From bugzilla at redhat.com Wed Aug 1 20:04:58 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Aug 2012 20:04:58 +0000 Subject: [RHSA-2012:1135-01] Important: libreoffice security update Message-ID: <201208012005.q71K50FG001226@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libreoffice security update Advisory ID: RHSA-2012:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1135.html Issue date: 2012-08-01 CVE Names: CVE-2012-2665 ===================================================================== 1. Summary: Updated libreoffice packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2665) Upstream acknowledges Timo Warns as the original reporter of these issues. All LibreOffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of LibreOffice applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826077 - CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreoffice-3.4.5.2-16.1.el6_3.src.rpm i386: libreoffice-base-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-core-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-math-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.i686.rpm noarch: autocorr-af-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-bg-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-cs-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-da-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-de-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-en-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-es-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-eu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fa-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ga-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-it-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ja-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ko-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lb-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-mn-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-nl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ru-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sk-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sv-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-tr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-vi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-zh-3.4.5.2-16.1.el6_3.noarch.rpm libreoffice-opensymbol-fonts-3.4.5.2-16.1.el6_3.noarch.rpm x86_64: libreoffice-base-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-core-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-math-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreoffice-3.4.5.2-16.1.el6_3.src.rpm i386: libreoffice-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.i686.rpm x86_64: libreoffice-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libreoffice-3.4.5.2-16.1.el6_3.src.rpm i386: libreoffice-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-base-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-core-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-math-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.i686.rpm noarch: autocorr-af-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-bg-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-cs-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-da-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-de-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-en-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-es-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-eu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fa-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ga-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-it-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ja-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ko-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lb-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-mn-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-nl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ru-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sk-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sv-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-tr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-vi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-zh-3.4.5.2-16.1.el6_3.noarch.rpm libreoffice-opensymbol-fonts-3.4.5.2-16.1.el6_3.noarch.rpm ppc64: libreoffice-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-base-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-core-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.ppc.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.ppc.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-math-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.ppc64.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.ppc64.rpm s390x: libreoffice-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-base-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-core-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.s390.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.s390.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-math-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.s390x.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.s390x.rpm x86_64: libreoffice-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-base-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-core-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-math-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreoffice-3.4.5.2-16.1.el6_3.src.rpm i386: libreoffice-base-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-core-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-math-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.i686.rpm noarch: autocorr-af-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-bg-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-cs-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-da-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-de-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-en-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-es-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-eu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fa-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-fr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ga-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-hu-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-it-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ja-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ko-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lb-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-lt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-mn-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-nl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-pt-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-ru-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sk-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sl-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-sv-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-tr-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-vi-3.4.5.2-16.1.el6_3.noarch.rpm autocorr-zh-3.4.5.2-16.1.el6_3.noarch.rpm libreoffice-opensymbol-fonts-3.4.5.2-16.1.el6_3.noarch.rpm x86_64: libreoffice-base-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-calc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-core-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-draw-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-emailmerge-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-graphicfilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-headless-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-impress-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-javafilter-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-af-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ar-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-as-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bg-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-bn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ca-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cs-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-cy-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-da-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-de-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-dz-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-el-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-en-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-es-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-et-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-eu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-fr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ga-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-gu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-he-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hi-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-hu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-it-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ja-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-kn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ko-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-lt-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mai-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ml-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-mr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ms-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nb-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-nso-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-or-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pa-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-BR-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-pt-PT-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ro-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ru-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sl-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ss-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-st-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-sv-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ta-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-te-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-th-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tn-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-tr-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ts-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-uk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ur-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-ve-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-xh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zh-Hant-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-langpack-zu-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-math-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ogltrans-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pdfimport-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presentation-minimizer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-presenter-screen-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-pyuno-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-report-builder-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-ure-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-wiki-publisher-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-writer-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-xsltfilter-3.4.5.2-16.