From bugzilla at redhat.com Mon Dec 3 18:03:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Dec 2012 18:03:30 +0000 Subject: [RHSA-2012:1514-01] Low: Red Hat Enterprise Linux Extended Update Support 6.0 - End Of Life Message-ID: <201212031803.qB3I3Uf7001674@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 6.0 - End Of Life Advisory ID: RHSA-2012:1514-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1514.html Issue date: 2012-12-03 ===================================================================== 1. Summary: This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 6.0. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 6.0 has ended. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.0. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release-server package that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.0): Source: redhat-release-server-6Server-6.0.0.41.el6_0.src.rpm i386: redhat-release-server-6Server-6.0.0.41.el6_0.i686.rpm ppc64: redhat-release-server-6Server-6.0.0.41.el6_0.ppc64.rpm s390x: redhat-release-server-6Server-6.0.0.41.el6_0.s390x.rpm x86_64: redhat-release-server-6Server-6.0.0.41.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQvOlaXlSAg2UNWIIRAof7AJ4oKg/eqdvUk+3Fioek314GziUdpwCePIrA pHLCpIS01LIYEhJoM3nIGb8= =6FFh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 4 20:28:43 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Dec 2012 20:28:43 +0000 Subject: [RHSA-2012:1491-01] Important: kernel-rt security and bug fix update Message-ID: <201212042028.qB4KShE4001640@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2012:1491-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1491.html Issue date: 2012-12-04 CVE Names: CVE-2012-0957 CVE-2012-2133 CVE-2012-3400 CVE-2012-3430 CVE-2012-3511 CVE-2012-3520 CVE-2012-4508 CVE-2012-4565 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.2. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way Netlink messages without SCM_CREDENTIALS (used for authentication) data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages. (CVE-2012-3520, Important) * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-2133, Moderate) * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to "illinois"), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * An information leak flaw was found in the uname() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by setting the UNAME26 personality and then calling the uname() system call. (CVE-2012-0957, Low) * Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) * A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) Red Hat would like to thank Pablo Neira Ayuso for reporting CVE-2012-3520; Theodore Ts'o for reporting CVE-2012-4508; Shachar Raindel for reporting CVE-2012-2133; and Kees Cook for reporting CVE-2012-0957. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. The CVE-2012-4565 issue was discovered by Rodrigo Freire of Red Hat, and the CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team. This update also fixes multiple bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.2.33-rt50, and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 817430 - CVE-2012-2133 kernel: use after free bug in "quota" handling 820039 - CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory 843130 - RFE kernel: net: mitigate blind reset attacks using RST and SYN bits 843139 - CVE-2012-3400 kernel: udf: buffer overflow when parsing sparing table 849734 - CVE-2012-3511 kernel: mm: use-after-free in madvise_remove() 850449 - CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing 856243 - kernel-rt-debug potential deadlock 859226 - iptables and other tools unable to log to rsyslog 862877 - CVE-2012-0957 kernel: uts: stack memory leak in UNAME26 864568 - Rebase MRG Realtime kernel to latest upstream 3.2 stable RT release 869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure 871848 - CVE-2012-4565 kernel: net: divide by zero in tcp algorithm illinois 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.2.33-rt50.66.el6rt.src.rpm noarch: kernel-rt-doc-3.2.33-rt50.66.el6rt.noarch.rpm kernel-rt-firmware-3.2.33-rt50.66.el6rt.noarch.rpm mrg-rt-release-3.2.33-rt50.66.el6rt.noarch.rpm x86_64: kernel-rt-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-debug-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-debug-devel-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-devel-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-trace-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-trace-devel-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-vanilla-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.2.33-rt50.66.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0957.html https://www.redhat.com/security/data/cve/CVE-2012-2133.html https://www.redhat.com/security/data/cve/CVE-2012-3400.html https://www.redhat.com/security/data/cve/CVE-2012-3430.html https://www.redhat.com/security/data/cve/CVE-2012-3511.html https://www.redhat.com/security/data/cve/CVE-2012-3520.html https://www.redhat.com/security/data/cve/CVE-2012-4508.html https://www.redhat.com/security/data/cve/CVE-2012-4565.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1491 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQvlzmXlSAg2UNWIIRAuV4AJwKV4N4EunJUffwiflDY6OcjEu3PACeI56f NB5YLiZOiHeJkQHw4HQEoD4= =7rwV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 4 20:54:09 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Dec 2012 20:54:09 +0000 Subject: [RHSA-2012:1540-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201212042054.qB4Ks9Ys014321@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2012:1540-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1540.html Issue date: 2012-12-04 CVE Names: CVE-2012-2372 CVE-2012-3552 CVE-2012-4508 CVE-2012-4535 CVE-2012-4537 CVE-2012-5513 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, two bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: These packages contain the Linux kernel. Security fixes: * A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. (CVE-2012-4508, Important) * A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-5513, Important) * A flaw in the Reliable Datagram Sockets (RDS) protocol implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. (CVE-2012-3552, Moderate) * The Xen hypervisor implementation did not properly restrict the period values used to initialize per VCPU periodic timers. A privileged guest user could cause an infinite loop on the physical CPU. If the watchdog were enabled, it would detect said loop and panic the host system. (CVE-2012-4535, Moderate) * A flaw in the way the Xen hypervisor implementation handled set_p2m_entry() error conditions could allow a privileged, fully-virtualized guest user to crash the hypervisor. (CVE-2012-4537, Moderate) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508; the Xen project for reporting CVE-2012-5513, CVE-2012-4535, and CVE-2012-4537; and Hafid Lin for reporting CVE-2012-3552. