From bugzilla at redhat.com Mon Jan 9 20:11:27 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 Jan 2012 20:11:27 +0000 Subject: [RHSA-2012:0006-01] Critical: java-1.4.2-ibm security update Message-ID: <201201092011.q09KBRmP000936@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2012:0006-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0006.html Issue date: 2012-01-09 CVE Names: CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPC0nZXlSAg2UNWIIRAv1RAKCl92qrTYYU1hbGCfxx4pg/qqVM2gCcDbOP 1GEavw104zEMlVmzCOrcfx4= =j7JJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 20:23:12 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2012 20:23:12 +0000 Subject: [RHSA-2012:0007-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201201102023.q0AKNCcj010772@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2012:0007-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0007.html Issue date: 2012-01-10 CVE Names: CVE-2011-1020 CVE-2011-3637 CVE-2011-4077 CVE-2011-4132 CVE-2011-4324 CVE-2011-4325 CVE-2011-4330 CVE-2011-4348 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4077, Important) * The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) * A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) * A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4330, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 680358 - CVE-2011-1020 kernel: no access restrictions of /proc/pid/* after setuid program exec 747848 - CVE-2011-3637 kernel: proc: fix oops on invalid /proc//maps access 749156 - CVE-2011-4077 kernel: xfs: potential buffer overflow in xfs_readlink() 753341 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops 755431 - CVE-2011-4330 kernel: hfs: add sanity check for file name length 755440 - CVE-2011-4324 kernel: nfsv4: mknod(2) DoS 755455 - CVE-2011-4325 kernel: nfs: diotest4 from LTP crash client null pointer deref 757143 - CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.17.1.el5.src.rpm i386: kernel-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.17.1.el5.i686.rpm kernel-debug-2.6.18-274.17.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.17.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.i686.rpm kernel-devel-2.6.18-274.17.1.el5.i686.rpm kernel-headers-2.6.18-274.17.1.el5.i386.rpm kernel-xen-2.6.18-274.17.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.17.1.el5.i686.rpm noarch: kernel-doc-2.6.18-274.17.1.el5.noarch.rpm x86_64: kernel-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.17.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.x86_64.rpm kernel-devel-2.6.18-274.17.1.el5.x86_64.rpm kernel-headers-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.17.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.17.1.el5.src.rpm i386: kernel-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-PAE-devel-2.6.18-274.17.1.el5.i686.rpm kernel-debug-2.6.18-274.17.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-debug-devel-2.6.18-274.17.1.el5.i686.rpm kernel-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.i686.rpm kernel-devel-2.6.18-274.17.1.el5.i686.rpm kernel-headers-2.6.18-274.17.1.el5.i386.rpm kernel-xen-2.6.18-274.17.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.17.1.el5.i686.rpm kernel-xen-devel-2.6.18-274.17.1.el5.i686.rpm ia64: kernel-2.6.18-274.17.1.el5.ia64.rpm kernel-debug-2.6.18-274.17.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.ia64.rpm kernel-debug-devel-2.6.18-274.17.1.el5.ia64.rpm kernel-debuginfo-2.6.18-274.17.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.ia64.rpm kernel-devel-2.6.18-274.17.1.el5.ia64.rpm kernel-headers-2.6.18-274.17.1.el5.ia64.rpm kernel-xen-2.6.18-274.17.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.17.1.el5.ia64.rpm kernel-xen-devel-2.6.18-274.17.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.17.1.el5.noarch.rpm ppc: kernel-2.6.18-274.17.1.el5.ppc64.rpm kernel-debug-2.6.18-274.17.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.17.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.17.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.ppc64.rpm kernel-devel-2.6.18-274.17.1.el5.ppc64.rpm kernel-headers-2.6.18-274.17.1.el5.ppc.rpm kernel-headers-2.6.18-274.17.1.el5.ppc64.rpm kernel-kdump-2.6.18-274.17.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.17.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.17.1.el5.ppc64.rpm s390x: kernel-2.6.18-274.17.1.el5.s390x.rpm kernel-debug-2.6.18-274.17.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.s390x.rpm kernel-debug-devel-2.6.18-274.17.1.el5.s390x.rpm kernel-debuginfo-2.6.18-274.17.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.s390x.rpm kernel-devel-2.6.18-274.17.1.el5.s390x.rpm kernel-headers-2.6.18-274.17.1.el5.s390x.rpm kernel-kdump-2.6.18-274.17.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.17.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.17.1.el5.s390x.rpm x86_64: kernel-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.17.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.17.1.el5.x86_64.rpm kernel-devel-2.6.18-274.17.1.el5.x86_64.rpm kernel-headers-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.17.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.17.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1020.html https://www.redhat.com/security/data/cve/CVE-2011-3637.html https://www.redhat.com/security/data/cve/CVE-2011-4077.html https://www.redhat.com/security/data/cve/CVE-2011-4132.html https://www.redhat.com/security/data/cve/CVE-2011-4324.html https://www.redhat.com/security/data/cve/CVE-2011-4325.html https://www.redhat.com/security/data/cve/CVE-2011-4330.html https://www.redhat.com/security/data/cve/CVE-2011-4348.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-1212.html https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2012-0007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDJ4hXlSAg2UNWIIRAuwSAJ45E2JYyzfv5ar9QjRCIjnlGVxAigCgtRBR eCyiujSZWtFGuKTLRUAdq2I= =D0XJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 20:24:57 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2012 20:24:57 +0000 Subject: [RHSA-2012:0010-01] Important: kernel-rt security and bug fix update Message-ID: <201201102024.q0AKOvX8004709@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2012:0010-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0010.html Issue date: 2012-01-10 CVE Names: CVE-2011-1162 CVE-2011-2494 CVE-2011-2723 CVE-2011-2898 CVE-2011-3188 CVE-2011-3191 CVE-2011-3353 CVE-2011-3359 CVE-2011-3363 CVE-2011-3637 CVE-2011-4081 CVE-2011-4110 CVE-2011-4132 CVE-2011-4326 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A malicious CIFS (Common Internet File System) server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on were handled could allow a remote attacker to cause a denial of service. (CVE-2011-4326, Important) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the FUSE (Filesystem in Userspace) implementation could allow a local user in the fuse group who has access to mount a FUSE file system to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw in the b43 driver. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw in the way CIFS shares with DFS referrals at their root were handled could allow an attacker on the local network, who is able to deploy a malicious CIFS server, to create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw in the m_stop() implementation could allow a local, unprivileged user to trigger a denial of service. (CVE-2011-3637, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw in the key management facility could allow a local, unprivileged user to cause a denial of service via the keyctl utility. (CVE-2011-4110, Moderate) * A flaw in the Journaling Block Device (JBD) could allow a local attacker to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * I/O statistics from the taskstats subsystem could be read without any restrictions, which could allow a local, unprivileged user to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * Flaws in tpacket_rcv() and packet_recvmsg() could allow a local, unprivileged user to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes the following bugs: * Previously, a mismatch in the build-id of the kernel-rt and the one in the related debuginfo package caused failures in SystemTap and perf. (BZ#768413) * IBM x3650m3 systems were not able to boot the MRG Realtime kernel because they require a pmcraid driver that was not available. The pmcraid driver is included in this update. (BZ#753992) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 716842 - CVE-2011-2494 kernel: taskstats io infoleak 726552 - CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled 728023 - CVE-2011-2898 kernel: af_packet: infoleak 732629 - CVE-2011-1162 kernel: tpm: infoleak 732658 - CVE-2011-3188 kernel: net: improve sequence number generation 732869 - CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext() 736761 - CVE-2011-3353 kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message 738202 - CVE-2011-3359 kernel: b43: allocate receive buffers big enough for max frame len + offset 738291 - CVE-2011-3363 kernel: cifs: always do is_path_accessible check in cifs_mount 747848 - CVE-2011-3637 kernel: proc: fix oops on invalid /proc//maps access 749475 - CVE-2011-4081 kernel: crypto: ghash: null pointer deref if no key is set 751297 - CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type 753341 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops 755584 - CVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment() 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-2.6.33.9-rt31.79.el6rt.src.rpm noarch: kernel-rt-doc-2.6.33.9-rt31.79.el6rt.noarch.rpm kernel-rt-firmware-2.6.33.9-rt31.79.el6rt.noarch.rpm x86_64: kernel-rt-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-debug-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-debug-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-trace-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-trace-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-vanilla-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm kernel-rt-vanilla-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1162.html https://www.redhat.com/security/data/cve/CVE-2011-2494.html https://www.redhat.com/security/data/cve/CVE-2011-2723.html https://www.redhat.com/security/data/cve/CVE-2011-2898.html https://www.redhat.com/security/data/cve/CVE-2011-3188.html https://www.redhat.com/security/data/cve/CVE-2011-3191.html https://www.redhat.com/security/data/cve/CVE-2011-3353.html https://www.redhat.com/security/data/cve/CVE-2011-3359.html https://www.redhat.com/security/data/cve/CVE-2011-3363.html https://www.redhat.com/security/data/cve/CVE-2011-3637.html https://www.redhat.com/security/data/cve/CVE-2011-4081.html https://www.redhat.com/security/data/cve/CVE-2011-4110.html https://www.redhat.com/security/data/cve/CVE-2011-4132.html https://www.redhat.com/security/data/cve/CVE-2011-4326.