From bugzilla at redhat.com Tue Jun 5 01:58:47 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jun 2012 01:58:47 +0000 Subject: [RHSA-2012:0705-01] Important: openoffice.org security update Message-ID: <201206050158.q551wkeN013421@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2012:0705-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0705.html Issue date: 2012-06-04 CVE Names: CVE-2012-1149 CVE-2012-2334 ===================================================================== 1. Summary: Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-2334) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the JPEG, PNG, and BMP image file reader implementations in OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG, or BMP image file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1149) Upstream acknowledges Sven Jacobi as the original reporter of CVE-2012-2334, and Tielei Wang via Secunia SVCRP as the original reporter of CVE-2012-1149. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 821726 - CVE-2012-1149 openoffice.org, libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations 821803 - CVE-2012-2334 openoffice.org, libreoffice: Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.3.src.rpm i386: openoffice.org-base-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-calc-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-core-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-draw-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-headless-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-impress-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-math-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-ure-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-writer-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.3.i386.rpm x86_64: openoffice.org-base-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-calc-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-core-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-draw-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-headless-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-impress-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-math-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-ure-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-writer-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.3.src.rpm i386: openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.3.i386.rpm x86_64: openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.3.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-3.1.1-19.10.el5_8.3.src.rpm i386: openoffice.org-base-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-calc-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-core-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-draw-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-headless-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-impress-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-math-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-ure-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-writer-3.1.1-19.10.el5_8.3.i386.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.3.i386.rpm x86_64: openoffice.org-base-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-calc-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-core-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-debuginfo-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-draw-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-emailmerge-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-graphicfilter-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-headless-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-impress-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-javafilter-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ar-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-bn-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-de-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-es-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-fr-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-it-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nl-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ru-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-sv-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ur-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-math-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-pyuno-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-sdk-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-sdk-doc-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-testtools-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-ure-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-writer-3.1.1-19.10.el5_8.3.x86_64.rpm openoffice.org-xsltfilter-3.1.1-19.10.el5_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_2.7.src.rpm i386: openoffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-bg-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-cs-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-da-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-de-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-en-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-es-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-eu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fa-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ga-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-hu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-it-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ja-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ko-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lb-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-mn-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-nl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ru-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sk-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sv-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-tr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-vi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-zh-3.2.1-19.6.el6_2.7.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_2.7.noarch.rpm x86_64: openoffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_2.7.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.i686.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_2.7.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-bg-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-cs-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-da-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-de-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-en-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-es-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-eu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fa-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ga-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-hu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-it-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ja-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ko-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lb-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-mn-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-nl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ru-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sk-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sv-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-tr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-vi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-zh-3.2.1-19.6.el6_2.7.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_2.7.noarch.rpm ppc64: broffice.org-base-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-math-3.2.1-19.6.el6_2.7.ppc64.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-base-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.ppc.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.ppc.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.ppc64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.ppc64.rpm s390x: broffice.org-base-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-math-3.2.1-19.6.el6_2.7.s390x.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-base-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.s390.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.s390.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.s390x.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.s390x.