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. CVE-2012-2372 was discovered by Li Honggang of Red Hat. Bug fixes: * Previously, the interrupt handlers of the qla2xxx driver could clear pending interrupts right after the IRQ lines were attached during system start-up. Consequently, the kernel could miss the interrupt that reported completion of the link initialization, and the qla2xxx driver then failed to detect all attached LUNs. With this update, the qla2xxx driver has been modified to no longer clear interrupt bits after attaching the IRQ lines. The driver now correctly detects all attached LUNs as expected. (BZ#870118) * The Ethernet channel bonding driver reported the MII (Media Independent Interface) status of the bond interface in 802.3ad mode as being up even though the MII status of all of the slave devices was down. This could pose a problem if the MII status of the bond interface was used to determine if failover should occur. With this update, the agg_device_up() function has been added to the bonding driver, which allows the driver to report the link status of the bond interface correctly, that is, down when all of its slaves are down, in the 802.3ad mode. (BZ#877943) Enhancements: * This update backports several changes from the latest upstream version of the bnx2x driver. The most important change, the remote-fault link detection feature, allows the driver to periodically scan the physical link layer for remote faults. If the physical link appears to be up and a fault is detected, the driver indicates that the link is down. When the fault is cleared, the driver indicates that the link is up again. (BZ#870120) * The INET socket interface has been modified to send a warning message when the ip_options structure is allocated directly by a third-party module using the kmalloc() function. (BZ#874973) Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 822754 - CVE-2012-2372 kernel: rds-ping cause kernel panic 853465 - CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt 869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure 870086 - CVE-2012-4535 kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog 870101 - CVE-2012-4537 kernel: xen: Memory mapping failure can crash Xen 874973 - net: WARN if struct ip_options was allocated directly by kmalloc [rhel-5.8.z] 877391 - CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.24.1.el5.src.rpm i386: kernel-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.24.1.el5.i686.rpm kernel-debug-2.6.18-308.24.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.24.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.i686.rpm kernel-devel-2.6.18-308.24.1.el5.i686.rpm kernel-headers-2.6.18-308.24.1.el5.i386.rpm kernel-xen-2.6.18-308.24.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.24.1.el5.i686.rpm noarch: kernel-doc-2.6.18-308.24.1.el5.noarch.rpm x86_64: kernel-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.24.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.x86_64.rpm kernel-devel-2.6.18-308.24.1.el5.x86_64.rpm kernel-headers-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.24.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.24.1.el5.src.rpm i386: kernel-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.24.1.el5.i686.rpm kernel-debug-2.6.18-308.24.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.24.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.i686.rpm kernel-devel-2.6.18-308.24.1.el5.i686.rpm kernel-headers-2.6.18-308.24.1.el5.i386.rpm kernel-xen-2.6.18-308.24.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.24.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.24.1.el5.i686.rpm ia64: kernel-2.6.18-308.24.1.el5.ia64.rpm kernel-debug-2.6.18-308.24.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.ia64.rpm kernel-debug-devel-2.6.18-308.24.1.el5.ia64.rpm kernel-debuginfo-2.6.18-308.24.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.ia64.rpm kernel-devel-2.6.18-308.24.1.el5.ia64.rpm kernel-headers-2.6.18-308.24.1.el5.ia64.rpm kernel-xen-2.6.18-308.24.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-308.24.1.el5.ia64.rpm kernel-xen-devel-2.6.18-308.24.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-308.24.1.el5.noarch.rpm ppc: kernel-2.6.18-308.24.1.el5.ppc64.rpm kernel-debug-2.6.18-308.24.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-308.24.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.ppc64.rpm kernel-devel-2.6.18-308.24.1.el5.ppc64.rpm kernel-headers-2.6.18-308.24.1.el5.ppc.rpm kernel-headers-2.6.18-308.24.1.el5.ppc64.rpm kernel-kdump-2.6.18-308.24.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-308.24.1.el5.ppc64.rpm s390x: kernel-2.6.18-308.24.1.el5.s390x.rpm kernel-debug-2.6.18-308.24.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.s390x.rpm kernel-debug-devel-2.6.18-308.24.1.el5.s390x.rpm kernel-debuginfo-2.6.18-308.24.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.s390x.rpm kernel-devel-2.6.18-308.24.1.el5.s390x.rpm kernel-headers-2.6.18-308.24.1.el5.s390x.rpm kernel-kdump-2.6.18-308.24.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-308.24.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-308.24.1.el5.s390x.rpm x86_64: kernel-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.24.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.24.1.el5.x86_64.rpm kernel-devel-2.6.18-308.24.1.el5.x86_64.rpm kernel-headers-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.24.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2372.html https://www.redhat.com/security/data/cve/CVE-2012-3552.html https://www.redhat.com/security/data/cve/CVE-2012-4508.html https://www.redhat.com/security/data/cve/CVE-2012-4535.html https://www.redhat.com/security/data/cve/CVE-2012-4537.html https://www.redhat.com/security/data/cve/CVE-2012-5513.