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreoffice-3.4.5.2-16.1.el6_3.src.rpm i386: libreoffice-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.i686.rpm x86_64: libreoffice-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-bsh-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-debuginfo-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.i686.rpm libreoffice-gdb-debug-support-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-rhino-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-sdk-doc-3.4.5.2-16.1.el6_3.x86_64.rpm libreoffice-testtools-3.4.5.2-16.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2665.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGYvMXlSAg2UNWIIRAuMoAJ0S3h5o14iwnH6mioVk3YGeEwRhCQCeMNS4 z/g+PVU9gVIGXPjqAv3/GVE= =q5Am -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 1 20:06:38 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Aug 2012 20:06:38 +0000 Subject: [RHSA-2012:1136-01] Important: openoffice.org security update Message-ID: <201208012006.q71K6dPT014938@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2012:1136-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1136.html Issue date: 2012-08-01 CVE Names: CVE-2012-2665 ===================================================================== 1. Summary: Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2665) Upstream acknowledges Timo Warns as the original reporter of these issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826077 - CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.4.src.rpm i386: openoffice.org-base-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-calc-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-core-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-draw-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-headless-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-impress-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-math-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-ure-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-writer-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.4.i386.rpm x86_64: openoffice.org-base-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-calc-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-core-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-draw-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-headless-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-impress-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-math-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-ure-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-writer-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.4.src.rpm i386: openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.4.i386.rpm x86_64: openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.4.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.4.src.rpm i386: openoffice.org-base-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-calc-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-core-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-draw-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-headless-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-impress-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-math-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-ure-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-writer-3.1.1-19.10.el5_8.4.i386.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.4.i386.rpm x86_64: openoffice.org-base-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-calc-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-core-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-draw-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-headless-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-impress-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-math-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-ure-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-writer-3.1.1-19.10.el5_8.4.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2665.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGYwCXlSAg2UNWIIRAhASAKCalulRMU9q2i2LJpV19OXgLx9vqgCeKYta Hf+ASOJ1o2FINHecMBysEvw= =oMfM -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 3 01:16:00 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 3 Aug 2012 01:16:00 +0000 Subject: [RHSA-2012:1139-01] Important: bind-dyndb-ldap security update Message-ID: <201208030116.q731G2Qq008756@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind-dyndb-ldap security update Advisory ID: RHSA-2012:1139-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1139.html Issue date: 2012-08-03 CVE Names: CVE-2012-3429 ===================================================================== 1. Summary: An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure. (CVE-2012-3429) Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842466 - CVE-2012-3429 bind-dyndb-ldap: named DoS via DNS query with $ in name 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm i386: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm ppc64: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.ppc64.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.ppc64.rpm s390x: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.s390x.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.s390x.rpm x86_64: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm i386: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.i686.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.i686.rpm x86_64: bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64.rpm bind-dyndb-ldap-debuginfo-1.1.0-0.9.b1.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3429.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGyY9XlSAg2UNWIIRAtqNAKC9NByGZ9gKxepNd7qvJRqOqMJFewCfQN5y LHmd4BBzRsrfB9xvEr/H/QM= =E/Ei -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 3 01:17:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 3 Aug 2012 01:17:05 +0000 Subject: [RHSA-2012:1140-01] Moderate: dhcp security update Message-ID: <201208030117.q731H7CO005596@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dhcp security update Advisory ID: RHSA-2012:1140-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1140.html Issue date: 2012-08-03 CVE Names: CVE-2012-3571 ===================================================================== 1. Summary: Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571) Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue. Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842420 - CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dhcp-3.0.5-31.el5_8.1.src.rpm i386: dhclient-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-3.0.5-31.el5_8.1.i386.rpm x86_64: dhclient-3.0.5-31.el5_8.1.x86_64.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm libdhcp4client-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-3.0.5-31.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dhcp-3.0.5-31.el5_8.1.src.rpm i386: dhcp-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm dhcp-devel-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm x86_64: dhcp-3.0.5-31.el5_8.1.x86_64.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm dhcp-devel-3.0.5-31.el5_8.1.i386.rpm dhcp-devel-3.0.5-31.el5_8.1.x86_64.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dhcp-3.0.5-31.el5_8.1.src.rpm i386: dhclient-3.0.5-31.el5_8.1.i386.rpm dhcp-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm dhcp-devel-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm ia64: dhclient-3.0.5-31.el5_8.1.ia64.rpm dhcp-3.0.5-31.el5_8.1.ia64.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.ia64.rpm dhcp-devel-3.0.5-31.el5_8.1.ia64.rpm libdhcp4client-3.0.5-31.el5_8.1.ia64.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.ia64.rpm ppc: dhclient-3.0.5-31.el5_8.1.ppc.rpm dhcp-3.0.5-31.el5_8.1.ppc.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.ppc.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.ppc64.rpm dhcp-devel-3.0.5-31.el5_8.1.ppc.rpm dhcp-devel-3.0.5-31.el5_8.1.ppc64.rpm libdhcp4client-3.0.5-31.el5_8.1.ppc.rpm libdhcp4client-3.0.5-31.el5_8.1.ppc64.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.ppc.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.ppc64.rpm s390x: dhclient-3.0.5-31.el5_8.1.s390x.rpm dhcp-3.0.5-31.el5_8.1.s390x.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.s390.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.s390x.rpm dhcp-devel-3.0.5-31.el5_8.1.s390.rpm dhcp-devel-3.0.5-31.el5_8.1.s390x.rpm libdhcp4client-3.0.5-31.el5_8.1.s390.rpm libdhcp4client-3.0.5-31.el5_8.1.s390x.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.s390.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.s390x.rpm x86_64: dhclient-3.0.5-31.el5_8.1.x86_64.rpm dhcp-3.0.5-31.el5_8.1.x86_64.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm dhcp-devel-3.0.5-31.el5_8.1.i386.rpm dhcp-devel-3.0.5-31.el5_8.1.x86_64.rpm libdhcp4client-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-3.0.5-31.el5_8.1.x86_64.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm libdhcp4client-devel-3.0.5-31.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3571.html https://access.redhat.com/security/updates/classification/#moderate http://www.isc.org/software/dhcp/advisories/cve-2012-3571 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGyZzXlSAg2UNWIIRAsb0AJ9/TUNO3JmvLmg6hSOz/5UZuqQ68wCcCEJv jupifnoJK/NuU+dLA6j3KpU= =DEre -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 3 01:18:02 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 3 Aug 2012 01:18:02 +0000 Subject: [RHSA-2012:1141-01] Moderate: dhcp security update Message-ID: <201208030118.q731I32s022761@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dhcp security update Advisory ID: RHSA-2012:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1141.html Issue date: 2012-08-03 CVE Names: CVE-2012-3571 CVE-2012-3954 ===================================================================== 1. Summary: Updated dhcp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571) Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. (CVE-2012-3954) Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of CVE-2012-3571, and Glen Eustace of Massey University, New Zealand, as the original reporter of CVE-2012-3954. Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all DHCP servers will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842420 - CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers 842428 - CVE-2012-3954 dhcp: two memory leaks may result in DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhclient-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-common-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm x86_64: dhclient-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-common-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhcp-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm x86_64: dhcp-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm x86_64: dhclient-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-common-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm x86_64: dhcp-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhclient-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-common-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm ppc64: dhclient-4.1.1-31.P1.el6_3.1.ppc64.rpm dhcp-4.1.1-31.P1.el6_3.1.ppc64.rpm dhcp-common-4.1.1-31.P1.el6_3.1.ppc64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.ppc64.rpm s390x: dhclient-4.1.1-31.P1.el6_3.1.s390x.rpm dhcp-4.1.1-31.P1.el6_3.1.s390x.rpm dhcp-common-4.1.1-31.P1.el6_3.1.s390x.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.s390x.rpm x86_64: dhclient-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-common-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm ppc64: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.ppc.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.ppc64.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.ppc.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.s390.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.s390x.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.s390.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhclient-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-common-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm x86_64: dhclient-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-common-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-31.P1.el6_3.1.src.rpm i386: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm x86_64: dhcp-debuginfo-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-debuginfo-4.1.1-31.P1.el6_3.1.x86_64.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.i686.rpm dhcp-devel-4.1.1-31.P1.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3571.html https://www.redhat.com/security/data/cve/CVE-2012-3954.html https://access.redhat.com/security/updates/classification/#moderate http://www.isc.org/software/dhcp/advisories/cve-2012-3571 http://www.isc.org/software/dhcp/advisories/cve-2012-3954 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGyawXlSAg2UNWIIRAr5MAJ9R9BlPcLoSE+QMEi1lNcrjKEoT+gCgwIhl MaoUS7fuYynUT81V5mDoynw= =+cfS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 7 18:24:22 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Aug 2012 18:24:22 +0000 Subject: [RHSA-2012:1148-01] Important: kernel security update Message-ID: <201208071824.q77IOSI7029148@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2012:1148-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1148.html Issue date: 2012-08-07 CVE Names: CVE-2012-2744 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important) Red Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to resolve this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 833402 - CVE-2012-2744 kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm() 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.1): Source: kernel-2.6.32-131.30.1.el6.src.rpm i386: kernel-2.6.32-131.30.1.el6.i686.rpm kernel-debug-2.6.32-131.30.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.30.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.30.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.30.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.30.1.el6.i686.rpm kernel-devel-2.6.32-131.30.1.el6.i686.rpm kernel-headers-2.6.32-131.30.1.el6.i686.rpm perf-2.6.32-131.30.1.el6.i686.rpm perf-debuginfo-2.6.32-131.30.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.30.1.el6.noarch.rpm kernel-firmware-2.6.32-131.30.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.30.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.30.1.el6.ppc64.rpm kernel-debug-2.6.32-131.30.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.30.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.30.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.30.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.30.1.el6.ppc64.rpm kernel-devel-2.6.32-131.30.1.el6.ppc64.rpm kernel-headers-2.6.32-131.30.1.el6.ppc64.rpm perf-2.6.32-131.30.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.30.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.30.1.el6.s390x.rpm kernel-debug-2.6.32-131.30.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.30.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.30.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.30.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.30.1.el6.s390x.rpm kernel-devel-2.6.32-131.30.1.el6.s390x.rpm kernel-headers-2.6.32-131.30.1.el6.s390x.rpm kernel-kdump-2.6.32-131.30.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.30.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.30.1.el6.s390x.rpm perf-2.6.32-131.30.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.30.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.30.1.el6.x86_64.rpm kernel-debug-2.6.32-131.30.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.30.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.30.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.30.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.30.1.el6.x86_64.rpm kernel-devel-2.6.32-131.30.1.el6.x86_64.rpm kernel-headers-2.6.32-131.30.1.el6.x86_64.rpm perf-2.6.32-131.30.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.30.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2744.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQIV00XlSAg2UNWIIRAivvAJ9m7qVRoTmACRYNLrQN+gzO5Tw5xwCfV6wu 350IuTRzujPu0zG5/oVmW7w= =u3mc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 7 18:25:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 7 Aug 2012 18:25:25 +0000 Subject: [RHSA-2012:1149-01] Moderate: sudo security and bug fix update Message-ID: <201208071825.q77IPQU2029316@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security and bug fix update Advisory ID: RHSA-2012:1149-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1149.html Issue date: 2012-08-07 CVE Names: CVE-2012-3440 ===================================================================== 1. Summary: An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. (CVE-2012-3440) This update also fixes the following bugs: * Previously, sudo escaped non-alphanumeric characters in commands using "sudo -s" or "sudo -" at the wrong place and interfered with the authorization process. Some valid commands were not permitted. Now, non-alphanumeric characters escape immediately before the command is executed and no longer interfere with the authorization process. (BZ#844418) * Prior to this update, the sudo utility could, under certain circumstances, fail to receive the SIGCHLD signal when it was executed from a process that blocked the SIGCHLD signal. As a consequence, sudo could become suspended and fail to exit. This update modifies the signal process mask so that sudo can exit and sends the correct output. (BZ#844419) * The sudo update RHSA-2012:0309 introduced a regression that caused the Security-Enhanced Linux (SELinux) context of the "/etc/nsswitch.conf" file to change during the installation or upgrade of the sudo package. This could cause various services confined by SELinux to no longer be permitted to access the file. In reported cases, this issue prevented PostgreSQL and Postfix from starting. (BZ#842759) * Updating the sudo package resulted in the "sudoers" line in "/etc/nsswitch.conf" being removed. This update corrects the bug in the sudo package's post-uninstall script that caused this issue. (BZ#844420) * Prior to this update, a race condition bug existed in sudo. When a program was executed with sudo, the program could possibly exit successfully before sudo started waiting for it. In this situation, the program would be left in a zombie state and sudo would wait for it endlessly, expecting it to still be running. (BZ#844978) All users of sudo are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842759 - selinux blocks postgresql startup 844420 - sudo 1.7.2p1-14.el5_8 removed sudoers line from nsswitch.conf 844442 - CVE-2012-3440 sudo: insecure temporary file use in RPM %postun script 844978 - Sudo has racecondition leaving sudo with its zombie child running forever 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-14.el5_8.2.src.rpm i386: sudo-1.7.2p1-14.el5_8.2.i386.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.i386.rpm x86_64: sudo-1.7.2p1-14.el5_8.2.x86_64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-14.el5_8.2.src.rpm i386: sudo-1.7.2p1-14.el5_8.2.i386.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.i386.rpm ia64: sudo-1.7.2p1-14.el5_8.2.ia64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.ia64.rpm ppc: sudo-1.7.2p1-14.el5_8.2.ppc.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.ppc.rpm s390x: sudo-1.7.2p1-14.el5_8.2.s390x.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.s390x.rpm x86_64: sudo-1.7.2p1-14.el5_8.2.x86_64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3440.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0309.