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_2.7.src.rpm i386: openoffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.i686.rpm noarch: autocorr-af-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-bg-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-cs-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-da-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-de-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-en-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-es-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-eu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fa-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-fr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ga-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-hu-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-it-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ja-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ko-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lb-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-lt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-mn-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-nl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-pt-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-ru-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sk-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sl-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-sv-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-tr-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-vi-3.2.1-19.6.el6_2.7.noarch.rpm autocorr-zh-3.2.1-19.6.el6_2.7.noarch.rpm openoffice.org-opensymbol-fonts-3.2.1-19.6.el6_2.7.noarch.rpm x86_64: openoffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-base-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-calc-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-draw-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-emailmerge-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-graphicfilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-headless-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-impress-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-javafilter-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-af_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ar-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-as_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bg_BG-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-bn-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ca_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cs_CZ-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-cy_GB-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-da_DK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-de-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-dz-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-el_GR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-en-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-es-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-et_EE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-eu_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fi_FI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-fr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ga_IE-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gl_ES-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-gu_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-he_IL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hi_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hr_HR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-hu_HU-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-it-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ja_JP-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-kn_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ko_KR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-lt_LT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mai_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ml_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-mr_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ms_MY-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nb_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nl-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nn_NO-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nr_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-nso_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-or_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pa-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pl_PL-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_BR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-pt_PT-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ro-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ru-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sk_SK-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sl_SI-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sr-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ss_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-st_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-sv-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ta_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-te_IN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-th_TH-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tn_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-tr_TR-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ts_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-uk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ur-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-ve_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-xh_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_CN-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zh_TW-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-langpack-zu_ZA-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-math-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ogltrans-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pdfimport-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presentation-minimizer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-presenter-screen-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-pyuno-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-report-builder-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-ure-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-wiki-publisher-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-writer-core-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-xsltfilter-3.2.1-19.6.el6_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openoffice.org-3.2.1-19.6.el6_2.7.src.rpm i386: broffice.org-base-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-math-3.2.1-19.6.el6_2.7.i686.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.i686.rpm x86_64: broffice.org-base-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-brand-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-calc-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-draw-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-impress-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-math-3.2.1-19.6.el6_2.7.x86_64.rpm broffice.org-writer-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-bsh-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-debuginfo-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.i686.rpm openoffice.org-devel-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-rhino-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-sdk-doc-3.2.1-19.6.el6_2.7.x86_64.rpm openoffice.org-testtools-3.2.1-19.6.el6_2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1149.html https://www.redhat.com/security/data/cve/CVE-2012-2334.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPzWekXlSAg2UNWIIRArP4AJ9xFF+vBtADFnwcWfTbrtpIYKQucwCfakuM ay6zAPqxLp5csPGaQZ0I+uk= =1omN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 5 21:03:35 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Jun 2012 21:03:35 +0000 Subject: [RHSA-2012:0710-01] Critical: firefox security update Message-ID: <201206052103.q55L3bbT010355@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2012:0710-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0710.html Issue date: 2012-06-05 CVE Names: CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application's intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827829 - CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34) 827830 - CVE-2012-1944 Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36) 827831 - CVE-2012-1945 Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37) 827832 - CVE-2012-1946 Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38) 827843 - CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.5-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.5-1.el5_8.src.rpm i386: firefox-10.0.5-1.el5_8.i386.rpm firefox-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-10.0.5-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm x86_64: firefox-10.0.5-1.el5_8.i386.rpm firefox-10.0.5-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.5-1.el5_8.i386.rpm firefox-debuginfo-10.0.5-1.el5_8.x86_64.rpm xulrunner-10.0.5-1.el5_8.i386.rpm xulrunner-10.0.5-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.5-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.5-1.el5_8.src.rpm i386: xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-devel-10.0.5-1.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.5-1.el5_8.x86_64.rpm xulrunner-devel-10.0.5-1.el5_8.i386.rpm xulrunner-devel-10.0.5-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.5-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.5-1.el5_8.src.rpm i386: firefox-10.0.5-1.el5_8.i386.rpm firefox-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-10.0.5-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-devel-10.0.5-1.el5_8.i386.rpm ia64: firefox-10.0.5-1.el5_8.ia64.rpm firefox-debuginfo-10.0.5-1.el5_8.ia64.rpm xulrunner-10.0.5-1.el5_8.ia64.rpm xulrunner-debuginfo-10.0.5-1.el5_8.ia64.rpm xulrunner-devel-10.0.5-1.el5_8.ia64.rpm ppc: firefox-10.0.5-1.el5_8.ppc.rpm firefox-debuginfo-10.0.5-1.el5_8.ppc.rpm xulrunner-10.0.5-1.el5_8.ppc.rpm xulrunner-10.0.5-1.