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQvmLKXlSAg2UNWIIRArNCAJ9imSTekRJDglgmCYW07mmX4mWVrgCfRv9X 2oCN7QPU4z8lIqsKNhQj2rc= =111+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 4 20:54:52 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Dec 2012 20:54:52 +0000 Subject: [RHSA-2012:1541-01] Moderate: kernel security and bug fix update Message-ID: <201212042054.qB4KsqGY023740@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2012:1541-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1541.html Issue date: 2012-12-04 CVE Names: CVE-2011-4131 CVE-2012-2313 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: These packages contain the Linux kernel. Security fixes: * A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction (such as losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Andy Adamson for reporting CVE-2011-4131, and Stephan Mueller for reporting CVE-2012-2313. Bug fixes: * A kernel oops occurred in the nf_nat code when a bogus pointer was dereferenced in the nf_conn_nat structure. Consequently, if Source Network Address Translation (SNAT) was performed, incorrect information could be received by other CTS (Clear to Send) signals. A conntrack entry is now placed in the source hash after SNAT has been completed, which prevents the described problems. (BZ#865715) * Previously, the ixgbe_setup_tc() function was called recursively when the set_state() CEE (Convergence Enhanced Ethernet) API routine was called in IEEE DCBX (Data Center Bridging eXchange) mode. This is considered unsafe according to the IEEE standards. With this update, the ixgbe driver has been modified to no longer call the set_state() routine in IEEE DCBX mode. The driver now calls routines of the PFC (Priority-based Flow Control) and ETS (Enhanced Transmission Selection) extensions instead of the CEE extension routines in IEEE DCBX mode. (BZ#867859) * A Symmetric Multi Processing (SMP) race condition between the munmap() and exit() function could lead to false-positive triggering of the BUG_ON() macro if Transparent Huge Pages (THP) were enabled. This update fixes the race condition, which avoids false-positive triggering of the BUG_ON() macro in this scenario. (BZ#875121) * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thus throttled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876078) * Previously, XFS log buffers were handled incorrectly so that XFS could, in certain circumstances, incorrectly read metadata from the journal during XFS log recovery. As a consequence, XFS log recovery terminated with an error message and prevented the file system from being mounted. This problem could result in a loss of data if the user forcibly emptied the log to allow the file system to be mounted. This update ensures that metadata is read correctly from the log and journal recovery thus completes successfully, and the file system mounts as expected. (BZ#876498) * Previously, kernel was allowed to reduce the number of unnecessary commit calls by skipping the commit when there was a large number of outstanding pages being written. However, a test on the number of commits (ncommit) did not properly handle the edge case when ncommit was zero. Consequently, inodes sometimes remained on the sb->s_dirty list and could not be freed by the inode cache shrinker. As a result, the nfs_inode_cache structure grew very large over time. With this update, the call to the nfs_write_inode() function is immediately returned when commit == 0, thus fixing this bug. (BZ#877394) 4. Solution: Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 747106 - CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops 818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.2): Source: kernel-2.6.32-220.30.1.el6.src.rpm i386: kernel-2.6.32-220.30.1.el6.i686.rpm kernel-debug-2.6.32-220.30.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.30.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.30.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.30.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.30.1.el6.i686.rpm kernel-devel-2.6.32-220.30.1.el6.i686.rpm kernel-headers-2.6.32-220.30.1.el6.i686.rpm perf-2.6.32-220.30.1.el6.i686.rpm perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.30.1.el6.noarch.rpm kernel-firmware-2.6.32-220.30.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.30.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.30.1.el6.ppc64.rpm kernel-debug-2.6.32-220.30.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.30.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.30.1.el6.ppc64.rpm kernel-devel-2.6.32-220.30.1.el6.ppc64.rpm kernel-headers-2.6.32-220.30.1.el6.ppc64.rpm perf-2.6.32-220.30.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.30.1.el6.s390x.rpm kernel-debug-2.6.32-220.30.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.30.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.30.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.30.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.30.1.el6.s390x.rpm kernel-devel-2.6.32-220.30.1.el6.s390x.rpm kernel-headers-2.6.32-220.30.1.el6.s390x.rpm kernel-kdump-2.6.32-220.30.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.30.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.30.1.el6.s390x.rpm perf-2.6.32-220.30.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.30.1.el6.x86_64.rpm kernel-debug-2.6.32-220.30.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.30.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.30.1.el6.x86_64.rpm kernel-devel-2.6.32-220.30.1.el6.x86_64.rpm kernel-headers-2.6.32-220.30.1.el6.x86_64.rpm perf-2.6.32-220.30.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: kernel-2.6.32-220.30.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.30.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.30.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.30.1.el6.i686.rpm perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm python-perf-2.6.32-220.30.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.30.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm python-perf-2.6.32-220.30.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.30.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.30.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.30.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.30.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm python-perf-2.6.32-220.30.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.30.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm python-perf-2.6.32-220.30.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4131.html https://www.redhat.com/security/data/cve/CVE-2012-2313.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQvmL/XlSAg2UNWIIRApY6AKCsPyjEXrfszP+2mPTFqMsxMCUA0ACfYffF vhchv+BbvP3CDxB5t7m2kBA= =4QT6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 6 20:37:38 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Dec 2012 20:37:38 +0000 Subject: [RHSA-2012:1549-01] Important: bind security update Message-ID: <201212062037.qB6KbcAG020021@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1549-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1549.html Issue date: 2012-12-06 CVE Names: CVE-2012-5688 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. (CVE-2012-5688) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 883533 - CVE-2012-5688 bind: DoS on servers using DNS64 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.6.