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQIV18XlSAg2UNWIIRArUrAJ0bm2PNKgJGSC2Yk3Dpab/NJwAL8gCcC2lm N31JTQuqRSRZhGCgiXKUwyg= =rPWG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 8 16:46:04 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Aug 2012 16:46:04 +0000 Subject: [RHSA-2012:1150-01] Moderate: kernel-rt security and bug fix update Message-ID: <201208081646.q78Gk55A030861@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security and bug fix update Advisory ID: RHSA-2012:1150-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1150.html Issue date: 2012-08-08 CVE Names: CVE-2012-2390 CVE-2012-3375 ===================================================================== 1. Summary: Updated kernel-rt packages that fix two security issues and two bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) This update also fixes the following bugs: * The MRG 2.1 realtime kernel lacked support for automatic memory reservation for the kdump kernel, as present in Red Hat Enterprise Linux kernels. Using the parameter crashkernel=auto on the kernel boot command line led to kdump being disabled because no memory was correctly reserved. Support for crashkernel=auto has been implemented in the 3.0 realtime kernel and now when the crashkernel=auto parameter is specified, machines with more than 4GB of RAM have the amount of memory required by the kdump kernel calculated and reserved. (BZ#820427) * The current bnx2x driver in the MRG 2.1 realtime kernel had faulty support for the network adapter PCI ID 14e4:168e and did not work correctly. The bnx2x driver was updated to include support for this network adapter. (BZ#839037) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure 837502 - CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.0.36-rt57.66.el6rt.src.rpm noarch: kernel-rt-doc-3.0.36-rt57.66.el6rt.noarch.rpm kernel-rt-firmware-3.0.36-rt57.66.el6rt.noarch.rpm x86_64: kernel-rt-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-debug-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-debug-devel-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-devel-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-trace-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-trace-devel-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-vanilla-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.0.36-rt57.66.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2390.html https://www.redhat.com/security/data/cve/CVE-2012-3375.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQIpeaXlSAg2UNWIIRAm72AKCb7Rag3OkfxGyo36NHNiC4ft4plgCbBjJT hhAnnNvnle5CxkDCCEuiUpg= =Y9b7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 8 16:48:22 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 8 Aug 2012 16:48:22 +0000 Subject: [RHSA-2012:1151-01] Low: openldap security and bug fix update Message-ID: <201208081648.q78GmNEc023218@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openldap security and bug fix update Advisory ID: RHSA-2012:1151-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1151.html Issue date: 2012-08-08 CVE Names: CVE-2012-2668 ===================================================================== 1. Summary: Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security (TLS) negotiation with OpenLDAP clients. (CVE-2012-2668) This update also fixes the following bug: * When the smbk5pwd overlay was enabled in an OpenLDAP server, and a user changed their password, the Microsoft NT LAN Manager (NTLM) and Microsoft LAN Manager (LM) hashes were not computed correctly. This led to the sambaLMPassword and sambaNTPassword attributes being updated with incorrect values, preventing the user logging in using a Windows-based client or a Samba client. With this update, the smbk5pwd overlay is linked against OpenSSL. As such, the NTLM and LM hashes are computed correctly, and password changes work as expected when using smbk5pwd. (BZ#844428) Users of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 825875 - CVE-2012-2668 openldap: does not honor TLSCipherSuite settings 844428 - smbk5pwd module computes invalid NT and LM hashes 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-clients-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm x86_64: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-2.4.23-26.el6_3.2.x86_64.rpm openldap-clients-2.4.23-26.el6_3.2.x86_64.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-servers-2.4.23-26.el6_3.2.i686.rpm openldap-servers-sql-2.4.23-26.el6_3.2.i686.rpm x86_64: openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-sql-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm x86_64: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-2.4.23-26.el6_3.2.x86_64.rpm openldap-clients-2.4.23-26.el6_3.2.x86_64.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm x86_64: openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-sql-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-clients-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-servers-2.4.23-26.el6_3.2.i686.rpm ppc64: openldap-2.4.23-26.el6_3.2.ppc.rpm openldap-2.4.23-26.el6_3.2.ppc64.rpm openldap-clients-2.4.23-26.el6_3.2.ppc64.rpm openldap-debuginfo-2.4.23-26.el6_3.2.ppc.rpm openldap-debuginfo-2.4.23-26.el6_3.2.ppc64.rpm openldap-devel-2.4.23-26.el6_3.2.ppc.rpm openldap-devel-2.4.23-26.el6_3.2.ppc64.rpm openldap-servers-2.4.23-26.el6_3.2.ppc64.rpm s390x: openldap-2.4.23-26.el6_3.2.s390.rpm openldap-2.4.23-26.el6_3.2.s390x.rpm openldap-clients-2.4.23-26.el6_3.2.s390x.rpm openldap-debuginfo-2.4.23-26.el6_3.2.s390.rpm openldap-debuginfo-2.4.23-26.el6_3.2.s390x.rpm openldap-devel-2.4.23-26.el6_3.2.s390.rpm openldap-devel-2.4.23-26.el6_3.2.s390x.rpm openldap-servers-2.4.23-26.el6_3.2.s390x.rpm x86_64: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-2.4.23-26.el6_3.2.x86_64.rpm openldap-clients-2.4.23-26.el6_3.2.x86_64.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-servers-sql-2.4.23-26.el6_3.2.i686.rpm ppc64: openldap-debuginfo-2.4.23-26.el6_3.2.ppc64.rpm openldap-servers-sql-2.4.23-26.el6_3.2.ppc64.rpm s390x: openldap-debuginfo-2.4.23-26.el6_3.2.s390x.rpm openldap-servers-sql-2.4.23-26.el6_3.2.s390x.rpm x86_64: openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-sql-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-clients-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-servers-2.4.23-26.el6_3.2.i686.rpm x86_64: openldap-2.4.23-26.el6_3.2.i686.rpm openldap-2.4.23-26.el6_3.2.x86_64.rpm openldap-clients-2.4.23-26.el6_3.2.x86_64.rpm openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-devel-2.4.23-26.el6_3.2.i686.rpm openldap-devel-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-2.4.23-26.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.23-26.el6_3.2.src.rpm i386: openldap-debuginfo-2.4.23-26.el6_3.2.i686.rpm openldap-servers-sql-2.4.23-26.el6_3.2.i686.rpm x86_64: openldap-debuginfo-2.4.23-26.el6_3.2.x86_64.rpm openldap-servers-sql-2.4.23-26.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2668.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQIpggXlSAg2UNWIIRAkbkAJ4/l/hMYFdO2qeaERmzCAOmICkpUQCfan9B Rc7yjWKxXnJbhWVzHtNpcSo= =Q13d -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 14 18:14:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Aug 2012 18:14:05 +0000 Subject: [RHSA-2012:1156-01] Moderate: kernel security and bug fix update Message-ID: <201208141814.q7EIE73e007036@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2012:1156-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1156.html Issue date: 2012-08-14 CVE Names: CVE-2011-1078 CVE-2012-2383 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2383, Moderate) * A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2011-1078, Low) Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting the CVE-2011-1078 issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 824176 - CVE-2012-2383 kernel: drm/i915: integer overflow in i915_gem_execbuffer2() 842429 - VLAN configured on top of a bonded interface (active-backup) does not failover [rhel-6.3.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-2.6.32-279.5.1.el6.i686.rpm kernel-debug-2.6.32-279.5.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm kernel-devel-2.6.32-279.5.1.el6.i686.rpm kernel-headers-2.6.32-279.5.1.el6.i686.rpm perf-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.5.1.el6.noarch.rpm kernel-firmware-2.6.32-279.5.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm kernel-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-headers-2.6.32-279.5.1.el6.x86_64.rpm perf-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.5.1.el6.noarch.rpm kernel-firmware-2.6.32-279.5.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm kernel-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-headers-2.6.32-279.5.1.el6.x86_64.rpm perf-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-2.6.32-279.5.1.el6.i686.rpm kernel-debug-2.6.32-279.5.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm kernel-devel-2.6.32-279.5.1.el6.i686.rpm kernel-headers-2.6.32-279.5.1.el6.i686.rpm perf-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.5.1.el6.noarch.rpm kernel-firmware-2.6.32-279.5.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.5.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.5.1.el6.ppc64.rpm kernel-debug-2.6.32-279.5.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.5.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.5.1.el6.ppc64.rpm kernel-devel-2.6.32-279.5.1.el6.ppc64.rpm kernel-headers-2.6.32-279.5.1.el6.ppc64.rpm perf-2.6.32-279.5.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.5.1.el6.s390x.rpm kernel-debug-2.6.32-279.5.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.5.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.5.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.5.1.el6.s390x.rpm kernel-devel-2.6.32-279.5.1.el6.s390x.rpm kernel-headers-2.6.32-279.5.1.el6.s390x.rpm kernel-kdump-2.6.32-279.5.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.5.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.5.1.el6.s390x.rpm perf-2.6.32-279.5.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.5.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm kernel-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-headers-2.6.32-279.5.1.el6.x86_64.rpm perf-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.5.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm python-perf-2.6.32-279.5.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.5.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.5.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.5.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.5.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.5.1.el6.s390x.rpm python-perf-2.6.32-279.5.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-2.6.32-279.5.1.el6.i686.rpm kernel-debug-2.6.32-279.5.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm kernel-devel-2.6.32-279.5.1.el6.i686.rpm kernel-headers-2.6.32-279.5.1.el6.i686.rpm perf-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.5.1.el6.noarch.rpm kernel-firmware-2.6.32-279.5.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm kernel-devel-2.6.32-279.5.1.el6.x86_64.rpm kernel-headers-2.6.32-279.5.1.el6.x86_64.rpm perf-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.5.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.5.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.5.1.el6.i686.rpm perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm python-perf-2.6.32-279.5.