarch.rpm qpid-java-common-0.14-3.el5.noarch.rpm qpid-java-example-0.14-3.el5.noarch.rpm qpid-jca-0.14-9.el5.noarch.rpm qpid-jca-xarecovery-0.14-9.el5.noarch.rpm qpid-tests-0.14-1.el5.noarch.rpm qpid-tools-0.14-2.el5.noarch.rpm x86_64: python-qpid-qmf-0.14-9.el5.x86_64.rpm qpid-cpp-client-0.14-14.el5.x86_64.rpm qpid-cpp-client-devel-0.14-14.el5.x86_64.rpm qpid-cpp-client-devel-docs-0.14-14.el5.x86_64.rpm qpid-cpp-client-rdma-0.14-14.el5.x86_64.rpm qpid-cpp-client-ssl-0.14-14.el5.x86_64.rpm qpid-cpp-mrg-debuginfo-0.14-14.el5.x86_64.rpm qpid-cpp-server-0.14-14.el5.x86_64.rpm qpid-cpp-server-cluster-0.14-14.el5.x86_64.rpm qpid-cpp-server-devel-0.14-14.el5.x86_64.rpm qpid-cpp-server-rdma-0.14-14.el5.x86_64.rpm qpid-cpp-server-ssl-0.14-14.el5.x86_64.rpm qpid-cpp-server-store-0.14-14.el5.x86_64.rpm qpid-cpp-server-xml-0.14-14.el5.x86_64.rpm qpid-qmf-0.14-9.el5.x86_64.rpm qpid-qmf-debuginfo-0.14-9.el5.x86_64.rpm qpid-qmf-devel-0.14-9.el5.x86_64.rpm ruby-qpid-qmf-0.14-9.el5.x86_64.rpm sesame-1.0-3.el5.x86_64.rpm sesame-debuginfo-1.0-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3620.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Technical_Notes/index.html#RHSA-2012-0529 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPntNYXlSAg2UNWIIRAiL2AKCXgpyirTQhHWRbL3x0+2mWMAS5MwCfb1y3 9elLOn980hIVaNF/qhDDQ8Y= =eZhY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 30 18:02:42 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Apr 2012 18:02:42 +0000 Subject: [RHSA-2012:0532-01] Important: nss security update Message-ID: <201204301802.q3UI2hho029119@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss security update Advisory ID: RHSA-2012:0532-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0532.html Issue date: 2012-04-30 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#734316) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34) 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: nss-3.12.8-6.el5_6.src.rpm i386: nss-3.12.8-6.el5_6.i386.rpm nss-debuginfo-3.12.8-6.el5_6.i386.rpm nss-devel-3.12.8-6.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm nss-tools-3.12.8-6.el5_6.i386.rpm ia64: nss-3.12.8-6.el5_6.i386.rpm nss-3.12.8-6.el5_6.ia64.rpm nss-debuginfo-3.12.8-6.el5_6.i386.rpm nss-debuginfo-3.12.8-6.el5_6.ia64.rpm nss-devel-3.12.8-6.el5_6.ia64.rpm nss-pkcs11-devel-3.12.8-6.el5_6.ia64.rpm nss-tools-3.12.8-6.el5_6.ia64.rpm ppc: nss-3.12.8-6.el5_6.ppc.rpm nss-3.12.8-6.el5_6.ppc64.rpm nss-debuginfo-3.12.8-6.el5_6.ppc.rpm nss-debuginfo-3.12.8-6.el5_6.ppc64.rpm nss-devel-3.12.8-6.el5_6.ppc.rpm nss-devel-3.12.8-6.el5_6.ppc64.rpm nss-pkcs11-devel-3.12.8-6.el5_6.ppc.rpm nss-pkcs11-devel-3.12.8-6.el5_6.ppc64.rpm nss-tools-3.12.8-6.el5_6.ppc.rpm s390x: nss-3.12.8-6.el5_6.s390.rpm nss-3.12.8-6.el5_6.s390x.rpm nss-debuginfo-3.12.8-6.el5_6.s390.rpm nss-debuginfo-3.12.8-6.el5_6.s390x.rpm nss-devel-3.12.8-6.el5_6.s390.rpm nss-devel-3.12.8-6.el5_6.s390x.rpm nss-pkcs11-devel-3.12.8-6.el5_6.s390.rpm nss-pkcs11-devel-3.12.8-6.el5_6.s390x.rpm nss-tools-3.12.8-6.el5_6.s390x.rpm x86_64: nss-3.12.8-6.el5_6.i386.rpm nss-3.12.8-6.el5_6.x86_64.rpm nss-debuginfo-3.12.8-6.el5_6.i386.rpm nss-debuginfo-3.12.8-6.el5_6.x86_64.rpm nss-devel-3.12.8-6.el5_6.i386.rpm nss-devel-3.12.8-6.el5_6.x86_64.rpm nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-6.el5_6.x86_64.rpm nss-tools-3.12.8-6.el5_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPntO0XlSAg2UNWIIRAs09AKCLXyHrpcDr249Jp5HZdZdvgTnsCQCgnd3j RWOXeEsjNW7bTOVMNn5PnHs= =TWyJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Apr 30 18:04:21 