From bugzilla at redhat.com Tue Jul 3 09:55:36 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Jul 2012 09:55:36 +0000 Subject: [RHSA-2012:1054-01] Important: libtiff security update Message-ID: <201207030955.q639tcBJ031363@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2012:1054-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1054.html Issue date: 2012-07-03 CVE Names: CVE-2012-2088 CVE-2012-2113 ===================================================================== 1. Summary: Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 810551 - CVE-2012-2113 libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file 832864 - CVE-2012-2088 libtiff: Type conversion flaw leading to heap-buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-15.el5_8.src.rpm i386: libtiff-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm x86_64: libtiff-3.8.2-15.el5_8.i386.rpm libtiff-3.8.2-15.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libtiff-3.8.2-15.el5_8.src.rpm i386: libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-devel-3.8.2-15.el5_8.i386.rpm x86_64: libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.x86_64.rpm libtiff-devel-3.8.2-15.el5_8.i386.rpm libtiff-devel-3.8.2-15.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libtiff-3.8.2-15.el5_8.src.rpm i386: libtiff-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-devel-3.8.2-15.el5_8.i386.rpm ia64: libtiff-3.8.2-15.el5_8.i386.rpm libtiff-3.8.2-15.el5_8.ia64.rpm libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.ia64.rpm libtiff-devel-3.8.2-15.el5_8.ia64.rpm ppc: libtiff-3.8.2-15.el5_8.ppc.rpm libtiff-3.8.2-15.el5_8.ppc64.rpm libtiff-debuginfo-3.8.2-15.el5_8.ppc.rpm libtiff-debuginfo-3.8.2-15.el5_8.ppc64.rpm libtiff-devel-3.8.2-15.el5_8.ppc.rpm libtiff-devel-3.8.2-15.el5_8.ppc64.rpm s390x: libtiff-3.8.2-15.el5_8.s390.rpm libtiff-3.8.2-15.el5_8.s390x.rpm libtiff-debuginfo-3.8.2-15.el5_8.s390.rpm libtiff-debuginfo-3.8.2-15.el5_8.s390x.rpm libtiff-devel-3.8.2-15.el5_8.s390.rpm libtiff-devel-3.8.2-15.el5_8.s390x.rpm x86_64: libtiff-3.8.2-15.el5_8.i386.rpm libtiff-3.8.2-15.el5_8.x86_64.rpm libtiff-debuginfo-3.8.2-15.el5_8.i386.rpm libtiff-debuginfo-3.8.2-15.el5_8.x86_64.rpm libtiff-devel-3.8.2-15.el5_8.i386.rpm libtiff-devel-3.8.2-15.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm x86_64: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-3.9.4-6.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm libtiff-static-3.9.4-6.el6_3.i686.rpm x86_64: libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.x86_64.rpm libtiff-static-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm x86_64: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-3.9.4-6.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm x86_64: libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.x86_64.rpm libtiff-static-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm ppc64: libtiff-3.9.4-6.el6_3.ppc.rpm libtiff-3.9.4-6.el6_3.ppc64.rpm libtiff-debuginfo-3.9.4-6.el6_3.ppc.rpm libtiff-debuginfo-3.9.4-6.el6_3.ppc64.rpm libtiff-devel-3.9.4-6.el6_3.ppc.rpm libtiff-devel-3.9.4-6.el6_3.ppc64.rpm s390x: libtiff-3.9.4-6.el6_3.s390.rpm libtiff-3.9.4-6.el6_3.s390x.rpm libtiff-debuginfo-3.9.4-6.el6_3.s390.rpm libtiff-debuginfo-3.9.4-6.el6_3.s390x.rpm libtiff-devel-3.9.4-6.el6_3.s390.rpm libtiff-devel-3.9.4-6.el6_3.s390x.rpm x86_64: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-3.9.4-6.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-static-3.9.4-6.el6_3.i686.rpm ppc64: libtiff-debuginfo-3.9.4-6.el6_3.ppc64.rpm libtiff-static-3.9.4-6.el6_3.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-6.el6_3.s390x.rpm libtiff-static-3.9.4-6.el6_3.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-static-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm x86_64: libtiff-3.9.4-6.el6_3.i686.rpm libtiff-3.9.4-6.el6_3.x86_64.rpm libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-devel-3.9.4-6.el6_3.i686.rpm libtiff-devel-3.9.4-6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtiff-3.9.4-6.el6_3.src.rpm i386: libtiff-debuginfo-3.9.4-6.el6_3.i686.rpm libtiff-static-3.9.4-6.el6_3.i686.rpm x86_64: libtiff-debuginfo-3.9.4-6.el6_3.x86_64.rpm libtiff-static-3.9.4-6.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2088.html https://www.redhat.com/security/data/cve/CVE-2012-2113.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP8sFdXlSAg2UNWIIRAuyKAKC/piD0MQr5/0rbHJBXwFHAKiDmqwCgnsgK kfqWGvBZTnX8Ugpow0s9V5Q= =E7Jo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 10 11:53:22 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jul 2012 11:53:22 +0000 Subject: [RHSA-2012:1061-01] Moderate: kernel security and bug fix update Message-ID: <201207101153.q6ABrMhs009456@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2012:1061-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1061.html Issue date: 2012-07-10 CVE Names: CVE-2012-3375 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * The fix for CVE-2011-1083 (RHSA-2012:0150) introduced a flaw in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) Bug fixes: * The qla2xxx driver handled interrupts for QLogic Fibre Channel adapters incorrectly due to a bug in a test condition for MSI-X support. This update corrects the bug and qla2xxx now handles interrupts as expected. (BZ#816373) * A process scheduler did not handle RPC priority wait queues correctly. Consequently, the process scheduler failed to wake up all scheduled tasks as expected after RPC timeout, which caused the system to become unresponsive and could significantly decrease system performance. This update modifies the process scheduler to handle RPC priority wait queues as expected. All scheduled tasks are now properly woken up after RPC timeout and the system behaves as expected. (BZ#817571) * The kernel version 2.6.18-308.4.1.el5 contained several bugs which led to an overrun of the NFS server page array. Consequently, any attempt to connect an NFS client running on Red Hat Enterprise Linux 5.8 to the NFS server running on the system with this kernel caused the NFS server to terminate unexpectedly and the kernel to panic. This update corrects the bugs causing NFS page array overruns and the kernel no longer crashes in this scenario. (BZ#820358) * An insufficiently designed calculation in the CPU accelerator in the previous kernel caused an arithmetic overflow in the sched_clock() function when system uptime exceeded 208.5 days. This overflow led to a kernel panic on the systems using the Time Stamp Counter (TSC) or Virtual Machine Interface (VMI) clock source. This update corrects the calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. Note: This advisory does not include a fix for this bug for the 32-bit architecture. (BZ#824654) * Under memory pressure, memory pages that are still a part of a checkpointing transaction can be invalidated. However, when the pages were invalidated, the journal head was re-filed onto the transactions' "forget" list, which caused the current running transaction's block to be modified. As a result, block accounting was not properly performed on that modified block because it appeared to have already been modified due to the journal head being re-filed. This could trigger an assertion failure in the "journal_commit_transaction()" function on the system. The "b_modified" flag is now cleared before the journal head is filed onto any transaction; assertion failures no longer occur. (BZ#827205) * When running more than 30 instances of the cclengine utility concurrently on IBM System z with IBM Communications Controller for Linux, the system could become unresponsive. This was caused by a missing wake_up() function call in the qeth_release_buffer() function in the QETH network device driver. This update adds the missing wake_up() function call and the system now responds as expected in this scenario. (BZ#829059) * Recent changes removing support for the Flow Director from the ixgbe driver introduced bugs that caused the RSS (Receive Side Scaling) functionality to stop working correctly on Intel 82599EB 10 Gigabit Ethernet network devices. This update corrects the return code in the ixgbe_cache_ring_fdir function and setting of the registers that control the RSS redirection table. Also, obsolete code related to Flow Director support has been removed. The RSS functionality now works as expected on these devices. (BZ#832169) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 837502 - CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.11.1.el5.src.rpm i386: kernel-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.11.1.el5.i686.rpm kernel-debug-2.6.18-308.11.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.11.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.i686.rpm kernel-devel-2.6.18-308.11.1.el5.i686.rpm kernel-headers-2.6.18-308.11.1.el5.i386.rpm kernel-xen-2.6.18-308.11.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.11.1.el5.i686.rpm noarch: kernel-doc-2.6.18-308.11.1.el5.noarch.rpm x86_64: kernel-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.11.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.x86_64.rpm kernel-devel-2.6.18-308.11.1.el5.x86_64.rpm kernel-headers-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.11.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.11.1.el5.src.rpm i386: kernel-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-PAE-devel-2.6.18-308.11.1.el5.i686.rpm kernel-debug-2.6.18-308.11.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-debug-devel-2.6.18-308.11.1.el5.i686.rpm kernel-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.i686.rpm kernel-devel-2.6.18-308.11.1.el5.i686.rpm kernel-headers-2.6.18-308.11.1.el5.i386.rpm kernel-xen-2.6.18-308.11.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.11.1.el5.i686.rpm kernel-xen-devel-2.6.18-308.11.1.el5.i686.rpm ia64: kernel-2.6.18-308.11.1.el5.ia64.rpm kernel-debug-2.6.18-308.11.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.ia64.rpm kernel-debug-devel-2.6.18-308.11.1.el5.ia64.rpm kernel-debuginfo-2.6.18-308.11.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.ia64.rpm kernel-devel-2.6.18-308.11.1.el5.ia64.rpm kernel-headers-2.6.18-308.11.1.el5.ia64.rpm kernel-xen-2.6.18-308.11.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-308.11.1.el5.ia64.rpm kernel-xen-devel-2.6.18-308.11.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-308.11.1.el5.noarch.rpm ppc: kernel-2.6.18-308.11.1.el5.ppc64.rpm kernel-debug-2.6.18-308.11.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-308.11.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-308.11.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.ppc64.rpm kernel-devel-2.6.18-308.11.1.el5.ppc64.rpm kernel-headers-2.6.18-308.11.1.el5.ppc.rpm kernel-headers-2.6.18-308.11.1.el5.ppc64.rpm kernel-kdump-2.6.18-308.11.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-308.11.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-308.11.1.el5.ppc64.rpm s390x: kernel-2.6.18-308.11.1.el5.s390x.rpm kernel-debug-2.6.18-308.11.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.s390x.rpm kernel-debug-devel-2.6.18-308.11.1.el5.s390x.rpm kernel-debuginfo-2.6.18-308.11.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.s390x.rpm kernel-devel-2.6.18-308.11.1.el5.s390x.rpm kernel-headers-2.6.18-308.11.1.el5.s390x.rpm kernel-kdump-2.6.18-308.11.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-308.11.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-308.11.1.el5.s390x.rpm x86_64: kernel-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.11.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.11.1.el5.x86_64.rpm kernel-devel-2.6.18-308.11.1.el5.x86_64.rpm kernel-headers-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.11.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.11.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3375.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0150.