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.5-1.el5_8.ppc.rpm xulrunner-debuginfo-10.0.5-1.el5_8.ppc64.rpm xulrunner-devel-10.0.5-1.el5_8.ppc.rpm xulrunner-devel-10.0.5-1.el5_8.ppc64.rpm s390x: firefox-10.0.5-1.el5_8.s390.rpm firefox-10.0.5-1.el5_8.s390x.rpm firefox-debuginfo-10.0.5-1.el5_8.s390.rpm firefox-debuginfo-10.0.5-1.el5_8.s390x.rpm xulrunner-10.0.5-1.el5_8.s390.rpm xulrunner-10.0.5-1.el5_8.s390x.rpm xulrunner-debuginfo-10.0.5-1.el5_8.s390.rpm xulrunner-debuginfo-10.0.5-1.el5_8.s390x.rpm xulrunner-devel-10.0.5-1.el5_8.s390.rpm xulrunner-devel-10.0.5-1.el5_8.s390x.rpm x86_64: firefox-10.0.5-1.el5_8.i386.rpm firefox-10.0.5-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.5-1.el5_8.i386.rpm firefox-debuginfo-10.0.5-1.el5_8.x86_64.rpm xulrunner-10.0.5-1.el5_8.i386.rpm xulrunner-10.0.5-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.5-1.el5_8.x86_64.rpm xulrunner-devel-10.0.5-1.el5_8.i386.rpm xulrunner-devel-10.0.5-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.5-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: firefox-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm x86_64: firefox-10.0.5-1.el6_2.i686.rpm firefox-10.0.5-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm x86_64: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.5-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm x86_64: firefox-10.0.5-1.el6_2.i686.rpm firefox-10.0.5-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.5-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: firefox-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm ppc64: firefox-10.0.5-1.el6_2.ppc.rpm firefox-10.0.5-1.el6_2.ppc64.rpm firefox-debuginfo-10.0.5-1.el6_2.ppc.rpm firefox-debuginfo-10.0.5-1.el6_2.ppc64.rpm xulrunner-10.0.5-1.el6_2.ppc.rpm xulrunner-10.0.5-1.el6_2.ppc64.rpm xulrunner-debuginfo-10.0.5-1.el6_2.ppc.rpm xulrunner-debuginfo-10.0.5-1.el6_2.ppc64.rpm s390x: firefox-10.0.5-1.el6_2.s390.rpm firefox-10.0.5-1.el6_2.s390x.rpm firefox-debuginfo-10.0.5-1.el6_2.s390.rpm firefox-debuginfo-10.0.5-1.el6_2.s390x.rpm xulrunner-10.0.5-1.el6_2.s390.rpm xulrunner-10.0.5-1.el6_2.s390x.rpm xulrunner-debuginfo-10.0.5-1.el6_2.s390.rpm xulrunner-debuginfo-10.0.5-1.el6_2.s390x.rpm x86_64: firefox-10.0.5-1.el6_2.i686.rpm firefox-10.0.5-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm ppc64: xulrunner-debuginfo-10.0.5-1.el6_2.ppc.rpm xulrunner-debuginfo-10.0.5-1.el6_2.ppc64.rpm xulrunner-devel-10.0.5-1.el6_2.ppc.rpm xulrunner-devel-10.0.5-1.el6_2.ppc64.rpm s390x: xulrunner-debuginfo-10.0.5-1.el6_2.s390.rpm xulrunner-debuginfo-10.0.5-1.el6_2.s390x.rpm xulrunner-devel-10.0.5-1.el6_2.s390.rpm xulrunner-devel-10.0.5-1.el6_2.s390x.rpm x86_64: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.5-1.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: firefox-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm x86_64: firefox-10.0.5-1.el6_2.i686.rpm firefox-10.0.5-1.el6_2.x86_64.rpm firefox-debuginfo-10.0.5-1.el6_2.i686.rpm firefox-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-10.0.5-1.el6_2.i686.rpm xulrunner-10.0.5-1.el6_2.x86_64.rpm xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.5-1.el6_2.src.rpm i386: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm x86_64: xulrunner-debuginfo-10.0.5-1.el6_2.i686.rpm xulrunner-debuginfo-10.0.5-1.el6_2.x86_64.rpm xulrunner-devel-10.0.5-1.el6_2.i686.rpm xulrunner-devel-10.0.5-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3101.html https://www.redhat.com/security/data/cve/CVE-2012-1937.html https://www.redhat.com/security/data/cve/CVE-2012-1938.html https://www.redhat.com/security/data/cve/CVE-2012-1939.html https://www.redhat.com/security/data/cve/CVE-2012-1940.html https://www.redhat.com/security/data/cve/CVE-2012-1941.html https://www.redhat.com/security/data/cve/CVE-2012-1944.html https://www.redhat.com/security/data/cve/CVE-2012-1945.html https://www.redhat.com/security/data/cve/CVE-2012-1946.html https://www.redhat.com/security/data/cve/CVE-2012-1947.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPznQIXlSAg2UNWIIRAo5PAJwP48Fo83dbwsKjMeMM83JfDdPjWQCgsi0V C97u2GJGu2OzbeRQAxLblNU= =aJeh -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 6 23:49:15 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Jun 2012 23:49:15 +0000 Subject: [RHSA-2012:0715-01] Critical: thunderbird security update Message-ID: <201206062349.q56NnHAR010861@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2012:0715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0715.html Issue date: 2012-06-06 CVE Names: CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827829 - CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-3105 Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34) 827830 - CVE-2012-1944 Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36) 827831 - CVE-2012-1945 Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37) 827832 - CVE-2012-1946 Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38) 827843 - CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-10.0.5-2.el5_8.src.rpm i386: thunderbird-10.0.5-2.el5_8.i386.rpm thunderbird-debuginfo-10.0.5-2.el5_8.i386.rpm x86_64: thunderbird-10.0.5-2.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.5-2.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-10.0.5-2.el5_8.src.rpm i386: thunderbird-10.0.5-2.el5_8.i386.rpm thunderbird-debuginfo-10.0.5-2.el5_8.i386.rpm x86_64: thunderbird-10.0.5-2.el5_8.x86_64.rpm thunderbird-debuginfo-10.0.5-2.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-10.0.5-2.el6_2.src.rpm i386: thunderbird-10.0.5-2.el6_2.i686.rpm thunderbird-debuginfo-10.0.5-2.el6_2.i686.rpm x86_64: thunderbird-10.0.5-2.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.5-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-10.0.5-2.el6_2.src.rpm i386: thunderbird-10.0.5-2.el6_2.i686.rpm thunderbird-debuginfo-10.0.5-2.el6_2.i686.rpm ppc64: thunderbird-10.0.5-2.el6_2.ppc64.rpm thunderbird-debuginfo-10.0.5-2.el6_2.ppc64.rpm s390x: thunderbird-10.0.5-2.el6_2.s390x.rpm thunderbird-debuginfo-10.0.5-2.el6_2.s390x.rpm x86_64: thunderbird-10.0.5-2.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.5-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-10.0.5-2.el6_2.src.rpm i386: thunderbird-10.0.5-2.el6_2.i686.rpm thunderbird-debuginfo-10.0.5-2.el6_2.i686.rpm x86_64: thunderbird-10.0.5-2.el6_2.x86_64.rpm thunderbird-debuginfo-10.0.5-2.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3101.html https://www.redhat.com/security/data/cve/CVE-2012-1937.html https://www.redhat.com/security/data/cve/CVE-2012-1938.html https://www.redhat.com/security/data/cve/CVE-2012-1939.html https://www.redhat.com/security/data/cve/CVE-2012-1940.html https://www.redhat.com/security/data/cve/CVE-2012-1941.html https://www.redhat.com/security/data/cve/CVE-2012-1944.html https://www.redhat.com/security/data/cve/CVE-2012-1945.html https://www.redhat.com/security/data/cve/CVE-2012-1946.html https://www.redhat.com/security/data/cve/CVE-2012-1947.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPz+xsXlSAg2UNWIIRAkzYAJ9KLlUyosKzJXX0v796Za/sGGUTbwCguzz6 gcDJo4Vphw4vCodjwCWHSpM= =GCMY -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 7 16:55:41 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Jun 2012 16:55:41 +0000 Subject: [RHSA-2012:0716-01] Important: bind security update Message-ID: <201206071655.q57GtgUR014077@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:0716-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0716.html Issue date: 2012-06-07 CVE Names: CVE-2012-1033 CVE-2012-1667 ===================================================================== 1. Summary: Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 788650 - CVE-2012-1033 bind: deleted domain name resolving flaw 828078 - CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.1.src.rpm i386: bind-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-libs-9.3.6-20.P1.el5_8.1.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.1.i386.rpm bind-utils-9.3.6-20.P1.el5_8.1.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.1.i386.rpm bind-libs-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.1.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-devel-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.1.src.rpm i386: bind-9.3.6-20.P1.el5_8.1.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-libs-9.3.6-20.P1.el5_8.1.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.1.i386.rpm bind-utils-9.3.6-20.P1.el5_8.1.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.1.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.1.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.1.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.1.i386.rpm bind-libs-9.3.6-20.P1.el5_8.1.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.1.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.1.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.1.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.1.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.1.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.1.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.1.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.1.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.1.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.1.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.1.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.1.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.1.s390.rpm bind-devel-9.3.6-20.P1.el5_8.1.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.1.s390.rpm bind-libs-9.3.6-20.P1.el5_8.1.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.1.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.1.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-devel-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.1.i386.rpm bind-libs-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.1.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.1.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-utils-9.7.3-8.P3.el6_2.3.i686.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-9.7.3-8.P3.el6_2.3.i686.rpm bind-chroot-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-sdb-9.7.3-8.P3.el6_2.3.i686.rpm x86_64: bind-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-9.7.3-8.P3.el6_2.3.i686.rpm bind-chroot-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-utils-9.7.3-8.P3.el6_2.3.i686.rpm ppc64: bind-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-chroot-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.ppc.