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDJ6FXlSAg2UNWIIRAsrYAKCLerKtJ4QtRBX9XbrUMn6hOusSYACcDy1x DrRqrqyb3B96r051baGDAZU= =M480 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 22:58:45 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2012 22:58:45 +0000 Subject: [RHSA-2012:0011-01] Critical: acroread security update Message-ID: <201201102258.q0AMwj73028184@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0011-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0011.html Issue date: 2012-01-10 CVE Names: CVE-2011-2462 CVE-2011-4369 ===================================================================== 1. Summary: Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes two security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-30, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2462, CVE-2011-4369) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 760908 - CVE-2011-2462 acroread: U3D memory corruption vulnerability (APSB11-30) 768517 - CVE-2011-4369 acroread: unspecified vulnerability in PRC component (APSB11-30) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.7-1.el4.i386.rpm acroread-plugin-9.4.7-1.el4.i386.rpm x86_64: acroread-9.4.7-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm x86_64: acroread-9.4.7-1.el5.i386.rpm acroread-plugin-9.4.7-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm x86_64: acroread-9.4.7-1.el6.i686.rpm acroread-plugin-9.4.7-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2462.html https://www.redhat.com/security/data/cve/CVE-2011-4369.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-30.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDMKRXlSAg2UNWIIRAkUtAJ9ecqEovcdC+wLbcLbawdlzoYdkUgCeIs+L 99vY+PhmQPOP5eD6B2J2xto= =wy7X -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 18:03:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2012 18:03:28 +0000 Subject: [RHSA-2012:0016-01] Important: libxml2 security update Message-ID: <201201111803.q0BI3S3p027149@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:0016-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0016.html Issue date: 2012-01-11 CVE Names: CVE-2011-0216 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 ===================================================================== 1. Summary: Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) A flaw was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libxml2-2.6.16-12.9.src.rpm i386: libxml2-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-devel-2.6.16-12.9.i386.rpm libxml2-python-2.6.16-12.9.i386.rpm ia64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.ia64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.ia64.rpm libxml2-devel-2.6.16-12.9.ia64.rpm libxml2-python-2.6.16-12.9.ia64.rpm ppc: libxml2-2.6.16-12.9.ppc.rpm libxml2-2.6.16-12.9.ppc64.rpm libxml2-debuginfo-2.6.16-12.9.ppc.rpm libxml2-debuginfo-2.6.16-12.9.ppc64.rpm libxml2-devel-2.6.16-12.9.ppc.rpm libxml2-python-2.6.16-12.9.ppc.rpm s390: libxml2-2.6.16-12.9.s390.rpm libxml2-debuginfo-2.6.16-12.9.s390.rpm libxml2-devel-2.6.16-12.9.s390.rpm libxml2-python-2.6.16-12.9.s390.rpm s390x: libxml2-2.6.16-12.9.s390.rpm libxml2-2.6.16-12.9.s390x.rpm libxml2-debuginfo-2.6.16-12.9.s390.rpm libxml2-debuginfo-2.6.16-12.9.s390x.rpm libxml2-devel-2.6.16-12.9.s390x.rpm libxml2-python-2.6.16-12.9.s390x.rpm x86_64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.x86_64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.x86_64.rpm libxml2-devel-2.6.16-12.9.x86_64.rpm libxml2-python-2.6.16-12.9.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libxml2-2.6.16-12.9.src.rpm i386: libxml2-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-devel-2.6.16-12.9.i386.rpm libxml2-python-2.6.16-12.9.i386.rpm x86_64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.x86_64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.x86_64.rpm libxml2-devel-2.6.16-12.9.x86_64.rpm libxml2-python-2.6.16-12.9.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libxml2-2.6.16-12.9.src.rpm i386: libxml2-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-devel-2.6.16-12.9.i386.rpm libxml2-python-2.6.16-12.9.i386.rpm ia64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.ia64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.ia64.rpm libxml2-devel-2.6.16-12.9.ia64.rpm libxml2-python-2.6.16-12.9.ia64.rpm x86_64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.x86_64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.x86_64.rpm libxml2-devel-2.6.16-12.9.x86_64.rpm libxml2-python-2.6.16-12.9.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libxml2-2.6.16-12.9.src.rpm i386: libxml2-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-devel-2.6.16-12.9.i386.rpm libxml2-python-2.6.16-12.9.i386.rpm ia64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.ia64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.ia64.rpm libxml2-devel-2.6.16-12.9.ia64.rpm libxml2-python-2.6.16-12.9.ia64.rpm x86_64: libxml2-2.6.16-12.9.i386.rpm libxml2-2.6.16-12.9.x86_64.rpm libxml2-debuginfo-2.6.16-12.9.i386.rpm libxml2-debuginfo-2.6.16-12.9.x86_64.rpm libxml2-devel-2.6.16-12.9.x86_64.rpm libxml2-python-2.6.16-12.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDc6ZXlSAg2UNWIIRAmDjAKCBhrcRhTagqVadEr4HMPvQEkJ/cQCgibj1 M8F/qvDqKkpmkjPBcs23nbU= =2W5y -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 18:04:57 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2012 18:04:57 +0000 Subject: [RHSA-2012:0017-01] Important: libxml2 security update Message-ID: <201201111804.q0BI4voU020611@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:0017-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0017.html Issue date: 2012-01-11 CVE Names: CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 ===================================================================== 1. Summary: Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm ia64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm ppc: libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm s390x: libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDc8yXlSAg2UNWIIRAp0FAKCr3G8qJvCfqK4BJBzJsMWlSYXXFQCgxNs7 ZcFDHRyFhx22yjGNtU/I5SA= =FALM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 18:05:35 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2012 18:05:35 +0000 Subject: [RHSA-2012:0018-01] Important: libxml2 security update Message-ID: <201201111805.q0BI5ZhL028297@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:0018-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0018.html Issue date: 2012-01-11 CVE Names: CVE-2011-3905 CVE-2011-3919 ===================================================================== 1. Summary: Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-python-2.7.6-4.el6_2.1.i686.rpm x86_64: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-2.7.6-4.el6_2.1.x86_64.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-python-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-static-2.7.6-4.el6_2.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.x86_64.rpm libxml2-static-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm x86_64: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-2.7.6-4.el6_2.1.x86_64.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-python-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm x86_64: libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.x86_64.rpm libxml2-static-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-python-2.7.6-4.el6_2.1.i686.rpm ppc64: libxml2-2.7.6-4.el6_2.1.ppc.rpm libxml2-2.7.6-4.el6_2.1.ppc64.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.ppc.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.ppc64.rpm libxml2-devel-2.7.6-4.el6_2.1.ppc.rpm libxml2-devel-2.7.6-4.el6_2.1.ppc64.rpm libxml2-python-2.7.6-4.el6_2.1.ppc64.rpm s390x: libxml2-2.7.6-4.el6_2.1.s390.rpm libxml2-2.7.6-4.el6_2.1.s390x.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.s390.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.s390x.rpm libxml2-devel-2.7.6-4.el6_2.1.s390.rpm libxml2-devel-2.7.6-4.el6_2.1.s390x.rpm libxml2-python-2.7.6-4.el6_2.1.s390x.rpm x86_64: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-2.7.6-4.el6_2.1.x86_64.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.x86_64.rpm libxml2-python-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-static-2.7.6-4.el6_2.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-4.el6_2.1.ppc64.rpm libxml2-static-2.7.6-4.el6_2.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-4.el6_2.1.s390x.rpm libxml2-static-2.7.6-4.el6_2.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-static-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-python-2.7.6-4.el6_2.1.i686.rpm x86_64: libxml2-2.7.6-4.el6_2.1.i686.rpm libxml2-2.7.6-4.el6_2.1.x86_64.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-devel-2.7.6-4.el6_2.1.i686.rpm libxml2-devel-2.7.6-4.el6_2.1.x86_64.rpm libxml2-python-2.7.6-4.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-4.el6_2.1.src.rpm i386: libxml2-debuginfo-2.7.6-4.el6_2.1.i686.rpm libxml2-static-2.7.6-4.el6_2.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-4.el6_2.1.x86_64.rpm libxml2-static-2.7.6-4.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDc9aXlSAg2UNWIIRAvBLAJ9XWU2IwjWK3hRYku0jl8sWdhlv3wCgizaq rcfEVWjyoSYVbcwQm9MgQwM= =AIBd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 18:34:04 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2012 18:34:04 +0000 Subject: [RHSA-2012:0019-01] Moderate: php53 and php security update Message-ID: <201201111834.q0BIY4FS001993@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 and php security update Advisory ID: RHSA-2012:0019-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0019.html Issue date: 2012-01-11 CVE Names: CVE-2011-4566 CVE-2011-4885 ===================================================================== 1. Summary: Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4885. All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 750547 - CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003) 758413 - CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-1.el5_7.5.src.rpm i386: php53-5.3.3-1.el5_7.5.i386.rpm php53-bcmath-5.3.3-1.el5_7.5.i386.rpm php53-cli-5.3.3-1.el5_7.5.i386.rpm php53-common-5.3.3-1.el5_7.5.i386.rpm php53-dba-5.3.3-1.el5_7.5.i386.rpm php53-debuginfo-5.3.3-1.el5_7.5.i386.rpm php53-devel-5.3.3-1.el5_7.5.i386.rpm php53-gd-5.3.3-1.el5_7.5.i386.rpm php53-imap-5.3.3-1.el5_7.5.i386.rpm php53-intl-5.3.3-1.el5_7.5.i386.rpm php53-ldap-5.3.3-1.el5_7.5.i386.rpm php53-mbstring-5.3.3-1.el5_7.5.i386.rpm php53-mysql-5.3.3-1.el5_7.5.i386.rpm php53-odbc-5.3.3-1.el5_7.5.i386.rpm php53-pdo-5.3.3-1.el5_7.5.i386.rpm php53-pgsql-5.3.3-1.el5_7.5.i386.rpm php53-process-5.3.3-1.el5_7.5.i386.rpm php53-pspell-5.3.3-1.el5_7.5.i386.rpm php53-snmp-5.3.3-1.el5_7.5.i386.rpm php53-soap-5.3.3-1.el5_7.5.i386.rpm php53-xml-5.3.3-1.el5_7.5.i386.rpm php53-xmlrpc-5.3.3-1.el5_7.5.i386.rpm x86_64: php53-5.3.3-1.el5_7.5.x86_64.rpm php53-bcmath-5.3.3-1.el5_7.5.x86_64.rpm php53-cli-5.3.3-1.el5_7.5.x86_64.rpm php53-common-5.3.3-1.el5_7.5.x86_64.rpm php53-dba-5.3.3-1.el5_7.5.x86_64.rpm php53-debuginfo-5.3.3-1.el5_7.5.x86_64.rpm php53-devel-5.3.3-1.el5_7.5.x86_64.rpm php53-gd-5.3.3-1.el5_7.5.x86_64.rpm php53-imap-5.3.3-1.el5_7.5.x86_64.rpm php53-intl-5.3.3-1.el5_7.5.x86_64.rpm php53-ldap-5.3.3-1.el5_7.5.x86_64.rpm php53-mbstring-5.3.3-1.el5_7.5.x86_64.rpm php53-mysql-5.3.3-1.el5_7.5.x86_64.rpm php53-odbc-5.3.3-1.el5_7.5.x86_64.rpm php53-pdo-5.3.3-1.el5_7.5.x86_64.rpm php53-pgsql-5.3.3-1.el5_7.5.x86_64.rpm php53-process-5.3.3-1.el5_7.5.x86_64.rpm php53-pspell-5.3.3-1.el5_7.5.x86_64.rpm php53-snmp-5.3.3-1.el5_7.5.x86_64.rpm php53-soap-5.3.3-1.el5_7.5.x86_64.rpm php53-xml-5.3.3-1.el5_7.5.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_7.