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP/BdwXlSAg2UNWIIRAsjOAKChltn2LMkvjeccDRXmEe+Lm3hbYQCfSsa8 NxTouf5oWsTwfEqttGh+uhg= =iwms -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 10 11:55:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jul 2012 11:55:25 +0000 Subject: [RHSA-2012:1064-01] Important: kernel security and bug fix update Message-ID: <201207101155.q6ABtQ4v019703@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:1064-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1064.html Issue date: 2012-07-10 CVE Names: CVE-2012-2744 CVE-2012-2745 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important) * A flaw was found in the way the Linux kernel's key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2745, Moderate) Red Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting CVE-2012-2744. This update also fixes the following bugs: * Previously introduced firmware files required for new Realtek chipsets contained an invalid prefix ("rtl_nic_") in the file names, for example "/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw". This update corrects these file names. For example, the aforementioned file is now correctly named "/lib/firmware/rtl_nic/rtl8168d-1.fw". (BZ#832359) * This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk device. This is due to data corruption occurring on the said device when the Ultra-DMA 66 transfer mode is used. When the "libata.force=5:pio0,6:pio0" kernel parameter is set, the aforementioned device works as expected. (BZ#832363) * On Red Hat Enterprise Linux 6, mounting an NFS export from a server running Windows Server 2012 Release Candidate returned the NFS4ERR_MINOR_VERS_MISMATCH error because Windows Server 2012 Release Candidate supports NFSv4.1 only. Red Hat Enterprise Linux 6 did not properly handle the returned error and did not fall back to using NFSv3, which caused the mount operation to fail. With this update, when the NFS4ERR_MINOR_VERS_MISMATCH error is returned, the mount operation properly falls back to using NFSv3 and no longer fails. (BZ#832365) * On ext4 file systems, when fallocate() failed to allocate blocks due to the ENOSPC condition (no space left on device) for a file larger than 4 GB, the size of the file became corrupted and, consequently, caused file system corruption. This was due to a missing cast operator in the "ext4_fallocate()" function. With this update, the underlying source code has been modified to address this issue, and file system corruption no longer occurs. (BZ#833034) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 832365 - NFS mounts fail against Windows 8 servers [rhel-6.3.z] 833402 - CVE-2012-2744 kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm() 833428 - CVE-2012-2745 kernel: cred: copy_process() should clear child->replacement_session_keyring 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-2.6.32-279.1.1.el6.i686.rpm kernel-debug-2.6.32-279.1.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm kernel-devel-2.6.32-279.1.1.el6.i686.rpm kernel-headers-2.6.32-279.1.1.el6.i686.rpm perf-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.1.1.el6.noarch.rpm kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm perf-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.1.1.el6.noarch.rpm kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm perf-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-2.6.32-279.1.1.el6.i686.rpm kernel-debug-2.6.32-279.1.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm kernel-devel-2.6.32-279.1.1.el6.i686.rpm kernel-headers-2.6.32-279.1.1.el6.i686.rpm perf-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.1.1.el6.noarch.rpm kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.1.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.1.1.el6.ppc64.rpm kernel-debug-2.6.32-279.1.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.1.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.1.1.el6.ppc64.rpm kernel-devel-2.6.32-279.1.1.el6.ppc64.rpm kernel-headers-2.6.32-279.1.1.el6.ppc64.rpm perf-2.6.32-279.1.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.1.1.el6.s390x.rpm kernel-debug-2.6.32-279.1.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.1.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.1.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.1.1.el6.s390x.rpm kernel-devel-2.6.32-279.1.1.el6.s390x.rpm kernel-headers-2.6.32-279.1.1.el6.s390x.rpm kernel-kdump-2.6.32-279.1.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.1.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.1.1.el6.s390x.rpm perf-2.6.32-279.1.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.1.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm perf-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.1.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm python-perf-2.6.32-279.1.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.1.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.1.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.1.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.1.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.1.1.el6.s390x.rpm python-perf-2.6.32-279.1.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-2.6.32-279.1.1.el6.i686.rpm kernel-debug-2.6.32-279.1.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm kernel-devel-2.6.32-279.1.1.el6.i686.rpm kernel-headers-2.6.32-279.1.1.el6.i686.rpm perf-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.1.1.el6.noarch.rpm kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm perf-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.1.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.1.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.1.1.el6.i686.rpm perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm python-perf-2.6.32-279.1.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.1.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm python-perf-2.6.32-279.1.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.1.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2744.html https://www.redhat.com/security/data/cve/CVE-2012-2745.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP/Bf1XlSAg2UNWIIRAryqAKC7c7cwSLY98vMxbEoQnT0y3mcRWACfX5PY 9eSjA+JL+x/uPLzLqV6/5eU= =MZes -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 11 16:50:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jul 2012 16:50:25 +0000 Subject: [RHSA-2012:1068-01] Important: openjpeg security update Message-ID: <201207111650.q6BGoVjN010408@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openjpeg security update Advisory ID: RHSA-2012:1068-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1068.html Issue date: 2012-07-11 CVE Names: CVE-2009-5030 CVE-2012-3358 ===================================================================== 1. Summary: Updated openjpeg packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-3358) OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5030) Users of OpenJPEG should upgrade to these updated packages, which contain patches to correct these issues. All running applications using OpenJPEG must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 812317 - CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images 835767 - CVE-2012-3358 openjpeg: heap-based buffer overflow when processing JPEG2000 image files 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm ppc64: openjpeg-debuginfo-1.3-8.el6_3.ppc.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc64.rpm openjpeg-libs-1.3-8.el6_3.ppc.rpm openjpeg-libs-1.3-8.el6_3.ppc64.rpm s390x: openjpeg-debuginfo-1.3-8.el6_3.s390.rpm openjpeg-debuginfo-1.3-8.el6_3.s390x.rpm openjpeg-libs-1.3-8.el6_3.s390.rpm openjpeg-libs-1.3-8.el6_3.s390x.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm ppc64: openjpeg-1.3-8.el6_3.ppc64.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc.rpm openjpeg-debuginfo-1.3-8.el6_3.ppc64.rpm openjpeg-devel-1.3-8.el6_3.ppc.rpm openjpeg-devel-1.3-8.el6_3.ppc64.rpm s390x: openjpeg-1.3-8.el6_3.s390x.rpm openjpeg-debuginfo-1.3-8.el6_3.s390.rpm openjpeg-debuginfo-1.3-8.el6_3.s390x.rpm openjpeg-devel-1.3-8.el6_3.s390.rpm openjpeg-devel-1.3-8.el6_3.s390x.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-libs-1.3-8.el6_3.i686.rpm openjpeg-libs-1.3-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-8.el6_3.src.rpm i386: openjpeg-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm x86_64: openjpeg-1.3-8.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-8.el6_3.i686.rpm openjpeg-debuginfo-1.3-8.el6_3.x86_64.rpm openjpeg-devel-1.3-8.el6_3.i686.rpm openjpeg-devel-1.3-8.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-5030.html https://www.redhat.com/security/data/cve/CVE-2012-3358.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP/a6NXlSAg2UNWIIRAkhpAJ9LLFPkpkmktZ+nozO71/KfGBBICACeMsS1 SVLrZiQO3N7F9sH7bYKFQoI= =XqFn -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 16 16:01:18 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Jul 2012 16:01:18 +0000 Subject: [RHSA-2012:1081-01] Moderate: sudo security update Message-ID: <201207161601.q6GG1K1i006010@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sudo security update Advisory ID: RHSA-2012:1081-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1081.html Issue date: 2012-07-16 CVE Names: CVE-2012-2337 ===================================================================== 1. Summary: An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. (CVE-2012-2337) All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 820677 - CVE-2012-2337 sudo: Multiple netmask values used in Host / Host_List configuration cause any host to be allowed access 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-14.el5_8.src.rpm i386: sudo-1.7.2p1-14.el5_8.i386.rpm sudo-debuginfo-1.7.2p1-14.el5_8.i386.rpm x86_64: sudo-1.7.2p1-14.el5_8.x86_64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-14.el5_8.src.rpm i386: sudo-1.7.2p1-14.el5_8.i386.rpm sudo-debuginfo-1.7.2p1-14.el5_8.i386.rpm ia64: sudo-1.7.2p1-14.el5_8.ia64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.ia64.rpm ppc: sudo-1.7.2p1-14.el5_8.ppc.rpm sudo-debuginfo-1.7.2p1-14.el5_8.ppc.rpm s390x: sudo-1.7.2p1-14.el5_8.s390x.rpm sudo-debuginfo-1.7.2p1-14.el5_8.s390x.rpm x86_64: sudo-1.7.2p1-14.el5_8.x86_64.rpm sudo-debuginfo-1.7.2p1-14.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sudo-1.7.4p5-12.el6_3.src.rpm i386: sudo-1.7.4p5-12.el6_3.i686.rpm sudo-debuginfo-1.7.4p5-12.el6_3.i686.rpm x86_64: sudo-1.7.4p5-12.el6_3.x86_64.rpm sudo-debuginfo-1.7.4p5-12.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sudo-1.7.4p5-12.el6_3.src.rpm x86_64: sudo-1.7.4p5-12.el6_3.x86_64.rpm sudo-debuginfo-1.7.4p5-12.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sudo-1.7.4p5-12.el6_3.src.rpm i386: sudo-1.7.4p5-12.el6_3.i686.rpm sudo-debuginfo-1.7.4p5-12.el6_3.i686.rpm ppc64: sudo-1.7.4p5-12.el6_3.ppc64.rpm sudo-debuginfo-1.7.4p5-12.el6_3.ppc64.rpm s390x: sudo-1.7.4p5-12.el6_3.s390x.rpm sudo-debuginfo-1.7.4p5-12.el6_3.s390x.rpm x86_64: sudo-1.7.4p5-12.el6_3.x86_64.rpm sudo-debuginfo-1.7.4p5-12.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sudo-1.7.4p5-12.el6_3.src.rpm i386: sudo-1.7.4p5-12.el6_3.i686.rpm sudo-debuginfo-1.7.4p5-12.el6_3.i686.rpm x86_64: sudo-1.7.4p5-12.el6_3.x86_64.rpm sudo-debuginfo-1.7.4p5-12.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2337.html https://access.redhat.com/security/updates/classification/#moderate http://www.sudo.ws/sudo/alerts/netmask.