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-libs-9.7.3-8.P3.el6_2.3.ppc.rpm bind-libs-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-utils-9.7.3-8.P3.el6_2.3.ppc64.rpm s390x: bind-9.7.3-8.P3.el6_2.3.s390x.rpm bind-chroot-9.7.3-8.P3.el6_2.3.s390x.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.s390.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.s390x.rpm bind-libs-9.7.3-8.P3.el6_2.3.s390.rpm bind-libs-9.7.3-8.P3.el6_2.3.s390x.rpm bind-utils-9.7.3-8.P3.el6_2.3.s390x.rpm x86_64: bind-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-sdb-9.7.3-8.P3.el6_2.3.i686.rpm ppc64: bind-debuginfo-9.7.3-8.P3.el6_2.3.ppc.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-devel-9.7.3-8.P3.el6_2.3.ppc.rpm bind-devel-9.7.3-8.P3.el6_2.3.ppc64.rpm bind-sdb-9.7.3-8.P3.el6_2.3.ppc64.rpm s390x: bind-debuginfo-9.7.3-8.P3.el6_2.3.s390.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.s390x.rpm bind-devel-9.7.3-8.P3.el6_2.3.s390.rpm bind-devel-9.7.3-8.P3.el6_2.3.s390x.rpm bind-sdb-9.7.3-8.P3.el6_2.3.s390x.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-9.7.3-8.P3.el6_2.3.i686.rpm bind-chroot-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-utils-9.7.3-8.P3.el6_2.3.i686.rpm x86_64: bind-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.3.i686.rpm bind-libs-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-8.P3.el6_2.3.src.rpm i386: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-sdb-9.7.3-8.P3.el6_2.3.i686.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.3.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.3.i686.rpm bind-devel-9.7.3-8.P3.el6_2.3.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1033.html https://www.redhat.com/security/data/cve/CVE-2012-1667.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-1033 http://www.isc.org/software/bind/advisories/cve-2012-1667 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP0Nz8XlSAg2UNWIIRAto/AJ43YfxeNj0egsDjoQ5+f3ug3dq5UACgtuRW bFJi8sEAw9cZ9KrRFhMK2aA= =n2ec -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 7 16:56:13 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Jun 2012 16:56:13 +0000 Subject: [RHSA-2012:0717-01] Important: bind97 security update Message-ID: <201206071656.q57GuF5o027382@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2012:0717-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0717.html Issue date: 2012-06-07 CVE Names: CVE-2012-1033 CVE-2012-1667 ===================================================================== 1. Summary: Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 788650 - CVE-2012-1033 bind: deleted domain name resolving flaw 828078 - CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.1.src.rpm i386: bind97-9.7.0-10.P2.el5_8.1.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.1.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.1.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.1.i386.rpm x86_64: bind97-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.1.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.1.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.1.src.rpm i386: bind97-9.7.0-10.P2.el5_8.1.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.1.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.1.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.1.i386.rpm ia64: bind97-9.7.0-10.P2.el5_8.1.ia64.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.ia64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.ia64.rpm bind97-devel-9.7.0-10.P2.el5_8.1.ia64.rpm bind97-libs-9.7.0-10.P2.el5_8.1.ia64.rpm bind97-utils-9.7.0-10.P2.el5_8.1.ia64.rpm ppc: bind97-9.7.0-10.P2.el5_8.1.ppc.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.ppc64.rpm bind97-devel-9.7.0-10.P2.el5_8.1.ppc.rpm bind97-devel-9.7.0-10.P2.el5_8.1.ppc64.rpm bind97-libs-9.7.0-10.P2.el5_8.1.ppc.rpm bind97-libs-9.7.0-10.P2.el5_8.1.ppc64.rpm bind97-utils-9.7.0-10.P2.el5_8.1.ppc.rpm s390x: bind97-9.7.0-10.P2.el5_8.1.s390x.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.s390x.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.s390.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.s390x.rpm bind97-devel-9.7.0-10.P2.el5_8.1.s390.rpm bind97-devel-9.7.0-10.P2.el5_8.1.s390x.rpm bind97-libs-9.7.0-10.P2.el5_8.1.s390.rpm bind97-libs-9.7.0-10.P2.el5_8.1.s390x.rpm bind97-utils-9.7.0-10.P2.el5_8.1.s390x.rpm x86_64: bind97-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.1.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.1.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.1.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1033.html https://www.redhat.com/security/data/cve/CVE-2012-1667.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-1033 http://www.isc.org/software/bind/advisories/cve-2012-1667 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP0N0ZXlSAg2UNWIIRAkYrAJ4jFwi1iQbB4SX6MfCxF13YVA2BrQCfbjOQ 7rhXfeFSbVDrLof2i1EcYR4= =aI87 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 12 14:16:49 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jun 2012 14:16:49 +0000 Subject: [RHSA-2012:0720-01] Important: kernel security and bug fix update Message-ID: <201206121416.q5CEGo71012911@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:0720-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0720.html Issue date: 2012-06-12 CVE Names: CVE-2012-0217 CVE-2012-1583 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) Note: For Red Hat Enterprise Linux guests, only privileged guest users can exploit CVE-2012-0217. * A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash. (CVE-2012-1583, Important) If you do not run applications that use xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a "/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to it: blacklist xfrm6_tunnel This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect. Red Hat would like to thank the Xen project for reporting CVE-2012-0217. Upstream acknowledges Rafal Wojtczuk as the original reporter of CVE-2012-0217. This update also fixes the following bugs: * Under rare circumstances, a bug in the vsyscall interface caused the gdb debugger to terminate unexpectedly with a segmentation fault when run on the AMD64 or Intel 64 architecture. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#807929) * Incorrect duplicate MAC addresses were being used on a rack network daughter card that contained a quad-port Intel I350 Gigabit Ethernet Controller. With this update, the underlying source code has been modified to address this issue, and correct MAC addresses are now used under all circumstances. (BZ#813195) * When the Fibre Channel (FC) layer sets a device to "running", the layer also scans for other new devices. Previously, there was a race condition between these two operations. Consequently, for certain targets, thousands of invalid devices were created by the SCSI layer and the udev service. This update ensures that the FC layer always sets a device to "online" before scanning for others, thus fixing this bug. Additionally, when attempting to transition priority groups on a busy FC device, the multipath layer retried immediately. If this was the only available path, a large number of retry operations were performed in a short period of time. Consequently, the logging of retry messages slowed down the system. This bug has been fixed by ensuring that the DM Multipath feature delays retry operations in the described scenario. (BZ#816683) * Due to incorrect use of the list_for_each_entry_safe() macro, the enumeration of remote procedure calls (RPCs) priority wait queue tasks stored in the tk_wait.links list failed. As a consequence, the rpc_wake_up() and rpc_wake_up_status() functions failed to wake up all tasks. This caused the system to become unresponsive and could significantly decrease system performance. Now, the list_for_each_entry_safe() macro is no longer used in rpc_wake_up(), ensuring reasonable system performance. (BZ#817570) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 752304 - CVE-2012-1583 kernel: ipv6: panic using raw sockets 813428 - CVE-2012-0217 kernel: x86-64: avoid sysret to non-canonical address 817570 - Fix RPC priority queue wake up all tasks processing [rhel-5.6.z] 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: kernel-2.6.18-238.39.1.el5.src.rpm i386: kernel-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.39.1.el5.i686.rpm kernel-debug-2.6.18-238.39.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.39.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.i686.rpm kernel-devel-2.6.18-238.39.1.el5.i686.rpm kernel-headers-2.6.18-238.39.1.el5.i386.rpm kernel-xen-2.6.18-238.39.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.39.1.el5.i686.rpm ia64: kernel-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.ia64.rpm kernel-devel-2.6.18-238.39.1.el5.ia64.rpm kernel-headers-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.39.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.39.1.el5.noarch.rpm ppc: kernel-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.ppc64.rpm kernel-devel-2.6.18-238.39.1.el5.ppc64.rpm kernel-headers-2.6.18-238.39.1.el5.ppc.rpm kernel-headers-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.39.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.39.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.s390x.rpm kernel-devel-2.6.18-238.39.1.el5.s390x.rpm kernel-headers-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.39.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.x86_64.rpm kernel-devel-2.6.18-238.39.1.el5.x86_64.rpm kernel-headers-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.39.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0217.html https://www.redhat.com/security/data/cve/CVE-2012-1583.