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5688.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-5688 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQwQHyXlSAg2UNWIIRAmlsAJ9F2CvCZ68+hd5hHk3yro8Qjnt13ACfVG0k A4mwNLxHcqDqEP7txoAolfM= =kmAR -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 7 11:55:17 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Dec 2012 11:55:17 +0000 Subject: [RHSA-2012:1551-01] Important: mysql security update Message-ID: <201212071204.qB7C4FR3032634@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2012:1551-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1551.html Issue date: 2012-12-07 CVE Names: CVE-2012-5611 ===================================================================== 1. Summary: Updated mysql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 881064 - CVE-2012-5611 mysql: acl_get() stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-server-5.1.66-2.el6_3.i686.rpm x86_64: mysql-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.x86_64.rpm mysql-server-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-bench-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm mysql-test-5.1.66-2.el6_3.i686.rpm x86_64: mysql-bench-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.x86_64.rpm mysql-test-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm x86_64: mysql-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm x86_64: mysql-bench-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.x86_64.rpm mysql-server-5.1.66-2.el6_3.x86_64.rpm mysql-test-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-5.1.66-2.el6_3.i686.rpm mysql-bench-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-server-5.1.66-2.el6_3.i686.rpm mysql-test-5.1.66-2.el6_3.i686.rpm ppc64: mysql-5.1.66-2.el6_3.ppc64.rpm mysql-bench-5.1.66-2.el6_3.ppc64.rpm mysql-debuginfo-5.1.66-2.el6_3.ppc.rpm mysql-debuginfo-5.1.66-2.el6_3.ppc64.rpm mysql-devel-5.1.66-2.el6_3.ppc.rpm mysql-devel-5.1.66-2.el6_3.ppc64.rpm mysql-libs-5.1.66-2.el6_3.ppc.rpm mysql-libs-5.1.66-2.el6_3.ppc64.rpm mysql-server-5.1.66-2.el6_3.ppc64.rpm mysql-test-5.1.66-2.el6_3.ppc64.rpm s390x: mysql-5.1.66-2.el6_3.s390x.rpm mysql-bench-5.1.66-2.el6_3.s390x.rpm mysql-debuginfo-5.1.66-2.el6_3.s390.rpm mysql-debuginfo-5.1.66-2.el6_3.s390x.rpm mysql-devel-5.1.66-2.el6_3.s390.rpm mysql-devel-5.1.66-2.el6_3.s390x.rpm mysql-libs-5.1.66-2.el6_3.s390.rpm mysql-libs-5.1.66-2.el6_3.s390x.rpm mysql-server-5.1.66-2.el6_3.s390x.rpm mysql-test-5.1.66-2.el6_3.s390x.rpm x86_64: mysql-5.1.66-2.el6_3.x86_64.rpm mysql-bench-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.x86_64.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.x86_64.rpm mysql-server-5.1.66-2.el6_3.x86_64.rpm mysql-test-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm ppc64: mysql-debuginfo-5.1.66-2.el6_3.ppc.rpm mysql-debuginfo-5.1.66-2.el6_3.ppc64.rpm mysql-embedded-5.1.66-2.el6_3.ppc.rpm mysql-embedded-5.1.66-2.el6_3.ppc64.rpm mysql-embedded-devel-5.1.66-2.el6_3.ppc.rpm mysql-embedded-devel-5.1.66-2.el6_3.ppc64.rpm s390x: mysql-debuginfo-5.1.66-2.el6_3.s390.rpm mysql-debuginfo-5.1.66-2.el6_3.s390x.rpm mysql-embedded-5.1.66-2.el6_3.s390.rpm mysql-embedded-5.1.66-2.el6_3.s390x.rpm mysql-embedded-devel-5.1.66-2.el6_3.s390.rpm mysql-embedded-devel-5.1.66-2.el6_3.s390x.rpm x86_64: mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-5.1.66-2.el6_3.i686.rpm mysql-bench-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-server-5.1.66-2.el6_3.i686.rpm mysql-test-5.1.66-2.el6_3.i686.rpm x86_64: mysql-5.1.66-2.el6_3.x86_64.rpm mysql-bench-5.1.66-2.el6_3.x86_64.rpm mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-devel-5.1.66-2.el6_3.i686.rpm mysql-devel-5.1.66-2.el6_3.x86_64.rpm mysql-libs-5.1.66-2.el6_3.i686.rpm mysql-libs-5.1.66-2.el6_3.x86_64.rpm mysql-server-5.1.66-2.el6_3.x86_64.rpm mysql-test-5.1.66-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.66-2.el6_3.src.rpm i386: mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm x86_64: mysql-debuginfo-5.1.66-2.el6_3.i686.rpm mysql-debuginfo-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-5.1.66-2.el6_3.i686.rpm mysql-embedded-5.1.66-2.el6_3.x86_64.rpm mysql-embedded-devel-5.1.66-2.el6_3.i686.rpm mysql-embedded-devel-5.1.66-2.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5611.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQwdsjXlSAg2UNWIIRAgSfAJ0cQoUEiFlYv7vBOx+tCtKQuqsYYgCfcQJt 1oTGqEhgy2rmRRyxTbg6trU= =Eab/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 21:07:00 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2012 21:07:00 +0000 Subject: [RHSA-2012:1555-01] Important: openshift-console security update Message-ID: <201212102107.qBAL704R009512@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openshift-console security update Advisory ID: RHSA-2012:1555-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1555.html Issue date: 2012-12-10 CVE Names: CVE-2012-5622 ===================================================================== 1. Summary: An updated openshift-console package that fixes one security issue is now available for OpenShift Enterprise. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RedHat OpenShift Enterprise Infrastructure - noarch 3. Description: The OpenShift Management Console provides a web interface for managing OpenShift Enterprise. It was found that the OpenShift Management Console did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the OpenShift Management Console, into visiting an attacker controlled web page, the attacker could make changes to applications hosted within OpenShift Enterprise with the privileges of the victim which may lead to arbitrary code execution in the OpenShift Enterprise hosted applications. (CVE-2012-5622) This issue was discovered by Red Hat. All users of the OpenShift Management Console are advised to upgrade to this updated package, which corrects this issue. Before installing the updated package, stop the openshift-console service. After the package has been installed, start the openshift-console service. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 883227 - CVE-2012-5622 OpenShift-Enterprise: openshift-console CSRF attack 6. Package List: RedHat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-console-0.0.5-3.el6.src.rpm noarch: openshift-console-0.0.5-3.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5622.