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBDq7XlSAg2UNWIIRAgY1AJ0STDHlupNPJjzAknixU3dFdRunygCgrXSz sypgkGr2uf1zBMMepQQVrx4= =mSdL -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 17 19:29:50 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jul 2012 19:29:50 +0000 Subject: [RHSA-2012:1087-01] Important: kernel security and bug fix update Message-ID: <201207171929.q6HJTpU7023552@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:1087-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1087.html Issue date: 2012-07-17 CVE Names: CVE-2012-2136 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access. (CVE-2012-2136, Important) This update also fixes the following bugs: * An insufficiently designed calculation in the CPU accelerator in the previous kernel caused an arithmetic overflow in the sched_clock() function when system uptime exceeded 208.5 days. This overflow led to a kernel panic on the systems using the Time Stamp Counter (TSC) or Virtual Machine Interface (VMI) clock source. This update corrects the described calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. (BZ#825981, BZ#835449) * Previously, a race condition between the journal_write_metadata_buffer() and jbd_unlock_bh_state() functions could occur. Consequently, another thread could call the get_write_access() function on the buffer head and cause the wrong data to be written into the journal. If the system terminated unexpectedly or was shut down incorrectly, subsequent file system journal replay could result in file system corruption. This update fixes the race condition and the file system corruption no longer occurs in the described scenario. (BZ#833764) * When the kvmclock initialization was used in a guest, it could write to the Time Stamp Counter (TSC) and, under certain circumstances, could cause the kernel to become unresponsive on boot. With this update, TSC synchronization, which is unnecessary due to kvmclock, has been disabled, thus fixing this bug. (BZ#834557) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 816289 - CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb() 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: kernel-2.6.18-238.40.1.el5.src.rpm i386: kernel-2.6.18-238.40.1.el5.i686.rpm kernel-PAE-2.6.18-238.40.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.40.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.40.1.el5.i686.rpm kernel-debug-2.6.18-238.40.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.40.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.40.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.40.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.40.1.el5.i686.rpm kernel-devel-2.6.18-238.40.1.el5.i686.rpm kernel-headers-2.6.18-238.40.1.el5.i386.rpm kernel-xen-2.6.18-238.40.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.40.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.40.1.el5.i686.rpm ia64: kernel-2.6.18-238.40.1.el5.ia64.rpm kernel-debug-2.6.18-238.40.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.40.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.40.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.40.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.40.1.el5.ia64.rpm kernel-devel-2.6.18-238.40.1.el5.ia64.rpm kernel-headers-2.6.18-238.40.1.el5.ia64.rpm kernel-xen-2.6.18-238.40.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.40.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.40.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.40.1.el5.noarch.rpm ppc: kernel-2.6.18-238.40.1.el5.ppc64.rpm kernel-debug-2.6.18-238.40.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.40.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.40.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.40.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.40.1.el5.ppc64.rpm kernel-devel-2.6.18-238.40.1.el5.ppc64.rpm kernel-headers-2.6.18-238.40.1.el5.ppc.rpm kernel-headers-2.6.18-238.40.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.40.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.40.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.40.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.40.1.el5.s390x.rpm kernel-debug-2.6.18-238.40.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.40.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.40.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.40.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.40.1.el5.s390x.rpm kernel-devel-2.6.18-238.40.1.el5.s390x.rpm kernel-headers-2.6.18-238.40.1.el5.s390x.rpm kernel-kdump-2.6.18-238.40.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.40.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.40.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.40.1.el5.x86_64.rpm kernel-debug-2.6.18-238.40.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.40.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.40.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.40.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.40.1.el5.x86_64.rpm kernel-devel-2.6.18-238.40.1.el5.x86_64.rpm kernel-headers-2.6.18-238.40.1.el5.x86_64.rpm kernel-xen-2.6.18-238.40.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.40.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.40.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2136.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBb0QXlSAg2UNWIIRAq4XAJ9y1hbIeSgsIZ9Eb1CmobsTaFfG0wCguO40 0Al/6v77xyPQOCKAmeWkFaw= =97g3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 17 19:31:00 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jul 2012 19:31:00 +0000 Subject: [RHSA-2012:1088-01] Critical: firefox security update Message-ID: <201207171931.q6HJV13a001905@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2012:1088-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1088.html Issue date: 2012-07-17 CVE Names: CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967) A malicious web page could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. (CVE-2012-1959) A flaw in the context menu functionality in Firefox could allow a malicious website to bypass intended restrictions and allow a cross-site scripting attack. (CVE-2012-1966) A page different to that in the address bar could be displayed when dragging and dropping to the address bar, possibly making it easier for a malicious site or user to perform a phishing attack. (CVE-2012-1950) A flaw in the way Firefox called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2012-1955) A flaw in a parser utility class used by Firefox to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Firefox. This issue could have affected other browser components or add-ons that assume the class returns sanitized input. (CVE-2012-1957) A flaw in the way Firefox handled X-Frame-Options headers could allow a malicious website to perform a clickjacking attack. (CVE-2012-1961) A flaw in the way Content Security Policy (CSP) reports were generated by Firefox could allow a malicious web page to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963) A flaw in the way Firefox handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964) A flaw in the way Firefox handled feed:javascript URLs could allow output filtering to be bypassed, possibly leading to a cross-site scripting attack. (CVE-2012-1965) The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Firefox enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Firefox. (BZ#838879) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Code Audit Labs, Mariusz Mlynski, Mario Heiderich, Fr?d?ric Buclin, Karthikeyan Bhargavan, Matt McCutchen, Mario Gomes, and Soroush Dalili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 838879 - Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird 840201 - CVE-2012-1948 CVE-2012-1949 Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42) 840203 - CVE-2012-1950 Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43) 840205 - CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44) 840206 - CVE-2012-1955 Mozilla: Spoofing issue with location (MFSA 2012-45) 840207 - CVE-2012-1966 Mozilla: XSS and code execution through data: URLs (MFSA 2012-46) 840208 - CVE-2012-1957 Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47) 840211 - CVE-2012-1958 Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48) 840212 - CVE-2012-1959 Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49) 840214 - CVE-2012-1961 Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51) 840215 - CVE-2012-1962 Mozilla: JSDependentString::undepend string conversion results in memory corruption (MFSA 2012-52) 840220 - CVE-2012-1963 Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53) 840222 - CVE-2012-1964 Mozilla: Clickjacking of certificate warning page (MFSA 2012-54) 840225 - CVE-2012-1965 Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55) 840259 - CVE-2012-1967 Mozilla: Code execution through javascript: URLs (MFSA 2012-56) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.6-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.6-2.el5_8.src.rpm i386: firefox-10.0.6-1.el5_8.i386.rpm firefox-debuginfo-10.0.6-1.el5_8.i386.rpm xulrunner-10.0.6-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm x86_64: firefox-10.0.6-1.el5_8.i386.rpm firefox-10.0.6-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.6-1.el5_8.i386.rpm firefox-debuginfo-10.0.6-1.el5_8.x86_64.rpm xulrunner-10.0.6-2.el5_8.i386.rpm xulrunner-10.0.6-2.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.6-2.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.6-2.el5_8.src.rpm i386: xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm xulrunner-devel-10.0.6-2.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.6-2.el5_8.x86_64.rpm xulrunner-devel-10.0.6-2.el5_8.i386.rpm xulrunner-devel-10.0.6-2.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.6-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.6-2.el5_8.src.rpm i386: firefox-10.0.6-1.el5_8.i386.rpm firefox-debuginfo-10.0.6-1.el5_8.i386.rpm xulrunner-10.0.6-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm xulrunner-devel-10.0.6-2.el5_8.i386.rpm ia64: firefox-10.0.6-1.el5_8.ia64.rpm firefox-debuginfo-10.0.6-1.el5_8.ia64.rpm xulrunner-10.0.6-2.el5_8.ia64.rpm xulrunner-debuginfo-10.0.6-2.el5_8.ia64.rpm xulrunner-devel-10.0.6-2.el5_8.ia64.rpm ppc: firefox-10.0.6-1.el5_8.ppc.rpm firefox-debuginfo-10.0.6-1.el5_8.ppc.rpm xulrunner-10.0.6-2.el5_8.ppc.rpm xulrunner-10.0.6-2.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.6-2.el5_8.ppc.rpm xulrunner-debuginfo-10.0.6-2.el5_8.ppc64.rpm xulrunner-devel-10.0.6-2.el5_8.ppc.rpm xulrunner-devel-10.0.6-2.el5_8.ppc64.rpm s390x: firefox-10.0.6-1.el5_8.s390.rpm firefox-10.0.6-1.el5_8.s390x.rpm firefox-debuginfo-10.0.6-1.el5_8.s390.rpm firefox-debuginfo-10.0.6-1.el5_8.s390x.rpm xulrunner-10.0.6-2.el5_8.s390.rpm xulrunner-10.0.6-2.el5_8.s390x.rpm xulrunner-debuginfo-10.0.6-2.el5_8.s390.rpm xulrunner-debuginfo-10.0.6-2.el5_8.s390x.rpm xulrunner-devel-10.0.6-2.el5_8.s390.rpm xulrunner-devel-10.0.6-2.el5_8.s390x.rpm x86_64: firefox-10.0.6-1.el5_8.i386.rpm firefox-10.0.6-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.6-1.el5_8.i386.rpm firefox-debuginfo-10.0.6-1.el5_8.x86_64.rpm xulrunner-10.0.6-2.el5_8.i386.rpm xulrunner-10.0.6-2.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.6-2.el5_8.i386.rpm xulrunner-debuginfo-10.0.6-2.el5_8.x86_64.rpm xulrunner-devel-10.0.6-2.el5_8.i386.rpm xulrunner-devel-10.0.6-2.