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.5.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm python-perf-2.6.32-279.5.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.5.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1078.html https://www.redhat.com/security/data/cve/CVE-2012-2383.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1156 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQKpVWXlSAg2UNWIIRAhYJAKCdsvjuF/NgkKnTRQJveidQiADFSACfayHG d/xG9ibvytWLccPpmJ5G7/o= =wawO -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 14 18:15:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Aug 2012 18:15:01 +0000 Subject: [RHSA-2012:1168-01] Important: condor security update Message-ID: <201208141815.q7EIF30E003192@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: condor security update Advisory ID: RHSA-2012:1168-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1168.html Issue date: 2012-08-14 CVE Names: CVE-2012-3416 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments using host-based authentication that contain no hostnames (IPs or IP globs only) or use authentication stronger than host-based are not vulnerable. (CVE-2012-3416) Note: Condor will not run jobs as root; therefore, this flaw cannot lead to a compromise of the root user account. Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this issue. All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 841175 - CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.14.2.el5.src.rpm i386: condor-7.6.5-0.14.2.el5.i386.rpm condor-aviary-7.6.5-0.14.2.el5.i386.rpm condor-classads-7.6.5-0.14.2.el5.i386.rpm condor-debuginfo-7.6.5-0.14.2.el5.i386.rpm condor-kbdd-7.6.5-0.14.2.el5.i386.rpm condor-qmf-7.6.5-0.14.2.el5.i386.rpm condor-vm-gahp-7.6.5-0.14.2.el5.i386.rpm x86_64: condor-7.6.5-0.14.2.el5.x86_64.rpm condor-aviary-7.6.5-0.14.2.el5.x86_64.rpm condor-classads-7.6.5-0.14.2.el5.x86_64.rpm condor-debuginfo-7.6.5-0.14.2.el5.x86_64.rpm condor-kbdd-7.6.5-0.14.2.el5.x86_64.rpm condor-qmf-7.6.5-0.14.2.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.14.2.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.14.2.el5.src.rpm i386: condor-7.6.5-0.14.2.el5.i386.rpm condor-classads-7.6.5-0.14.2.el5.i386.rpm condor-debuginfo-7.6.5-0.14.2.el5.i386.rpm condor-kbdd-7.6.5-0.14.2.el5.i386.rpm condor-qmf-7.6.5-0.14.2.el5.i386.rpm condor-vm-gahp-7.6.5-0.14.2.el5.i386.rpm x86_64: condor-7.6.5-0.14.2.el5.x86_64.rpm condor-classads-7.6.5-0.14.2.el5.x86_64.rpm condor-debuginfo-7.6.5-0.14.2.el5.x86_64.rpm condor-kbdd-7.6.5-0.14.2.el5.x86_64.rpm condor-qmf-7.6.5-0.14.2.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.14.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3416.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQKpWBXlSAg2UNWIIRArcGAJ0clooFuN6XeMBX0Dqz+vec9QHq+QCggobN gMKgnGh0u400TQSyfGFX2so= =5Biq -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 14 18:15:46 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 14 Aug 2012 18:15:46 +0000 Subject: [RHSA-2012:1169-01] Important: condor security update Message-ID: <201208141815.q7EIFm9O007980@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: condor security update Advisory ID: RHSA-2012:1169-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1169.html Issue date: 2012-08-14 CVE Names: CVE-2012-3416 ===================================================================== 1. Summary: Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, x86_64 3. Description: Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or ALLOW_WRITE). Condor deployments using host-based authentication that contain no hostnames (IPs or IP globs only) or use authentication stronger than host-based are not vulnerable. (CVE-2012-3416) Note: Condor will not run jobs as root; therefore, this flaw cannot lead to a compromise of the root user account. Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this issue. All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Condor must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 841175 - CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.2.el6_3.src.rpm x86_64: condor-7.6.5-0.14.2.el6_3.x86_64.rpm condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.2.el6_3.src.rpm i386: condor-7.6.5-0.14.2.el6_3.i686.rpm condor-aviary-7.6.5-0.14.2.el6_3.i686.rpm condor-classads-7.6.5-0.14.2.el6_3.i686.rpm condor-debuginfo-7.6.5-0.14.2.el6_3.i686.rpm condor-kbdd-7.6.5-0.14.2.el6_3.i686.rpm condor-plumage-7.6.5-0.14.2.el6_3.i686.rpm condor-qmf-7.6.5-0.14.2.el6_3.i686.rpm x86_64: condor-7.6.5-0.14.2.el6_3.x86_64.rpm condor-aviary-7.6.5-0.14.2.el6_3.x86_64.rpm condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm condor-deltacloud-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm condor-plumage-7.6.5-0.14.2.el6_3.x86_64.rpm condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.14.2.el6_3.src.rpm i386: condor-7.6.5-0.14.2.el6_3.i686.rpm condor-classads-7.6.5-0.14.2.el6_3.i686.rpm condor-debuginfo-7.6.5-0.14.2.el6_3.i686.rpm condor-kbdd-7.6.5-0.14.2.el6_3.i686.rpm condor-qmf-7.6.5-0.14.2.el6_3.i686.rpm x86_64: condor-7.6.5-0.14.2.el6_3.x86_64.rpm condor-classads-7.6.5-0.14.2.el6_3.x86_64.rpm condor-debuginfo-7.6.5-0.14.2.el6_3.x86_64.rpm condor-kbdd-7.6.5-0.14.2.el6_3.x86_64.rpm condor-qmf-7.6.5-0.14.2.el6_3.x86_64.rpm condor-vm-gahp-7.6.5-0.14.2.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3416.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQKpW3XlSAg2UNWIIRAvmWAKCvto8a8J0IGYDAjX1r8/YND84eZACgwxGM xfWkJp6kRb0vAPvrFx1rpe0= =lIVi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 15 19:28:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 15 Aug 2012 19:28:32 +0000 Subject: [RHSA-2012:1173-01] Critical: flash-plugin security update Message-ID: <201208151928.q7FJSX7b014825@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1173-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1173.html Issue date: 2012-08-15 CVE Names: CVE-2012-1535 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQK/hJXlSAg2UNWIIRAkFzAKCPRocUjqxLsay0dkbHh61QBjKQawCgk5w2 8EH4iUcReCfqqbmx0B7pt/M= =4lNr -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 20 14:05:04 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Aug 2012 14:05:04 +0000 Subject: [RHSA-2012:1180-01] Moderate: gimp security update Message-ID: <201208201405.q7KE54ZG029097@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2012:1180-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1180.html Issue date: 2012-08-20 CVE Names: CVE-2011-2896 CVE-2012-3403 CVE-2012-3481 ===================================================================== 1. Summary: Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm ppc64: gimp-2.6.9-4.el6_3.3.ppc64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.ppc64.rpm gimp-help-browser-2.6.9-4.el6_3.3.ppc64.rpm gimp-libs-2.6.9-4.el6_3.3.ppc64.rpm s390x: gimp-2.6.9-4.el6_3.3.s390x.rpm gimp-debuginfo-2.6.9-4.el6_3.3.s390x.rpm gimp-help-browser-2.6.9-4.el6_3.3.s390x.rpm gimp-libs-2.6.9-4.el6_3.3.s390x.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm ppc64: gimp-debuginfo-2.6.9-4.el6_3.3.ppc.rpm gimp-debuginfo-2.6.9-4.el6_3.3.ppc64.rpm gimp-devel-2.6.9-4.el6_3.3.ppc.rpm gimp-devel-2.6.9-4.el6_3.3.ppc64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.ppc64.rpm gimp-libs-2.6.9-4.el6_3.3.ppc.rpm s390x: gimp-debuginfo-2.6.9-4.el6_3.3.s390.rpm gimp-debuginfo-2.6.9-4.el6_3.3.s390x.rpm gimp-devel-2.6.9-4.el6_3.3.s390.rpm gimp-devel-2.6.9-4.el6_3.3.s390x.rpm gimp-devel-tools-2.6.9-4.el6_3.3.s390x.rpm gimp-libs-2.6.9-4.el6_3.3.s390.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2896.html https://www.redhat.com/security/data/cve/CVE-2012-3403.html https://www.redhat.com/security/data/cve/CVE-2012-3481.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQMkPOXlSAg2UNWIIRAoioAJ4jHFJUK62fFEbsjc4kWIxKdF923wCgt8C0 1dStfvwHDmdvSZrya8DZ/LA= =Lo3d -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 20 14:06:38 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Aug 2012 14:06:38 +0000 Subject: [RHSA-2012:1181-01] Moderate: gimp security update Message-ID: <201208201406.q7KE6ePS030822@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2012:1181-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1181.html Issue date: 2012-08-20 CVE Names: CVE-2009-3909 CVE-2011-2896 CVE-2012-3402 CVE-2012-3403 CVE-2012-3481 ===================================================================== 1. Summary: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 537370 - CVE-2009-3909 Gimp: Integer overflow in the PSD image file plugin 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 838941 - CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headers 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_8.5.src.rpm i386: gimp-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm x86_64: gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_8.5.src.rpm i386: gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm x86_64: gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_8.5.src.rpm i386: gimp-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm ia64: gimp-2.2.13-2.0.7.el5_8.5.ia64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ia64.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.ia64.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.ia64.rpm ppc: gimp-2.2.13-2.0.7.el5_8.5.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ppc.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.ppc64.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.ppc.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.ppc64.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.ppc.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.ppc64.rpm s390x: gimp-2.2.13-2.0.7.el5_8.5.s390x.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.s390.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.s390x.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.s390.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.s390x.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.s390.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.s390x.rpm x86_64: gimp-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-debuginfo-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-devel-2.2.13-2.0.7.el5_8.5.x86_64.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.i386.rpm gimp-libs-2.2.13-2.0.7.el5_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3909.html https://www.redhat.com/security/data/cve/CVE-2011-2896.html https://www.redhat.com/security/data/cve/CVE-2012-3402.html https://www.redhat.com/security/data/cve/CVE-2012-3403.html https://www.redhat.com/security/data/cve/CVE-2012-3481.