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-1.el5_7.5.src.rpm i386: php53-5.3.3-1.el5_7.5.i386.rpm php53-bcmath-5.3.3-1.el5_7.5.i386.rpm php53-cli-5.3.3-1.el5_7.5.i386.rpm php53-common-5.3.3-1.el5_7.5.i386.rpm php53-dba-5.3.3-1.el5_7.5.i386.rpm php53-debuginfo-5.3.3-1.el5_7.5.i386.rpm php53-devel-5.3.3-1.el5_7.5.i386.rpm php53-gd-5.3.3-1.el5_7.5.i386.rpm php53-imap-5.3.3-1.el5_7.5.i386.rpm php53-intl-5.3.3-1.el5_7.5.i386.rpm php53-ldap-5.3.3-1.el5_7.5.i386.rpm php53-mbstring-5.3.3-1.el5_7.5.i386.rpm php53-mysql-5.3.3-1.el5_7.5.i386.rpm php53-odbc-5.3.3-1.el5_7.5.i386.rpm php53-pdo-5.3.3-1.el5_7.5.i386.rpm php53-pgsql-5.3.3-1.el5_7.5.i386.rpm php53-process-5.3.3-1.el5_7.5.i386.rpm php53-pspell-5.3.3-1.el5_7.5.i386.rpm php53-snmp-5.3.3-1.el5_7.5.i386.rpm php53-soap-5.3.3-1.el5_7.5.i386.rpm php53-xml-5.3.3-1.el5_7.5.i386.rpm php53-xmlrpc-5.3.3-1.el5_7.5.i386.rpm ia64: php53-5.3.3-1.el5_7.5.ia64.rpm php53-bcmath-5.3.3-1.el5_7.5.ia64.rpm php53-cli-5.3.3-1.el5_7.5.ia64.rpm php53-common-5.3.3-1.el5_7.5.ia64.rpm php53-dba-5.3.3-1.el5_7.5.ia64.rpm php53-debuginfo-5.3.3-1.el5_7.5.ia64.rpm php53-devel-5.3.3-1.el5_7.5.ia64.rpm php53-gd-5.3.3-1.el5_7.5.ia64.rpm php53-imap-5.3.3-1.el5_7.5.ia64.rpm php53-intl-5.3.3-1.el5_7.5.ia64.rpm php53-ldap-5.3.3-1.el5_7.5.ia64.rpm php53-mbstring-5.3.3-1.el5_7.5.ia64.rpm php53-mysql-5.3.3-1.el5_7.5.ia64.rpm php53-odbc-5.3.3-1.el5_7.5.ia64.rpm php53-pdo-5.3.3-1.el5_7.5.ia64.rpm php53-pgsql-5.3.3-1.el5_7.5.ia64.rpm php53-process-5.3.3-1.el5_7.5.ia64.rpm php53-pspell-5.3.3-1.el5_7.5.ia64.rpm php53-snmp-5.3.3-1.el5_7.5.ia64.rpm php53-soap-5.3.3-1.el5_7.5.ia64.rpm php53-xml-5.3.3-1.el5_7.5.ia64.rpm php53-xmlrpc-5.3.3-1.el5_7.5.ia64.rpm ppc: php53-5.3.3-1.el5_7.5.ppc.rpm php53-bcmath-5.3.3-1.el5_7.5.ppc.rpm php53-cli-5.3.3-1.el5_7.5.ppc.rpm php53-common-5.3.3-1.el5_7.5.ppc.rpm php53-dba-5.3.3-1.el5_7.5.ppc.rpm php53-debuginfo-5.3.3-1.el5_7.5.ppc.rpm php53-devel-5.3.3-1.el5_7.5.ppc.rpm php53-gd-5.3.3-1.el5_7.5.ppc.rpm php53-imap-5.3.3-1.el5_7.5.ppc.rpm php53-intl-5.3.3-1.el5_7.5.ppc.rpm php53-ldap-5.3.3-1.el5_7.5.ppc.rpm php53-mbstring-5.3.3-1.el5_7.5.ppc.rpm php53-mysql-5.3.3-1.el5_7.5.ppc.rpm php53-odbc-5.3.3-1.el5_7.5.ppc.rpm php53-pdo-5.3.3-1.el5_7.5.ppc.rpm php53-pgsql-5.3.3-1.el5_7.5.ppc.rpm php53-process-5.3.3-1.el5_7.5.ppc.rpm php53-pspell-5.3.3-1.el5_7.5.ppc.rpm php53-snmp-5.3.3-1.el5_7.5.ppc.rpm php53-soap-5.3.3-1.el5_7.5.ppc.rpm php53-xml-5.3.3-1.el5_7.5.ppc.rpm php53-xmlrpc-5.3.3-1.el5_7.5.ppc.rpm s390x: php53-5.3.3-1.el5_7.5.s390x.rpm php53-bcmath-5.3.3-1.el5_7.5.s390x.rpm php53-cli-5.3.3-1.el5_7.5.s390x.rpm php53-common-5.3.3-1.el5_7.5.s390x.rpm php53-dba-5.3.3-1.el5_7.5.s390x.rpm php53-debuginfo-5.3.3-1.el5_7.5.s390x.rpm php53-devel-5.3.3-1.el5_7.5.s390x.rpm php53-gd-5.3.3-1.el5_7.5.s390x.rpm php53-imap-5.3.3-1.el5_7.5.s390x.rpm php53-intl-5.3.3-1.el5_7.5.s390x.rpm php53-ldap-5.3.3-1.el5_7.5.s390x.rpm php53-mbstring-5.3.3-1.el5_7.5.s390x.rpm php53-mysql-5.3.3-1.el5_7.5.s390x.rpm php53-odbc-5.3.3-1.el5_7.5.s390x.rpm php53-pdo-5.3.3-1.el5_7.5.s390x.rpm php53-pgsql-5.3.3-1.el5_7.5.s390x.rpm php53-process-5.3.3-1.el5_7.5.s390x.rpm php53-pspell-5.3.3-1.el5_7.5.s390x.rpm php53-snmp-5.3.3-1.el5_7.5.s390x.rpm php53-soap-5.3.3-1.el5_7.5.s390x.rpm php53-xml-5.3.3-1.el5_7.5.s390x.rpm php53-xmlrpc-5.3.3-1.el5_7.5.s390x.rpm x86_64: php53-5.3.3-1.el5_7.5.x86_64.rpm php53-bcmath-5.3.3-1.el5_7.5.x86_64.rpm php53-cli-5.3.3-1.el5_7.5.x86_64.rpm php53-common-5.3.3-1.el5_7.5.x86_64.rpm php53-dba-5.3.3-1.el5_7.5.x86_64.rpm php53-debuginfo-5.3.3-1.el5_7.5.x86_64.rpm php53-devel-5.3.3-1.el5_7.5.x86_64.rpm php53-gd-5.3.3-1.el5_7.5.x86_64.rpm php53-imap-5.3.3-1.el5_7.5.x86_64.rpm php53-intl-5.3.3-1.el5_7.5.x86_64.rpm php53-ldap-5.3.3-1.el5_7.5.x86_64.rpm php53-mbstring-5.3.3-1.el5_7.5.x86_64.rpm php53-mysql-5.3.3-1.el5_7.5.x86_64.rpm php53-odbc-5.3.3-1.el5_7.5.x86_64.rpm php53-pdo-5.3.3-1.el5_7.5.x86_64.rpm php53-pgsql-5.3.3-1.el5_7.5.x86_64.rpm php53-process-5.3.3-1.el5_7.5.x86_64.rpm php53-pspell-5.3.3-1.el5_7.5.x86_64.rpm php53-snmp-5.3.3-1.el5_7.5.x86_64.rpm php53-soap-5.3.3-1.el5_7.5.x86_64.rpm php53-xml-5.3.3-1.el5_7.5.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_7.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm i386: php-5.3.3-3.el6_2.5.i686.rpm php-bcmath-5.3.3-3.el6_2.5.i686.rpm php-cli-5.3.3-3.el6_2.5.i686.rpm php-common-5.3.3-3.el6_2.5.i686.rpm php-dba-5.3.3-3.el6_2.5.i686.rpm php-debuginfo-5.3.3-3.el6_2.5.i686.rpm php-devel-5.3.3-3.el6_2.5.i686.rpm php-embedded-5.3.3-3.el6_2.5.i686.rpm php-enchant-5.3.3-3.el6_2.5.i686.rpm php-gd-5.3.3-3.el6_2.5.i686.rpm php-imap-5.3.3-3.el6_2.5.i686.rpm php-intl-5.3.3-3.el6_2.5.i686.rpm php-ldap-5.3.3-3.el6_2.5.i686.rpm php-mbstring-5.3.3-3.el6_2.5.i686.rpm php-mysql-5.3.3-3.el6_2.5.i686.rpm php-odbc-5.3.3-3.el6_2.5.i686.rpm php-pdo-5.3.3-3.el6_2.5.i686.rpm php-pgsql-5.3.3-3.el6_2.5.i686.rpm php-process-5.3.3-3.el6_2.5.i686.rpm php-pspell-5.3.3-3.el6_2.5.i686.rpm php-recode-5.3.3-3.el6_2.5.i686.rpm php-snmp-5.3.3-3.el6_2.5.i686.rpm php-soap-5.3.3-3.el6_2.5.i686.rpm php-tidy-5.3.3-3.el6_2.5.i686.rpm php-xml-5.3.3-3.el6_2.5.i686.rpm php-xmlrpc-5.3.3-3.el6_2.5.i686.rpm php-zts-5.3.3-3.el6_2.5.i686.rpm x86_64: php-5.3.3-3.el6_2.5.x86_64.rpm php-bcmath-5.3.3-3.el6_2.5.x86_64.rpm php-cli-5.3.3-3.el6_2.5.x86_64.rpm php-common-5.3.3-3.el6_2.5.x86_64.rpm php-dba-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-devel-5.3.3-3.el6_2.5.x86_64.rpm php-embedded-5.3.3-3.el6_2.5.x86_64.rpm php-enchant-5.3.3-3.el6_2.5.x86_64.rpm php-gd-5.3.3-3.el6_2.5.x86_64.rpm php-imap-5.3.3-3.el6_2.5.x86_64.rpm php-intl-5.3.3-3.el6_2.5.x86_64.rpm php-ldap-5.3.3-3.el6_2.5.x86_64.rpm php-mbstring-5.3.3-3.el6_2.5.x86_64.rpm php-mysql-5.3.3-3.el6_2.5.x86_64.rpm php-odbc-5.3.3-3.el6_2.5.x86_64.rpm php-pdo-5.3.3-3.el6_2.5.x86_64.rpm php-pgsql-5.3.3-3.el6_2.5.x86_64.rpm php-process-5.3.3-3.el6_2.5.x86_64.rpm php-pspell-5.3.3-3.el6_2.5.x86_64.rpm php-recode-5.3.3-3.el6_2.5.x86_64.rpm php-snmp-5.3.3-3.el6_2.5.x86_64.rpm php-soap-5.3.3-3.el6_2.5.x86_64.rpm php-tidy-5.3.3-3.el6_2.5.x86_64.rpm php-xml-5.3.3-3.el6_2.5.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.5.x86_64.rpm php-zts-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm x86_64: php-cli-5.3.3-3.el6_2.5.x86_64.rpm php-common-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm x86_64: php-5.3.3-3.el6_2.5.x86_64.rpm php-bcmath-5.3.3-3.el6_2.5.x86_64.rpm php-dba-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-devel-5.3.3-3.el6_2.5.x86_64.rpm php-embedded-5.3.3-3.el6_2.5.x86_64.rpm php-enchant-5.3.3-3.el6_2.5.x86_64.rpm php-gd-5.3.3-3.el6_2.5.x86_64.rpm php-imap-5.3.3-3.el6_2.5.x86_64.rpm php-intl-5.3.3-3.el6_2.5.x86_64.rpm php-ldap-5.3.3-3.el6_2.5.x86_64.rpm php-mbstring-5.3.3-3.el6_2.5.x86_64.rpm php-mysql-5.3.3-3.el6_2.5.x86_64.rpm php-odbc-5.3.3-3.el6_2.5.x86_64.rpm php-pdo-5.3.3-3.el6_2.5.x86_64.rpm php-pgsql-5.3.3-3.el6_2.5.x86_64.rpm php-process-5.3.3-3.el6_2.5.x86_64.rpm php-pspell-5.3.3-3.el6_2.5.x86_64.rpm php-recode-5.3.3-3.el6_2.5.x86_64.rpm php-snmp-5.3.3-3.el6_2.5.x86_64.rpm php-soap-5.3.3-3.el6_2.5.x86_64.rpm php-tidy-5.3.3-3.el6_2.5.x86_64.rpm php-xml-5.3.3-3.el6_2.5.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.5.x86_64.rpm php-zts-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm i386: php-5.3.3-3.el6_2.5.i686.rpm php-cli-5.3.3-3.el6_2.5.i686.rpm php-common-5.3.3-3.el6_2.5.i686.rpm php-debuginfo-5.3.3-3.el6_2.5.i686.rpm php-gd-5.3.3-3.el6_2.5.i686.rpm php-ldap-5.3.3-3.el6_2.5.i686.rpm php-mysql-5.3.3-3.el6_2.5.i686.rpm php-odbc-5.3.3-3.el6_2.5.i686.rpm php-pdo-5.3.3-3.el6_2.5.i686.rpm php-pgsql-5.3.3-3.el6_2.5.i686.rpm php-soap-5.3.3-3.el6_2.5.i686.rpm php-xml-5.3.3-3.el6_2.5.i686.rpm php-xmlrpc-5.3.3-3.el6_2.5.i686.rpm ppc64: php-5.3.3-3.el6_2.5.ppc64.rpm php-cli-5.3.3-3.el6_2.5.ppc64.rpm php-common-5.3.3-3.el6_2.5.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.5.ppc64.rpm php-gd-5.3.3-3.el6_2.5.ppc64.rpm php-ldap-5.3.3-3.el6_2.5.ppc64.rpm php-mysql-5.3.3-3.el6_2.5.ppc64.rpm php-odbc-5.3.3-3.el6_2.5.ppc64.rpm php-pdo-5.3.3-3.el6_2.5.ppc64.rpm php-pgsql-5.3.3-3.el6_2.5.ppc64.rpm php-soap-5.3.3-3.el6_2.5.ppc64.rpm php-xml-5.3.3-3.el6_2.5.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.5.ppc64.rpm s390x: php-5.3.3-3.el6_2.5.s390x.rpm php-cli-5.3.3-3.el6_2.5.s390x.rpm php-common-5.3.3-3.el6_2.5.s390x.rpm php-debuginfo-5.3.3-3.el6_2.5.s390x.rpm php-gd-5.3.3-3.el6_2.5.s390x.rpm php-ldap-5.3.3-3.el6_2.5.s390x.rpm php-mysql-5.3.3-3.el6_2.5.s390x.rpm php-odbc-5.3.3-3.el6_2.5.s390x.rpm php-pdo-5.3.3-3.el6_2.5.s390x.rpm php-pgsql-5.3.3-3.el6_2.5.s390x.rpm php-soap-5.3.3-3.el6_2.5.s390x.rpm php-xml-5.3.3-3.el6_2.5.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.5.s390x.rpm x86_64: php-5.3.3-3.el6_2.5.x86_64.rpm php-cli-5.3.3-3.el6_2.5.x86_64.rpm php-common-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-gd-5.3.3-3.el6_2.5.x86_64.rpm php-ldap-5.3.3-3.el6_2.5.x86_64.rpm php-mysql-5.3.3-3.el6_2.5.x86_64.rpm php-odbc-5.3.3-3.el6_2.5.x86_64.rpm php-pdo-5.3.3-3.el6_2.5.x86_64.rpm php-pgsql-5.3.3-3.el6_2.5.x86_64.rpm php-soap-5.3.3-3.el6_2.5.x86_64.rpm php-xml-5.3.3-3.el6_2.5.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm i386: php-bcmath-5.3.3-3.el6_2.5.i686.rpm php-dba-5.3.3-3.el6_2.5.i686.rpm php-debuginfo-5.3.3-3.el6_2.5.i686.rpm php-devel-5.3.3-3.el6_2.5.i686.rpm php-embedded-5.3.3-3.el6_2.5.i686.rpm php-enchant-5.3.3-3.el6_2.5.i686.rpm php-imap-5.3.3-3.el6_2.5.i686.rpm php-intl-5.3.3-3.el6_2.5.i686.rpm php-mbstring-5.3.3-3.el6_2.5.i686.rpm php-process-5.3.3-3.el6_2.5.i686.rpm php-pspell-5.3.3-3.el6_2.5.i686.rpm php-recode-5.3.3-3.el6_2.5.i686.rpm php-snmp-5.3.3-3.el6_2.5.i686.rpm php-tidy-5.3.3-3.el6_2.5.i686.rpm php-zts-5.3.3-3.el6_2.5.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.5.ppc64.rpm php-dba-5.3.3-3.el6_2.5.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.5.ppc64.rpm php-devel-5.3.3-3.el6_2.5.ppc64.rpm php-embedded-5.3.3-3.el6_2.5.ppc64.rpm php-enchant-5.3.3-3.el6_2.5.ppc64.rpm php-imap-5.3.3-3.el6_2.5.ppc64.rpm php-intl-5.3.3-3.el6_2.5.ppc64.rpm php-mbstring-5.3.3-3.el6_2.5.ppc64.rpm php-process-5.3.3-3.el6_2.5.ppc64.rpm php-pspell-5.3.3-3.el6_2.5.ppc64.rpm php-recode-5.3.3-3.el6_2.5.ppc64.rpm php-snmp-5.3.3-3.el6_2.5.ppc64.rpm php-tidy-5.3.3-3.el6_2.5.ppc64.rpm php-zts-5.3.3-3.el6_2.5.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.5.s390x.rpm php-dba-5.3.3-3.el6_2.5.s390x.rpm php-debuginfo-5.3.3-3.el6_2.5.s390x.rpm php-devel-5.3.3-3.el6_2.5.s390x.rpm php-embedded-5.3.3-3.el6_2.5.s390x.rpm php-enchant-5.3.3-3.el6_2.5.s390x.rpm php-imap-5.3.3-3.el6_2.5.s390x.rpm php-intl-5.3.3-3.el6_2.5.s390x.rpm php-mbstring-5.3.3-3.el6_2.5.s390x.rpm php-process-5.3.3-3.el6_2.5.s390x.rpm php-pspell-5.3.3-3.el6_2.5.s390x.rpm php-recode-5.3.3-3.el6_2.5.s390x.rpm php-snmp-5.3.3-3.el6_2.5.s390x.rpm php-tidy-5.3.3-3.el6_2.5.s390x.rpm php-zts-5.3.3-3.el6_2.5.