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.6-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: firefox-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm x86_64: firefox-10.0.6-1.el6_3.i686.rpm firefox-10.0.6-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.6-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm x86_64: firefox-10.0.6-1.el6_3.i686.rpm firefox-10.0.6-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.6-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: firefox-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm ppc64: firefox-10.0.6-1.el6_3.ppc.rpm firefox-10.0.6-1.el6_3.ppc64.rpm firefox-debuginfo-10.0.6-1.el6_3.ppc.rpm firefox-debuginfo-10.0.6-1.el6_3.ppc64.rpm xulrunner-10.0.6-1.el6_3.ppc.rpm xulrunner-10.0.6-1.el6_3.ppc64.rpm xulrunner-debuginfo-10.0.6-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.6-1.el6_3.ppc64.rpm s390x: firefox-10.0.6-1.el6_3.s390.rpm firefox-10.0.6-1.el6_3.s390x.rpm firefox-debuginfo-10.0.6-1.el6_3.s390.rpm firefox-debuginfo-10.0.6-1.el6_3.s390x.rpm xulrunner-10.0.6-1.el6_3.s390.rpm xulrunner-10.0.6-1.el6_3.s390x.rpm xulrunner-debuginfo-10.0.6-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.6-1.el6_3.s390x.rpm x86_64: firefox-10.0.6-1.el6_3.i686.rpm firefox-10.0.6-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm ppc64: xulrunner-debuginfo-10.0.6-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.6-1.el6_3.ppc64.rpm xulrunner-devel-10.0.6-1.el6_3.ppc.rpm xulrunner-devel-10.0.6-1.el6_3.ppc64.rpm s390x: xulrunner-debuginfo-10.0.6-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.6-1.el6_3.s390x.rpm xulrunner-devel-10.0.6-1.el6_3.s390.rpm xulrunner-devel-10.0.6-1.el6_3.s390x.rpm x86_64: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.6-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: firefox-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm x86_64: firefox-10.0.6-1.el6_3.i686.rpm firefox-10.0.6-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.6-1.el6_3.i686.rpm firefox-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-10.0.6-1.el6_3.i686.rpm xulrunner-10.0.6-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.6-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.6-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.6-1.el6_3.x86_64.rpm xulrunner-devel-10.0.6-1.el6_3.i686.rpm xulrunner-devel-10.0.6-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1948.html https://www.redhat.com/security/data/cve/CVE-2012-1950.html https://www.redhat.com/security/data/cve/CVE-2012-1951.html https://www.redhat.com/security/data/cve/CVE-2012-1952.html https://www.redhat.com/security/data/cve/CVE-2012-1953.html https://www.redhat.com/security/data/cve/CVE-2012-1954.html https://www.redhat.com/security/data/cve/CVE-2012-1955.html https://www.redhat.com/security/data/cve/CVE-2012-1957.html https://www.redhat.com/security/data/cve/CVE-2012-1958.html https://www.redhat.com/security/data/cve/CVE-2012-1959.html https://www.redhat.com/security/data/cve/CVE-2012-1961.html https://www.redhat.com/security/data/cve/CVE-2012-1962.html https://www.redhat.com/security/data/cve/CVE-2012-1963.html https://www.redhat.com/security/data/cve/CVE-2012-1964.html https://www.redhat.com/security/data/cve/CVE-2012-1965.html https://www.redhat.com/security/data/cve/CVE-2012-1966.html https://www.redhat.com/security/data/cve/CVE-2012-1967.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://rhn.redhat.com/errata/RHBA-2012-0337.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBb1MXlSAg2UNWIIRArgxAJ46z1at3CijCtWmJwmz0StlPb1x+ACgoz3A whLKZESa8BWxLdyayqxGg/c= =JZR5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 17 19:31:59 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jul 2012 19:31:59 +0000 Subject: [RHSA-2012:1089-01] Critical: thunderbird security update Message-ID: <201207171932.q6HJW1LA002841@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:1089-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1089.html Issue date: 2012-07-17 CVE Names: CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967) Malicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. (CVE-2012-1959) A flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content. (CVE-2012-1955) A flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. (CVE-2012-1957) A flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack. (CVE-2012-1961) A flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963) A flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964) The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Thunderbird enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Thunderbird. (BZ#838879) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Fr?d?ric Buclin, Karthikeyan Bhargavan, and Matt McCutchen as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 838879 - Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird 840201 - CVE-2012-1948 CVE-2012-1949 Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42) 840205 - CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44) 840206 - CVE-2012-1955 Mozilla: Spoofing issue with location (MFSA 2012-45) 840208 - CVE-2012-1957 Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47) 840211 - CVE-2012-1958 Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48) 840212 - CVE-2012-1959 Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49) 840214 - CVE-2012-1961 Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51) 840215 - CVE-2012-1962 Mozilla: JSDependentString::undepend string conversion results in memory corruption (MFSA 2012-52) 840220 - CVE-2012-1963 Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53) 840222 - CVE-2012-1964 Mozilla: Clickjacking of certificate warning page (MFSA 2012-54) 840259 - CVE-2012-1967 Mozilla: Code execution through javascript: URLs (MFSA 2012-56) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-10.0.6-1.el5_8.src.rpm i386: thunderbird-10.0.6-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.6-1.el5_8.i386.rpm x86_64: thunderbird-10.0.6-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-10.0.6-1.el5_8.src.rpm i386: thunderbird-10.0.6-1.el5_8.i386.rpm thunderbird-debuginfo-10.0.6-1.el5_8.i386.rpm x86_64: thunderbird-10.0.6-1.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.6-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-10.0.6-1.el6_3.src.rpm i386: thunderbird-10.0.6-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm x86_64: thunderbird-10.0.6-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-10.0.6-1.el6_3.src.rpm i386: thunderbird-10.0.6-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm ppc64: thunderbird-10.0.6-1.el6_3.ppc64.rpm thunderbird-debuginfo-10.0.6-1.el6_3.ppc64.rpm s390x: thunderbird-10.0.6-1.el6_3.s390x.rpm thunderbird-debuginfo-10.0.6-1.el6_3.s390x.rpm x86_64: thunderbird-10.0.6-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-10.0.6-1.el6_3.src.rpm i386: thunderbird-10.0.6-1.el6_3.i686.rpm thunderbird-debuginfo-10.0.6-1.el6_3.i686.rpm x86_64: thunderbird-10.0.6-1.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.6-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1948.html https://www.redhat.com/security/data/cve/CVE-2012-1951.html https://www.redhat.com/security/data/cve/CVE-2012-1952.html https://www.redhat.com/security/data/cve/CVE-2012-1953.html https://www.redhat.com/security/data/cve/CVE-2012-1954.html https://www.redhat.com/security/data/cve/CVE-2012-1955.html https://www.redhat.com/security/data/cve/CVE-2012-1957.html https://www.redhat.com/security/data/cve/CVE-2012-1958.html https://www.redhat.com/security/data/cve/CVE-2012-1959.html https://www.redhat.com/security/data/cve/CVE-2012-1961.html https://www.redhat.com/security/data/cve/CVE-2012-1962.html https://www.redhat.com/security/data/cve/CVE-2012-1963.html https://www.redhat.com/security/data/cve/CVE-2012-1964.html https://www.redhat.com/security/data/cve/CVE-2012-1967.html https://access.redhat.com/security/updates/classification/#critical https://rhn.redhat.com/errata/RHBA-2012-0337.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBb2LXlSAg2UNWIIRAlYlAKCbJcD7/fLADRtQ3zfCf60z9+D5nQCgoIBO ZsU0p96A9fzg6QvLWUu8roA= =VphK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 17 19:32:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jul 2012 19:32:30 +0000 Subject: [RHSA-2012:1090-01] Moderate: nss and nspr security, bug fix, and enhancement update Message-ID: <201207171932.q6HJWWwC024364@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2012:1090-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1090.html Issue date: 2012-07-17 CVE Names: CVE-2012-0441 ===================================================================== 1. Summary: Updated nss and nspr packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response. (CVE-2012-0441) It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. (BZ#798533) Note: The BZ#798533 fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. In addition, the nspr package has been upgraded to upstream version 4.9.1, and the nss package has been upgraded to upstream version 3.13.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#834220, BZ#834219) All NSS and NSPR users should upgrade to these updated packages, which correct these issues and add these enhancements. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 798533 - nss: Distrust MITM subCAs issued by TrustWave 827833 - CVE-2012-0441 nss: NSS parsing errors with zero length items 834219 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 834220 - Update RHEL 5.x to NSPR 4.9.1 for Mozilla 10.0.6 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.9.1-4.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.13.5-4.el5_8.src.rpm i386: nspr-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nss-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-tools-3.13.5-4.el5_8.i386.rpm x86_64: nspr-4.9.1-4.el5_8.i386.rpm nspr-4.9.1-4.el5_8.x86_64.rpm nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.x86_64.rpm nss-3.13.5-4.el5_8.i386.rpm nss-3.13.5-4.el5_8.x86_64.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.x86_64.rpm nss-tools-3.13.5-4.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.9.1-4.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.13.5-4.el5_8.src.rpm i386: nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-devel-4.9.1-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-devel-3.13.5-4.el5_8.i386.rpm nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm x86_64: nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.x86_64.rpm nspr-devel-4.9.1-4.el5_8.i386.rpm nspr-devel-4.9.1-4.el5_8.x86_64.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.x86_64.rpm nss-devel-3.13.5-4.el5_8.i386.rpm nss-devel-3.13.5-4.el5_8.x86_64.rpm nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm nss-pkcs11-devel-3.13.5-4.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.9.1-4.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.13.5-4.el5_8.src.rpm i386: nspr-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-devel-4.9.1-4.el5_8.i386.rpm nss-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-devel-3.13.5-4.el5_8.i386.rpm nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm nss-tools-3.13.5-4.el5_8.i386.rpm ia64: nspr-4.9.1-4.el5_8.i386.rpm nspr-4.9.1-4.el5_8.ia64.rpm nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.ia64.rpm nspr-devel-4.9.1-4.el5_8.ia64.rpm nss-3.13.5-4.el5_8.i386.rpm nss-3.13.5-4.el5_8.ia64.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.ia64.rpm nss-devel-3.13.5-4.el5_8.ia64.rpm nss-pkcs11-devel-3.13.5-4.el5_8.ia64.rpm nss-tools-3.13.5-4.el5_8.ia64.rpm ppc: nspr-4.9.1-4.el5_8.ppc.rpm nspr-4.9.1-4.el5_8.ppc64.rpm nspr-debuginfo-4.9.1-4.el5_8.ppc.rpm nspr-debuginfo-4.9.1-4.el5_8.ppc64.rpm nspr-devel-4.9.1-4.el5_8.ppc.rpm nspr-devel-4.9.1-4.el5_8.ppc64.rpm nss-3.13.5-4.el5_8.ppc.rpm nss-3.13.5-4.el5_8.ppc64.rpm nss-debuginfo-3.13.5-4.el5_8.ppc.rpm nss-debuginfo-3.13.5-4.el5_8.ppc64.rpm nss-devel-3.13.5-4.el5_8.ppc.rpm nss-devel-3.13.5-4.el5_8.ppc64.rpm nss-pkcs11-devel-3.13.5-4.el5_8.ppc.rpm nss-pkcs11-devel-3.13.5-4.el5_8.ppc64.rpm nss-tools-3.13.5-4.el5_8.ppc.rpm s390x: nspr-4.9.1-4.el5_8.s390.rpm nspr-4.9.1-4.el5_8.s390x.rpm nspr-debuginfo-4.9.1-4.el5_8.s390.rpm nspr-debuginfo-4.9.1-4.el5_8.s390x.rpm nspr-devel-4.9.1-4.el5_8.s390.rpm nspr-devel-4.9.1-4.el5_8.s390x.rpm nss-3.13.5-4.el5_8.s390.rpm nss-3.13.5-4.el5_8.s390x.rpm nss-debuginfo-3.13.5-4.el5_8.s390.rpm nss-debuginfo-3.13.5-4.el5_8.s390x.rpm nss-devel-3.13.5-4.el5_8.s390.rpm nss-devel-3.13.5-4.el5_8.s390x.rpm nss-pkcs11-devel-3.13.5-4.el5_8.s390.rpm nss-pkcs11-devel-3.13.5-4.el5_8.s390x.rpm nss-tools-3.13.5-4.el5_8.s390x.rpm x86_64: nspr-4.9.1-4.el5_8.i386.rpm nspr-4.9.1-4.el5_8.x86_64.rpm nspr-debuginfo-4.9.1-4.el5_8.i386.rpm nspr-debuginfo-4.9.1-4.el5_8.x86_64.rpm nspr-devel-4.9.1-4.el5_8.i386.rpm nspr-devel-4.9.1-4.el5_8.x86_64.rpm nss-3.13.5-4.el5_8.i386.rpm nss-3.13.5-4.el5_8.x86_64.rpm nss-debuginfo-3.13.5-4.el5_8.i386.rpm nss-debuginfo-3.13.5-4.el5_8.x86_64.rpm nss-devel-3.13.5-4.el5_8.i386.rpm nss-devel-3.13.5-4.el5_8.x86_64.rpm nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm nss-pkcs11-devel-3.13.5-4.el5_8.x86_64.rpm nss-tools-3.13.5-4.