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQMkQwXlSAg2UNWIIRAg/zAKCVzK+Adis0SyYF6x9bpAm0ArwKhwCeJTrV /hr5QSQ70yfPPmVEuJDoyqw= =Jud2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 21 20:47:15 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Aug 2012 20:47:15 +0000 Subject: [RHSA-2012:1174-01] Low: kernel security and bug fix update Message-ID: <201208212047.q7LKlFMH006258@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kernel security and bug fix update Advisory ID: RHSA-2012:1174-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1174.html Issue date: 2012-08-21 CVE Names: CVE-2012-2313 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Stephan Mueller for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.13.1.el5.src.rpm i386: kernel-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.13.1.el5.i686.rpm kernel-debug-2.6.18-308.13.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.13.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.i686.rpm kernel-devel-2.6.18-308.13.1.el5.i686.rpm kernel-headers-2.6.18-308.13.1.el5.i386.rpm kernel-xen-2.6.18-308.13.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.13.1.el5.i686.rpm noarch: kernel-doc-2.6.18-308.13.1.el5.noarch.rpm x86_64: kernel-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.13.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.x86_64.rpm kernel-devel-2.6.18-308.13.1.el5.x86_64.rpm kernel-headers-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.13.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.13.1.el5.src.rpm i386: kernel-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.13.1.el5.i686.rpm kernel-debug-2.6.18-308.13.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.13.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.i686.rpm kernel-devel-2.6.18-308.13.1.el5.i686.rpm kernel-headers-2.6.18-308.13.1.el5.i386.rpm kernel-xen-2.6.18-308.13.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.13.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.13.1.el5.i686.rpm ia64: kernel-2.6.18-308.13.1.el5.ia64.rpm kernel-debug-2.6.18-308.13.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.ia64.rpm kernel-debug-devel-2.6.18-308.13.1.el5.ia64.rpm kernel-debuginfo-2.6.18-308.13.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.ia64.rpm kernel-devel-2.6.18-308.13.1.el5.ia64.rpm kernel-headers-2.6.18-308.13.1.el5.ia64.rpm kernel-xen-2.6.18-308.13.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-308.13.1.el5.ia64.rpm kernel-xen-devel-2.6.18-308.13.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-308.13.1.el5.noarch.rpm ppc: kernel-2.6.18-308.13.1.el5.ppc64.rpm kernel-debug-2.6.18-308.13.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-308.13.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-308.13.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.ppc64.rpm kernel-devel-2.6.18-308.13.1.el5.ppc64.rpm kernel-headers-2.6.18-308.13.1.el5.ppc.rpm kernel-headers-2.6.18-308.13.1.el5.ppc64.rpm kernel-kdump-2.6.18-308.13.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-308.13.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-308.13.1.el5.ppc64.rpm s390x: kernel-2.6.18-308.13.1.el5.s390x.rpm kernel-debug-2.6.18-308.13.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.s390x.rpm kernel-debug-devel-2.6.18-308.13.1.el5.s390x.rpm kernel-debuginfo-2.6.18-308.13.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.s390x.rpm kernel-devel-2.6.18-308.13.1.el5.s390x.rpm kernel-headers-2.6.18-308.13.1.el5.s390x.rpm kernel-kdump-2.6.18-308.13.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-308.13.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-308.13.1.el5.s390x.rpm x86_64: kernel-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.13.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.13.1.el5.x86_64.rpm kernel-devel-2.6.18-308.13.1.el5.x86_64.rpm kernel-headers-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.13.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.13.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2313.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kernel.html#RHSA-2012-1174 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQM/PAXlSAg2UNWIIRAnYzAJsFmjrnQaxlNQaqfxyIwHEZuK9X0gCdHtrj GLtNuSWEqfziGRHXsYGNzPc= =glSa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 23 15:11:37 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Aug 2012 15:11:37 +0000 Subject: [RHSA-2012:1201-01] Moderate: tetex security update Message-ID: <201208231511.q7NFBcTa031773@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2012:1201-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1201.html Issue date: 2012-08-23 CVE Names: CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 ===================================================================== 1. Summary: Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm ia64: tetex-3.0-33.15.el5_8.1.ia64.rpm tetex-afm-3.0-33.15.el5_8.1.ia64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm tetex-doc-3.0-33.15.el5_8.1.ia64.rpm tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm tetex-fonts-3.0-33.15.el5_8.1.ia64.rpm tetex-latex-3.0-33.15.el5_8.1.ia64.rpm tetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm ppc: tetex-3.0-33.15.el5_8.1.ppc.rpm tetex-afm-3.0-33.15.el5_8.1.ppc.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm tetex-doc-3.0-33.15.el5_8.1.ppc.rpm tetex-dvips-3.0-33.15.el5_8.1.ppc.rpm tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm tetex-latex-3.0-33.15.el5_8.1.ppc.rpm tetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm s390x: tetex-3.0-33.15.el5_8.1.s390x.rpm tetex-afm-3.0-33.15.el5_8.1.s390x.rpm tetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm tetex-doc-3.0-33.15.el5_8.1.s390x.rpm tetex-dvips-3.0-33.15.el5_8.1.s390x.rpm tetex-fonts-3.0-33.15.el5_8.1.s390x.rpm tetex-latex-3.0-33.15.el5_8.1.s390x.rpm tetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2010-3702.html https://www.redhat.com/security/data/cve/CVE-2010-3704.html https://www.redhat.com/security/data/cve/CVE-2011-0433.html https://www.redhat.com/security/data/cve/CVE-2011-0764.html https://www.redhat.com/security/data/cve/CVE-2011-1552.html https://www.redhat.com/security/data/cve/CVE-2011-1553.html https://www.redhat.com/security/data/cve/CVE-2011-1554.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNkf0XlSAg2UNWIIRAiQFAJ9WUAfXKk43rYvg+UYPr0aOZvojRgCeKWRl PAzUWlaBGi1pT+Kr2TaQk1E= =iYiF -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 23 15:13:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Aug 2012 15:13:05 +0000 Subject: [RHSA-2012:1202-01] Moderate: libvirt security and bug fix update Message-ID: <201208231513.q7NFD6aP030571@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2012:1202-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1202.html Issue date: 2012-08-23 CVE Names: CVE-2012-3445 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs: * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 844734 - CVE-2012-3445 libvirt: crash in virTypedParameterArrayClear 847946 - libvirtd may hang during tunneled migration 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm i386: libvirt-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-python-0.9.10-21.el6_3.4.i686.rpm x86_64: libvirt-0.9.10-21.el6_3.4.x86_64.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-python-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm i386: libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm x86_64: libvirt-0.9.10-21.el6_3.4.x86_64.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-python-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm i386: libvirt-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-python-0.9.10-21.el6_3.4.i686.rpm ppc64: libvirt-0.9.10-21.el6_3.4.ppc64.rpm libvirt-client-0.9.10-21.el6_3.4.ppc.rpm libvirt-client-0.9.10-21.el6_3.4.ppc64.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.ppc.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.ppc64.rpm libvirt-devel-0.9.10-21.el6_3.4.ppc.rpm libvirt-devel-0.9.10-21.el6_3.4.ppc64.rpm libvirt-python-0.9.10-21.el6_3.4.ppc64.rpm s390x: libvirt-0.9.10-21.el6_3.4.s390x.rpm libvirt-client-0.9.10-21.el6_3.4.s390.rpm libvirt-client-0.9.10-21.el6_3.4.s390x.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.s390.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.s390x.rpm libvirt-devel-0.9.10-21.el6_3.4.s390.rpm libvirt-devel-0.9.10-21.el6_3.4.s390x.rpm libvirt-python-0.9.10-21.el6_3.4.s390x.rpm x86_64: libvirt-0.9.10-21.el6_3.4.x86_64.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.x86_64.rpm libvirt-python-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm i386: libvirt-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-python-0.9.10-21.el6_3.4.i686.rpm x86_64: libvirt-0.9.10-21.el6_3.4.x86_64.rpm libvirt-client-0.9.10-21.el6_3.4.i686.rpm libvirt-client-0.9.10-21.el6_3.4.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.4.i686.rpm libvirt-devel-0.9.10-21.el6_3.4.x86_64.rpm libvirt-python-0.9.10-21.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6_3.4.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.4.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3445.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNkhOXlSAg2UNWIIRAlwmAJsFi2ejmnj6fh/JnJudvvw69Zv4/ACfSoGZ pv101DdyozQMhJhlEPSoL3U= =q35i -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 23 16:54:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 23 Aug 2012 16:54:05 +0000 Subject: [RHSA-2012:1203-01] Critical: flash-plugin security update Message-ID: <201208231654.q7NGs4ef013027@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. (CVE-2012-4168) Note: This erratum upgrades Adobe Flash Player from version 10.3.183.20 to version 11.2.202.238. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 27 13:18:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Aug 2012 13:18:25 +0000 Subject: [RHSA-2012:1206-01] Moderate: python-paste-script security update Message-ID: <201208271318.q7RDIP5A007886@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-paste-script security update Advisory ID: RHSA-2012:1206-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1206.html Issue date: 2012-08-27 CVE Names: CVE-2012-0878 ===================================================================== 1. Summary: An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application. (CVE-2012-0878) All paster users should upgrade to this updated package, which contains a backported patch to resolve this issue. All running paster instances configured to drop privileges must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 796790 - CVE-2012-0878 python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-paste-script-1.7.3-5.el6_3.src.rpm noarch: python-paste-script-1.7.3-5.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-paste-script-1.7.3-5.el6_3.src.rpm noarch: python-paste-script-1.7.3-5.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0878.