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQxk7lXlSAg2UNWIIRAo/wAKCJYt+EDRH/PsMxTj0ENJLK0DS2NgCeIVbp MS44+5biCgUr4NuSG2AJFUg= =g1f3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 21:08:33 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2012 21:08:33 +0000 Subject: [RHSA-2012:1556-01] Moderate: openstack-keystone security, bug fix, and enhancement update Message-ID: <201212102108.qBAL8XlO024996@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security, bug fix, and enhancement update Advisory ID: RHSA-2012:1556-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1556.html Issue date: 2012-12-10 CVE Names: CVE-2012-5483 CVE-2012-5571 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOS Essex Release - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#867029) This update also fixes the following security issues: It was found that Keystone did not correctly handle users being removed from tenants when Amazon Elastic Compute Cloud (Amazon EC2) style credentials (credentials that are issued in the same format as standard Amazon EC2 credentials) were in use. When a user was removed from a tenant, they retained the privileges provided by that tenant, allowing them to access resources they should no longer have access to. (CVE-2012-5571) When access to Amazon Elastic Compute Cloud (Amazon EC2) was configured, a file permissions flaw in Keystone allowed a local attacker to view the administrative access and secret values used for authenticating requests to Amazon EC2 services. An attacker could use this flaw to access Amazon EC2 and enable, disable, and modify services and settings. (CVE-2012-5483) Red Hat would like to thank the OpenStack project for reporting CVE-2012-5571. Upstream acknowledges Vijaya Erukala as the original reporter of CVE-2012-5571. The CVE-2012-5483 issue was discovered by Kurt Seifried of the Red Hat Security Response Team. All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 867029 - Update to the latest Essex stable release 2012.1.3 873447 - CVE-2012-5483 OpenStack: Keystone /etc/keystone/ec2rc secret key exposure 880399 - CVE-2012-5571 OpenStack: Keystone EC2-style credentials invalidation issue 6. Package List: RHOS Essex Release: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.1.3-3.el6.src.rpm noarch: openstack-keystone-2012.1.3-3.el6.noarch.rpm openstack-keystone-doc-2012.1.3-3.el6.noarch.rpm python-keystone-2012.1.3-3.el6.noarch.rpm python-keystone-auth-token-2012.1.3-3.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5483.html https://www.redhat.com/security/data/cve/CVE-2012-5571.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQxk89XlSAg2UNWIIRAqnZAJ0VxFdA4wsTD8CDlsmTBoofsmTupQCfRUhQ qbPOBcuYNVP0hVeRKC2A4pk= =WY26 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 21:08:58 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2012 21:08:58 +0000 Subject: [RHSA-2012:1557-01] Moderate: openstack-keystone security, bug fix, and enhancement update Message-ID: <201212102108.qBAL8wgp005307@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security, bug fix, and enhancement update Advisory ID: RHSA-2012:1557-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1557.html Issue date: 2012-12-10 CVE Names: CVE-2012-5563 CVE-2012-5571 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#883829) This update also fixes the following security issues: A flaw in Keystone allowed an attacker with access to the web and network interfaces to continue using chained tokens linked to tokens that had expired. This would allow the attacker to continue using the tokens despite the parent token being expired, giving them continued access to OpenStack services. (CVE-2012-5563) It was found that Keystone did not correctly handle users being removed from tenants when Amazon Elastic Compute Cloud (Amazon EC2) style credentials (credentials that are issued in the same format as standard Amazon EC2 credentials) were in use. When a user was removed from a tenant, they retained the privileges provided by that tenant, allowing them to access resources they should no longer have access to. (CVE-2012-5571) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Anndy as the original reporter of CVE-2012-5563, and Vijaya Erukala as the original reporter of CVE-2012-5571. All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 879402 - CVE-2012-5563 OpenStack: Keystone extension of token validity through token chaining 880399 - CVE-2012-5571 OpenStack: Keystone EC2-style credentials invalidation issue 883829 - Keystone - Update to the latest Folsom stable release 2012.2.1 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.2.1-1.el6ost.src.rpm noarch: openstack-keystone-2012.2.1-1.el6ost.noarch.rpm openstack-keystone-doc-2012.2.1-1.el6ost.noarch.rpm python-keystone-2012.2.1-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5563.html https://www.redhat.com/security/data/cve/CVE-2012-5571.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQxk9ZXlSAg2UNWIIRAi3CAKC1cQEfRVaESENgg6Go98qYmS/FLgCfRLtV /qrE0mCUMOFA+b8p4+irSHM= =0B8b -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 21:09:19 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2012 21:09:19 +0000 Subject: [RHSA-2012:1558-01] Low: openstack-glance security update Message-ID: <201212102109.qBAL9Jsl005373@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2012:1558-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1558.html Issue date: 2012-12-10 CVE Names: CVE-2012-4573 ===================================================================== 1. Summary: Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. 2. Relevant releases/architectures: RHOS Essex Release - noarch 3. Description: The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications. The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version. A flaw in Keystone allowed an attacker with access to the web and network interfaces to delete arbitrary, non-protected images from Glance servers. (CVE-2012-4573) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Gabe Westmaas as the original reporter of CVE-2012-4573. All users of openstack-glance are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 872302 - CVE-2012-4573 OpenStack: Glance Authentication bypass for image deletion 6. Package List: RHOS Essex Release: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-glance-2012.1.2-2.el6.src.rpm noarch: openstack-glance-2012.1.2-2.el6.noarch.rpm openstack-glance-doc-2012.1.2-2.el6.noarch.rpm python-glance-2012.1.2-2.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4573.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQxk9xXlSAg2UNWIIRAnLFAJ9Yf5a4hLuwSDZczpPP/lDR6NNANgCdFHiQ 4S7YM8tcaTgXog+Kyzx01Vs= =obcL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 12 10:45:34 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Dec 2012 10:45:34 +0000 Subject: [RHSA-2012:1569-01] Critical: flash-plugin security update Message-ID: <201212121054.qBCAsdWE030213@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1569-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html Issue date: 2012-12-12 CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-5676, CVE-2012-5677, CVE-2012-5678) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.258. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5676.html https://www.redhat.com/security/data/cve/CVE-2012-5677.html https://www.redhat.com/security/data/cve/CVE-2012-5678.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-27.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK /I7KAaTWEKnqdTF2Qa3rwWs= =0jAo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 22:46:20 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2012 22:46:20 +0000 Subject: [RHSA-2012:1580-01] Moderate: kernel security, bug fix and enhancement update Message-ID: <201212182246.qBIMkKex012450@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix and enhancement update Advisory ID: RHSA-2012:1580-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1580.html Issue date: 2012-12-18 CVE Names: CVE-2012-2100 CVE-2012-2375 CVE-2012-4444 CVE-2012-4565 CVE-2012-5517 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to "illinois"), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) * It was found that the initial release of Red Hat Enterprise Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. The CVE-2012-2375 issue was discovered by Jian Li of Red Hat, and CVE-2012-4565 was discovered by Rodrigo Freire of Red Hat. This update also fixes numerous bugs and adds one enhancement. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 6.3 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 809687 - CVE-2012-2100 kernel: ext4: fix inconsistency in ext4_fill_flex_info() 822869 - CVE-2012-2375 kernel: incomplete fix for CVE-2011-4131 871848 - CVE-2012-4565 kernel: net: divide by zero in tcp algorithm illinois 874835 - CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments 875374 - CVE-2012-5517 kernel: mm/hotplug: failure in propagating hot-added memory to other nodes 876549 - drm cherry-pick patch from upstream bug for 6.4 [rhel-6.3.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-2.6.32-279.19.1.el6.i686.rpm kernel-debug-2.6.32-279.19.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm kernel-devel-2.6.32-279.19.1.el6.i686.rpm kernel-headers-2.6.32-279.19.1.el6.i686.rpm perf-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.19.1.el6.noarch.rpm kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm perf-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.19.1.el6.noarch.rpm kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm perf-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-2.6.32-279.19.1.el6.i686.rpm kernel-debug-2.6.32-279.19.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm kernel-devel-2.6.32-279.19.1.el6.i686.rpm kernel-headers-2.6.32-279.19.1.el6.i686.rpm perf-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.19.1.el6.noarch.rpm kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.19.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.19.1.el6.ppc64.rpm kernel-debug-2.6.32-279.19.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.19.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.19.1.el6.ppc64.rpm kernel-devel-2.6.32-279.19.1.el6.ppc64.rpm kernel-headers-2.6.32-279.19.1.el6.ppc64.rpm perf-2.6.32-279.19.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.19.1.el6.s390x.rpm kernel-debug-2.6.32-279.19.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.19.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.19.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.19.1.el6.s390x.rpm kernel-devel-2.6.32-279.19.1.el6.s390x.rpm kernel-headers-2.6.32-279.19.1.el6.s390x.rpm kernel-kdump-2.6.32-279.19.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.19.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.19.1.el6.s390x.rpm perf-2.6.32-279.19.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.19.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm perf-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.19.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm python-perf-2.6.32-279.19.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.19.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.19.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.19.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.19.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.19.1.el6.s390x.rpm python-perf-2.6.32-279.19.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-2.6.32-279.19.1.el6.i686.rpm kernel-debug-2.6.32-279.19.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm kernel-devel-2.6.32-279.19.1.el6.i686.rpm kernel-headers-2.6.32-279.19.1.el6.i686.rpm perf-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.19.1.el6.noarch.rpm kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm perf-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.19.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.19.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.19.1.el6.i686.rpm perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm python-perf-2.6.32-279.19.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.19.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm python-perf-2.6.32-279.19.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.19.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2100.html https://www.redhat.com/security/data/cve/CVE-2012-2375.html https://www.redhat.com/security/data/cve/CVE-2012-4444.html https://www.redhat.com/security/data/cve/CVE-2012-4565.html https://www.redhat.com/security/data/cve/CVE-2012-5517.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1580 https://rhn.redhat.com/errata/RHSA-2012-0862.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ0PHYXlSAg2UNWIIRAqO9AKC1PAlEs5NBSOxCGjxKCnShQNGyOQCfYUCu Z+UxHF1Gd9rPKmHz6e4xiMA= =ukve -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 22:47:38 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2012 22:47:38 +0000 Subject: [RHSA-2012:1589-01] Low: kernel security and bug fix update Message-ID: <201212182247.qBIMlc38003737@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kernel security and bug fix update Advisory ID: RHSA-2012:1589-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1589.html Issue date: 2012-12-18 CVE Names: CVE-2012-2313 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Stephan Mueller for reporting this issue. This update also fixes the following bug: * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thus throttled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876077) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.1): Source: kernel-2.6.32-131.36.1.el6.src.rpm i386: kernel-2.6.32-131.36.1.el6.i686.rpm kernel-debug-2.6.32-131.36.