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0441.html https://access.redhat.com/security/updates/classification/#moderate http://www.mozilla.org/security/announce/2012/mfsa2012-39.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBb2+XlSAg2UNWIIRArMpAKCHV+TfJIxf7TYgLr1viJSliSSWnACfa/VG D1Wh3QuCxPuTLT5G0vAH09k= =tklt -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 17 19:33:27 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jul 2012 19:33:27 +0000 Subject: [RHSA-2012:1091-01] Moderate: nss, nspr, and nss-util security, bug fix, and enhancement update Message-ID: <201207171933.q6HJXSp7020740@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss, nspr, and nss-util security, bug fix, and enhancement update Advisory ID: RHSA-2012:1091-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1091.html Issue date: 2012-07-17 CVE Names: CVE-2012-0441 ===================================================================== 1. Summary: Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response. (CVE-2012-0441) The nspr package has been upgraded to upstream version 4.9.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#833762) The nss-util package has been upgraded to upstream version 3.13.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#833763) The nss package has been upgraded to upstream version 3.13.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#834100) All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827833 - CVE-2012-0441 nss: NSS parsing errors with zero length items 833762 - Update RHEL 6.x to NSPR 4.9.1 for Mozilla 10.0.6 833763 - Update nss-util on RHEL 6.x to NSS 3.13.5 for Mozilla 10.0.6 834100 - Update RHEL 6.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm i386: nspr-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nss-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-sysinit-3.13.5-1.el6_3.i686.rpm nss-tools-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm x86_64: nspr-4.9.1-2.el6_3.i686.rpm nspr-4.9.1-2.el6_3.x86_64.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nss-3.13.5-1.el6_3.i686.rpm nss-3.13.5-1.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-sysinit-3.13.5-1.el6_3.x86_64.rpm nss-tools-3.13.5-1.el6_3.x86_64.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm i386: nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm x86_64: nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm x86_64: nspr-4.9.1-2.el6_3.i686.rpm nspr-4.9.1-2.el6_3.x86_64.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nss-3.13.5-1.el6_3.i686.rpm nss-3.13.5-1.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-sysinit-3.13.5-1.el6_3.x86_64.rpm nss-tools-3.13.5-1.el6_3.x86_64.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm x86_64: nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm i386: nspr-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nss-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-sysinit-3.13.5-1.el6_3.i686.rpm nss-tools-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm ppc64: nspr-4.9.1-2.el6_3.ppc.rpm nspr-4.9.1-2.el6_3.ppc64.rpm nspr-debuginfo-4.9.1-2.el6_3.ppc.rpm nspr-debuginfo-4.9.1-2.el6_3.ppc64.rpm nspr-devel-4.9.1-2.el6_3.ppc.rpm nspr-devel-4.9.1-2.el6_3.ppc64.rpm nss-3.13.5-1.el6_3.ppc.rpm nss-3.13.5-1.el6_3.ppc64.rpm nss-debuginfo-3.13.5-1.el6_3.ppc.rpm nss-debuginfo-3.13.5-1.el6_3.ppc64.rpm nss-devel-3.13.5-1.el6_3.ppc.rpm nss-devel-3.13.5-1.el6_3.ppc64.rpm nss-sysinit-3.13.5-1.el6_3.ppc64.rpm nss-tools-3.13.5-1.el6_3.ppc64.rpm nss-util-3.13.5-1.el6_3.ppc.rpm nss-util-3.13.5-1.el6_3.ppc64.rpm nss-util-debuginfo-3.13.5-1.el6_3.ppc.rpm nss-util-debuginfo-3.13.5-1.el6_3.ppc64.rpm nss-util-devel-3.13.5-1.el6_3.ppc.rpm nss-util-devel-3.13.5-1.el6_3.ppc64.rpm s390x: nspr-4.9.1-2.el6_3.s390.rpm nspr-4.9.1-2.el6_3.s390x.rpm nspr-debuginfo-4.9.1-2.el6_3.s390.rpm nspr-debuginfo-4.9.1-2.el6_3.s390x.rpm nspr-devel-4.9.1-2.el6_3.s390.rpm nspr-devel-4.9.1-2.el6_3.s390x.rpm nss-3.13.5-1.el6_3.s390.rpm nss-3.13.5-1.el6_3.s390x.rpm nss-debuginfo-3.13.5-1.el6_3.s390.rpm nss-debuginfo-3.13.5-1.el6_3.s390x.rpm nss-devel-3.13.5-1.el6_3.s390.rpm nss-devel-3.13.5-1.el6_3.s390x.rpm nss-sysinit-3.13.5-1.el6_3.s390x.rpm nss-tools-3.13.5-1.el6_3.s390x.rpm nss-util-3.13.5-1.el6_3.s390.rpm nss-util-3.13.5-1.el6_3.s390x.rpm nss-util-debuginfo-3.13.5-1.el6_3.s390.rpm nss-util-debuginfo-3.13.5-1.el6_3.s390x.rpm nss-util-devel-3.13.5-1.el6_3.s390.rpm nss-util-devel-3.13.5-1.el6_3.s390x.rpm x86_64: nspr-4.9.1-2.el6_3.i686.rpm nspr-4.9.1-2.el6_3.x86_64.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.x86_64.rpm nss-3.13.5-1.el6_3.i686.rpm nss-3.13.5-1.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.x86_64.rpm nss-sysinit-3.13.5-1.el6_3.x86_64.rpm nss-tools-3.13.5-1.el6_3.x86_64.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm i386: nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm ppc64: nss-debuginfo-3.13.5-1.el6_3.ppc.rpm nss-debuginfo-3.13.5-1.el6_3.ppc64.rpm nss-pkcs11-devel-3.13.5-1.el6_3.ppc.rpm nss-pkcs11-devel-3.13.5-1.el6_3.ppc64.rpm s390x: nss-debuginfo-3.13.5-1.el6_3.s390.rpm nss-debuginfo-3.13.5-1.el6_3.s390x.rpm nss-pkcs11-devel-3.13.5-1.el6_3.s390.rpm nss-pkcs11-devel-3.13.5-1.el6_3.s390x.rpm x86_64: nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9.1-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.13.5-1.el6_3.src.rpm i386: nspr-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nss-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-sysinit-3.13.5-1.el6_3.i686.rpm nss-tools-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm x86_64: nspr-4.9.1-2.el6_3.i686.rpm nspr-4.9.1-2.el6_3.x86_64.rpm nspr-debuginfo-4.9.1-2.el6_3.i686.rpm nspr-debuginfo-4.9.1-2.el6_3.x86_64.rpm nspr-devel-4.9.1-2.el6_3.i686.rpm nspr-devel-4.9.1-2.el6_3.x86_64.rpm nss-3.13.5-1.el6_3.i686.rpm nss-3.13.5-1.el6_3.x86_64.rpm nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-devel-3.13.5-1.el6_3.i686.rpm nss-devel-3.13.5-1.el6_3.x86_64.rpm nss-sysinit-3.13.5-1.el6_3.x86_64.rpm nss-tools-3.13.5-1.el6_3.x86_64.rpm nss-util-3.13.5-1.el6_3.i686.rpm nss-util-3.13.5-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.5-1.el6_3.i686.rpm nss-util-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-util-devel-3.13.5-1.el6_3.i686.rpm nss-util-devel-3.13.5-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.5-1.el6_3.src.rpm i386: nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm x86_64: nss-debuginfo-3.13.5-1.el6_3.i686.rpm nss-debuginfo-3.13.5-1.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm nss-pkcs11-devel-3.13.5-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0441.html https://access.redhat.com/security/updates/classification/#moderate http://www.mozilla.org/security/announce/2012/mfsa2012-39.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBb3tXlSAg2UNWIIRAt7KAJ93IAM20cMXsBLgTL0DlriG4SkPIgCeMPas vaRp39Udy90VMb0FUhNPusk= =2Elq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 18 15:29:21 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jul 2012 15:29:21 +0000 Subject: [RHSA-2012:1097-01] Moderate: glibc security and bug fix update Message-ID: <201207181529.q6IFTMTL028424@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2012:1097-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1097.html Issue date: 2012-07-18 CVE Names: CVE-2012-3406 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-3406) This update also fixes the following bug: * If a file or a string was in the IBM-930 encoding, and contained the invalid multibyte character "0xffff", attempting to use iconv() (or the iconv command) to convert that file or string to another encoding, such as UTF-8, resulted in a segmentation fault. With this update, the conversion code for the IBM-930 encoding recognizes this invalid character and calls an error handler, rather than causing a segmentation fault. (BZ#837896) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to fix these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826943 - CVE-2012-3406 glibc: printf() unbound alloca() usage in case of positional parameters + many format specs 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/glibc-2.5-81.el5_8.4.src.rpm i386: glibc-2.5-81.el5_8.4.i386.rpm glibc-2.5-81.el5_8.4.i686.rpm glibc-common-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.i386.rpm glibc-headers-2.5-81.el5_8.4.i386.rpm glibc-utils-2.5-81.el5_8.4.i386.rpm nscd-2.5-81.el5_8.4.i386.rpm x86_64: glibc-2.5-81.el5_8.4.i686.rpm glibc-2.5-81.el5_8.4.x86_64.rpm glibc-common-2.5-81.el5_8.4.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i686.rpm glibc-debuginfo-2.5-81.el5_8.4.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.x86_64.rpm glibc-headers-2.5-81.el5_8.4.x86_64.rpm glibc-utils-2.5-81.el5_8.4.x86_64.rpm nscd-2.5-81.el5_8.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/glibc-2.5-81.el5_8.4.src.rpm i386: glibc-2.5-81.el5_8.4.i386.rpm glibc-2.5-81.el5_8.4.i686.rpm glibc-common-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.i386.rpm glibc-headers-2.5-81.el5_8.4.i386.rpm glibc-utils-2.5-81.el5_8.4.i386.rpm nscd-2.5-81.el5_8.4.i386.rpm ia64: glibc-2.5-81.el5_8.4.i686.rpm glibc-2.5-81.el5_8.4.ia64.rpm glibc-common-2.5-81.el5_8.4.ia64.rpm glibc-debuginfo-2.5-81.el5_8.4.i686.rpm glibc-debuginfo-2.5-81.el5_8.4.ia64.rpm glibc-devel-2.5-81.el5_8.4.ia64.rpm glibc-headers-2.5-81.el5_8.4.ia64.rpm glibc-utils-2.5-81.el5_8.4.ia64.rpm nscd-2.5-81.el5_8.4.ia64.rpm ppc: glibc-2.5-81.el5_8.4.ppc.rpm glibc-2.5-81.el5_8.4.ppc64.rpm glibc-common-2.5-81.el5_8.4.ppc.rpm glibc-debuginfo-2.5-81.el5_8.4.ppc.rpm glibc-debuginfo-2.5-81.el5_8.4.ppc64.rpm glibc-devel-2.5-81.el5_8.4.ppc.rpm glibc-devel-2.5-81.el5_8.4.ppc64.rpm glibc-headers-2.5-81.el5_8.4.ppc.rpm glibc-utils-2.5-81.el5_8.4.ppc.rpm nscd-2.5-81.el5_8.4.ppc.rpm s390x: glibc-2.5-81.el5_8.4.s390.rpm glibc-2.5-81.el5_8.4.s390x.rpm glibc-common-2.5-81.el5_8.4.s390x.rpm glibc-debuginfo-2.5-81.el5_8.4.s390.rpm glibc-debuginfo-2.5-81.el5_8.4.s390x.rpm glibc-devel-2.5-81.el5_8.4.s390.rpm glibc-devel-2.5-81.el5_8.4.s390x.rpm glibc-headers-2.5-81.el5_8.4.s390x.rpm glibc-utils-2.5-81.el5_8.4.s390x.rpm nscd-2.5-81.el5_8.4.s390x.rpm x86_64: glibc-2.5-81.el5_8.4.i686.rpm glibc-2.5-81.el5_8.4.x86_64.rpm glibc-common-2.5-81.el5_8.4.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.4.i386.rpm glibc-debuginfo-2.5-81.el5_8.4.i686.rpm glibc-debuginfo-2.5-81.el5_8.4.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.i386.rpm glibc-devel-2.5-81.el5_8.4.x86_64.rpm glibc-headers-2.5-81.el5_8.4.x86_64.rpm glibc-utils-2.5-81.el5_8.4.x86_64.rpm nscd-2.5-81.el5_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3406.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBtY4XlSAg2UNWIIRAgxaAJ9JvAX7lw/9KWNIc7oiV83BY6HTawCfbCEK vp+gffA7Y5ZuRVrwAdccwa8= =HBmV -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 18 15:31:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jul 2012 15:31:16 +0000 Subject: [RHSA-2012:1098-01] Moderate: glibc security and bug fix update Message-ID: <201207181531.q6IFVHPT024532@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2012:1098-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1098.html Issue date: 2012-07-18 CVE Names: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 ===================================================================== 1. Summary: Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) This update also fixes the following bug: * A programming error caused an internal array of nameservers to be only partially initialized when the /etc/resolv.conf file contained IPv6 nameservers. Depending on the contents of a nearby structure, this could cause certain applications to terminate unexpectedly with a segmentation fault. The programming error has been fixed, which restores proper behavior with IPv6 nameservers listed in the /etc/resolv.conf file. (BZ#837026) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to fix these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826943 - CVE-2012-3406 glibc: printf() unbound alloca() usage in case of positional parameters + many format specs 833703 - CVE-2012-3404 glibc: incorrect size calculation in formatted printing can lead to FORTIFY_SOURCE format string protection bypass 833704 - CVE-2012-3405 glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass 837026 - libresolv dumps core when IPv6 address in resolv.