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Apr 2012 18:04:21 +0000 Subject: [RHSA-2012:0533-01] Important: samba and samba3x security update Message-ID: <201204301804.q3UI4NuL005844@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba and samba3x security update Advisory ID: RHSA-2012:0533-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0533.html Issue date: 2012-04-30 CVE Names: CVE-2012-2111 ===================================================================== 1. Summary: Updated samba3x and samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority (LSA) Remote Procedure Calls (RPC). An authenticated user could use this flaw to issue an RPC call that would modify the privileges database on the Samba server, allowing them to steal the ownership of files and directories that are being shared by the Samba server, and create, delete, and modify user accounts, as well as other Samba server administration tasks. (CVE-2012-2111) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Ivano Cristofolini as the original reporter. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 813569 - CVE-2012-2111 samba: Incorrect permission checks when granting/removing privileges 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.10-0.109.el5_8.src.rpm i386: samba3x-3.5.10-0.109.el5_8.i386.rpm samba3x-client-3.5.10-0.109.el5_8.i386.rpm samba3x-common-3.5.10-0.109.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-doc-3.5.10-0.109.el5_8.i386.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.i386.rpm samba3x-swat-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-3.5.10-0.109.el5_8.i386.rpm x86_64: samba3x-3.5.10-0.109.el5_8.x86_64.rpm samba3x-client-3.5.10-0.109.el5_8.x86_64.rpm samba3x-common-3.5.10-0.109.el5_8.x86_64.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.x86_64.rpm samba3x-doc-3.5.10-0.109.el5_8.x86_64.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.x86_64.rpm samba3x-swat-3.5.10-0.109.el5_8.x86_64.rpm samba3x-winbind-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-3.5.10-0.109.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.5.10-0.109.el5_8.src.rpm i386: samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.i386.rpm x86_64: samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.x86_64.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.5.10-0.109.el5_8.src.rpm i386: samba3x-3.5.10-0.109.el5_8.i386.rpm samba3x-client-3.5.10-0.109.el5_8.i386.rpm samba3x-common-3.5.10-0.109.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-doc-3.5.10-0.109.el5_8.i386.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.i386.rpm samba3x-swat-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.i386.rpm ia64: samba3x-3.5.10-0.109.el5_8.ia64.rpm samba3x-client-3.5.10-0.109.el5_8.ia64.rpm samba3x-common-3.5.10-0.109.el5_8.ia64.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.ia64.rpm samba3x-doc-3.5.10-0.109.el5_8.ia64.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.ia64.rpm samba3x-swat-3.5.10-0.109.el5_8.ia64.rpm samba3x-winbind-3.5.10-0.109.el5_8.ia64.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.ia64.rpm ppc: samba3x-3.5.10-0.109.el5_8.ppc.rpm samba3x-client-3.5.10-0.109.el5_8.ppc.rpm samba3x-common-3.5.10-0.109.el5_8.ppc.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.ppc.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.ppc64.rpm samba3x-doc-3.5.10-0.109.el5_8.ppc.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.ppc.rpm samba3x-swat-3.5.10-0.109.el5_8.ppc.rpm samba3x-winbind-3.5.10-0.109.el5_8.ppc.rpm samba3x-winbind-3.5.10-0.109.el5_8.ppc64.