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQO3NyXlSAg2UNWIIRAk6VAJ4tpLx5OmM9RKOmKykagQVVJyWUBACfQA5W 6hlGqabDv0LthzBeYukR56I= =Lln/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 27 13:19:42 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Aug 2012 13:19:42 +0000 Subject: [RHSA-2012:1207-01] Moderate: glibc security and bug fix update Message-ID: <201208271319.q7RDJgBb004554@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2012:1207-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1207.html Issue date: 2012-08-27 CVE Names: CVE-2012-3480 ===================================================================== 1. Summary: Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug: * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 847715 - CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/glibc-2.5-81.el5_8.7.src.rpm i386: glibc-2.5-81.el5_8.7.i386.rpm glibc-2.5-81.el5_8.7.i686.rpm glibc-common-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.i386.rpm glibc-headers-2.5-81.el5_8.7.i386.rpm glibc-utils-2.5-81.el5_8.7.i386.rpm nscd-2.5-81.el5_8.7.i386.rpm x86_64: glibc-2.5-81.el5_8.7.i686.rpm glibc-2.5-81.el5_8.7.x86_64.rpm glibc-common-2.5-81.el5_8.7.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i686.rpm glibc-debuginfo-2.5-81.el5_8.7.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.x86_64.rpm glibc-headers-2.5-81.el5_8.7.x86_64.rpm glibc-utils-2.5-81.el5_8.7.x86_64.rpm nscd-2.5-81.el5_8.7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/glibc-2.5-81.el5_8.7.src.rpm i386: glibc-2.5-81.el5_8.7.i386.rpm glibc-2.5-81.el5_8.7.i686.rpm glibc-common-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.i386.rpm glibc-headers-2.5-81.el5_8.7.i386.rpm glibc-utils-2.5-81.el5_8.7.i386.rpm nscd-2.5-81.el5_8.7.i386.rpm ia64: glibc-2.5-81.el5_8.7.i686.rpm glibc-2.5-81.el5_8.7.ia64.rpm glibc-common-2.5-81.el5_8.7.ia64.rpm glibc-debuginfo-2.5-81.el5_8.7.i686.rpm glibc-debuginfo-2.5-81.el5_8.7.ia64.rpm glibc-devel-2.5-81.el5_8.7.ia64.rpm glibc-headers-2.5-81.el5_8.7.ia64.rpm glibc-utils-2.5-81.el5_8.7.ia64.rpm nscd-2.5-81.el5_8.7.ia64.rpm ppc: glibc-2.5-81.el5_8.7.ppc.rpm glibc-2.5-81.el5_8.7.ppc64.rpm glibc-common-2.5-81.el5_8.7.ppc.rpm glibc-debuginfo-2.5-81.el5_8.7.ppc.rpm glibc-debuginfo-2.5-81.el5_8.7.ppc64.rpm glibc-devel-2.5-81.el5_8.7.ppc.rpm glibc-devel-2.5-81.el5_8.7.ppc64.rpm glibc-headers-2.5-81.el5_8.7.ppc.rpm glibc-utils-2.5-81.el5_8.7.ppc.rpm nscd-2.5-81.el5_8.7.ppc.rpm s390x: glibc-2.5-81.el5_8.7.s390.rpm glibc-2.5-81.el5_8.7.s390x.rpm glibc-common-2.5-81.el5_8.7.s390x.rpm glibc-debuginfo-2.5-81.el5_8.7.s390.rpm glibc-debuginfo-2.5-81.el5_8.7.s390x.rpm glibc-devel-2.5-81.el5_8.7.s390.rpm glibc-devel-2.5-81.el5_8.7.s390x.rpm glibc-headers-2.5-81.el5_8.7.s390x.rpm glibc-utils-2.5-81.el5_8.7.s390x.rpm nscd-2.5-81.el5_8.7.s390x.rpm x86_64: glibc-2.5-81.el5_8.7.i686.rpm glibc-2.5-81.el5_8.7.x86_64.rpm glibc-common-2.5-81.el5_8.7.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.7.i386.rpm glibc-debuginfo-2.5-81.el5_8.7.i686.rpm glibc-debuginfo-2.5-81.el5_8.7.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.i386.rpm glibc-devel-2.5-81.el5_8.7.x86_64.rpm glibc-headers-2.5-81.el5_8.7.x86_64.rpm glibc-utils-2.5-81.el5_8.7.x86_64.rpm nscd-2.5-81.el5_8.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3480.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQO3O9XlSAg2UNWIIRAjc/AJ0YkDPrWqB76Ab8BAjSOqQXN0x7IACeOnRl WMKukS0t4LIc5NaInuuutus= =agtB -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 27 13:20:45 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 27 Aug 2012 13:20:45 +0000 Subject: [RHSA-2012:1208-01] Moderate: glibc security update Message-ID: <201208271320.q7RDKjeM010300@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security update Advisory ID: RHSA-2012:1208-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1208.html Issue date: 2012-08-27 CVE Names: CVE-2012-3480 ===================================================================== 1. Summary: Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 847715 - CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-headers-2.12-1.80.el6_3.5.i686.rpm glibc-utils-2.12-1.80.el6_3.5.i686.rpm nscd-2.12-1.80.el6_3.5.i686.rpm x86_64: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-2.12-1.80.el6_3.5.x86_64.rpm glibc-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm nscd-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm x86_64: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-2.12-1.80.el6_3.5.x86_64.rpm glibc-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm nscd-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-headers-2.12-1.80.el6_3.5.i686.rpm glibc-utils-2.12-1.80.el6_3.5.i686.rpm nscd-2.12-1.80.el6_3.5.i686.rpm ppc64: glibc-2.12-1.80.el6_3.5.ppc.rpm glibc-2.12-1.80.el6_3.5.ppc64.rpm glibc-common-2.12-1.80.el6_3.5.ppc64.rpm glibc-debuginfo-2.12-1.80.el6_3.5.ppc.rpm glibc-debuginfo-2.12-1.80.el6_3.5.ppc64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.ppc.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.ppc64.rpm glibc-devel-2.12-1.80.el6_3.5.ppc.rpm glibc-devel-2.12-1.80.el6_3.5.ppc64.rpm glibc-headers-2.12-1.80.el6_3.5.ppc64.rpm glibc-utils-2.12-1.80.el6_3.5.ppc64.rpm nscd-2.12-1.80.el6_3.5.ppc64.rpm s390x: glibc-2.12-1.80.el6_3.5.s390.rpm glibc-2.12-1.80.el6_3.5.s390x.rpm glibc-common-2.12-1.80.el6_3.5.s390x.rpm glibc-debuginfo-2.12-1.80.el6_3.5.s390.rpm glibc-debuginfo-2.12-1.80.el6_3.5.s390x.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.s390.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.s390x.rpm glibc-devel-2.12-1.80.el6_3.5.s390.rpm glibc-devel-2.12-1.80.el6_3.5.s390x.rpm glibc-headers-2.12-1.80.el6_3.5.s390x.rpm glibc-utils-2.12-1.80.el6_3.5.s390x.rpm nscd-2.12-1.80.el6_3.5.s390x.rpm x86_64: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-2.12-1.80.el6_3.5.x86_64.rpm glibc-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm nscd-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.80.el6_3.5.ppc.rpm glibc-debuginfo-2.12-1.80.el6_3.5.ppc64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.ppc.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.ppc64.rpm glibc-static-2.12-1.80.el6_3.5.ppc.rpm glibc-static-2.12-1.80.el6_3.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.80.el6_3.5.s390.rpm glibc-debuginfo-2.12-1.80.el6_3.5.s390x.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.s390.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.s390x.rpm glibc-static-2.12-1.80.el6_3.5.s390.rpm glibc-static-2.12-1.80.el6_3.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-headers-2.12-1.80.el6_3.5.i686.rpm glibc-utils-2.12-1.80.el6_3.5.i686.rpm nscd-2.12-1.80.el6_3.5.i686.rpm x86_64: glibc-2.12-1.80.el6_3.5.i686.rpm glibc-2.12-1.80.el6_3.5.x86_64.rpm glibc-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-devel-2.12-1.80.el6_3.5.i686.rpm glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm nscd-2.12-1.80.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.80.el6_3.5.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.5.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.5.x86_64.rpm glibc-static-2.12-1.80.el6_3.5.i686.rpm glibc-static-2.12-1.80.el6_3.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3480.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQO3QLXlSAg2UNWIIRArgGAKChA08cQ23ZOrbYT1/l2uT1WaItOgCfan43 PVRS0kVxa/1Igs+yxK307pM= =TVQR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 29 04:40:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 29 Aug 2012 04:40:28 +0000 Subject: [RHSA-2012:1210-01] Critical: firefox security update Message-ID: <201208290446.q7T4kaiC012328@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2012:1210-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1210.html Issue date: 2012-08-29 CVE Names: CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964) A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970) Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968) A flaw was found in the way Firefox decoded embedded bitmap images in Icon Format (ICO) files. A web page containing a malicious ICO file could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3966) A flaw was found in the way the "eval" command was handled by the Firefox Web Console. Running "eval" in the Web Console while viewing a web page containing malicious content could possibly cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3980) An out-of-bounds memory read flaw was found in the way Firefox used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). A web page containing malicious content could possibly cause an information leak, or cause Firefox to crash. (CVE-2012-3972) It was found that the SSL certificate information for a previously visited site could be displayed in the address bar while the main window displayed a new page. This could lead to phishing attacks as attackers could use this flaw to trick users into believing they are viewing a trusted site. (CVE-2012-3976) A flaw was found in the location object implementation in Firefox. Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr?d?ric Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr?goire, Mark Poticha, moz_bug_r_a4, and Colby Russell as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.7 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851909 - CVE-2012-1970 Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57) 851910 - Mozilla:Multiple Use-after-free issues found using Address Sanitizer (MFSA 2012-58) 851918 - CVE-2012-3966 Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61) 851920 - CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62) 851922 - CVE-2012-3969 CVE-2012-3970 Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63) 851924 - CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65) 851931 - CVE-2012-3976 Mozilla: Incorrect site SSL certificate data display (MFSA 2012-69) 851937 - CVE-2012-3978 Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70) 851939 - CVE-2012-3980 Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.7-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.7-2.el5_8.src.rpm i386: firefox-10.0.7-1.el5_8.i386.rpm firefox-debuginfo-10.0.7-1.el5_8.i386.rpm xulrunner-10.0.7-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm x86_64: firefox-10.0.7-1.el5_8.i386.rpm firefox-10.0.7-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.7-1.el5_8.i386.rpm firefox-debuginfo-10.0.7-1.el5_8.x86_64.rpm xulrunner-10.0.7-2.el5_8.i386.rpm xulrunner-10.0.7-2.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.7-2.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.7-2.el5_8.src.rpm i386: xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm xulrunner-devel-10.0.7-2.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.7-2.el5_8.x86_64.rpm xulrunner-devel-10.0.7-2.el5_8.i386.rpm xulrunner-devel-10.0.7-2.