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.5.x86_64.rpm php-dba-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-devel-5.3.3-3.el6_2.5.x86_64.rpm php-embedded-5.3.3-3.el6_2.5.x86_64.rpm php-enchant-5.3.3-3.el6_2.5.x86_64.rpm php-imap-5.3.3-3.el6_2.5.x86_64.rpm php-intl-5.3.3-3.el6_2.5.x86_64.rpm php-mbstring-5.3.3-3.el6_2.5.x86_64.rpm php-process-5.3.3-3.el6_2.5.x86_64.rpm php-pspell-5.3.3-3.el6_2.5.x86_64.rpm php-recode-5.3.3-3.el6_2.5.x86_64.rpm php-snmp-5.3.3-3.el6_2.5.x86_64.rpm php-tidy-5.3.3-3.el6_2.5.x86_64.rpm php-zts-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm i386: php-5.3.3-3.el6_2.5.i686.rpm php-cli-5.3.3-3.el6_2.5.i686.rpm php-common-5.3.3-3.el6_2.5.i686.rpm php-debuginfo-5.3.3-3.el6_2.5.i686.rpm php-gd-5.3.3-3.el6_2.5.i686.rpm php-ldap-5.3.3-3.el6_2.5.i686.rpm php-mysql-5.3.3-3.el6_2.5.i686.rpm php-odbc-5.3.3-3.el6_2.5.i686.rpm php-pdo-5.3.3-3.el6_2.5.i686.rpm php-pgsql-5.3.3-3.el6_2.5.i686.rpm php-soap-5.3.3-3.el6_2.5.i686.rpm php-xml-5.3.3-3.el6_2.5.i686.rpm php-xmlrpc-5.3.3-3.el6_2.5.i686.rpm x86_64: php-5.3.3-3.el6_2.5.x86_64.rpm php-cli-5.3.3-3.el6_2.5.x86_64.rpm php-common-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-gd-5.3.3-3.el6_2.5.x86_64.rpm php-ldap-5.3.3-3.el6_2.5.x86_64.rpm php-mysql-5.3.3-3.el6_2.5.x86_64.rpm php-odbc-5.3.3-3.el6_2.5.x86_64.rpm php-pdo-5.3.3-3.el6_2.5.x86_64.rpm php-pgsql-5.3.3-3.el6_2.5.x86_64.rpm php-soap-5.3.3-3.el6_2.5.x86_64.rpm php-xml-5.3.3-3.el6_2.5.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.5.src.rpm i386: php-bcmath-5.3.3-3.el6_2.5.i686.rpm php-dba-5.3.3-3.el6_2.5.i686.rpm php-debuginfo-5.3.3-3.el6_2.5.i686.rpm php-devel-5.3.3-3.el6_2.5.i686.rpm php-embedded-5.3.3-3.el6_2.5.i686.rpm php-enchant-5.3.3-3.el6_2.5.i686.rpm php-imap-5.3.3-3.el6_2.5.i686.rpm php-intl-5.3.3-3.el6_2.5.i686.rpm php-mbstring-5.3.3-3.el6_2.5.i686.rpm php-process-5.3.3-3.el6_2.5.i686.rpm php-pspell-5.3.3-3.el6_2.5.i686.rpm php-recode-5.3.3-3.el6_2.5.i686.rpm php-snmp-5.3.3-3.el6_2.5.i686.rpm php-tidy-5.3.3-3.el6_2.5.i686.rpm php-zts-5.3.3-3.el6_2.5.i686.rpm x86_64: php-bcmath-5.3.3-3.el6_2.5.x86_64.rpm php-dba-5.3.3-3.el6_2.5.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.5.x86_64.rpm php-devel-5.3.3-3.el6_2.5.x86_64.rpm php-embedded-5.3.3-3.el6_2.5.x86_64.rpm php-enchant-5.3.3-3.el6_2.5.x86_64.rpm php-imap-5.3.3-3.el6_2.5.x86_64.rpm php-intl-5.3.3-3.el6_2.5.x86_64.rpm php-mbstring-5.3.3-3.el6_2.5.x86_64.rpm php-process-5.3.3-3.el6_2.5.x86_64.rpm php-pspell-5.3.3-3.el6_2.5.x86_64.rpm php-recode-5.3.3-3.el6_2.5.x86_64.rpm php-snmp-5.3.3-3.el6_2.5.x86_64.rpm php-tidy-5.3.3-3.el6_2.5.x86_64.rpm php-zts-5.3.3-3.el6_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4566.html https://www.redhat.com/security/data/cve/CVE-2011-4885.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDdYGXlSAg2UNWIIRAtXQAJwONLvLAV4to14jWY2ybkySXRN07gCeO48t ba9imSad55r5dA3fPyH8goA= =KbiN -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 18 19:29:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jan 2012 19:29:16 +0000 Subject: [RHSA-2012:0033-01] Moderate: php security update Message-ID: <201201181929.q0IJTHrY006137@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:0033-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0033.html Issue date: 2012-01-18 CVE Names: CVE-2011-0708 CVE-2011-1148 CVE-2011-1466 CVE-2011-1469 CVE-2011-2202 CVE-2011-4566 CVE-2011-4885 ===================================================================== 1. Summary: Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4885. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680972 - CVE-2011-0708 php: buffer over-read in Exif extension 688958 - CVE-2011-1148 php: use-after-free vulnerability in substr_replace() 689386 - CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar 690905 - CVE-2011-1469 php: DoS when using HTTP proxy with the FTP wrapper 713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename 750547 - CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003) 758413 - CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-27.el5_7.4.src.rpm i386: php-5.1.6-27.el5_7.4.i386.rpm php-bcmath-5.1.6-27.el5_7.4.i386.rpm php-cli-5.1.6-27.el5_7.4.i386.rpm php-common-5.1.6-27.el5_7.4.i386.rpm php-dba-5.1.6-27.el5_7.4.i386.rpm php-debuginfo-5.1.6-27.el5_7.4.i386.rpm php-devel-5.1.6-27.el5_7.4.i386.rpm php-gd-5.1.6-27.el5_7.4.i386.rpm php-imap-5.1.6-27.el5_7.4.i386.rpm php-ldap-5.1.6-27.el5_7.4.i386.rpm php-mbstring-5.1.6-27.el5_7.4.i386.rpm php-mysql-5.1.6-27.el5_7.4.i386.rpm php-ncurses-5.1.6-27.el5_7.4.i386.rpm php-odbc-5.1.6-27.el5_7.4.i386.rpm php-pdo-5.1.6-27.el5_7.4.i386.rpm php-pgsql-5.1.6-27.el5_7.4.i386.rpm php-snmp-5.1.6-27.el5_7.4.i386.rpm php-soap-5.1.6-27.el5_7.4.i386.rpm php-xml-5.1.6-27.el5_7.4.i386.rpm php-xmlrpc-5.1.6-27.el5_7.4.i386.rpm x86_64: php-5.1.6-27.el5_7.4.x86_64.rpm php-bcmath-5.1.6-27.el5_7.4.x86_64.rpm php-cli-5.1.6-27.el5_7.4.x86_64.rpm php-common-5.1.6-27.el5_7.4.x86_64.rpm php-dba-5.1.6-27.el5_7.4.x86_64.rpm php-debuginfo-5.1.6-27.el5_7.4.x86_64.rpm php-devel-5.1.6-27.el5_7.4.x86_64.rpm php-gd-5.1.6-27.el5_7.4.x86_64.rpm php-imap-5.1.6-27.el5_7.4.x86_64.rpm php-ldap-5.1.6-27.el5_7.4.x86_64.rpm php-mbstring-5.1.6-27.el5_7.4.x86_64.rpm php-mysql-5.1.6-27.el5_7.4.x86_64.rpm php-ncurses-5.1.6-27.el5_7.4.x86_64.rpm php-odbc-5.1.6-27.el5_7.4.x86_64.rpm php-pdo-5.1.6-27.el5_7.4.x86_64.rpm php-pgsql-5.1.6-27.el5_7.4.x86_64.rpm php-snmp-5.1.6-27.el5_7.4.x86_64.rpm php-soap-5.1.6-27.el5_7.4.x86_64.rpm php-xml-5.1.6-27.el5_7.4.x86_64.rpm php-xmlrpc-5.1.6-27.el5_7.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-27.el5_7.4.src.rpm i386: php-5.1.6-27.el5_7.4.i386.rpm php-bcmath-5.1.6-27.el5_7.4.i386.rpm php-cli-5.1.6-27.el5_7.4.i386.rpm php-common-5.1.6-27.el5_7.4.i386.rpm php-dba-5.1.6-27.el5_7.4.i386.rpm php-debuginfo-5.1.6-27.el5_7.4.i386.rpm php-devel-5.1.6-27.el5_7.4.i386.rpm php-gd-5.1.6-27.el5_7.4.i386.rpm php-imap-5.1.6-27.el5_7.4.i386.rpm php-ldap-5.1.6-27.el5_7.4.i386.rpm php-mbstring-5.1.6-27.el5_7.4.i386.rpm php-mysql-5.1.6-27.el5_7.4.i386.rpm php-ncurses-5.1.6-27.el5_7.4.i386.rpm php-odbc-5.1.6-27.el5_7.4.i386.rpm php-pdo-5.1.6-27.el5_7.4.i386.rpm php-pgsql-5.1.6-27.el5_7.4.i386.rpm php-snmp-5.1.6-27.el5_7.4.i386.rpm php-soap-5.1.6-27.el5_7.4.i386.rpm php-xml-5.1.6-27.el5_7.4.i386.rpm php-xmlrpc-5.1.6-27.el5_7.4.i386.rpm ia64: php-5.1.6-27.el5_7.4.ia64.rpm php-bcmath-5.1.6-27.el5_7.4.ia64.rpm php-cli-5.1.6-27.el5_7.4.ia64.rpm php-common-5.1.6-27.el5_7.4.ia64.rpm php-dba-5.1.6-27.el5_7.4.ia64.rpm php-debuginfo-5.1.6-27.el5_7.4.ia64.rpm php-devel-5.1.6-27.el5_7.4.ia64.rpm php-gd-5.1.6-27.el5_7.4.ia64.rpm php-imap-5.1.6-27.el5_7.4.ia64.rpm php-ldap-5.1.6-27.el5_7.4.ia64.rpm php-mbstring-5.1.6-27.el5_7.4.ia64.rpm php-mysql-5.1.6-27.el5_7.4.ia64.rpm php-ncurses-5.1.6-27.el5_7.4.ia64.rpm php-odbc-5.1.6-27.el5_7.4.ia64.rpm php-pdo-5.1.6-27.el5_7.4.ia64.rpm php-pgsql-5.1.6-27.el5_7.4.ia64.rpm php-snmp-5.1.6-27.el5_7.4.ia64.rpm php-soap-5.1.6-27.el5_7.4.ia64.rpm php-xml-5.1.6-27.el5_7.4.ia64.rpm php-xmlrpc-5.1.6-27.el5_7.4.ia64.rpm ppc: php-5.1.6-27.el5_7.4.ppc.rpm php-bcmath-5.1.6-27.el5_7.4.ppc.rpm php-cli-5.1.6-27.el5_7.4.ppc.rpm php-common-5.1.6-27.el5_7.4.ppc.rpm php-dba-5.1.6-27.el5_7.4.ppc.rpm php-debuginfo-5.1.6-27.el5_7.4.ppc.rpm php-devel-5.1.6-27.el5_7.4.ppc.rpm php-gd-5.1.6-27.el5_7.4.ppc.rpm php-imap-5.1.6-27.el5_7.4.ppc.rpm php-ldap-5.1.6-27.el5_7.4.ppc.rpm php-mbstring-5.1.6-27.el5_7.4.ppc.rpm php-mysql-5.1.6-27.el5_7.4.ppc.rpm php-ncurses-5.1.6-27.el5_7.4.ppc.rpm php-odbc-5.1.6-27.el5_7.4.ppc.rpm php-pdo-5.1.6-27.el5_7.4.ppc.rpm php-pgsql-5.1.6-27.el5_7.4.ppc.rpm php-snmp-5.1.6-27.el5_7.4.ppc.rpm php-soap-5.1.6-27.el5_7.4.ppc.rpm php-xml-5.1.6-27.el5_7.4.ppc.rpm php-xmlrpc-5.1.6-27.el5_7.4.ppc.rpm s390x: php-5.1.6-27.el5_7.4.s390x.rpm php-bcmath-5.1.6-27.el5_7.4.s390x.rpm php-cli-5.1.6-27.el5_7.4.s390x.rpm php-common-5.1.6-27.el5_7.4.s390x.rpm php-dba-5.1.6-27.el5_7.4.s390x.rpm php-debuginfo-5.1.6-27.el5_7.4.s390x.rpm php-devel-5.1.6-27.el5_7.4.s390x.rpm php-gd-5.1.6-27.el5_7.4.s390x.rpm php-imap-5.1.6-27.el5_7.4.s390x.rpm php-ldap-5.1.6-27.el5_7.4.s390x.rpm php-mbstring-5.1.6-27.el5_7.4.s390x.rpm php-mysql-5.1.6-27.el5_7.4.s390x.rpm php-ncurses-5.1.6-27.el5_7.4.s390x.rpm php-odbc-5.1.6-27.el5_7.4.s390x.rpm php-pdo-5.1.6-27.el5_7.4.s390x.rpm php-pgsql-5.1.6-27.el5_7.4.s390x.rpm php-snmp-5.1.6-27.el5_7.4.s390x.rpm php-soap-5.1.6-27.el5_7.4.s390x.rpm php-xml-5.1.6-27.el5_7.4.s390x.rpm php-xmlrpc-5.1.6-27.el5_7.4.s390x.rpm x86_64: php-5.1.6-27.el5_7.4.x86_64.rpm php-bcmath-5.1.6-27.el5_7.4.x86_64.rpm php-cli-5.1.6-27.el5_7.4.x86_64.rpm php-common-5.1.6-27.el5_7.4.x86_64.rpm php-dba-5.1.6-27.el5_7.4.x86_64.rpm php-debuginfo-5.1.6-27.el5_7.4.x86_64.rpm php-devel-5.1.6-27.el5_7.4.x86_64.rpm php-gd-5.1.6-27.el5_7.4.x86_64.rpm php-imap-5.1.6-27.el5_7.4.x86_64.rpm php-ldap-5.1.6-27.el5_7.4.x86_64.rpm php-mbstring-5.1.6-27.el5_7.4.x86_64.rpm php-mysql-5.1.6-27.el5_7.4.x86_64.rpm php-ncurses-5.1.6-27.el5_7.4.x86_64.rpm php-odbc-5.1.6-27.el5_7.4.x86_64.rpm php-pdo-5.1.6-27.el5_7.4.x86_64.rpm php-pgsql-5.1.6-27.el5_7.4.x86_64.rpm php-snmp-5.1.6-27.el5_7.4.x86_64.rpm php-soap-5.1.6-27.el5_7.4.x86_64.rpm php-xml-5.1.6-27.el5_7.4.x86_64.rpm php-xmlrpc-5.1.6-27.el5_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0708.html https://www.redhat.com/security/data/cve/CVE-2011-1148.html https://www.redhat.com/security/data/cve/CVE-2011-1466.html https://www.redhat.com/security/data/cve/CVE-2011-1469.html https://www.redhat.com/security/data/cve/CVE-2011-2202.html https://www.redhat.com/security/data/cve/CVE-2011-4566.html https://www.redhat.com/security/data/cve/CVE-2011-4885.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPFx0/XlSAg2UNWIIRAsJfAJsEkZETav6tgqNNjO/aDoLEDdBuBACgwhzi W+0ksbjC8sl3GqP0hbvqjfo= =5yKn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 18 19:30:12 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jan 2012 19:30:12 +0000 Subject: [RHSA-2012:0034-01] Critical: java-1.6.0-ibm security update Message-ID: <201201181930.q0IJUDat024281@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2012:0034-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0034.html Issue date: 2012-01-18 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc64.rpm s390: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390.rpm s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPFx2vXlSAg2UNWIIRAhTiAKC/De/npwAlSJPQ/Grh51Bmxq3M5ACgvw8T hoc/VGW50B8EPSdZ48jR034= =nw0v -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 23 20:21:40 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Jan 2012 20:21:40 +0000 Subject: [RHSA-2012:0050-01] Important: qemu-kvm security, bug fix, and enhancement update Message-ID: <201201232021.q0NKLeTH003843@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2012:0050-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0050.html Issue date: 2012-01-23 CVE Names: CVE-2012-0029 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) Red Hat would like to thank Nicolae Mogoreanu for reporting this issue. This update also fixes the following bug: * qemu-kvm has a "scsi" option, to be used, for example, with the "-device" option: "-device virtio-blk-pci,drive=[drive name],scsi=off". Previously, however, it only masked the feature bit, and did not reject SCSI commands if a malicious guest ignored the feature bit and issued a request. This update corrects this issue. The "scsi=off" option can be used to mitigate the virtualization aspect of CVE-2011-4127 before the RHSA-2011:1849 kernel update is installed on the host. This mitigation is only required if you do not have the RHSA-2011:1849 kernel update installed on the host and you are using raw format virtio disks backed by a partition or LVM volume. If you run guests by invoking /usr/libexec/qemu-kvm directly, use the "-global virtio-blk-pci.scsi=off" option to apply the mitigation. If you are using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013 libvirt update installed, no manual action is required: guests will automatically use "scsi=off". (BZ#767721) Note: After installing the RHSA-2011:1849 kernel update, SCSI requests issued by guests via the SG_IO IOCTL will not be passed to the underlying block device when using raw format virtio disks backed by a partition or LVM volume, even if "scsi=on" is used. As well, this update adds the following enhancement: * Prior to this update, qemu-kvm was not built with RELRO or PIE support. qemu-kvm is now built with full RELRO and PIE support as a security enhancement. (BZ#767906) All users of qemu-kvm should upgrade to these updated packages, which correct these issues and add this enhancement. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.209.el6_2.4.src.rpm x86_64: qemu-img-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.209.el6_2.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.209.el6_2.4.src.rpm x86_64: qemu-img-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.209.el6_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.209.el6_2.4.src.rpm x86_64: qemu-img-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.209.el6_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.209.el6_2.4.src.rpm x86_64: qemu-img-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.209.el6_2.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.209.el6_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-67874 https://rhn.redhat.com/errata/RHSA-2011-1849.html https://rhn.redhat.com/errata/RHBA-2012-0013.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHcFDXlSAg2UNWIIRAo+dAKDAAxQmxTfz5QrmEBRHDKrSExCWiQCfcQpj SKfoX2IxYRw+sCY36M4sdJ0= =3lTM -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 23 20:22:07 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Jan 2012 20:22:07 +0000 Subject: [RHSA-2012:0051-01] Important: kvm security update Message-ID: <201201232022.q0NKM7ox003936@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2012:0051-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0051.html Issue date: 2012-01-23 CVE Names: CVE-2011-4622 CVE-2012-0029 ===================================================================== 1. Summary: Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029. All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 769721 - CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-239.el5_7.1.src.rpm x86_64: kmod-kvm-83-239.el5_7.1.x86_64.rpm kmod-kvm-debug-83-239.el5_7.1.x86_64.rpm kvm-83-239.el5_7.1.x86_64.rpm kvm-debuginfo-83-239.el5_7.1.x86_64.rpm kvm-qemu-img-83-239.el5_7.1.x86_64.rpm kvm-tools-83-239.el5_7.1.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-239.el5_7.1.src.rpm x86_64: kmod-kvm-83-239.el5_7.1.x86_64.rpm kmod-kvm-debug-83-239.el5_7.1.x86_64.rpm kvm-83-239.el5_7.1.x86_64.rpm kvm-debuginfo-83-239.el5_7.1.x86_64.rpm kvm-qemu-img-83-239.el5_7.1.x86_64.rpm kvm-tools-83-239.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4622.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHcFcXlSAg2UNWIIRAma+AJ4kDx59ute8037KXRv+obW/eXxtcACgvht6 74caF0mqb3d9FgyuwjdA9D4= =+cTy -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 23 20:23:06 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Jan 2012 20:23:06 +0000 Subject: [RHSA-2012:0052-01] Important: kernel security and bug fix update Message-ID: <201201232023.q0NKN67l020994@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:0052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0052.html Issue date: 2012-01-23 CVE Names: CVE-2012-0056 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information. (CVE-2012-0056, Important) Red Hat would like to thank J?ri Aedla for reporting this issue. This update fixes the following bugs: * The RHSA-2011:1849 kernel update introduced a bug in the Linux kernel scheduler, causing a "WARNING: at kernel/sched.c:5915 thread_return" message and a call trace to be logged. This message was harmless, and was not due to any system malfunctions or adverse behavior. With this update, the WARN_ON_ONCE() call in the scheduler that caused this harmless message has been removed. (BZ#768288) * The RHSA-2011:1530 kernel update introduced a regression in the way the Linux kernel maps ELF headers for kernel modules into kernel memory. If a third-party kernel module is compiled on a Red Hat Enterprise Linux system with a kernel prior to RHSA-2011:1530, then loading that module on a system with RHSA-2011:1530 kernel would result in corruption of one byte in the memory reserved for the module. In some cases, this could prevent the module from functioning correctly. (BZ#769595) * On some SMP systems the tsc may erroneously be marked as unstable during early system boot or while the system is under heavy load. A "Clocksource tsc unstable" message was logged when this occurred. As a result the system would switch to the slower access, but higher precision HPET clock. The "tsc=reliable" kernel parameter is supposed to avoid this problem by indicating that the system has a known good clock, however, the parameter only affected run time checks. A fix has been put in to avoid the boot time checks so that the TSC remains as the clock for the duration of system runtime. (BZ#755867) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 782642 - CVE-2012-0056 kernel: proc: /proc//mem mem_write insufficient permission checking 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-2.6.32-220.4.1.el6.i686.rpm kernel-debug-2.6.32-220.4.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm kernel-devel-2.6.32-220.4.1.el6.i686.rpm kernel-headers-2.6.32-220.4.1.el6.i686.rpm perf-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.4.1.el6.noarch.rpm kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm perf-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm python-perf-2.6.32-220.4.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm python-perf-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.4.1.el6.noarch.rpm kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm perf-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm python-perf-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-2.6.32-220.4.1.el6.i686.rpm kernel-debug-2.6.32-220.4.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm kernel-devel-2.6.32-220.4.1.el6.i686.rpm kernel-headers-2.6.32-220.4.1.el6.i686.rpm perf-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.4.1.el6.noarch.rpm kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.4.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.4.1.el6.ppc64.rpm kernel-debug-2.6.32-220.4.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.4.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.4.1.el6.ppc64.rpm kernel-devel-2.6.32-220.4.1.el6.ppc64.rpm kernel-headers-2.6.32-220.4.1.el6.ppc64.rpm perf-2.6.32-220.4.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.4.1.el6.s390x.rpm kernel-debug-2.6.32-220.4.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.4.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.4.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.4.1.el6.s390x.rpm kernel-devel-2.6.32-220.4.1.el6.s390x.rpm kernel-headers-2.6.32-220.4.1.el6.s390x.rpm kernel-kdump-2.6.32-220.4.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.4.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.4.1.el6.s390x.rpm perf-2.6.32-220.4.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.4.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm perf-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm python-perf-2.6.32-220.4.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.4.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm python-perf-2.6.32-220.4.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.4.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.4.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.4.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.4.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.4.1.el6.s390x.rpm python-perf-2.6.32-220.4.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm python-perf-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-2.6.32-220.4.1.el6.i686.rpm kernel-debug-2.6.32-220.4.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm kernel-devel-2.6.32-220.4.1.el6.i686.rpm kernel-headers-2.6.32-220.4.1.el6.i686.rpm perf-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.4.1.el6.noarch.rpm kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm perf-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm python-perf-2.6.32-220.4.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm python-perf-2.6.32-220.4.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0056.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-69129 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHcGTXlSAg2UNWIIRApQqAJ9/SpcEYh2K2lg06AunBWYR0APx6gCgsCvN f6KkbVEmaTccoUJ6Q1w4Za0= =Dfkr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 21:36:51 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2012 21:36:51 +0000 Subject: [RHSA-2012:0058-01] Moderate: glibc security and bug fix update Message-ID: <201201242136.q0OLaqcO008548@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2012:0058-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0058.html Issue date: 2012-01-24 CVE Names: CVE-2009-5029 CVE-2011-4609 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs: * glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc's locale support printed numbers with the wrong separators and groupings when those locales were in use. With this update, the separator and grouping information has been fixed. (BZ#754116) * The RHBA-2011:1179 glibc update introduced a regression, causing glibc to incorrectly parse groups with more than 126 members, resulting in applications such as "id" failing to list all the groups a particular user was a member of. With this update, group parsing has been fixed. (BZ#766484) * glibc incorrectly allocated too much memory due to a race condition within its own malloc routines. This could cause a multi-threaded application to allocate more memory than was expected. With this update, the race condition has been fixed, and malloc's behavior is now consistent with the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX environment variables. (BZ#769594) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 761245 - CVE-2009-5029 glibc: __tzfile_read integer overflow to buffer overflow 767299 - CVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-headers-2.12-1.47.el6_2.5.i686.rpm glibc-utils-2.12-1.47.el6_2.5.i686.rpm nscd-2.12-1.47.el6_2.5.i686.rpm x86_64: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-2.12-1.47.el6_2.5.x86_64.rpm glibc-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm nscd-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm x86_64: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-2.12-1.47.el6_2.5.x86_64.rpm glibc-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm nscd-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-headers-2.12-1.47.el6_2.5.i686.rpm glibc-utils-2.12-1.47.el6_2.5.i686.rpm nscd-2.12-1.47.el6_2.5.i686.rpm ppc64: glibc-2.12-1.47.el6_2.5.ppc.rpm glibc-2.12-1.47.el6_2.5.ppc64.rpm glibc-common-2.12-1.47.el6_2.5.ppc64.rpm glibc-debuginfo-2.12-1.47.el6_2.5.ppc.rpm glibc-debuginfo-2.12-1.47.el6_2.5.ppc64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.ppc.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.ppc64.rpm glibc-devel-2.12-1.47.el6_2.5.ppc.rpm glibc-devel-2.12-1.47.el6_2.5.ppc64.rpm glibc-headers-2.12-1.47.el6_2.5.ppc64.rpm glibc-utils-2.12-1.47.el6_2.5.ppc64.rpm nscd-2.12-1.47.el6_2.5.ppc64.rpm s390x: glibc-2.12-1.47.el6_2.5.s390.rpm glibc-2.12-1.47.el6_2.5.s390x.rpm glibc-common-2.12-1.47.el6_2.5.s390x.rpm glibc-debuginfo-2.12-1.47.el6_2.5.s390.rpm glibc-debuginfo-2.12-1.47.el6_2.5.s390x.