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-headers-2.12-1.80.el6_3.3.i686.rpm glibc-utils-2.12-1.80.el6_3.3.i686.rpm nscd-2.12-1.80.el6_3.3.i686.rpm x86_64: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-2.12-1.80.el6_3.3.x86_64.rpm glibc-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.x86_64.rpm glibc-headers-2.12-1.80.el6_3.3.x86_64.rpm glibc-utils-2.12-1.80.el6_3.3.x86_64.rpm nscd-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm x86_64: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-2.12-1.80.el6_3.3.x86_64.rpm glibc-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.x86_64.rpm glibc-headers-2.12-1.80.el6_3.3.x86_64.rpm glibc-utils-2.12-1.80.el6_3.3.x86_64.rpm nscd-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-headers-2.12-1.80.el6_3.3.i686.rpm glibc-utils-2.12-1.80.el6_3.3.i686.rpm nscd-2.12-1.80.el6_3.3.i686.rpm ppc64: glibc-2.12-1.80.el6_3.3.ppc.rpm glibc-2.12-1.80.el6_3.3.ppc64.rpm glibc-common-2.12-1.80.el6_3.3.ppc64.rpm glibc-debuginfo-2.12-1.80.el6_3.3.ppc.rpm glibc-debuginfo-2.12-1.80.el6_3.3.ppc64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.ppc.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.ppc64.rpm glibc-devel-2.12-1.80.el6_3.3.ppc.rpm glibc-devel-2.12-1.80.el6_3.3.ppc64.rpm glibc-headers-2.12-1.80.el6_3.3.ppc64.rpm glibc-utils-2.12-1.80.el6_3.3.ppc64.rpm nscd-2.12-1.80.el6_3.3.ppc64.rpm s390x: glibc-2.12-1.80.el6_3.3.s390.rpm glibc-2.12-1.80.el6_3.3.s390x.rpm glibc-common-2.12-1.80.el6_3.3.s390x.rpm glibc-debuginfo-2.12-1.80.el6_3.3.s390.rpm glibc-debuginfo-2.12-1.80.el6_3.3.s390x.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.s390.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.s390x.rpm glibc-devel-2.12-1.80.el6_3.3.s390.rpm glibc-devel-2.12-1.80.el6_3.3.s390x.rpm glibc-headers-2.12-1.80.el6_3.3.s390x.rpm glibc-utils-2.12-1.80.el6_3.3.s390x.rpm nscd-2.12-1.80.el6_3.3.s390x.rpm x86_64: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-2.12-1.80.el6_3.3.x86_64.rpm glibc-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.x86_64.rpm glibc-headers-2.12-1.80.el6_3.3.x86_64.rpm glibc-utils-2.12-1.80.el6_3.3.x86_64.rpm nscd-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm ppc64: glibc-debuginfo-2.12-1.80.el6_3.3.ppc.rpm glibc-debuginfo-2.12-1.80.el6_3.3.ppc64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.ppc.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.ppc64.rpm glibc-static-2.12-1.80.el6_3.3.ppc.rpm glibc-static-2.12-1.80.el6_3.3.ppc64.rpm s390x: glibc-debuginfo-2.12-1.80.el6_3.3.s390.rpm glibc-debuginfo-2.12-1.80.el6_3.3.s390x.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.s390.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.s390x.rpm glibc-static-2.12-1.80.el6_3.3.s390.rpm glibc-static-2.12-1.80.el6_3.3.s390x.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-headers-2.12-1.80.el6_3.3.i686.rpm glibc-utils-2.12-1.80.el6_3.3.i686.rpm nscd-2.12-1.80.el6_3.3.i686.rpm x86_64: glibc-2.12-1.80.el6_3.3.i686.rpm glibc-2.12-1.80.el6_3.3.x86_64.rpm glibc-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-devel-2.12-1.80.el6_3.3.i686.rpm glibc-devel-2.12-1.80.el6_3.3.x86_64.rpm glibc-headers-2.12-1.80.el6_3.3.x86_64.rpm glibc-utils-2.12-1.80.el6_3.3.x86_64.rpm nscd-2.12-1.80.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.80.el6_3.3.src.rpm i386: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm x86_64: glibc-debuginfo-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-2.12-1.80.el6_3.3.x86_64.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.i686.rpm glibc-debuginfo-common-2.12-1.80.el6_3.3.x86_64.rpm glibc-static-2.12-1.80.el6_3.3.i686.rpm glibc-static-2.12-1.80.el6_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3404.html https://www.redhat.com/security/data/cve/CVE-2012-3405.html https://www.redhat.com/security/data/cve/CVE-2012-3406.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQBtZoXlSAg2UNWIIRAn31AKC95bOMB/b8gzdueQYeWN5p417sWQCfSShZ rssv+fXNRGWsmg8KX5hEruk= =TeTR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 19 15:41:13 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2012 15:41:13 +0000 Subject: [RHSA-2012:1102-01] Moderate: pidgin security update Message-ID: <201207191541.q6JFfEkd023439@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2012:1102-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1102.html Issue date: 2012-07-19 CVE Names: CVE-2012-1178 CVE-2012-2318 CVE-2012-3374 ===================================================================== 1. Summary: Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178) An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318) A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374) Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf H?rnhammar as the original reporter of CVE-2012-3374. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 803298 - CVE-2012-1178 pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text 819446 - CVE-2012-2318 pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in 837319 - CVE-2012-3374 pidgin: Stack-based buffer overwrite in MXit protocol libPurple plug-in 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-11.el5.4.src.rpm i386: finch-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-perl-2.6.6-11.el5.4.i386.rpm libpurple-tcl-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-perl-2.6.6-11.el5.4.i386.rpm x86_64: finch-2.6.6-11.el5.4.i386.rpm finch-2.6.6-11.el5.4.x86_64.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.x86_64.rpm libpurple-perl-2.6.6-11.el5.4.x86_64.rpm libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.x86_64.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm pidgin-perl-2.6.6-11.el5.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-11.el5.4.src.rpm i386: finch-devel-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm x86_64: finch-devel-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.x86_64.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.6-11.el5.4.src.rpm i386: finch-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-perl-2.6.6-11.el5.4.i386.rpm libpurple-tcl-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-perl-2.6.6-11.el5.4.i386.rpm x86_64: finch-2.6.6-11.el5.4.i386.rpm finch-2.6.6-11.el5.4.x86_64.rpm finch-devel-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.x86_64.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-perl-2.6.6-11.el5.4.x86_64.rpm libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.x86_64.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.x86_64.rpm pidgin-perl-2.6.6-11.el5.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-5.el6.2.src.rpm i386: libpurple-2.7.9-5.el6.2.i686.rpm pidgin-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm x86_64: libpurple-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.x86_64.rpm pidgin-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-5.el6.2.src.rpm i386: finch-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-perl-2.7.9-5.el6.2.i686.rpm libpurple-tcl-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-docs-2.7.9-5.el6.2.i686.rpm pidgin-perl-2.7.9-5.el6.2.i686.rpm x86_64: finch-2.7.9-5.el6.2.i686.rpm finch-2.7.9-5.el6.2.x86_64.rpm finch-devel-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-perl-2.7.9-5.el6.2.x86_64.rpm libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.x86_64.rpm pidgin-docs-2.7.9-5.el6.2.x86_64.rpm pidgin-perl-2.7.9-5.el6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.7.9-5.el6.2.src.rpm i386: finch-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-perl-2.7.9-5.el6.2.i686.rpm libpurple-tcl-2.7.9-5.el6.2.i686.rpm pidgin-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-docs-2.7.9-5.el6.2.i686.rpm pidgin-perl-2.7.9-5.el6.2.i686.rpm ppc64: finch-2.7.9-5.el6.2.ppc.rpm finch-2.7.9-5.el6.2.ppc64.rpm finch-devel-2.7.9-5.el6.2.ppc.rpm finch-devel-2.7.9-5.el6.2.ppc64.rpm libpurple-2.7.9-5.el6.2.ppc.rpm libpurple-2.7.9-5.el6.2.ppc64.rpm libpurple-devel-2.7.9-5.el6.2.ppc.rpm libpurple-devel-2.7.9-5.el6.2.ppc64.rpm libpurple-perl-2.7.9-5.el6.2.ppc64.rpm libpurple-tcl-2.7.9-5.el6.2.ppc64.rpm pidgin-2.7.9-5.el6.2.ppc64.rpm pidgin-debuginfo-2.7.9-5.el6.2.ppc.rpm pidgin-debuginfo-2.7.9-5.el6.2.ppc64.rpm pidgin-devel-2.7.9-5.el6.2.ppc.rpm pidgin-devel-2.7.9-5.el6.2.ppc64.rpm pidgin-docs-2.7.9-5.el6.2.ppc64.rpm pidgin-perl-2.7.9-5.el6.2.ppc64.rpm x86_64: finch-2.7.9-5.el6.2.i686.rpm finch-2.7.9-5.el6.2.x86_64.rpm finch-devel-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.x86_64.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-perl-2.7.9-5.el6.2.x86_64.rpm libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm pidgin-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.x86_64.rpm pidgin-docs-2.7.9-5.el6.2.x86_64.rpm pidgin-perl-2.7.9-5.el6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-5.el6.2.src.rpm i386: libpurple-2.7.9-5.el6.2.i686.rpm pidgin-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm x86_64: libpurple-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.x86_64.rpm pidgin-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-5.el6.2.src.rpm i386: finch-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-perl-2.7.9-5.el6.2.i686.rpm libpurple-tcl-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-docs-2.7.9-5.el6.2.i686.rpm pidgin-perl-2.7.9-5.el6.2.i686.rpm x86_64: finch-2.7.9-5.el6.2.i686.rpm finch-2.7.9-5.el6.2.x86_64.rpm finch-devel-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-perl-2.7.9-5.el6.2.x86_64.rpm libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.x86_64.rpm pidgin-docs-2.7.9-5.el6.2.x86_64.rpm pidgin-perl-2.7.9-5.el6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1178.html https://www.redhat.com/security/data/cve/CVE-2012-2318.html https://www.redhat.com/security/data/cve/CVE-2012-3374.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQCCqCXlSAg2UNWIIRAmbYAJ9L5i83TyAsV+5rPyEW5eokk5aaRwCbBhmO rROly3bCVdK24CU6HQYOWB4= =TUiP -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 23 17:59:46 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Jul 2012 17:59:46 +0000 Subject: [RHSA-2012:1110-01] Important: bind security update Message-ID: <201207231759.q6NHxl5P031734@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1110-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1110.html Issue date: 2012-07-23 CVE Names: CVE-2012-1667 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 828078 - CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: bind-9.2.4-39.el4.src.rpm i386: bind-9.2.4-39.el4.i386.rpm bind-chroot-9.2.4-39.el4.i386.rpm bind-debuginfo-9.2.4-39.el4.i386.rpm bind-devel-9.2.4-39.el4.i386.rpm bind-libs-9.2.4-39.el4.i386.rpm bind-utils-9.2.4-39.el4.i386.rpm ia64: bind-9.2.4-39.el4.ia64.rpm bind-chroot-9.2.4-39.el4.ia64.rpm bind-debuginfo-9.2.4-39.el4.i386.rpm bind-debuginfo-9.2.4-39.el4.ia64.rpm bind-devel-9.2.4-39.el4.ia64.rpm bind-libs-9.2.4-39.el4.i386.rpm bind-libs-9.2.4-39.el4.ia64.rpm bind-utils-9.2.4-39.el4.ia64.rpm x86_64: bind-9.2.4-39.el4.x86_64.rpm bind-chroot-9.2.4-39.el4.x86_64.rpm bind-debuginfo-9.2.4-39.el4.i386.rpm bind-debuginfo-9.2.4-39.el4.x86_64.rpm bind-devel-9.2.4-39.el4.x86_64.rpm bind-libs-9.2.4-39.el4.i386.rpm bind-libs-9.2.4-39.el4.x86_64.rpm bind-utils-9.2.4-39.