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP108HXlSAg2UNWIIRAj5UAJ9YsztYld6JGCfPndHar/ssDxfmugCfQC+f TFHpI/5AR+uMuq1ZCrDehOY= =EiVv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 12 14:18:31 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jun 2012 14:18:31 +0000 Subject: [RHSA-2012:0721-01] Important: kernel security update Message-ID: <201206121418.q5CEIWxk019272@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2012:0721-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0721.html Issue date: 2012-06-12 CVE Names: CVE-2012-0217 CVE-2012-2934 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) * It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used ("allow_unsafe=on"). This option should only be used with hosts that are running trusted guests, as setting it to "on" reintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934, Moderate) Note: For Red Hat Enterprise Linux guests, only privileged guest users can exploit the CVE-2012-0217 and CVE-2012-2934 issues. Red Hat would like to thank the Xen project for reporting these issues. Upstream acknowledges Rafal Wojtczuk as the original reporter of CVE-2012-0217. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 813428 - CVE-2012-0217 kernel: x86-64: avoid sysret to non-canonical address 824966 - CVE-2012-2934 kernel: denial of service due to AMD Erratum #121 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.8.2.el5.src.rpm i386: kernel-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-devel-2.6.18-308.8.2.el5.i686.rpm kernel-debug-2.6.18-308.8.2.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-debug-devel-2.6.18-308.8.2.el5.i686.rpm kernel-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.i686.rpm kernel-devel-2.6.18-308.8.2.el5.i686.rpm kernel-headers-2.6.18-308.8.2.el5.i386.rpm kernel-xen-2.6.18-308.8.2.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-xen-devel-2.6.18-308.8.2.el5.i686.rpm noarch: kernel-doc-2.6.18-308.8.2.el5.noarch.rpm x86_64: kernel-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.8.2.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.x86_64.rpm kernel-devel-2.6.18-308.8.2.el5.x86_64.rpm kernel-headers-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.8.2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.8.2.el5.src.rpm i386: kernel-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-PAE-devel-2.6.18-308.8.2.el5.i686.rpm kernel-debug-2.6.18-308.8.2.el5.i686.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-debug-devel-2.6.18-308.8.2.el5.i686.rpm kernel-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.i686.rpm kernel-devel-2.6.18-308.8.2.el5.i686.rpm kernel-headers-2.6.18-308.8.2.el5.i386.rpm kernel-xen-2.6.18-308.8.2.el5.i686.rpm kernel-xen-debuginfo-2.6.18-308.8.2.el5.i686.rpm kernel-xen-devel-2.6.18-308.8.2.el5.i686.rpm ia64: kernel-2.6.18-308.8.2.el5.ia64.rpm kernel-debug-2.6.18-308.8.2.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.ia64.rpm kernel-debug-devel-2.6.18-308.8.2.el5.ia64.rpm kernel-debuginfo-2.6.18-308.8.2.el5.ia64.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.ia64.rpm kernel-devel-2.6.18-308.8.2.el5.ia64.rpm kernel-headers-2.6.18-308.8.2.el5.ia64.rpm kernel-xen-2.6.18-308.8.2.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-308.8.2.el5.ia64.rpm kernel-xen-devel-2.6.18-308.8.2.el5.ia64.rpm noarch: kernel-doc-2.6.18-308.8.2.el5.noarch.rpm ppc: kernel-2.6.18-308.8.2.el5.ppc64.rpm kernel-debug-2.6.18-308.8.2.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.ppc64.rpm kernel-debug-devel-2.6.18-308.8.2.el5.ppc64.rpm kernel-debuginfo-2.6.18-308.8.2.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.ppc64.rpm kernel-devel-2.6.18-308.8.2.el5.ppc64.rpm kernel-headers-2.6.18-308.8.2.el5.ppc.rpm kernel-headers-2.6.18-308.8.2.el5.ppc64.rpm kernel-kdump-2.6.18-308.8.2.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-308.8.2.el5.ppc64.rpm kernel-kdump-devel-2.6.18-308.8.2.el5.ppc64.rpm s390x: kernel-2.6.18-308.8.2.el5.s390x.rpm kernel-debug-2.6.18-308.8.2.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.s390x.rpm kernel-debug-devel-2.6.18-308.8.2.el5.s390x.rpm kernel-debuginfo-2.6.18-308.8.2.el5.s390x.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.s390x.rpm kernel-devel-2.6.18-308.8.2.el5.s390x.rpm kernel-headers-2.6.18-308.8.2.el5.s390x.rpm kernel-kdump-2.6.18-308.8.2.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-308.8.2.el5.s390x.rpm kernel-kdump-devel-2.6.18-308.8.2.el5.s390x.rpm x86_64: kernel-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-debug-devel-2.6.18-308.8.2.el5.x86_64.rpm kernel-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-308.8.2.el5.x86_64.rpm kernel-devel-2.6.18-308.8.2.el5.x86_64.rpm kernel-headers-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-308.8.2.el5.x86_64.rpm kernel-xen-devel-2.6.18-308.8.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0217.html https://www.redhat.com/security/data/cve/CVE-2012-2934.html https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=824966 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP10+HXlSAg2UNWIIRAsCeAJ0Q6UFqpxUTB1kd72AOvezgpXS/sACgo9cu wA5TRw8piWGX8FxWuh2Tn2Q= =tKk4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 12 14:20:48 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Jun 2012 14:20:48 +0000 Subject: [RHSA-2012:0722-01] Critical: flash-plugin security update Message-ID: <201206121420.q5CEKr4j030993@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0722-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html Issue date: 2012-06-12 CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2038 CVE-2012-2039 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-14, listed in the References section. Several security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. (CVE-2012-2038) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.20. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14) 830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.20-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.20-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.20-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.20-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.20-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.20-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.20-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.20-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.20-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.20-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2034.html https://www.redhat.com/security/data/cve/CVE-2012-2035.html https://www.redhat.com/security/data/cve/CVE-2012-2036.html https://www.redhat.com/security/data/cve/CVE-2012-2037.html https://www.redhat.com/security/data/cve/CVE-2012-2038.html https://www.redhat.com/security/data/cve/CVE-2012-2039.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-14.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF ixtzEGNgHcJfH27QkDYqNLk= =picc -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 13 13:35:22 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Jun 2012 13:35:22 +0000 Subject: [RHSA-2012:0729-01] Critical: java-1.6.0-openjdk security update Message-ID: <201206131335.q5DDZMcg016500@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0729-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0729.html Issue date: 2012-06-13 CVE Names: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.3. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.3/NEWS http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2Ja7XlSAg2UNWIIRAokFAJ9V8VJuhVGk/NeIz9cIUFTWFq0Y/ACfT9AU CU7+p+0KxnampfpTiGqnnPM= =ZEhT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 13 13:38:34 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Jun 2012 13:38:34 +0000 Subject: [RHSA-2012:0730-01] Important: java-1.6.0-openjdk security update Message-ID: <201206131338.q5DDcYSR017741@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0730-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0730.html Issue date: 2012-06-13 CVE Names: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.27.1.10.8.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.8/NEWS http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2Jd9XlSAg2UNWIIRAm0QAJ9j+qCVwwLMGlkVAM5DaQcJ2VLM8QCdGW4G 7Hl6e+4m3kknH1a6LzPCurU= =s92Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 13 14:18:50 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Jun 2012 14:18:50 +0000 Subject: [RHSA-2012:0731-01] Moderate: expat security update Message-ID: <201206131418.q5DEIptn012360@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: expat security update Advisory ID: RHSA-2012:0731-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0731.html Issue date: 2012-06-13 CVE Names: CVE-2012-0876 CVE-2012-1148 ===================================================================== 1. Summary: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 786617 - CVE-2012-0876 expat: hash table collisions CPU usage DoS 801648 - CVE-2012-1148 expat: Memory leak in poolGrow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm x86_64: expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/expat-1.95.8-11.el5_8.src.rpm i386: expat-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.i386.rpm ia64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.ia64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.ia64.rpm expat-devel-1.95.8-11.el5_8.ia64.rpm ppc: expat-1.95.8-11.el5_8.ppc.rpm expat-1.95.8-11.el5_8.ppc64.rpm expat-debuginfo-1.95.8-11.el5_8.ppc.rpm expat-debuginfo-1.95.8-11.el5_8.ppc64.rpm expat-devel-1.95.8-11.el5_8.ppc.rpm expat-devel-1.95.8-11.el5_8.ppc64.rpm s390x: expat-1.95.8-11.el5_8.s390.rpm expat-1.95.8-11.el5_8.s390x.rpm expat-debuginfo-1.95.8-11.el5_8.s390.rpm expat-debuginfo-1.95.8-11.el5_8.s390x.rpm expat-devel-1.95.8-11.el5_8.s390.rpm expat-devel-1.95.8-11.el5_8.s390x.rpm x86_64: expat-1.95.8-11.el5_8.i386.rpm expat-1.95.8-11.el5_8.x86_64.rpm expat-debuginfo-1.95.8-11.el5_8.i386.rpm expat-debuginfo-1.95.8-11.el5_8.x86_64.rpm expat-devel-1.95.8-11.el5_8.i386.rpm expat-devel-1.95.8-11.