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.36.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.36.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.36.1.el6.i686.rpm kernel-devel-2.6.32-131.36.1.el6.i686.rpm kernel-headers-2.6.32-131.36.1.el6.i686.rpm perf-2.6.32-131.36.1.el6.i686.rpm perf-debuginfo-2.6.32-131.36.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.36.1.el6.noarch.rpm kernel-firmware-2.6.32-131.36.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.36.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.36.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.36.1.el6.ppc64.rpm kernel-devel-2.6.32-131.36.1.el6.ppc64.rpm kernel-headers-2.6.32-131.36.1.el6.ppc64.rpm perf-2.6.32-131.36.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.36.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.36.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.36.1.el6.s390x.rpm kernel-devel-2.6.32-131.36.1.el6.s390x.rpm kernel-headers-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.36.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.36.1.el6.s390x.rpm perf-2.6.32-131.36.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.36.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.36.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.36.1.el6.x86_64.rpm kernel-devel-2.6.32-131.36.1.el6.x86_64.rpm kernel-headers-2.6.32-131.36.1.el6.x86_64.rpm perf-2.6.32-131.36.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.36.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2313.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ0PJ2XlSAg2UNWIIRAvqhAJ4h7YjfPcZb4jS2Z2onO+34tHrczwCfe5cM 3091BJLajlLsHKt543x95kU= =eBBx -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 22:49:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2012 22:49:05 +0000 Subject: [RHSA-2012:1590-01] Moderate: libtiff security update Message-ID: <201212182249.qBIMn5tX001102@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libtiff security update Advisory ID: RHSA-2012:1590-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1590.html Issue date: 2012-12-18 CVE Names: CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 ===================================================================== 1. Summary: Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447) A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581) A heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401) A missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code. (CVE-2012-4564) The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 837577 - CVE-2012-3401 libtiff (tiff2pdf): Heap-based buffer overflow due to improper initialization of T2P context struct pointer 860198 - CVE-2012-4447 libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression 867235 - CVE-2012-5581 libtiff: Stack-based buffer overflow when reading a tiled tiff file 871700 - CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-18.el5_8.src.rpm i386: libtiff-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm x86_64: libtiff-3.8.2-18.el5_8.i386.rpm libtiff-3.8.2-18.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-18.el5_8.src.rpm i386: libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-devel-3.8.2-18.el5_8.i386.rpm x86_64: libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.x86_64.rpm libtiff-devel-3.8.2-18.el5_8.i386.rpm libtiff-devel-3.8.2-18.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-18.el5_8.src.rpm i386: libtiff-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-devel-3.8.2-18.el5_8.i386.rpm ia64: libtiff-3.8.2-18.el5_8.i386.rpm libtiff-3.8.2-18.el5_8.ia64.rpm libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.ia64.rpm libtiff-devel-3.8.2-18.el5_8.ia64.rpm ppc: libtiff-3.8.2-18.el5_8.ppc.rpm libtiff-3.8.2-18.el5_8.ppc64.rpm libtiff-debuginfo-3.8.2-18.el5_8.ppc.rpm libtiff-debuginfo-3.8.2-18.el5_8.ppc64.rpm libtiff-devel-3.8.2-18.el5_8.ppc.rpm libtiff-devel-3.8.2-18.el5_8.ppc64.rpm s390x: libtiff-3.8.2-18.el5_8.s390.rpm libtiff-3.8.2-18.el5_8.s390x.rpm libtiff-debuginfo-3.8.2-18.el5_8.s390.rpm libtiff-debuginfo-3.8.2-18.el5_8.s390x.rpm libtiff-devel-3.8.2-18.el5_8.s390.rpm libtiff-devel-3.8.2-18.el5_8.s390x.rpm x86_64: libtiff-3.8.2-18.el5_8.i386.rpm libtiff-3.8.2-18.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-18.el5_8.i386.rpm libtiff-debuginfo-3.8.2-18.el5_8.x86_64.rpm libtiff-devel-3.8.2-18.el5_8.i386.rpm libtiff-devel-3.8.2-18.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm x86_64: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-3.9.4-9.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm libtiff-static-3.9.4-9.el6_3.i686.rpm x86_64: libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.x86_64.rpm libtiff-static-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm x86_64: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-3.9.4-9.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm x86_64: libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.x86_64.rpm libtiff-static-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm ppc64: libtiff-3.9.4-9.el6_3.ppc.rpm libtiff-3.9.4-9.el6_3.ppc64.rpm libtiff-debuginfo-3.9.4-9.el6_3.ppc.rpm libtiff-debuginfo-3.9.4-9.el6_3.ppc64.rpm libtiff-devel-3.9.4-9.el6_3.ppc.rpm libtiff-devel-3.9.4-9.el6_3.ppc64.rpm s390x: libtiff-3.9.4-9.el6_3.s390.rpm libtiff-3.9.4-9.el6_3.s390x.rpm libtiff-debuginfo-3.9.4-9.el6_3.s390.rpm libtiff-debuginfo-3.9.4-9.el6_3.s390x.rpm libtiff-devel-3.9.4-9.el6_3.s390.rpm libtiff-devel-3.9.4-9.el6_3.s390x.rpm x86_64: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-3.9.4-9.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-static-3.9.4-9.el6_3.i686.rpm ppc64: libtiff-debuginfo-3.9.4-9.el6_3.ppc64.rpm libtiff-static-3.9.4-9.el6_3.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-9.el6_3.s390x.rpm libtiff-static-3.9.4-9.el6_3.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-static-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm x86_64: libtiff-3.9.4-9.el6_3.i686.rpm libtiff-3.9.4-9.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-devel-3.9.4-9.el6_3.i686.rpm libtiff-devel-3.9.4-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-9.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-9.el6_3.i686.rpm libtiff-static-3.9.4-9.el6_3.i686.rpm x86_64: libtiff-debuginfo-3.9.4-9.el6_3.x86_64.rpm libtiff-static-3.9.4-9.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3401.html https://www.redhat.com/security/data/cve/CVE-2012-4447.html https://www.redhat.com/security/data/cve/CVE-2012-4564.html https://www.redhat.com/security/data/cve/CVE-2012-5581.