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: bind-9.2.4-39.el4.src.rpm i386: bind-9.2.4-39.el4.i386.rpm bind-chroot-9.2.4-39.el4.i386.rpm bind-debuginfo-9.2.4-39.el4.i386.rpm bind-devel-9.2.4-39.el4.i386.rpm bind-libs-9.2.4-39.el4.i386.rpm bind-utils-9.2.4-39.el4.i386.rpm x86_64: bind-9.2.4-39.el4.x86_64.rpm bind-chroot-9.2.4-39.el4.x86_64.rpm bind-debuginfo-9.2.4-39.el4.i386.rpm bind-debuginfo-9.2.4-39.el4.x86_64.rpm bind-devel-9.2.4-39.el4.x86_64.rpm bind-libs-9.2.4-39.el4.i386.rpm bind-libs-9.2.4-39.el4.x86_64.rpm bind-utils-9.2.4-39.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1667.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-1667 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQDZD/XlSAg2UNWIIRAh7ZAJ9N4TtqU4KCSbPjnORY8omJPjdLsgCfYJCY tESdtlpE8c2AvQmPJIcNOUg= =k5qC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 24 18:55:09 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Jul 2012 18:55:09 +0000 Subject: [RHSA-2012:1114-01] Important: kernel security update Message-ID: <201207241855.q6OItBjX014387@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2012:1114-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1114.html Issue date: 2012-07-24 CVE Names: CVE-2012-2744 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important) Red Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to resolve this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 833402 - CVE-2012-2744 kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm() 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.0): Source: kernel-2.6.32-71.40.1.el6.src.rpm i386: kernel-2.6.32-71.40.1.el6.i686.rpm kernel-debug-2.6.32-71.40.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-71.40.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.40.1.el6.i686.rpm kernel-debuginfo-2.6.32-71.40.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-71.40.1.el6.i686.rpm kernel-devel-2.6.32-71.40.1.el6.i686.rpm kernel-headers-2.6.32-71.40.1.el6.i686.rpm noarch: kernel-doc-2.6.32-71.40.1.el6.noarch.rpm kernel-firmware-2.6.32-71.40.1.el6.noarch.rpm perf-2.6.32-71.40.1.el6.noarch.rpm ppc64: kernel-2.6.32-71.40.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-71.40.1.el6.ppc64.rpm kernel-debug-2.6.32-71.40.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-71.40.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-71.40.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-71.40.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-71.40.1.el6.ppc64.rpm kernel-devel-2.6.32-71.40.1.el6.ppc64.rpm kernel-headers-2.6.32-71.40.1.el6.ppc64.rpm s390x: kernel-2.6.32-71.40.1.el6.s390x.rpm kernel-debug-2.6.32-71.40.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-71.40.1.el6.s390x.rpm kernel-debug-devel-2.6.32-71.40.1.el6.s390x.rpm kernel-debuginfo-2.6.32-71.40.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-71.40.1.el6.s390x.rpm kernel-devel-2.6.32-71.40.1.el6.s390x.rpm kernel-headers-2.6.32-71.40.1.el6.s390x.rpm kernel-kdump-2.6.32-71.40.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-71.40.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-71.40.1.el6.s390x.rpm x86_64: kernel-2.6.32-71.40.1.el6.x86_64.rpm kernel-debug-2.6.32-71.40.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-71.40.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.40.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-71.40.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-71.40.1.el6.x86_64.rpm kernel-devel-2.6.32-71.40.1.el6.x86_64.rpm kernel-headers-2.6.32-71.40.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2744.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQDu8hXlSAg2UNWIIRAgJLAKCkd513kkX2nDKvQ+3L0Uy4qKyNWACgvmFP CZzwFvZos4XWCu/2UPV1mD8= =h7pW -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 25 17:02:50 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jul 2012 17:02:50 +0000 Subject: [RHSA-2012:1116-01] Moderate: perl-DBD-Pg security update Message-ID: <201207251702.q6PH2qNV010063@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl-DBD-Pg security update Advisory ID: RHSA-2012:1116-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1116.html Issue date: 2012-07-25 CVE Names: CVE-2012-1151 ===================================================================== 1. Summary: An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 801733 - CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-DBD-Pg-1.49-4.el5_8.src.rpm i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-DBD-Pg-1.49-4.el5_8.src.rpm i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm ia64: perl-DBD-Pg-1.49-4.el5_8.ia64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ia64.rpm ppc: perl-DBD-Pg-1.49-4.el5_8.ppc.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ppc.rpm s390x: perl-DBD-Pg-1.49-4.el5_8.s390x.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.s390x.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perl-DBD-Pg-2.15.1-4.el6_3.src.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perl-DBD-Pg-2.15.1-4.el6_3.src.rpm i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm ppc64: perl-DBD-Pg-2.15.1-4.el6_3.ppc64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.ppc64.rpm s390x: perl-DBD-Pg-2.15.1-4.el6_3.s390x.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.s390x.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perl-DBD-Pg-2.15.1-4.el6_3.src.rpm i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1151.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQECalXlSAg2UNWIIRAg5oAJ9Axt76xnJodfYOujBTqPjLjeOKeACglhKk xcNjSdCZiKspR58fJAdc7XU= =KmOi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 03:56:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 03:56:30 +0000 Subject: [RHSA-2012:1122-01] Important: bind97 security update Message-ID: <201207310401.q6V41lEL018691@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2012:1122-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1122.html Issue date: 2012-07-31 CVE Names: CVE-2012-3817 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. (CVE-2012-3817) Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842897 - CVE-2012-3817 bind: heavy DNSSEC validation load can cause assertion failure 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.2.src.rpm i386: bind97-9.7.0-10.P2.el5_8.2.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.2.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.2.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.2.i386.rpm x86_64: bind97-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.2.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.2.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.2.src.rpm i386: bind97-9.7.0-10.P2.el5_8.2.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.2.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.2.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.2.i386.rpm ia64: bind97-9.7.0-10.P2.el5_8.2.ia64.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.ia64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.ia64.rpm bind97-devel-9.7.0-10.P2.el5_8.2.ia64.rpm bind97-libs-9.7.0-10.P2.el5_8.2.ia64.rpm bind97-utils-9.7.0-10.P2.el5_8.2.ia64.rpm ppc: bind97-9.7.0-10.P2.el5_8.2.ppc.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.ppc64.rpm bind97-devel-9.7.0-10.P2.el5_8.2.ppc.rpm bind97-devel-9.7.0-10.P2.el5_8.2.ppc64.rpm bind97-libs-9.7.0-10.P2.el5_8.2.ppc.rpm bind97-libs-9.7.0-10.P2.el5_8.2.ppc64.rpm bind97-utils-9.7.0-10.P2.el5_8.2.ppc.rpm s390x: bind97-9.7.0-10.P2.el5_8.2.s390x.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.s390x.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.s390.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.s390x.rpm bind97-devel-9.7.0-10.P2.el5_8.2.s390.rpm bind97-devel-9.7.0-10.P2.el5_8.2.s390x.rpm bind97-libs-9.7.0-10.P2.el5_8.2.s390.rpm bind97-libs-9.7.0-10.P2.el5_8.2.s390x.rpm bind97-utils-9.7.0-10.P2.el5_8.2.s390x.rpm x86_64: bind97-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.2.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.2.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.2.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3817.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-3817 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQF1iKXlSAg2UNWIIRAkRgAJ4wn6XymIleI9WnUiwzQIpJMyMWuQCgoZeO L94gEdUO6gYFl3y4xI0zg0M= =fln2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 03:57:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 03:57:32 +0000 Subject: [RHSA-2012:1123-01] Important: bind security update Message-ID: <201207310402.q6V42nk1018804@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1123.html Issue date: 2012-07-31 CVE Names: CVE-2012-3817 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. (CVE-2012-3817) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842897 - CVE-2012-3817 bind: heavy DNSSEC validation load can cause assertion failure 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.2.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.2.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.2.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.2.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.2.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.2.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.2.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.2.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3817.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-3817 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQF1jgXlSAg2UNWIIRAhfLAKC7IA3Vlbw8YTJSpY/DfKn7S81tIgCgq/b2 7PGAy2HFq2b2y+ASSTx67k0= =uM7c -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 20:25:10 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 20:25:10 +0000 Subject: [RHSA-2012:1129-01] Important: kernel security and bug fix update Message-ID: <201207312025.q6VKPBwn030795@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:1129-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1129.html Issue date: 2012-07-31 CVE Names: CVE-2011-1083 CVE-2012-2744 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important) * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate) Red Hat would like to thank an anonymous contributor working with the Beyond Security SecuriTeam Secure Disclosure program for reporting CVE-2012-2744, and Nelson Elhage for reporting CVE-2011-1083. This update also fixes the following bugs: * Attempting to turn on Data Center Bridging (DCB) on a port connected to a non-DCB switch port caused the system to become unresponsive or even terminate. This was because napi_poll routines in the ixgbe driver did not end the NAPI when data processing was complete. With this update, the ixgbe napi_poll routines have been fixed so that they now call the napi_complete() function when data processing has finished. This ensures that the NAPI is correctly disabled, and thus prevents possible hangs and crashes in this scenario. (BZ#814454) * If a new file was created on a Network File System version 4 (NFSv4) share, the ownership was set to nfsnobody (-2) until it was possible to upcall to the idmapper. As a consequence, subsequent file system operations could incorrectly use "-2" for the user and group IDs for the given file, causing certain operations to fail. In reported cases, this issue also caused "Viminfo file is not writable" errors for users running Vim with files on an NFSv4 share. (BZ#820962) * Previously, the size of the multicast IGMP (Internet Group Management Protocol) snooping hash table for a bridge was limited to 256 entries even though the maximum is 512. This was due to the hash table size being incorrectly compared to the maximum hash table size, hash_max, and the following message could have been produced by the kernel: Multicast hash table maximum reached, disabling snooping: vnet1, 512 With this update, the hash table value is correctly compared to the hash_max value, and the error message no longer occurs under these circumstances. (BZ#840021) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures 833402 - CVE-2012-2744 kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm() 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.2): Source: kernel-2.6.32-220.24.1.el6.src.rpm i386: kernel-2.6.32-220.24.1.el6.i686.rpm kernel-debug-2.6.32-220.24.