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm x86_64: expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm ppc64: expat-2.0.1-11.el6_2.ppc.rpm expat-2.0.1-11.el6_2.ppc64.rpm expat-debuginfo-2.0.1-11.el6_2.ppc.rpm expat-debuginfo-2.0.1-11.el6_2.ppc64.rpm expat-devel-2.0.1-11.el6_2.ppc.rpm expat-devel-2.0.1-11.el6_2.ppc64.rpm s390x: expat-2.0.1-11.el6_2.s390.rpm expat-2.0.1-11.el6_2.s390x.rpm expat-debuginfo-2.0.1-11.el6_2.s390.rpm expat-debuginfo-2.0.1-11.el6_2.s390x.rpm expat-devel-2.0.1-11.el6_2.s390.rpm expat-devel-2.0.1-11.el6_2.s390x.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/expat-2.0.1-11.el6_2.src.rpm i386: expat-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.i686.rpm x86_64: expat-2.0.1-11.el6_2.i686.rpm expat-2.0.1-11.el6_2.x86_64.rpm expat-debuginfo-2.0.1-11.el6_2.i686.rpm expat-debuginfo-2.0.1-11.el6_2.x86_64.rpm expat-devel-2.0.1-11.el6_2.i686.rpm expat-devel-2.0.1-11.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0876.html https://www.redhat.com/security/data/cve/CVE-2012-1148.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2KEPXlSAg2UNWIIRAhWPAJ0Q22boGq3FiPI7246uE8qjdEpq3gCfRNip 1zY6/nH/4z7IxjTyIkW0Jkk= =x3IW -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 13 20:26:37 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Jun 2012 20:26:37 +0000 Subject: [RHSA-2012:0734-01] Critical: java-1.6.0-sun security update Message-ID: <201206132026.q5DKQdeU012579@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0734-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0734.html Issue date: 2012-06-13 CVE Names: CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 33 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2PdfXlSAg2UNWIIRAmPoAKC0e7v7/kro/BSlg3WvTcUuUsY5GwCgnIxh yIn7jJFAEdlZRgCuCNL1mk0= =TbeE -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 18 13:52:31 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jun 2012 13:52:31 +0000 Subject: [RHSA-2012:0743-01] Important: kernel security and bug fix update Message-ID: <201206181352.q5IDqVYc003631@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:0743-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0743.html Issue date: 2012-06-18 CVE Names: CVE-2012-0044 CVE-2012-1179 CVE-2012-2119 CVE-2012-2121 CVE-2012-2123 CVE-2012-2136 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 772894 - CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() 803793 - CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON() 806722 - CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fcaps are used 814149 - CVE-2012-2121 kvm: device assignment page leak 814278 - CVE-2012-2119 kernel: macvtap: zerocopy: vector length is not validated before pinning user pages 814657 - kernel crash at ieee80211_mgd_probe_ap_send [rhel-6.2.z] 816151 - CVE-2012-2137 kernel: kvm: buffer overflow in kvm_set_irq() 816226 - add option to disable 5GHz band to iwlwifi [rhel-6.2.z] 816289 - CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb() 818504 - Disable LRO for all NICs that have LRO enabled [rhel-6.2.z] 818505 - xen: fix drive naming [rhel-6.2.z] 819614 - 2.6.32-220 kernel does not work on a HP DL385G6 with HP Smart Array P410 controller and hpsa driver [rhel-6.2.z] 822754 - CVE-2012-2372 kernel: rds-ping cause kernel panic 822821 - CVE-2012-2373 kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-2.6.32-220.23.1.el6.i686.rpm kernel-debug-2.6.32-220.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm kernel-devel-2.6.32-220.23.1.el6.i686.rpm kernel-headers-2.6.32-220.23.1.el6.i686.rpm perf-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.23.1.el6.noarch.rpm kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm perf-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.23.1.el6.noarch.rpm kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm perf-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-2.6.32-220.23.1.el6.i686.rpm kernel-debug-2.6.32-220.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm kernel-devel-2.6.32-220.23.1.el6.i686.rpm kernel-headers-2.6.32-220.23.1.el6.i686.rpm perf-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.23.1.el6.noarch.rpm kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.23.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.23.1.el6.ppc64.rpm kernel-debug-2.6.32-220.23.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.23.1.el6.ppc64.rpm kernel-devel-2.6.32-220.23.1.el6.ppc64.rpm kernel-headers-2.6.32-220.23.1.el6.ppc64.rpm perf-2.6.32-220.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.23.1.el6.s390x.rpm kernel-debug-2.6.32-220.23.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.23.1.el6.s390x.rpm kernel-devel-2.6.32-220.23.1.el6.s390x.rpm kernel-headers-2.6.32-220.23.1.el6.s390x.rpm kernel-kdump-2.6.32-220.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.23.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.23.1.el6.s390x.rpm perf-2.6.32-220.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm perf-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm python-perf-2.6.32-220.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm python-perf-2.6.32-220.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-2.6.32-220.23.1.el6.i686.rpm kernel-debug-2.6.32-220.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm kernel-devel-2.6.32-220.23.1.el6.i686.rpm kernel-headers-2.6.32-220.23.1.el6.i686.rpm perf-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.23.1.el6.noarch.rpm kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm perf-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm python-perf-2.6.32-220.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm python-perf-2.6.32-220.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0044.html https://www.redhat.com/security/data/cve/CVE-2012-1179.html https://www.redhat.com/security/data/cve/CVE-2012-2119.html https://www.redhat.com/security/data/cve/CVE-2012-2121.html https://www.redhat.com/security/data/cve/CVE-2012-2123.html https://www.redhat.com/security/data/cve/CVE-2012-2136.html https://www.redhat.com/security/data/cve/CVE-2012-2137.html https://www.redhat.com/security/data/cve/CVE-2012-2372.html https://www.redhat.com/security/data/cve/CVE-2012-2373.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/kernel.html#RHSA-2012-0743 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP3zJcXlSAg2UNWIIRAlFPAJ9ov0UCSkIqz63r+6YXL9bf0+ADOQCfUIzx w/ZsFuOkCnr15/XGPkEszEQ= =D/pm -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 18 13:54:04 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jun 2012 13:54:04 +0000 Subject: [RHSA-2012:0744-01] Moderate: python security update Message-ID: <201206181354.q5IDs46j016164@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2012:0744-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0744.html Issue date: 2012-06-18 CVE Names: CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new "PYTHONHASHSEED" environment variable or the Python interpreter's "-R" command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) 758905 - CVE-2011-4944 python: distutils creates ~/.pypirc insecurely 789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request 803500 - CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-2.6.6-29.el6_2.2.i686.rpm python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-libs-2.6.6-29.el6_2.2.i686.rpm tkinter-2.6.6-29.el6_2.2.i686.rpm x86_64: python-2.6.6-29.el6_2.2.x86_64.rpm python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-libs-2.6.6-29.el6_2.2.x86_64.rpm tkinter-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-devel-2.6.6-29.el6_2.2.i686.rpm python-test-2.6.6-29.el6_2.2.i686.rpm python-tools-2.6.6-29.el6_2.2.i686.rpm x86_64: python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-devel-2.6.6-29.el6_2.2.x86_64.rpm python-test-2.6.6-29.el6_2.2.x86_64.rpm python-tools-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm x86_64: python-2.6.6-29.el6_2.2.x86_64.rpm python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-libs-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm x86_64: python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-devel-2.6.6-29.el6_2.2.x86_64.rpm python-test-2.6.6-29.el6_2.2.x86_64.rpm python-tools-2.6.6-29.el6_2.2.x86_64.rpm tkinter-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-2.6.6-29.el6_2.2.i686.rpm python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-devel-2.6.6-29.el6_2.2.i686.rpm python-libs-2.6.6-29.el6_2.2.i686.rpm tkinter-2.6.6-29.el6_2.2.i686.rpm ppc64: python-2.6.6-29.el6_2.2.ppc64.rpm python-debuginfo-2.6.6-29.el6_2.2.ppc64.rpm python-devel-2.6.6-29.el6_2.2.ppc64.rpm python-libs-2.6.6-29.el6_2.2.ppc64.rpm tkinter-2.6.6-29.el6_2.2.ppc64.rpm s390x: python-2.6.6-29.el6_2.2.s390x.rpm python-debuginfo-2.6.6-29.el6_2.2.s390x.rpm python-devel-2.6.6-29.el6_2.2.s390x.rpm python-libs-2.6.6-29.el6_2.2.s390x.rpm x86_64: python-2.6.6-29.el6_2.2.x86_64.rpm python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-devel-2.6.6-29.el6_2.2.x86_64.rpm python-libs-2.6.6-29.el6_2.2.x86_64.rpm tkinter-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-test-2.6.6-29.el6_2.2.i686.rpm python-tools-2.6.6-29.el6_2.2.i686.rpm ppc64: python-debuginfo-2.6.6-29.el6_2.2.ppc64.rpm python-test-2.6.6-29.el6_2.2.ppc64.rpm python-tools-2.6.6-29.el6_2.2.ppc64.rpm s390x: python-debuginfo-2.6.6-29.el6_2.2.s390x.rpm python-test-2.6.6-29.el6_2.2.s390x.rpm python-tools-2.6.6-29.el6_2.2.s390x.rpm tkinter-2.6.6-29.el6_2.2.s390x.rpm x86_64: python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-test-2.6.6-29.el6_2.2.x86_64.rpm python-tools-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-2.6.6-29.el6_2.2.i686.rpm python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-devel-2.6.6-29.el6_2.2.i686.rpm python-libs-2.6.6-29.el6_2.2.i686.rpm tkinter-2.6.6-29.el6_2.2.i686.rpm x86_64: python-2.6.6-29.el6_2.2.x86_64.rpm python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-devel-2.6.6-29.el6_2.2.x86_64.rpm python-libs-2.6.6-29.el6_2.2.x86_64.rpm tkinter-2.6.6-29.el6_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-29.el6_2.2.src.rpm i386: python-debuginfo-2.6.6-29.el6_2.2.i686.rpm python-test-2.6.6-29.el6_2.2.i686.rpm python-tools-2.6.6-29.el6_2.2.i686.rpm x86_64: python-debuginfo-2.6.6-29.el6_2.2.x86_64.rpm python-test-2.6.6-29.el6_2.2.x86_64.rpm python-tools-2.6.6-29.el6_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4940.html https://www.redhat.com/security/data/cve/CVE-2011-4944.html https://www.redhat.com/security/data/cve/CVE-2012-0845.html https://www.redhat.com/security/data/cve/CVE-2012-1150.html https://access.redhat.com/security/updates/classification/#moderate http://www.ocert.org/advisories/ocert-2011-003.html https://rhn.redhat.com/errata/RHSA-2012-0731.