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ0PLPXlSAg2UNWIIRAqlxAKCAyfu1n/eaTX9YteNPw6a2jok9BwCbBQx8 qApdyw1voAfN8IRgfWVLfCU= =qpbO -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 21 03:34:00 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 21 Dec 2012 03:34:00 +0000 Subject: [RHSA-2012:1604-01] Moderate: Fuse ESB Enterprise 7.1.0 update Message-ID: <201212210334.qBL3Y0xk028004@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Fuse ESB Enterprise 7.1.0 update Advisory ID: RHSA-2012:1604-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1604.html Issue date: 2012-12-21 CVE Names: CVE-2011-4461 CVE-2012-5370 ===================================================================== 1. Summary: Fuse ESB Enterprise 7.1.0, which fixes two security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 serves as a replacement for Fuse ESB Enterprise 7.0.2, and includes bug fixes and enhancements. Refer to the Fuse ESB Enterprise 7.1.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ The following security issues are also fixed with this release: It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause the Jetty HTTP server (a component of Apache Karaf, used by Fuse ESB Enterprise) to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit of 1000 on the number of parameters processed per request to mitigate this issue. (CVE-2011-4461) A denial of service flaw was found in the implementation of associative arrays (hashes) in JRuby. An attacker able to supply a large number of inputs to a JRuby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, the Murmur hash function has been replaced with the Perl hash function. (CVE-2012-5370) Note: Fuse ESB Enterprise 7.0.2 ships JRuby as part of the camel-ruby component, which allows users to define Camel routes in Ruby. The default use of JRuby in Fuse ESB Enterprise 7.0.2 does not appear to expose this flaw. If the version of JRuby shipped with Fuse ESB Enterprise 7.0.2 was used to build a custom application, then this flaw could be exposed. Red Hat would like to thank oCERT for reporting CVE-2011-4461. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4461. All users of Fuse ESB Enterprise 7.0.2 as provided from the Red Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise 7.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (http://bugzilla.redhat.com/): 781677 - CVE-2011-4461 jetty: hash table collisions CPU usage DoS (oCERT-2011-003) 880671 - CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001) 5. References: https://www.redhat.com/security/data/cve/CVE-2011-4461.html https://www.redhat.com/security/data/cve/CVE-2012-5370.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise&downloadType=distributions https://access.redhat.com/knowledge/docs/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ09iNXlSAg2UNWIIRAkwGAKCITSWavg2Hbm9s1cfEBvxped5M5QCgwDqy KaylRc/lHzUXwTs2CLIkr3g= =L57/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 21 03:34:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 21 Dec 2012 03:34:28 +0000 Subject: [RHSA-2012:1605-01] Moderate: Fuse MQ Enterprise 7.1.0 update Message-ID: <201212210334.qBL3YT8V004313@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Fuse MQ Enterprise 7.1.0 update Advisory ID: RHSA-2012:1605-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1605.html Issue date: 2012-12-21 CVE Names: CVE-2011-4461 ===================================================================== 1. Summary: Fuse MQ Enterprise 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse MQ Enterprise 7.1.0 serves as a replacement for Fuse MQ Enterprise 7.0.2, and includes bug fixes and enhancements. Refer to the Fuse MQ Enterprise 7.1.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ The following security issue is also fixed with this release: It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause the Jetty HTTP server (a component of Apache Karaf, used by Fuse MQ Enterprise) to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit of 1000 on the number of parameters processed per request to mitigate this issue. (CVE-2011-4461) Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters. All users of Fuse MQ Enterprise 7.0.2 as provided from the Red Hat Customer Portal are advised to upgrade to Fuse MQ Enterprise 7.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (http://bugzilla.redhat.com/): 781677 - CVE-2011-4461 jetty: hash table collisions CPU usage DoS (oCERT-2011-003) 5. References: https://www.redhat.com/security/data/cve/CVE-2011-4461.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise&downloadType=distributions https://access.redhat.com/knowledge/docs/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ09i3XlSAg2UNWIIRAmLyAKCrt090MwmSi19JupaCoxK+5Fi94QCdHAqO Sru7dUknjGp31dlpuSlrxhY= =W4u4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 21 03:34:47 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 21 Dec 2012 03:34:47 +0000 Subject: [RHSA-2012:1606-01] Moderate: Fuse Management Console 7.1.0 update Message-ID: <201212210334.qBL3Yl25013307@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Fuse Management Console 7.1.0 update Advisory ID: RHSA-2012:1606-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1606.html Issue date: 2012-12-21 CVE Names: CVE-2011-4461 ===================================================================== 1. Summary: Fuse Management Console 7.1.0, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: The Fuse Management Console is used for managing Fuse ESB Enterprise and Fuse MQ Enterprise deployments. This release of Fuse Management Console 7.1.0 serves as a replacement for Fuse Management Console 1.0.2, and includes bug fixes and enhancements. Refer to the Fuse Management Console 7.1.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ The following security issue is also fixed with this release: It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause the Jetty HTTP server (a component of Apache Karaf, used by Fuse Management Console) to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit of 1000 on the number of parameters processed per request to mitigate this issue. (CVE-2011-4461) Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters. All users of Fuse Management Console 1.0.2 as provided from the Red Hat Customer Portal are advised to upgrade to Fuse Management Console 7.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (http://bugzilla.redhat.com/): 781677 - CVE-2011-4461 jetty: hash table collisions CPU usage DoS (oCERT-2011-003) 5. References: https://www.redhat.com/security/data/cve/CVE-2011-4461.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.management.console&downloadType=distributions https://access.redhat.com/knowledge/docs/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ09jKXlSAg2UNWIIRAiOCAJ9y7rISxSa5mt1otw8hOfWmhuacEQCgpJBV or3n8Ijq4WAP7Lwfhq+5r9c= =q6dh -----END PGP SIGNATURE-----