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.24.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.24.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.24.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.24.1.el6.i686.rpm kernel-devel-2.6.32-220.24.1.el6.i686.rpm kernel-headers-2.6.32-220.24.1.el6.i686.rpm perf-2.6.32-220.24.1.el6.i686.rpm perf-debuginfo-2.6.32-220.24.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.24.1.el6.noarch.rpm kernel-firmware-2.6.32-220.24.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.24.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.24.1.el6.ppc64.rpm kernel-debug-2.6.32-220.24.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.24.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.24.1.el6.ppc64.rpm kernel-devel-2.6.32-220.24.1.el6.ppc64.rpm kernel-headers-2.6.32-220.24.1.el6.ppc64.rpm perf-2.6.32-220.24.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.24.1.el6.s390x.rpm kernel-debug-2.6.32-220.24.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.24.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.24.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.24.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.24.1.el6.s390x.rpm kernel-devel-2.6.32-220.24.1.el6.s390x.rpm kernel-headers-2.6.32-220.24.1.el6.s390x.rpm kernel-kdump-2.6.32-220.24.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.24.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.24.1.el6.s390x.rpm perf-2.6.32-220.24.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.24.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.24.1.el6.x86_64.rpm kernel-debug-2.6.32-220.24.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.24.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.24.1.el6.x86_64.rpm kernel-devel-2.6.32-220.24.1.el6.x86_64.rpm kernel-headers-2.6.32-220.24.1.el6.x86_64.rpm perf-2.6.32-220.24.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: kernel-2.6.32-220.24.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.24.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.24.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.24.1.el6.i686.rpm perf-debuginfo-2.6.32-220.24.1.el6.i686.rpm python-perf-2.6.32-220.24.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.24.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm python-perf-2.6.32-220.24.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.24.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.24.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.24.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.24.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.24.1.el6.s390x.rpm python-perf-2.6.32-220.24.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.24.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm python-perf-2.6.32-220.24.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.24.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1083.html https://www.redhat.com/security/data/cve/CVE-2012-2744.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGD8VXlSAg2UNWIIRAsM8AJ40zZrViTa8a9jyqIblfiR51hMmmQCeJzBM eVdQgbqVEk7C2O1QWTqw+VY= =O+I6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 20:25:49 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 20:25:49 +0000 Subject: [RHSA-2012:1130-01] Moderate: xen security update Message-ID: <201207312025.q6VKPpoJ031414@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xen security update Advisory ID: RHSA-2012:1130-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1130.html Issue date: 2012-07-31 CVE Names: CVE-2012-2625 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest (a DomU) could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-2625) Red Hat would like to thank Xinli Niu for reporting this issue. All users of xen are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 821676 - CVE-2012-2625 xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-135.el5_8.4.src.rpm i386: xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-135.el5_8.4.src.rpm i386: xen-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm x86_64: xen-3.0.3-135.el5_8.4.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-135.el5_8.4.src.rpm i386: xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm ia64: xen-debuginfo-3.0.3-135.el5_8.4.ia64.rpm xen-libs-3.0.3-135.el5_8.4.ia64.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm xen-libs-3.0.3-135.el5_8.4.i386.rpm xen-libs-3.0.3-135.el5_8.4.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-135.el5_8.4.src.rpm i386: xen-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm ia64: xen-3.0.3-135.el5_8.4.ia64.rpm xen-debuginfo-3.0.3-135.el5_8.4.ia64.rpm xen-devel-3.0.3-135.el5_8.4.ia64.rpm x86_64: xen-3.0.3-135.el5_8.4.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.4.i386.rpm xen-debuginfo-3.0.3-135.el5_8.4.x86_64.rpm xen-devel-3.0.3-135.el5_8.4.i386.rpm xen-devel-3.0.3-135.el5_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2625.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGD82XlSAg2UNWIIRAocfAJ9AcV5JMffVu00C2D+1gqxMB2qu8ACfb9UA QNS7ExQ5txrTaoFLpJ/mdeE= =exYE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 20:26:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 20:26:25 +0000 Subject: [RHSA-2012:1131-01] Important: krb5 security update Message-ID: <201207312026.q6VKQQvE010335@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: krb5 security update Advisory ID: RHSA-2012:1131-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1131.html Issue date: 2012-07-31 CVE Names: CVE-2012-1013 CVE-2012-1015 ===================================================================== 1. Summary: Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind. (CVE-2012-1013) Red Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827517 - CVE-2012-1013 krb5: kadmind denial of service 838012 - CVE-2012-1015 krb5: KDC daemon crash via free() of an uninitialized pointer 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm i386: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.i686.rpm krb5-workstation-1.9-33.el6_3.2.i686.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.x86_64.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.x86_64.rpm krb5-workstation-1.9-33.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm i386: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-server-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.x86_64.rpm krb5-server-1.9-33.el6_3.2.x86_64.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.x86_64.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.x86_64.rpm krb5-workstation-1.9-33.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.x86_64.rpm krb5-server-1.9-33.el6_3.2.x86_64.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm i386: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.i686.rpm krb5-server-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-workstation-1.9-33.el6_3.2.i686.rpm ppc64: krb5-debuginfo-1.9-33.el6_3.2.ppc.rpm krb5-debuginfo-1.9-33.el6_3.2.ppc64.rpm krb5-devel-1.9-33.el6_3.2.ppc.rpm krb5-devel-1.9-33.el6_3.2.ppc64.rpm krb5-libs-1.9-33.el6_3.2.ppc.rpm krb5-libs-1.9-33.el6_3.2.ppc64.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.ppc64.rpm krb5-server-1.9-33.el6_3.2.ppc64.rpm krb5-server-ldap-1.9-33.el6_3.2.ppc.rpm krb5-server-ldap-1.9-33.el6_3.2.ppc64.rpm krb5-workstation-1.9-33.el6_3.2.ppc64.rpm s390x: krb5-debuginfo-1.9-33.el6_3.2.s390.rpm krb5-debuginfo-1.9-33.el6_3.2.s390x.rpm krb5-devel-1.9-33.el6_3.2.s390.rpm krb5-devel-1.9-33.el6_3.2.s390x.rpm krb5-libs-1.9-33.el6_3.2.s390.rpm krb5-libs-1.9-33.el6_3.2.s390x.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.s390x.rpm krb5-server-1.9-33.el6_3.2.s390x.rpm krb5-server-ldap-1.9-33.el6_3.2.s390.rpm krb5-server-ldap-1.9-33.el6_3.2.s390x.rpm krb5-workstation-1.9-33.el6_3.2.s390x.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.x86_64.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.x86_64.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.x86_64.rpm krb5-server-1.9-33.el6_3.2.x86_64.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.x86_64.rpm krb5-workstation-1.9-33.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.9-33.el6_3.2.src.rpm i386: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.i686.rpm krb5-server-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-workstation-1.9-33.el6_3.2.i686.rpm x86_64: krb5-debuginfo-1.9-33.el6_3.2.i686.rpm krb5-debuginfo-1.9-33.el6_3.2.x86_64.rpm krb5-devel-1.9-33.el6_3.2.i686.rpm krb5-devel-1.9-33.el6_3.2.x86_64.rpm krb5-libs-1.9-33.el6_3.2.i686.rpm krb5-libs-1.9-33.el6_3.2.x86_64.rpm krb5-pkinit-openssl-1.9-33.el6_3.2.x86_64.rpm krb5-server-1.9-33.el6_3.2.x86_64.rpm krb5-server-ldap-1.9-33.el6_3.2.i686.rpm krb5-server-ldap-1.9-33.el6_3.2.x86_64.rpm krb5-workstation-1.9-33.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1013.html https://www.redhat.com/security/data/cve/CVE-2012-1015.html https://access.redhat.com/security/updates/classification/#important http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGD9fXlSAg2UNWIIRApSAAKCHi4KeeiKCrJ8L0u4jvi3iiHKUzwCfTT1i myd999k9tnij2ycFJJeNbwY= =dYAH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 31 20:27:10 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 31 Jul 2012 20:27:10 +0000 Subject: [RHSA-2012:1132-01] Important: icedtea-web security update Message-ID: <201207312027.q6VKRC1L031777@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: icedtea-web security update Advisory ID: RHSA-2012:1132-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1132.html Issue date: 2012-07-31 CVE Names: CVE-2012-3422 CVE-2012-3423 ===================================================================== 1. Summary: Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422) It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423) Red Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422 issue. This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 840592 - CVE-2012-3422 icedtea-web: getvalueforurl uninitialized instance pointer 841345 - CVE-2012-3423 icedtea-web: incorrect handling of not 0-terminated strings 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-1.2.1-1.el6_3.i686.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-1.2.1-1.el6_3.x86_64.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm icedtea-web-javadoc-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm icedtea-web-javadoc-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm x86_64: icedtea-web-1.2.1-1.el6_3.x86_64.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm x86_64: icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm icedtea-web-javadoc-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-1.2.1-1.el6_3.i686.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-1.2.1-1.el6_3.x86_64.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm icedtea-web-javadoc-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm icedtea-web-javadoc-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-1.2.1-1.el6_3.i686.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-1.2.1-1.el6_3.x86_64.rpm icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/icedtea-web-1.2.1-1.el6_3.src.rpm i386: icedtea-web-debuginfo-1.2.1-1.el6_3.i686.rpm icedtea-web-javadoc-1.2.1-1.el6_3.i686.rpm x86_64: icedtea-web-debuginfo-1.2.1-1.el6_3.x86_64.rpm icedtea-web-javadoc-1.2.1-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3422.html https://www.redhat.com/security/data/cve/CVE-2012-3423.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQGD+FXlSAg2UNWIIRAk5vAJ0Xi9h0qrKSpZ5hR4AAsKIZZDYYswCfeGgv +ViLwaW2WfMsNySDZHdkWsM= =2Tub -----END PGP SIGNATURE-----