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP3zLEXlSAg2UNWIIRAiquAJ0dluqeRUIVeNpseyMtcu2hs9hO+ACgm0vr 4UI0eMtMFXwmTtQmkElLR3M= =yK9n -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 18 13:55:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jun 2012 13:55:28 +0000 Subject: [RHSA-2012:0745-01] Moderate: python security update Message-ID: <201206181355.q5IDtSK4004833@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2012:0745-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0745.html Issue date: 2012-06-18 CVE Names: CVE-2011-4940 CVE-2011-4944 CVE-2012-1150 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new "PYTHONHASHSEED" environment variable or the Python interpreter's "-R" command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian W?lde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) 758905 - CVE-2011-4944 python: distutils creates ~/.pypirc insecurely 803500 - CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-46.el5_8.2.src.rpm i386: python-2.4.3-46.el5_8.2.i386.rpm python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-libs-2.4.3-46.el5_8.2.i386.rpm python-tools-2.4.3-46.el5_8.2.i386.rpm tkinter-2.4.3-46.el5_8.2.i386.rpm x86_64: python-2.4.3-46.el5_8.2.x86_64.rpm python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm python-libs-2.4.3-46.el5_8.2.x86_64.rpm python-tools-2.4.3-46.el5_8.2.x86_64.rpm tkinter-2.4.3-46.el5_8.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/python-2.4.3-46.el5_8.2.src.rpm i386: python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-devel-2.4.3-46.el5_8.2.i386.rpm x86_64: python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm python-devel-2.4.3-46.el5_8.2.i386.rpm python-devel-2.4.3-46.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/python-2.4.3-46.el5_8.2.src.rpm i386: python-2.4.3-46.el5_8.2.i386.rpm python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-devel-2.4.3-46.el5_8.2.i386.rpm python-libs-2.4.3-46.el5_8.2.i386.rpm python-tools-2.4.3-46.el5_8.2.i386.rpm tkinter-2.4.3-46.el5_8.2.i386.rpm ia64: python-2.4.3-46.el5_8.2.ia64.rpm python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-debuginfo-2.4.3-46.el5_8.2.ia64.rpm python-devel-2.4.3-46.el5_8.2.ia64.rpm python-libs-2.4.3-46.el5_8.2.i386.rpm python-libs-2.4.3-46.el5_8.2.ia64.rpm python-tools-2.4.3-46.el5_8.2.ia64.rpm tkinter-2.4.3-46.el5_8.2.ia64.rpm ppc: python-2.4.3-46.el5_8.2.ppc.rpm python-debuginfo-2.4.3-46.el5_8.2.ppc.rpm python-debuginfo-2.4.3-46.el5_8.2.ppc64.rpm python-devel-2.4.3-46.el5_8.2.ppc.rpm python-devel-2.4.3-46.el5_8.2.ppc64.rpm python-libs-2.4.3-46.el5_8.2.ppc.rpm python-libs-2.4.3-46.el5_8.2.ppc64.rpm python-tools-2.4.3-46.el5_8.2.ppc.rpm tkinter-2.4.3-46.el5_8.2.ppc.rpm s390x: python-2.4.3-46.el5_8.2.s390x.rpm python-debuginfo-2.4.3-46.el5_8.2.s390.rpm python-debuginfo-2.4.3-46.el5_8.2.s390x.rpm python-devel-2.4.3-46.el5_8.2.s390.rpm python-devel-2.4.3-46.el5_8.2.s390x.rpm python-libs-2.4.3-46.el5_8.2.s390x.rpm python-tools-2.4.3-46.el5_8.2.s390x.rpm tkinter-2.4.3-46.el5_8.2.s390x.rpm x86_64: python-2.4.3-46.el5_8.2.x86_64.rpm python-debuginfo-2.4.3-46.el5_8.2.i386.rpm python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm python-devel-2.4.3-46.el5_8.2.i386.rpm python-devel-2.4.3-46.el5_8.2.x86_64.rpm python-libs-2.4.3-46.el5_8.2.x86_64.rpm python-tools-2.4.3-46.el5_8.2.x86_64.rpm tkinter-2.4.3-46.el5_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4940.html https://www.redhat.com/security/data/cve/CVE-2011-4944.html https://www.redhat.com/security/data/cve/CVE-2012-1150.html https://access.redhat.com/security/updates/classification/#moderate http://www.ocert.org/advisories/ocert-2011-003.html https://rhn.redhat.com/errata/RHSA-2012-0731.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP3zMUXlSAg2UNWIIRAqyPAJoDjqS0epqvQ64ENqZ5CWghLhkTAgCgp99K Vt4Kbkdsu74lN/wGOlUE3Vo= =+4oS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 19 19:46:35 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Jun 2012 19:46:35 +0000 Subject: [RHSA-2012:1015-01] Low: Red Hat Enterprise Linux Extended Update Support 6.0 6-Month EOL Notice Message-ID: <201206191946.q5JJkbVV028604@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 6.0 6-Month EOL Notice Advisory ID: RHSA-2012:1015-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1015.html Issue date: 2012-06-19 ===================================================================== 1. Summary: This is the 6-Month notification of the End Of Life plans for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 6.0. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 6.0 will end on 30th November, 2012. Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.0. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release-server-6Server package that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.0): Source: redhat-release-server-6Server-6.0.0.39.el6_0.src.rpm i386: redhat-release-server-6Server-6.0.0.39.el6_0.i686.rpm ppc64: redhat-release-server-6Server-6.0.0.39.el6_0.ppc64.rpm s390x: redhat-release-server-6Server-6.0.0.39.el6_0.s390x.rpm x86_64: redhat-release-server-6Server-6.0.0.39.el6_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4NcNXlSAg2UNWIIRAoT3AJ9XBQSKBj1MUsXI8MRQxeDifnk2cACfdo96 VJ4kdQRNyj0j+2yAKiiAmJk= =uyDn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:21:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:21:32 +0000 Subject: [RHSA-2012:0748-05] Low: libvirt security, bug fix, and enhancement update Message-ID: <201206200825.q5K8Pb1N024976@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2012:0748-05 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0748.html Issue date: 2012-06-20 CVE Names: CVE-2012-2693 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. (CVE-2012-2693) These updated libvirt packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of libvirt are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 515293 - RFE: Support formatting of new (ext3/4) filesystems for fs storage pool type 589849 - [LXC] Changing shutoff guest max memory can effect current memory 605953 - RFE: Add a command to quickly setup a Bridge Networking for KVM 611823 - Storage driver should prohibit pools with duplicate underlying storage 611824 - RFE: Expose 'virDomainMemoryPeek' and 'virDomainBlockPeek' in python bindings 613537 - [LXC] Fail to start vm that have multi network interfaces. 619846 - virsh dump gives very cryptic error messages 624447 - [vdsm] [libvirt] permission error on run vm task when using NFS storage (libvirt log!) 625115 - cannot run virt-manager as regular user in a VNC session 625362 - libvirt-guests should start and shut down guests in parallel 628823 - DOCS: Document that the bootable disk must be first in the XML 638633 - [RHEL6-Beta] 'virsh attach-interface' succeeds even if a nonexistent script file is specified to the option --script. 639599 - "virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it . 643373 - RFE: Add ability to control link up/down state of guest NICs via XML & on the fly. 648594 - Support online resizing of block devices 673499 - Some virsh vol-* commands require the pool option, but don't indicate this when they fail 673811 - [RFE] VIRSH : Add ability to specify max migration bandwidth 680880 - The defined NFS pool can not be started 685083 - virt-xml-validate fails if xml is generated from running domain 689768 - libvirt should report better error than: cannot send monitor command '{"execute":"qmp_capabilities"}' 693758 - libvirt-guests init script saves but doesn't restore non-persistent domains 697808 - Improve error message when passing XML doc with wrong root element to define/create APIs. 698521 - virsh freecell command help and man pages should be more clear 700272 - RFE add support for "host cpu" in Libvirt 700523 - clearing caps before running ssh breaks prevents ssh-askpass from launching from 'sudo virt-manager' 702260 - Libvirt can't remove logical volume because it doesn't deactivate it first 708735 - [RFE] Show column and line on XML parsing error 709265 - empty vg storage pool can break GetVolumeByPath for all pools 712266 - Hotplug virtio disk fails with error message "Duplicate ID 'drive-virtio-disk2' for drive" 713932 - RFE: implement insert-media and eject-media virsh commands 715019 - (libvirt) Report disk latency (read and write) for each storage device 715590 - Add support for USB 2.0 (EHCI) to libvirt 725269 - generated qemu -smp string is ambiguous, gives unexpected results 725373 - [libvirt] when using domabortjob to abort stuck migration , the migration command still hangs. 