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.7-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.7-2.el5_8.src.rpm i386: firefox-10.0.7-1.el5_8.i386.rpm firefox-debuginfo-10.0.7-1.el5_8.i386.rpm xulrunner-10.0.7-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm xulrunner-devel-10.0.7-2.el5_8.i386.rpm ia64: firefox-10.0.7-1.el5_8.ia64.rpm firefox-debuginfo-10.0.7-1.el5_8.ia64.rpm xulrunner-10.0.7-2.el5_8.ia64.rpm xulrunner-debuginfo-10.0.7-2.el5_8.ia64.rpm xulrunner-devel-10.0.7-2.el5_8.ia64.rpm ppc: firefox-10.0.7-1.el5_8.ppc.rpm firefox-debuginfo-10.0.7-1.el5_8.ppc.rpm xulrunner-10.0.7-2.el5_8.ppc.rpm xulrunner-10.0.7-2.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.7-2.el5_8.ppc.rpm xulrunner-debuginfo-10.0.7-2.el5_8.ppc64.rpm xulrunner-devel-10.0.7-2.el5_8.ppc.rpm xulrunner-devel-10.0.7-2.el5_8.ppc64.rpm s390x: firefox-10.0.7-1.el5_8.s390.rpm firefox-10.0.7-1.el5_8.s390x.rpm firefox-debuginfo-10.0.7-1.el5_8.s390.rpm firefox-debuginfo-10.0.7-1.el5_8.s390x.rpm xulrunner-10.0.7-2.el5_8.s390.rpm xulrunner-10.0.7-2.el5_8.s390x.rpm xulrunner-debuginfo-10.0.7-2.el5_8.s390.rpm xulrunner-debuginfo-10.0.7-2.el5_8.s390x.rpm xulrunner-devel-10.0.7-2.el5_8.s390.rpm xulrunner-devel-10.0.7-2.el5_8.s390x.rpm x86_64: firefox-10.0.7-1.el5_8.i386.rpm firefox-10.0.7-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.7-1.el5_8.i386.rpm firefox-debuginfo-10.0.7-1.el5_8.x86_64.rpm xulrunner-10.0.7-2.el5_8.i386.rpm xulrunner-10.0.7-2.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.7-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.7-2.el5_8.x86_64.rpm xulrunner-devel-10.0.7-2.el5_8.i386.rpm xulrunner-devel-10.0.7-2.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.7-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: firefox-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm x86_64: firefox-10.0.7-1.el6_3.i686.rpm firefox-10.0.7-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.7-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm x86_64: firefox-10.0.7-1.el6_3.i686.rpm firefox-10.0.7-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.7-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: firefox-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm ppc64: firefox-10.0.7-1.el6_3.ppc.rpm firefox-10.0.7-1.el6_3.ppc64.rpm firefox-debuginfo-10.0.7-1.el6_3.ppc.rpm firefox-debuginfo-10.0.7-1.el6_3.ppc64.rpm xulrunner-10.0.7-1.el6_3.ppc.rpm xulrunner-10.0.7-1.el6_3.ppc64.rpm xulrunner-debuginfo-10.0.7-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.7-1.el6_3.ppc64.rpm s390x: firefox-10.0.7-1.el6_3.s390.rpm firefox-10.0.7-1.el6_3.s390x.rpm firefox-debuginfo-10.0.7-1.el6_3.s390.rpm firefox-debuginfo-10.0.7-1.el6_3.s390x.rpm xulrunner-10.0.7-1.el6_3.s390.rpm xulrunner-10.0.7-1.el6_3.s390x.rpm xulrunner-debuginfo-10.0.7-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.7-1.el6_3.s390x.rpm x86_64: firefox-10.0.7-1.el6_3.i686.rpm firefox-10.0.7-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm ppc64: xulrunner-debuginfo-10.0.7-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.7-1.el6_3.ppc64.rpm xulrunner-devel-10.0.7-1.el6_3.ppc.rpm xulrunner-devel-10.0.7-1.el6_3.ppc64.rpm s390x: xulrunner-debuginfo-10.0.7-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.7-1.el6_3.s390x.rpm xulrunner-devel-10.0.7-1.el6_3.s390.rpm xulrunner-devel-10.0.7-1.el6_3.s390x.rpm x86_64: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.7-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: firefox-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm x86_64: firefox-10.0.7-1.el6_3.i686.rpm firefox-10.0.7-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.7-1.el6_3.i686.rpm firefox-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-10.0.7-1.el6_3.i686.rpm xulrunner-10.0.7-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.7-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.7-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.7-1.el6_3.x86_64.rpm xulrunner-devel-10.0.7-1.el6_3.i686.rpm xulrunner-devel-10.0.7-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1970.html https://www.redhat.com/security/data/cve/CVE-2012-1972.html https://www.redhat.com/security/data/cve/CVE-2012-1973.html https://www.redhat.com/security/data/cve/CVE-2012-1974.html https://www.redhat.com/security/data/cve/CVE-2012-1975.html https://www.redhat.com/security/data/cve/CVE-2012-1976.html https://www.redhat.com/security/data/cve/CVE-2012-3956.html https://www.redhat.com/security/data/cve/CVE-2012-3957.html https://www.redhat.com/security/data/cve/CVE-2012-3958.html https://www.redhat.com/security/data/cve/CVE-2012-3959.html https://www.redhat.com/security/data/cve/CVE-2012-3960.html https://www.redhat.com/security/data/cve/CVE-2012-3961.html https://www.redhat.com/security/data/cve/CVE-2012-3962.html https://www.redhat.com/security/data/cve/CVE-2012-3963.html https://www.redhat.com/security/data/cve/CVE-2012-3964.html https://www.redhat.com/security/data/cve/CVE-2012-3966.html https://www.redhat.com/security/data/cve/CVE-2012-3967.html https://www.redhat.com/security/data/cve/CVE-2012-3968.html https://www.redhat.com/security/data/cve/CVE-2012-3969.html https://www.redhat.com/security/data/cve/CVE-2012-3970.html https://www.redhat.com/security/data/cve/CVE-2012-3972.html https://www.redhat.com/security/data/cve/CVE-2012-3976.html https://www.redhat.com/security/data/cve/CVE-2012-3978.html https://www.redhat.com/security/data/cve/CVE-2012-3980.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQPZ6JXlSAg2UNWIIRAufHAJ9TonRHGox8wyfFvDuSriyFG8nuJgCfQ9nU tP7CkImSIb9stDQQaQHnNig= =w5Z5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 29 04:41:52 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 29 Aug 2012 04:41:52 +0000 Subject: [RHSA-2012:1211-01] Critical: thunderbird security update Message-ID: <201208290448.q7T4m02u022776@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:1211-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1211.html Issue date: 2012-08-29 CVE Names: CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964) Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3969, CVE-2012-3970) Two flaws were found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3967, CVE-2012-3968) A flaw was found in the way Thunderbird decoded embedded bitmap images in Icon Format (ICO) files. Content containing a malicious ICO file could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3966) A flaw was found in the way the "eval" command was handled by the Thunderbird Error Console. Running "eval" in the Error Console while viewing malicious content could possibly cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3980) An out-of-bounds memory read flaw was found in the way Thunderbird used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). Malicious content could possibly cause an information leak, or cause Thunderbird to crash. (CVE-2012-3972) A flaw was found in the location object implementation in Thunderbird. Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Fr?d?ric Hoguin, miaubiz, Arthur Gerkis, Nicolas Gr?goire, moz_bug_r_a4, and Colby Russell as the original reporters of these issues. Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.7 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851909 - CVE-2012-1970 Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57) 851910 - Mozilla:Multiple Use-after-free issues found using Address Sanitizer (MFSA 2012-58) 851918 - CVE-2012-3966 Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61) 851920 - CVE-2012-3967 CVE-2012-3968 Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62) 851922 - CVE-2012-3969 CVE-2012-3970 Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63) 851924 - CVE-2012-3972 Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65) 851937 - CVE-2012-3978 Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70) 851939 - CVE-2012-3980 Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-10.0.7-1.el5_8.src.rpm i386: thunderbird-10.0.7-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.7-1.el5_8.i386.rpm x86_64: thunderbird-10.0.7-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.7-1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-10.0.7-1.el5_8.src.rpm i386: thunderbird-10.0.7-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.7-1.el5_8.i386.rpm x86_64: thunderbird-10.0.7-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.7-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-10.0.7-1.el6_3.src.rpm i386: thunderbird-10.0.7-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm x86_64: thunderbird-10.0.7-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-10.0.7-1.el6_3.src.rpm i386: thunderbird-10.0.7-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm ppc64: thunderbird-10.0.7-1.el6_3.ppc64.rpm thunderbird-debuginfo-10.0.7-1.el6_3.ppc64.rpm s390x: thunderbird-10.0.7-1.el6_3.s390x.rpm thunderbird-debuginfo-10.0.7-1.el6_3.s390x.rpm x86_64: thunderbird-10.0.7-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-10.0.7-1.el6_3.src.rpm i386: thunderbird-10.0.7-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.7-1.el6_3.i686.rpm x86_64: thunderbird-10.0.7-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.7-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1970.html https://www.redhat.com/security/data/cve/CVE-2012-1972.html https://www.redhat.com/security/data/cve/CVE-2012-1973.html https://www.redhat.com/security/data/cve/CVE-2012-1974.html https://www.redhat.com/security/data/cve/CVE-2012-1975.html https://www.redhat.com/security/data/cve/CVE-2012-1976.html https://www.redhat.com/security/data/cve/CVE-2012-3956.html https://www.redhat.com/security/data/cve/CVE-2012-3957.html https://www.redhat.com/security/data/cve/CVE-2012-3958.html https://www.redhat.com/security/data/cve/CVE-2012-3959.html https://www.redhat.com/security/data/cve/CVE-2012-3960.html https://www.redhat.com/security/data/cve/CVE-2012-3961.html https://www.redhat.com/security/data/cve/CVE-2012-3962.html https://www.redhat.com/security/data/cve/CVE-2012-3963.html https://www.redhat.com/security/data/cve/CVE-2012-3964.html https://www.redhat.com/security/data/cve/CVE-2012-3966.html https://www.redhat.com/security/data/cve/CVE-2012-3967.html https://www.redhat.com/security/data/cve/CVE-2012-3968.html https://www.redhat.com/security/data/cve/CVE-2012-3969.html https://www.redhat.com/security/data/cve/CVE-2012-3970.html https://www.redhat.com/security/data/cve/CVE-2012-3972.html https://www.redhat.com/security/data/cve/CVE-2012-3978.html https://www.redhat.com/security/data/cve/CVE-2012-3980.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQPZ7pXlSAg2UNWIIRAokuAJ937VxyAQaNfpjtXo6sbfn8kxpAkACggl0r GQXCne0fQsjbaNB3EZ39CrY= =WMQp -----END PGP SIGNATURE-----