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.ppc.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.ppc64.rpm s390x: samba3x-3.5.10-0.109.el5_8.s390x.rpm samba3x-client-3.5.10-0.109.el5_8.s390x.rpm samba3x-common-3.5.10-0.109.el5_8.s390x.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.s390.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.s390x.rpm samba3x-doc-3.5.10-0.109.el5_8.s390x.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.s390x.rpm samba3x-swat-3.5.10-0.109.el5_8.s390x.rpm samba3x-winbind-3.5.10-0.109.el5_8.s390.rpm samba3x-winbind-3.5.10-0.109.el5_8.s390x.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.s390.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.s390x.rpm x86_64: samba3x-3.5.10-0.109.el5_8.x86_64.rpm samba3x-client-3.5.10-0.109.el5_8.x86_64.rpm samba3x-common-3.5.10-0.109.el5_8.x86_64.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.i386.rpm samba3x-debuginfo-3.5.10-0.109.el5_8.x86_64.rpm samba3x-doc-3.5.10-0.109.el5_8.x86_64.rpm samba3x-domainjoin-gui-3.5.10-0.109.el5_8.x86_64.rpm samba3x-swat-3.5.10-0.109.el5_8.x86_64.rpm samba3x-winbind-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-3.5.10-0.109.el5_8.x86_64.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.i386.rpm samba3x-winbind-devel-3.5.10-0.109.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-3.5.10-116.el6_2.i686.rpm samba-client-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-winbind-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-116.el6_2.i686.rpm libsmbclient-3.5.10-116.el6_2.x86_64.rpm samba-client-3.5.10-116.el6_2.x86_64.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-winbind-3.5.10-116.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm samba-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-doc-3.5.10-116.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-116.el6_2.i686.rpm samba-swat-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm libsmbclient-devel-3.5.10-116.el6_2.x86_64.rpm samba-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-doc-3.5.10-116.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-116.el6_2.x86_64.rpm samba-swat-3.5.10-116.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm x86_64: samba-client-3.5.10-116.el6_2.x86_64.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-winbind-3.5.10-116.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm x86_64: libsmbclient-3.5.10-116.el6_2.i686.rpm libsmbclient-3.5.10-116.el6_2.x86_64.rpm libsmbclient-devel-3.5.10-116.el6_2.i686.rpm libsmbclient-devel-3.5.10-116.el6_2.x86_64.rpm samba-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-doc-3.5.10-116.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-116.el6_2.x86_64.rpm samba-swat-3.5.10-116.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-3.5.10-116.el6_2.i686.rpm samba-3.5.10-116.el6_2.i686.rpm samba-client-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-winbind-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm ppc64: libsmbclient-3.5.10-116.el6_2.ppc.rpm libsmbclient-3.5.10-116.el6_2.ppc64.rpm samba-3.5.10-116.el6_2.ppc64.rpm samba-client-3.5.10-116.el6_2.ppc64.rpm samba-common-3.5.10-116.el6_2.ppc.rpm samba-common-3.5.10-116.el6_2.ppc64.rpm samba-debuginfo-3.5.10-116.el6_2.ppc.rpm samba-debuginfo-3.5.10-116.el6_2.ppc64.rpm samba-winbind-3.5.10-116.el6_2.ppc64.rpm samba-winbind-clients-3.5.10-116.el6_2.ppc.rpm samba-winbind-clients-3.5.10-116.el6_2.ppc64.rpm s390x: libsmbclient-3.5.10-116.el6_2.s390.rpm libsmbclient-3.5.10-116.el6_2.s390x.rpm samba-3.5.10-116.el6_2.s390x.rpm samba-client-3.5.10-116.el6_2.s390x.rpm samba-common-3.5.10-116.el6_2.s390.rpm samba-common-3.5.10-116.el6_2.s390x.rpm samba-debuginfo-3.5.10-116.el6_2.s390.rpm samba-debuginfo-3.5.10-116.el6_2.s390x.rpm samba-winbind-3.5.10-116.el6_2.s390x.rpm samba-winbind-clients-3.5.10-116.el6_2.s390.rpm samba-winbind-clients-3.5.10-116.el6_2.s390x.rpm x86_64: libsmbclient-3.5.10-116.el6_2.i686.rpm libsmbclient-3.5.10-116.el6_2.x86_64.rpm samba-3.5.10-116.el6_2.x86_64.rpm samba-client-3.5.10-116.el6_2.x86_64.