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.s390.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.s390x.rpm glibc-devel-2.12-1.47.el6_2.5.s390.rpm glibc-devel-2.12-1.47.el6_2.5.s390x.rpm glibc-headers-2.12-1.47.el6_2.5.s390x.rpm glibc-utils-2.12-1.47.el6_2.5.s390x.rpm nscd-2.12-1.47.el6_2.5.s390x.rpm x86_64: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-2.12-1.47.el6_2.5.x86_64.rpm glibc-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm nscd-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.47.el6_2.5.ppc.rpm glibc-debuginfo-2.12-1.47.el6_2.5.ppc64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.ppc.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.ppc64.rpm glibc-static-2.12-1.47.el6_2.5.ppc.rpm glibc-static-2.12-1.47.el6_2.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.47.el6_2.5.s390.rpm glibc-debuginfo-2.12-1.47.el6_2.5.s390x.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.s390.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.s390x.rpm glibc-static-2.12-1.47.el6_2.5.s390.rpm glibc-static-2.12-1.47.el6_2.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-headers-2.12-1.47.el6_2.5.i686.rpm glibc-utils-2.12-1.47.el6_2.5.i686.rpm nscd-2.12-1.47.el6_2.5.i686.rpm x86_64: glibc-2.12-1.47.el6_2.5.i686.rpm glibc-2.12-1.47.el6_2.5.x86_64.rpm glibc-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-devel-2.12-1.47.el6_2.5.i686.rpm glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm nscd-2.12-1.47.el6_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.47.el6_2.5.src.rpm i386: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.5.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.5.x86_64.rpm glibc-static-2.12-1.47.el6_2.5.i686.rpm glibc-static-2.12-1.47.el6_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-5029.html https://www.redhat.com/security/data/cve/CVE-2011-4609.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHBA-2011-1179.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHyRKXlSAg2UNWIIRApoWAKC4J5Xxsn2G+Z/DPy9ewnJLtWAAYwCaA3B+ LTuIiDvp3F1TwN7edxyBI6I= =hOeo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 21:37:40 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2012 21:37:40 +0000 Subject: [RHSA-2012:0059-01] Moderate: openssl security update Message-ID: <201201242137.q0OLbfH9024297@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 21:38:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2012 21:38:14 +0000 Subject: [RHSA-2012:0060-01] Moderate: openssl security update Message-ID: <201201242138.q0OLcEjx007013@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0060-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0060.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm i386: openssl-0.9.8e-20.el5_7.1.i386.rpm openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-perl-0.9.8e-20.el5_7.1.i386.rpm x86_64: openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-0.9.8e-20.el5_7.1.x86_64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm i386: openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-devel-0.9.8e-20.el5_7.1.i386.rpm x86_64: openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm openssl-devel-0.9.8e-20.el5_7.1.i386.rpm openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm i386: openssl-0.9.8e-20.el5_7.1.i386.rpm openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-devel-0.9.8e-20.el5_7.1.i386.rpm openssl-perl-0.9.8e-20.el5_7.1.i386.rpm ia64: openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-0.9.8e-20.el5_7.1.ia64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.ia64.rpm openssl-devel-0.9.8e-20.el5_7.1.ia64.rpm openssl-perl-0.9.8e-20.el5_7.1.ia64.rpm ppc: openssl-0.9.8e-20.el5_7.1.ppc.rpm openssl-0.9.8e-20.el5_7.1.ppc64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.ppc.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.ppc64.rpm openssl-devel-0.9.8e-20.el5_7.1.ppc.rpm openssl-devel-0.9.8e-20.el5_7.1.ppc64.rpm openssl-perl-0.9.8e-20.el5_7.1.ppc.rpm s390x: openssl-0.9.8e-20.el5_7.1.s390.rpm openssl-0.9.8e-20.el5_7.1.s390x.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.s390.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.s390x.rpm openssl-devel-0.9.8e-20.el5_7.1.s390.rpm openssl-devel-0.9.8e-20.el5_7.1.s390x.rpm openssl-perl-0.9.8e-20.el5_7.1.s390x.rpm x86_64: openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-0.9.8e-20.el5_7.1.x86_64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm openssl-devel-0.9.8e-20.el5_7.1.i386.rpm openssl-devel-0.9.8e-20.el5_7.1.x86_64.rpm openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHyS1XlSAg2UNWIIRAhxXAKClR3xRopyhygA4PgLUnOqWacOsfwCfSKMv npqkzmNKX5c+YRYaCNRkdvw= =rGKW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 21:41:24 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2012 21:41:24 +0000 Subject: [RHSA-2012:0061-01] Important: kernel-rt security update Message-ID: <201201242141.q0OLfOuH022213@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2012:0061-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0061.html Issue date: 2012-01-24 CVE Names: CVE-2012-0056 ===================================================================== 1. Summary: Updated kernel-rt packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information. (CVE-2012-0056, Important) Red Hat would like to thank J?ri Aedla for reporting this issue. Users should upgrade to these updated packages, which correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 782642 - CVE-2012-0056 kernel: proc: /proc//mem mem_write insufficient permission checking 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.0.9-rt26.46.el6rt.src.rpm noarch: kernel-rt-doc-3.0.9-rt26.46.el6rt.noarch.rpm kernel-rt-firmware-3.0.9-rt26.46.el6rt.noarch.rpm x86_64: kernel-rt-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-debug-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-debug-devel-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-debuginfo-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-devel-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-trace-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-trace-devel-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-vanilla-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.0.9-rt26.46.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.0.9-rt26.46.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0056.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/kb/docs/DOC-69129 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHyVuXlSAg2UNWIIRAs6nAJ4pbCh2MxprvrVuallqUdud6HdJQwCfSbCP aqH9e0eP0cnA85BONeP0dDA= =VAOB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 24 21:43:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jan 2012 21:43:01 +0000 Subject: [RHSA-2012:0062-01] Moderate: t1lib security update Message-ID: <201201242143.q0OLh1AL025478@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: t1lib security update Advisory ID: RHSA-2012:0062-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0062.html Issue date: 2012-01-24 CVE Names: CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 ===================================================================== 1. Summary: Updated t1lib packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash. (CVE-2011-1552) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of t1lib are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications linked against t1lib must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm x86_64: t1lib-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-apps-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-static-5.1.2-6.el6_2.1.i686.rpm x86_64: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-apps-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.x86_64.rpm t1lib-static-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm x86_64: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-5.1.2-6.el6_2.1.x86_64.rpm t1lib-apps-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.x86_64.rpm t1lib-static-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm ppc64: t1lib-5.1.2-6.el6_2.1.ppc64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.ppc64.rpm s390x: t1lib-5.1.2-6.el6_2.1.s390x.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.s390x.rpm x86_64: t1lib-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-apps-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-static-5.1.2-6.el6_2.1.i686.rpm ppc64: t1lib-5.1.2-6.el6_2.1.ppc.rpm t1lib-apps-5.1.2-6.el6_2.1.ppc64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.ppc.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.ppc64.rpm t1lib-devel-5.1.2-6.el6_2.1.ppc.rpm t1lib-devel-5.1.2-6.el6_2.1.ppc64.rpm t1lib-static-5.1.2-6.el6_2.1.ppc64.rpm s390x: t1lib-5.1.2-6.el6_2.1.s390.rpm t1lib-apps-5.1.2-6.el6_2.1.s390x.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.s390.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.s390x.rpm t1lib-devel-5.1.2-6.el6_2.1.s390.rpm t1lib-devel-5.1.2-6.el6_2.1.s390x.rpm t1lib-static-5.1.2-6.el6_2.1.s390x.rpm x86_64: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-apps-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.x86_64.rpm t1lib-static-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm x86_64: t1lib-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/t1lib-5.1.2-6.el6_2.1.src.rpm i386: t1lib-apps-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-static-5.1.2-6.el6_2.1.i686.rpm x86_64: t1lib-5.1.2-6.el6_2.1.i686.rpm t1lib-apps-5.1.2-6.el6_2.1.x86_64.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.i686.rpm t1lib-debuginfo-5.1.2-6.el6_2.1.x86_64.rpm t1lib-devel-5.1.2-6.el6_2.1.i686.rpm t1lib-devel-5.1.2-6.el6_2.1.x86_64.rpm t1lib-static-5.1.2-6.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2011-0433.html https://www.redhat.com/security/data/cve/CVE-2011-0764.html https://www.redhat.com/security/data/cve/CVE-2011-1552.html https://www.redhat.com/security/data/cve/CVE-2011-1553.html https://www.redhat.com/security/data/cve/CVE-2011-1554.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHyXKXlSAg2UNWIIRAiolAJ40Z3cESS/dHhCSugnMEJFD5UJUuwCguRBu YL/xws0fFkdvEdyaDfmFjl0= =kAC9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 30 18:38:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Jan 2012 18:38:01 +0000 Subject: [RHSA-2012:0069-01] Moderate: ruby security update Message-ID: <201201301838.q0UIc1Q7007027@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2012:0069-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0069.html Issue date: 2012-01-30 CVE Names: CVE-2011-4815 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters. All users of ruby are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 750564 - CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-irb-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm x86_64: ruby-1.8.7.352-4.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-irb-1.8.7.352-4.el6_2.x86_64.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-docs-1.8.7.352-4.el6_2.i686.rpm ruby-rdoc-1.8.7.352-4.el6_2.i686.rpm ruby-ri-1.8.7.352-4.el6_2.i686.rpm ruby-static-1.8.7.352-4.el6_2.i686.rpm ruby-tcltk-1.8.7.352-4.el6_2.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.x86_64.rpm ruby-docs-1.8.7.352-4.