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-winbind-3.5.10-116.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-doc-3.5.10-116.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-116.el6_2.i686.rpm samba-swat-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.i686.rpm ppc64: libsmbclient-devel-3.5.10-116.el6_2.ppc.rpm libsmbclient-devel-3.5.10-116.el6_2.ppc64.rpm samba-debuginfo-3.5.10-116.el6_2.ppc.rpm samba-debuginfo-3.5.10-116.el6_2.ppc64.rpm samba-doc-3.5.10-116.el6_2.ppc64.rpm samba-domainjoin-gui-3.5.10-116.el6_2.ppc64.rpm samba-swat-3.5.10-116.el6_2.ppc64.rpm samba-winbind-devel-3.5.10-116.el6_2.ppc.rpm samba-winbind-devel-3.5.10-116.el6_2.ppc64.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.ppc64.rpm s390x: libsmbclient-devel-3.5.10-116.el6_2.s390.rpm libsmbclient-devel-3.5.10-116.el6_2.s390x.rpm samba-debuginfo-3.5.10-116.el6_2.s390.rpm samba-debuginfo-3.5.10-116.el6_2.s390x.rpm samba-doc-3.5.10-116.el6_2.s390x.rpm samba-domainjoin-gui-3.5.10-116.el6_2.s390x.rpm samba-swat-3.5.10-116.el6_2.s390x.rpm samba-winbind-devel-3.5.10-116.el6_2.s390.rpm samba-winbind-devel-3.5.10-116.el6_2.s390x.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.s390x.rpm x86_64: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm libsmbclient-devel-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-doc-3.5.10-116.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-116.el6_2.x86_64.rpm samba-swat-3.5.10-116.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-3.5.10-116.el6_2.i686.rpm samba-3.5.10-116.el6_2.i686.rpm samba-client-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-winbind-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-116.el6_2.i686.rpm libsmbclient-3.5.10-116.el6_2.x86_64.rpm samba-3.5.10-116.el6_2.x86_64.rpm samba-client-3.5.10-116.el6_2.x86_64.rpm samba-common-3.5.10-116.el6_2.i686.rpm samba-common-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-winbind-3.5.10-116.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-116.el6_2.i686.rpm samba-winbind-clients-3.5.10-116.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-116.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-doc-3.5.10-116.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-116.el6_2.i686.rpm samba-swat-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-116.el6_2.i686.rpm libsmbclient-devel-3.5.10-116.el6_2.x86_64.rpm samba-debuginfo-3.5.10-116.el6_2.i686.rpm samba-debuginfo-3.5.10-116.el6_2.x86_64.rpm samba-doc-3.5.10-116.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-116.el6_2.x86_64.rpm samba-swat-3.5.10-116.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-116.el6_2.i686.rpm samba-winbind-devel-3.5.10-116.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-116.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2111.html https://access.redhat.com/security/updates/classification/#important http://www.samba.org/samba/security/CVE-2012-2111 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPntPwXlSAg2UNWIIRAh79AKCaPHpXlU0qG7b3mVHjwIQdiCId7QCfbc+K ZgHGLPqa/TXObR3vqrIE9Ec= =SdTw -----END PGP SIGNATURE-----