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-4.el6_2.x86_64.rpm ruby-ri-1.8.7.352-4.el6_2.x86_64.rpm ruby-static-1.8.7.352-4.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm x86_64: ruby-1.8.7.352-4.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-irb-1.8.7.352-4.el6_2.x86_64.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm x86_64: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.x86_64.rpm ruby-docs-1.8.7.352-4.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-4.el6_2.x86_64.rpm ruby-ri-1.8.7.352-4.el6_2.x86_64.rpm ruby-static-1.8.7.352-4.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-irb-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm ppc64: ruby-1.8.7.352-4.el6_2.ppc64.rpm ruby-debuginfo-1.8.7.352-4.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-4.el6_2.ppc64.rpm ruby-irb-1.8.7.352-4.el6_2.ppc64.rpm ruby-libs-1.8.7.352-4.el6_2.ppc.rpm ruby-libs-1.8.7.352-4.el6_2.ppc64.rpm s390x: ruby-1.8.7.352-4.el6_2.s390x.rpm ruby-debuginfo-1.8.7.352-4.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-4.el6_2.s390x.rpm ruby-irb-1.8.7.352-4.el6_2.s390x.rpm ruby-libs-1.8.7.352-4.el6_2.s390.rpm ruby-libs-1.8.7.352-4.el6_2.s390x.rpm x86_64: ruby-1.8.7.352-4.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-irb-1.8.7.352-4.el6_2.x86_64.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-docs-1.8.7.352-4.el6_2.i686.rpm ruby-rdoc-1.8.7.352-4.el6_2.i686.rpm ruby-ri-1.8.7.352-4.el6_2.i686.rpm ruby-static-1.8.7.352-4.el6_2.i686.rpm ruby-tcltk-1.8.7.352-4.el6_2.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-4.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-4.el6_2.ppc64.rpm ruby-devel-1.8.7.352-4.el6_2.ppc.rpm ruby-devel-1.8.7.352-4.el6_2.ppc64.rpm ruby-docs-1.8.7.352-4.el6_2.ppc64.rpm ruby-rdoc-1.8.7.352-4.el6_2.ppc64.rpm ruby-ri-1.8.7.352-4.el6_2.ppc64.rpm ruby-static-1.8.7.352-4.el6_2.ppc64.rpm ruby-tcltk-1.8.7.352-4.el6_2.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-4.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-4.el6_2.s390x.rpm ruby-devel-1.8.7.352-4.el6_2.s390.rpm ruby-devel-1.8.7.352-4.el6_2.s390x.rpm ruby-docs-1.8.7.352-4.el6_2.s390x.rpm ruby-rdoc-1.8.7.352-4.el6_2.s390x.rpm ruby-ri-1.8.7.352-4.el6_2.s390x.rpm ruby-static-1.8.7.352-4.el6_2.s390x.rpm ruby-tcltk-1.8.7.352-4.el6_2.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.x86_64.rpm ruby-docs-1.8.7.352-4.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-4.el6_2.x86_64.rpm ruby-ri-1.8.7.352-4.el6_2.x86_64.rpm ruby-static-1.8.7.352-4.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-irb-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm x86_64: ruby-1.8.7.352-4.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-irb-1.8.7.352-4.el6_2.x86_64.rpm ruby-libs-1.8.7.352-4.el6_2.i686.rpm ruby-libs-1.8.7.352-4.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-4.el6_2.src.rpm i386: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-docs-1.8.7.352-4.el6_2.i686.rpm ruby-rdoc-1.8.7.352-4.el6_2.i686.rpm ruby-ri-1.8.7.352-4.el6_2.i686.rpm ruby-static-1.8.7.352-4.el6_2.i686.rpm ruby-tcltk-1.8.7.352-4.el6_2.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-4.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-4.el6_2.x86_64.rpm ruby-devel-1.8.7.352-4.el6_2.i686.rpm ruby-devel-1.8.7.352-4.el6_2.x86_64.rpm ruby-docs-1.8.7.352-4.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-4.el6_2.x86_64.rpm ruby-ri-1.8.7.352-4.el6_2.x86_64.rpm ruby-static-1.8.7.352-4.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-4.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4815.html https://access.redhat.com/security/updates/classification/#moderate http://www.ocert.org/advisories/ocert-2011-003.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPJuN1XlSAg2UNWIIRAk4gAKC5G9QS26DETTvyPZiIg+7upnHyQQCfXhFW 7gRSSruvMGRhJgNh5V2hobY= =ng5x -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 30 18:39:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Jan 2012 18:39:16 +0000 Subject: [RHSA-2012:0070-01] Moderate: ruby security update Message-ID: <201201301839.q0UIdGxY007040@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2012:0070-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0070.html Issue date: 2012-01-30 CVE Names: CVE-2011-3009 CVE-2011-4815 ===================================================================== 1. Summary: Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) Red Hat would like to thank oCERT for reporting CVE-2011-4815. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4815. All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 722415 - CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 ruby: Properly initialize the random number generator when forking new process 750564 - CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-18.el4.src.rpm i386: irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm ia64: irb-1.8.1-18.el4.ia64.rpm ruby-1.8.1-18.el4.ia64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.ia64.rpm ruby-devel-1.8.1-18.el4.ia64.rpm ruby-docs-1.8.1-18.el4.ia64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.ia64.rpm ruby-mode-1.8.1-18.el4.ia64.rpm ruby-tcltk-1.8.1-18.el4.ia64.rpm ppc: irb-1.8.1-18.el4.ppc.rpm ruby-1.8.1-18.el4.ppc.rpm ruby-debuginfo-1.8.1-18.el4.ppc.rpm ruby-debuginfo-1.8.1-18.el4.ppc64.rpm ruby-devel-1.8.1-18.el4.ppc.rpm ruby-docs-1.8.1-18.el4.ppc.rpm ruby-libs-1.8.1-18.el4.ppc.rpm ruby-libs-1.8.1-18.el4.ppc64.rpm ruby-mode-1.8.1-18.el4.ppc.rpm ruby-tcltk-1.8.1-18.el4.ppc.rpm s390: irb-1.8.1-18.el4.s390.rpm ruby-1.8.1-18.el4.s390.rpm ruby-debuginfo-1.8.1-18.el4.s390.rpm ruby-devel-1.8.1-18.el4.s390.rpm ruby-docs-1.8.1-18.el4.s390.rpm ruby-libs-1.8.1-18.el4.s390.rpm ruby-mode-1.8.1-18.el4.s390.rpm ruby-tcltk-1.8.1-18.el4.s390.rpm s390x: irb-1.8.1-18.el4.s390x.rpm ruby-1.8.1-18.el4.s390x.rpm ruby-debuginfo-1.8.1-18.el4.s390.rpm ruby-debuginfo-1.8.1-18.el4.s390x.rpm ruby-devel-1.8.1-18.el4.s390x.rpm ruby-docs-1.8.1-18.el4.s390x.rpm ruby-libs-1.8.1-18.el4.s390.rpm ruby-libs-1.8.1-18.el4.s390x.rpm ruby-mode-1.8.1-18.el4.s390x.rpm ruby-tcltk-1.8.1-18.el4.s390x.rpm x86_64: irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-18.el4.src.rpm i386: irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm x86_64: irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-18.el4.src.rpm i386: irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm ia64: irb-1.8.1-18.el4.ia64.rpm ruby-1.8.1-18.el4.ia64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.ia64.rpm ruby-devel-1.8.1-18.el4.ia64.rpm ruby-docs-1.8.1-18.el4.ia64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.ia64.rpm ruby-mode-1.8.1-18.el4.ia64.rpm ruby-tcltk-1.8.1-18.el4.ia64.rpm x86_64: irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-18.el4.src.rpm i386: irb-1.8.1-18.el4.i386.rpm ruby-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-devel-1.8.1-18.el4.i386.rpm ruby-docs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-mode-1.8.1-18.el4.i386.rpm ruby-tcltk-1.8.1-18.el4.i386.rpm ia64: irb-1.8.1-18.el4.ia64.rpm ruby-1.8.1-18.el4.ia64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.ia64.rpm ruby-devel-1.8.1-18.el4.ia64.rpm ruby-docs-1.8.1-18.el4.ia64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.ia64.rpm ruby-mode-1.8.1-18.el4.ia64.rpm ruby-tcltk-1.8.1-18.el4.ia64.rpm x86_64: irb-1.8.1-18.el4.x86_64.rpm ruby-1.8.1-18.el4.x86_64.rpm ruby-debuginfo-1.8.1-18.el4.i386.rpm ruby-debuginfo-1.8.1-18.el4.x86_64.rpm ruby-devel-1.8.1-18.el4.x86_64.rpm ruby-docs-1.8.1-18.el4.x86_64.rpm ruby-libs-1.8.1-18.el4.i386.rpm ruby-libs-1.8.1-18.el4.x86_64.rpm ruby-mode-1.8.1-18.el4.x86_64.rpm ruby-tcltk-1.8.1-18.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-22.el5_7.1.src.rpm i386: ruby-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-docs-1.8.5-22.el5_7.1.i386.rpm ruby-irb-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-rdoc-1.8.5-22.el5_7.1.i386.rpm ruby-ri-1.8.5-22.el5_7.1.i386.rpm ruby-tcltk-1.8.5-22.el5_7.1.i386.rpm x86_64: ruby-1.8.5-22.el5_7.1.x86_64.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.x86_64.rpm ruby-docs-1.8.5-22.el5_7.1.x86_64.rpm ruby-irb-1.8.5-22.el5_7.1.x86_64.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.x86_64.rpm ruby-rdoc-1.8.5-22.el5_7.1.x86_64.rpm ruby-ri-1.8.5-22.el5_7.1.x86_64.rpm ruby-tcltk-1.8.5-22.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-22.el5_7.1.src.rpm i386: ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-mode-1.8.5-22.el5_7.1.i386.rpm x86_64: ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.x86_64.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.x86_64.rpm ruby-mode-1.8.5-22.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-22.el5_7.1.src.rpm i386: ruby-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-docs-1.8.5-22.el5_7.1.i386.rpm ruby-irb-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-mode-1.8.5-22.el5_7.1.i386.rpm ruby-rdoc-1.8.5-22.el5_7.1.i386.rpm ruby-ri-1.8.5-22.el5_7.1.i386.rpm ruby-tcltk-1.8.5-22.el5_7.1.i386.rpm ia64: ruby-1.8.5-22.el5_7.1.ia64.rpm ruby-debuginfo-1.8.5-22.el5_7.1.ia64.rpm ruby-devel-1.8.5-22.el5_7.1.ia64.rpm ruby-docs-1.8.5-22.el5_7.1.ia64.rpm ruby-irb-1.8.5-22.el5_7.1.ia64.rpm ruby-libs-1.8.5-22.el5_7.1.ia64.rpm ruby-mode-1.8.5-22.el5_7.1.ia64.rpm ruby-rdoc-1.8.5-22.el5_7.1.ia64.rpm ruby-ri-1.8.5-22.el5_7.1.ia64.rpm ruby-tcltk-1.8.5-22.el5_7.1.ia64.rpm ppc: ruby-1.8.5-22.el5_7.1.ppc.rpm ruby-debuginfo-1.8.5-22.el5_7.1.ppc.rpm ruby-debuginfo-1.8.5-22.el5_7.1.ppc64.rpm ruby-devel-1.8.5-22.el5_7.1.ppc.rpm ruby-devel-1.8.5-22.el5_7.1.ppc64.rpm ruby-docs-1.8.5-22.el5_7.1.ppc.rpm ruby-irb-1.8.5-22.el5_7.1.ppc.rpm ruby-libs-1.8.5-22.el5_7.1.ppc.rpm ruby-libs-1.8.5-22.el5_7.1.ppc64.rpm ruby-mode-1.8.5-22.el5_7.1.ppc.rpm ruby-rdoc-1.8.5-22.el5_7.1.ppc.rpm ruby-ri-1.8.5-22.el5_7.1.ppc.rpm ruby-tcltk-1.8.5-22.el5_7.1.ppc.rpm s390x: ruby-1.8.5-22.el5_7.1.s390x.rpm ruby-debuginfo-1.8.5-22.el5_7.1.s390.rpm ruby-debuginfo-1.8.5-22.el5_7.1.s390x.rpm ruby-devel-1.8.5-22.el5_7.1.s390.rpm ruby-devel-1.8.5-22.el5_7.1.s390x.rpm ruby-docs-1.8.5-22.el5_7.1.s390x.rpm ruby-irb-1.8.5-22.el5_7.1.s390x.rpm ruby-libs-1.8.5-22.el5_7.1.s390.rpm ruby-libs-1.8.5-22.el5_7.1.s390x.rpm ruby-mode-1.8.5-22.el5_7.1.s390x.rpm ruby-rdoc-1.8.5-22.el5_7.1.s390x.rpm ruby-ri-1.8.5-22.el5_7.1.s390x.rpm ruby-tcltk-1.8.5-22.el5_7.1.s390x.rpm x86_64: ruby-1.8.5-22.el5_7.1.x86_64.rpm ruby-debuginfo-1.8.5-22.el5_7.1.i386.rpm ruby-debuginfo-1.8.5-22.el5_7.1.x86_64.rpm ruby-devel-1.8.5-22.el5_7.1.i386.rpm ruby-devel-1.8.5-22.el5_7.1.x86_64.rpm ruby-docs-1.8.5-22.el5_7.1.x86_64.rpm ruby-irb-1.8.5-22.el5_7.1.x86_64.rpm ruby-libs-1.8.5-22.el5_7.1.i386.rpm ruby-libs-1.8.5-22.el5_7.1.x86_64.rpm ruby-mode-1.8.5-22.el5_7.1.x86_64.rpm ruby-rdoc-1.8.5-22.el5_7.1.x86_64.rpm ruby-ri-1.8.5-22.el5_7.1.x86_64.rpm ruby-tcltk-1.8.5-22.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3009.html https://www.redhat.com/security/data/cve/CVE-2011-4815.html https://access.redhat.com/security/updates/classification/#moderate http://www.ocert.org/advisories/ocert-2011-003.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPJuO0XlSAg2UNWIIRAghXAKDDyW2+wAimegdVEVxClio75I8djACgrvHc WYjnTYnTPhf71nt87CThpb0= =s78C -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 30 18:40:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Jan 2012 18:40:14 +0000 Subject: [RHSA-2012:0071-01] Moderate: php security update Message-ID: <201201301840.q0UIeEjU027320@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:0071-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0071.html Issue date: 2012-01-30 CVE Names: CVE-2011-0708 CVE-2011-1466 CVE-2011-2202 CVE-2011-4566 CVE-2011-4885 ===================================================================== 1. Summary: Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2011-4885. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 680972 - CVE-2011-0708 php: buffer over-read in Exif extension 689386 - CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar 713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename 750547 - CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003) 758413 - CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.35.src.rpm i386: php-4.3.9-3.35.i386.rpm php-debuginfo-4.3.9-3.35.i386.rpm php-devel-4.3.9-3.35.i386.rpm php-domxml-4.3.9-3.35.i386.rpm php-gd-4.3.9-3.35.i386.rpm php-imap-4.3.9-3.35.i386.rpm php-ldap-4.3.9-3.35.i386.rpm php-mbstring-4.3.9-3.35.i386.rpm php-mysql-4.3.9-3.35.i386.rpm php-ncurses-4.3.9-3.35.i386.rpm php-odbc-4.3.9-3.35.i386.rpm php-pear-4.3.9-3.35.i386.rpm php-pgsql-4.3.9-3.35.i386.rpm php-snmp-4.3.9-3.35.i386.rpm php-xmlrpc-4.3.9-3.35.i386.rpm ia64: php-4.3.9-3.35.ia64.rpm php-debuginfo-4.3.9-3.35.ia64.rpm php-devel-4.3.9-3.35.ia64.rpm php-domxml-4.3.9-3.35.ia64.rpm php-gd-4.3.9-3.35.ia64.rpm php-imap-4.3.9-3.35.ia64.rpm php-ldap-4.3.9-3.35.ia64.rpm php-mbstring-4.3.9-3.35.ia64.rpm php-mysql-4.3.9-3.35.ia64.rpm php-ncurses-4.3.9-3.35.ia64.rpm php-odbc-4.3.9-3.35.ia64.rpm php-pear-4.3.9-3.35.ia64.rpm php-pgsql-4.3.9-3.35.ia64.rpm php-snmp-4.3.9-3.35.ia64.rpm php-xmlrpc-4.3.9-3.35.ia64.rpm ppc: php-4.3.9-3.35.ppc.rpm php-debuginfo-4.3.9-3.35.ppc.rpm php-devel-4.3.9-3.35.ppc.rpm php-domxml-4.3.9-3.35.ppc.rpm php-gd-4.3.9-3.35.ppc.rpm php-imap-4.3.9-3.35.ppc.rpm php-ldap-4.3.9-3.35.ppc.rpm php-mbstring-4.3.9-3.35.ppc.rpm php-mysql-4.3.9-3.35.ppc.rpm php-ncurses-4.3.9-3.35.ppc.rpm php-odbc-4.3.9-3.35.ppc.rpm php-pear-4.3.9-3.35.ppc.rpm php-pgsql-4.3.9-3.35.ppc.rpm php-snmp-4.3.9-3.35.ppc.rpm php-xmlrpc-4.3.9-3.35.ppc.rpm s390: php-4.3.9-3.35.s390.rpm php-debuginfo-4.3.9-3.35.s390.rpm php-devel-4.3.9-3.35.s390.rpm php-domxml-4.3.9-3.35.s390.rpm php-gd-4.3.9-3.35.s390.rpm php-imap-4.3.9-3.35.s390.rpm php-ldap-4.3.9-3.35.s390.rpm php-mbstring-4.3.9-3.35.s390.rpm php-mysql-4.3.9-3.35.s390.rpm php-ncurses-4.3.9-3.35.s390.rpm php-odbc-4.3.9-3.35.s390.rpm php-pear-4.3.9-3.35.s390.rpm php-pgsql-4.3.9-3.35.s390.rpm php-snmp-4.3.9-3.35.s390.rpm php-xmlrpc-4.3.9-3.35.s390.rpm s390x: php-4.3.9-3.35.s390x.rpm php-debuginfo-4.3.9-3.35.s390x.rpm php-devel-4.3.9-3.35.s390x.rpm php-domxml-4.3.9-3.35.s390x.rpm php-gd-4.3.9-3.35.s390x.rpm php-imap-4.3.9-3.35.s390x.rpm php-ldap-4.3.9-3.35.s390x.rpm php-mbstring-4.3.9-3.35.s390x.rpm php-mysql-4.3.9-3.35.s390x.rpm php-ncurses-4.3.9-3.35.s390x.rpm php-odbc-4.3.9-3.35.s390x.rpm php-pear-4.3.9-3.35.s390x.rpm php-pgsql-4.3.9-3.35.s390x.rpm php-snmp-4.3.9-3.35.s390x.rpm php-xmlrpc-4.3.9-3.35.s390x.rpm x86_64: php-4.3.9-3.35.x86_64.rpm php-debuginfo-4.3.9-3.35.x86_64.rpm php-devel-4.3.9-3.35.x86_64.rpm php-domxml-4.3.9-3.35.x86_64.rpm php-gd-4.3.9-3.35.x86_64.rpm php-imap-4.3.9-3.35.x86_64.rpm php-ldap-4.3.9-3.35.x86_64.rpm php-mbstring-4.3.9-3.35.x86_64.rpm php-mysql-4.3.9-3.35.x86_64.rpm php-ncurses-4.3.9-3.35.x86_64.rpm php-odbc-4.3.9-3.35.x86_64.rpm php-pear-4.3.9-3.35.x86_64.rpm php-pgsql-4.3.9-3.35.x86_64.rpm php-snmp-4.3.9-3.35.x86_64.rpm php-xmlrpc-4.3.9-3.35.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.35.src.rpm i386: php-4.3.9-3.35.i386.rpm php-debuginfo-4.3.9-3.35.i386.rpm php-devel-4.3.9-3.35.i386.rpm php-domxml-4.3.9-3.35.i386.rpm php-gd-4.3.9-3.35.i386.rpm php-imap-4.3.9-3.35.i386.rpm php-ldap-4.3.9-3.35.i386.rpm php-mbstring-4.3.9-3.35.i386.rpm php-mysql-4.3.9-3.35.i386.rpm php-ncurses-4.3.9-3.35.i386.rpm php-odbc-4.3.9-3.35.i386.rpm php-pear-4.3.9-3.35.i386.rpm php-pgsql-4.3.9-3.35.i386.rpm php-snmp-4.3.9-3.35.i386.rpm php-xmlrpc-4.3.9-3.35.i386.rpm x86_64: php-4.3.9-3.35.x86_64.rpm php-debuginfo-4.3.9-3.35.x86_64.rpm php-devel-4.3.9-3.35.x86_64.rpm php-domxml-4.3.9-3.35.x86_64.rpm php-gd-4.3.9-3.35.x86_64.rpm php-imap-4.3.9-3.35.x86_64.rpm php-ldap-4.3.9-3.35.x86_64.rpm php-mbstring-4.3.9-3.35.x86_64.rpm php-mysql-4.3.9-3.35.x86_64.rpm php-ncurses-4.3.9-3.35.x86_64.rpm php-odbc-4.3.9-3.35.x86_64.rpm php-pear-4.3.9-3.35.x86_64.rpm php-pgsql-4.3.9-3.35.x86_64.rpm php-snmp-4.3.9-3.35.x86_64.rpm php-xmlrpc-4.3.9-3.35.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.35.src.rpm i386: php-4.3.9-3.35.i386.rpm php-debuginfo-4.3.9-3.35.i386.rpm php-devel-4.3.9-3.35.i386.rpm php-domxml-4.3.9-3.35.i386.rpm php-gd-4.3.9-3.35.i386.rpm php-imap-4.3.9-3.35.i386.rpm php-ldap-4.3.9-3.35.i386.rpm php-mbstring-4.3.9-3.35.i386.rpm php-mysql-4.3.9-3.35.i386.rpm php-ncurses-4.3.9-3.35.i386.rpm php-odbc-4.3.9-3.35.i386.rpm php-pear-4.3.9-3.35.i386.rpm php-pgsql-4.3.9-3.35.i386.rpm php-snmp-4.3.9-3.35.i386.rpm php-xmlrpc-4.3.9-3.35.i386.rpm ia64: php-4.3.9-3.35.ia64.rpm php-debuginfo-4.3.9-3.35.ia64.rpm php-devel-4.3.9-3.35.ia64.rpm php-domxml-4.3.9-3.35.ia64.rpm php-gd-4.3.9-3.35.ia64.rpm php-imap-4.3.9-3.35.ia64.rpm php-ldap-4.3.9-3.35.ia64.rpm php-mbstring-4.3.9-3.35.ia64.rpm php-mysql-4.3.9-3.35.ia64.rpm php-ncurses-4.3.9-3.35.ia64.rpm php-odbc-4.3.9-3.35.ia64.rpm php-pear-4.3.9-3.35.ia64.rpm php-pgsql-4.3.9-3.35.ia64.rpm php-snmp-4.3.9-3.35.ia64.rpm php-xmlrpc-4.3.9-3.35.ia64.rpm x86_64: php-4.3.9-3.35.x86_64.rpm php-debuginfo-4.3.9-3.35.x86_64.rpm php-devel-4.3.9-3.35.x86_64.rpm php-domxml-4.3.9-3.35.x86_64.rpm php-gd-4.3.9-3.35.x86_64.rpm php-imap-4.3.9-3.35.x86_64.rpm php-ldap-4.3.9-3.35.x86_64.rpm php-mbstring-4.3.9-3.35.x86_64.rpm php-mysql-4.3.9-3.35.x86_64.rpm php-ncurses-4.3.9-3.35.x86_64.rpm php-odbc-4.3.9-3.35.x86_64.rpm php-pear-4.3.9-3.35.x86_64.rpm php-pgsql-4.3.9-3.35.x86_64.rpm php-snmp-4.3.9-3.35.x86_64.rpm php-xmlrpc-4.3.9-3.35.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.35.src.rpm i386: php-4.3.9-3.35.i386.rpm php-debuginfo-4.3.9-3.35.i386.rpm php-devel-4.3.9-3.35.i386.rpm php-domxml-4.3.9-3.35.i386.rpm php-gd-4.3.9-3.35.i386.rpm php-imap-4.3.9-3.35.i386.rpm php-ldap-4.3.9-3.35.i386.rpm php-mbstring-4.3.9-3.35.i386.rpm php-mysql-4.3.9-3.35.i386.rpm php-ncurses-4.3.9-3.35.i386.rpm php-odbc-4.3.9-3.35.i386.rpm php-pear-4.3.9-3.35.i386.rpm php-pgsql-4.3.9-3.35.i386.rpm php-snmp-4.3.9-3.35.i386.rpm php-xmlrpc-4.3.9-3.35.i386.rpm ia64: php-4.3.9-3.35.ia64.rpm php-debuginfo-4.3.9-3.35.ia64.rpm php-devel-4.3.9-3.35.ia64.rpm php-domxml-4.3.9-3.35.ia64.rpm php-gd-4.3.9-3.35.ia64.rpm php-imap-4.3.9-3.35.ia64.rpm php-ldap-4.3.9-3.35.ia64.rpm php-mbstring-4.3.9-3.35.ia64.rpm php-mysql-4.3.9-3.35.ia64.rpm php-ncurses-4.3.9-3.35.ia64.rpm php-odbc-4.3.9-3.35.ia64.rpm php-pear-4.3.9-3.35.ia64.rpm php-pgsql-4.3.9-3.35.ia64.rpm php-snmp-4.3.9-3.35.ia64.rpm php-xmlrpc-4.3.9-3.35.ia64.rpm x86_64: php-4.3.9-3.35.x86_64.rpm php-debuginfo-4.3.9-3.35.x86_64.rpm php-devel-4.3.9-3.35.x86_64.rpm php-domxml-4.3.9-3.35.x86_64.rpm php-gd-4.3.9-3.35.x86_64.rpm php-imap-4.3.9-3.35.x86_64.rpm php-ldap-4.3.9-3.35.x86_64.rpm php-mbstring-4.3.9-3.35.x86_64.rpm php-mysql-4.3.9-3.35.x86_64.rpm php-ncurses-4.3.9-3.35.x86_64.rpm php-odbc-4.3.9-3.35.x86_64.rpm php-pear-4.3.9-3.35.x86_64.rpm php-pgsql-4.3.9-3.35.x86_64.rpm php-snmp-4.3.9-3.35.x86_64.rpm php-xmlrpc-4.3.9-3.35.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0708.html https://www.redhat.com/security/data/cve/CVE-2011-1466.html https://www.redhat.com/security/data/cve/CVE-2011-2202.html https://www.redhat.com/security/data/cve/CVE-2011-4566.html https://www.redhat.com/security/data/cve/CVE-2011-4885.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPJuP0XlSAg2UNWIIRAnNOAKClNo8zOfCzHt6mFA6kICm9eYZPnwCfdopP CB73QjymTYOW3rKlctdBUlk= =6MVP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 31 20:15:34 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jan 2012 20:15:34 +0000 Subject: [RHSA-2012:0073-01] Low: Red Hat Enterprise Linux 4 - 30 day End Of Life Notice Message-ID: <201201312015.q0VKFlTX022842@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 4 - 30 day End Of Life Notice Advisory ID: RHSA-2012:0073-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0073.html Issue date: 2012-01-31 ===================================================================== 1. Summary: This is the 30 day notification of the End Of Life plans for Red Hat Enterprise Linux 4. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012 and your subscription services for that version will change. Active Red Hat Enterprise Linux subscribers using Red Hat Enterprise Linux 4 will have the option to upgrade to currently supported versions of Red Hat Enterprise Linux and receive the full benefits of the subscription. After February 29, 2012, Red Hat will discontinue technical support services as well as software maintenance services for Red Hat Enterprise Linux 4 meaning that new bug fixes, security errata and product enhancements will no longer be provided for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers who choose to continue to deploy Red Hat Enterprise Linux 4 offerings will continue to have access via Red Hat Network (RHN) to the following content as part of their active Red Hat Enterprise Linux subscription: * Previously released bug fixes, security errata and product enhancements. * Red Hat Knowledge Base and other content (whitepapers, reference architectures, etc) found in the Red Hat Customer Portal. * All Red Hat Enterprise Linux 4 documentation. Customers are strongly encouraged to take advantage of the upgrade benefits of their active Red Hat Enterprise Linux subscription and migrate to an active version of Red Hat Enterprise Linux such as version 5 or 6. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date and require software maintenance and/or technical support, Red Hat offers an optional support extension called the Extended Life-cycle Support (ELS) Add-On Subscription. The ELS Subscription provides up to three additional years of limited Software Maintenance (Production 3 Phase) for Red Hat Enterprise Linux 4 with unlimited technical support, critical Security Advisories (RHSAs) and selected Urgent Priority Bug Advisories (RHBAs). For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Bugs fixed (http://bugzilla.redhat.com/): 761581 - Send Out RHEL 4 30 day EOL Notice 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/redhat-release-4AS-10.7.src.rpm i386: redhat-release-4AS-10.7.i386.rpm ia64: redhat-release-4AS-10.7.ia64.rpm ppc: redhat-release-4AS-10.7.ppc.rpm s390: redhat-release-4AS-10.7.s390.rpm s390x: redhat-release-4AS-10.7.s390x.rpm x86_64: redhat-release-4AS-10.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/redhat-release-4Desktop-10.7.src.rpm i386: redhat-release-4Desktop-10.7.i386.rpm x86_64: redhat-release-4Desktop-10.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/redhat-release-4ES-10.7.src.rpm i386: redhat-release-4ES-10.7.i386.rpm ia64: redhat-release-4ES-10.7.ia64.rpm x86_64: redhat-release-4ES-10.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/redhat-release-4WS-10.7.src.rpm i386: redhat-release-4WS-10.7.i386.rpm ia64: redhat-release-4WS-10.7.ia64.rpm x86_64: redhat-release-4WS-10.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPKEvtXlSAg2UNWIIRAtL0AJ0d0dnA6sxA/z6CZ9yP5GR83JUgEACgpV6m KnhGFaWiSFqMCpg3LKGH7I4= =va7x -----END PGP SIGNATURE-----