726174 - Impossible libvirt remote administration via qemu+ssh 726771 - libvirt does not specify problem file if persistent xml is invalid 729694 - bootindex added after install completes. causes boot failure in KVM with mixed virtio/ide disks 731151 - RFE: allow capabilities/guest XML to be used with virsh cpu-compare 731645 - cpu-baseline should support the complete elements 731656 - virsh: the results of domblkstat is unreadable for user 733587 - Reattach a pci device to host which is using by guest sometimes outputs wrong info 735950 - The network xml with mutiple dhcp sections can be defined and started successfully although there is prompt error 738933 - Improving virsh manual for virsh memtune command 741510 - Aligning issue with snapshot XML description 743671 - USB device can be reassigned to another VM without error 744237 - Corner cases of migration with --dname and dxml 746111 - libvirtd fails to start due to mDNS requirement 747619 - Host PCI device's original states are not honored anymore after deamon is restarted 748248 - libvirt should use vgchange -aly/-aln instead of vgchange -ay/-an for clustered volume groups 748354 - [lxc]setmem will get wrong error message when cgroup is unmounted. 748405 - PCI device will be driver reprobing without honoring the original states 748742 - Expose 'virNodeGetMemoryStats' and 'virNodeGetCPUStats' APIs in python binding 750683 - vol-info get the wrong "Type" for a directory 751631 - Default block cache mode for migration 751725 - virsh detach-device does not change owner and selinux label of USB device if device managed 752255 - libvirt fails to initialize nwfilter when /tmp is mounted with noexec option 753169 - QEMU driver mistakenly passes a plain file FD to QEMU for migration 754128 - Shutting Down VM changes its state to "Pause" for 10sec 758231 - Add support for ESXi 5 758590 - domblklist will returen non zero value when everything is ok 760149 - general error return on migrate after calling abortjob() 760436 - virsh connect fails with remote machine which has different libvirt version 760883 - Failed to install a guest with pxe method 761005 - libvirt [RFE] Add support for new sandy bridge cpu 761344 - memory leak on cmdBlkdeviotune sucessful path 761345 - memory leak on cmdDomIfGetLink sucessful path 761347 - Return value error on the function cmdDomIfGetLink 761402 - memory leak on cmdDomblklist function 761453 - memory leak on remoteDomainScreenshot function 765698 - Improve virsh nodesuspend output information 766308 - libvirtd does not close all fds opened by virt-install 766553 - Expose 'virDomainSnapshotListChildrenNames' API in python binding 767104 - Libvirt shouldn't check the presence of the live snapshot file 767333 - enhance reboot API to use guest agent when available 767364 - RFE [libvirt] add support for AMD Bulldozer cpu 767488 - [libvirt]memleak when "run virsh console guest". 768268 - Libvirt fail to detach PF/VF device when the address of pci device described as decimalism 768450 - libvirt should have mapping for cpu64-rhel cputype 768860 - memory leak on libvirt_virConnectOpenAuth 768870 - Guest can not be started with setting in xml 769224 - memory leak when run 'virsh domxml-to-native' 769251 - blockresize lack of "free lock" after given wrong parameter 769506 - Need to improve virsh domxml-*-native command docs 769752 - Fail to start LXC guest 770031 - the guest's mac will change after attach a vnet with the option persistent and then restart it. 770458 - Request for backporting to move 'send-key' and 'echo' descriptions into other more appropriate sections in virsh man page 770520 - blkiotune set weight on total and virtio device together will cause libvirtd hang 770683 - blockIoTune did not work right with parameters 770919 - Sometimes virsh command screenshot may hang 770940 - memory leaks on libvirt_virDomainGetSchedulerParameters 770941 - memory leaks on libvirt_virDomainGetMemoryParameters 770942 - memory leaks on libvirt_virDomainBlockStatsFlags 770943 - memory leaks on libvirt_virNodeGetCPUStats 770944 - memory leaks on libvirt_virNodeGetMemoryStats 770971 - Expose 'virDomain{Get,Set}InterfaceParameters' APIs in python binding 771016 - virsh destroy a guest . guest status will hang with in shutdown 771021 - Coverity scan revealed defects 771562 - Change numa parameters with 'nodeset' option will crash libvirtd 771570 - Restart libvirtd will get error and fail to reconnect domains on nfs storage 771591 - Expose 'virDomain{G, S}etNumaParameters' APIs in python binding 772697 - libvirt-devel grew a dependency on systemtap, preventing installs on ppc 773208 - Migration with non-existent xml does not report error 773667 - virsh attach-device fails with 'Unable to reset PCI device' for Broadcom NetExtreme II 781562 - [RFE] Support for qemu PCI romfile option 781985 - When detach PCI device from guest, unknown error occurs. 782716 - Change interface parameters with '{in,out}bound' option will crash libvirtd 783184 - storage cloning ignores "sparse" and creates non-sparse disk images 783921 - libvirt cannot disable kvmclock 785164 - libvirt needs ipv6 support for ssh uris 785269 - Make avahi failure on startup non-fatal 786534 - Add vm-pid to VIRT_CONTROL audit events 786674 - Plug memory leak on cmdUndefine 786770 - Unwanted messages when installing libvirt-client 787761 - undefined symbol: libvirt_event_poll_purge_timeout_semaphore 788338 - Resource leaks on virsh desc command 789220 - memory leak on client programming failure path 790436 - libvirt runs qemu with tls options even when certs/keys are not set 790744 - Delete snapshot parent will crash libvirtd 790745 - [Regression]libvirtd dead when create a guest with "--channel pty,target_type=virtio" by virt-install. 790789 - virsh console fails when executed via remote ssh 795093 - [libvirt] missing 'source file' attribute when passing 'optional' param in xml 795127 - pre-migration hook needed at destination 795656 - destroyFlags should raise exception with proper error code 795978 - polkit authorization broken in libvirt 0.9.10 796526 - Improve memory usage readability in guest XML configuration 797066 - Output message error when create a bridge base on an existing network device 798220 - [libvirt]can't start guest with spice 798497 - Plug memory leak on migration 798938 - Snapshot-revert will report error with startupPolicy='requisite' when floppy/cdrom disk is missing 799478 - libvirt emits inappropriate error when using domabortjob to abort stuck migration 800366 - libvirt does not report the system and user cpu usage separately for vms. 801160 - managedsave+restart of VM crashes libvirtd 801443 - Libvirt shouldn't fail on tlsPort setting if none set 801970 - libvirt with QEmu does not support disk filenames with comma 802644 - segfault when attempting to detach non-existent network device 802851 - memory leaks/dangling pointers caused by virDomainDetachDeviceConfig (virsh detach-*) 802854 - memory leak when performing persistent network device update (e.g. virsh domif-setlink --persistent) 802856 - Missing support for persistent hotplug attach/detach of devices 803591 - virsh segfault when attempting to detach disk from non-existent domain 804028 - Cannot roundtrip blkio parameters due to broken deviceWeight handling 806098 - Support qemu 1.0 807147 - virsh snapshot-create --disk-only failed 807555 - Plug memory leak on cmdSnapshotList with failure path 807751 - [libvirt] Failed to set vm niceness with latest libvirt 808371 - libvirtd crashed with SIGSEGV in __strcmp_ssse3() 808459 - USB 2.0 pass-through won't boot guest VM a SECOND time. 808522 - regression in parsing libvirt-generated xml memory limits 808527 - Check for guest agent presence when issuing command 808979 - memory leak in virDomainGetVcpus / virsh vcpuinfo 810100 - occasional segfault while running networkxml2argvtest 810157 - numad: Pre-set memory policy and convert nodeset from numad to CPUs list before affinity setting 810241 - Save the guest to pre-created file on root_squashing export nfs with dynamic_ownership=1 Permission denied 810559 - FTBFS: libvirt has parallel make race that can stop build 811227 - RFE: Ability to specify custom BIOS for QEMU/KVM using XML (for WHQL testing) 811497 - Deadlock in qemu driver on forced console connection 811683 - deal with change from RHEL 6.2 sync block_job_cancel to RHEL 6.3 async block-job-cancel 813972 - libvirt should reject invalid memory values in xml 814021 - [Doc]There is one typo "virsh list --note" in virsh list manual 814080 - Syscall param rt_sigaction(act->sa_flags) points to uninitialised byte(s) 815270 - [Regression]Libvirtd will die if start a guest with macvtap nic. 815791 - deal with qemu block-job-set-speed race fix 816465 - libvirtd may die after restart the service 816662 - Improve virsh blockpull error message for a offline domain 817078 - libvirtd crashing on rhel 6.3 beta vm 817234 - libvirtd crash when start a net with special MAC address 819014 - blockIoTune modifies live xml even on failure 819498 - libvirt: missing spice channel 'usbredir' 819499 - libvirt: missing spice channel 'default' 819636 - virsh heap corruption due to bad memmove 820461 - numad support is lost in the 6.3 build. 820869 - Fix automatic PCI address assignment for USB2 companion controllers 831164 - CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-python-0.9.10-21.el6.i686.rpm x86_64: libvirt-0.9.10-21.el6.x86_64.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-python-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm x86_64: libvirt-0.9.10-21.el6.x86_64.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-python-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-python-0.9.10-21.el6.i686.rpm ppc64: libvirt-0.9.10-21.el6.ppc64.rpm libvirt-client-0.9.10-21.el6.ppc.rpm libvirt-client-0.9.10-21.el6.ppc64.rpm libvirt-debuginfo-0.9.10-21.el6.ppc.rpm libvirt-debuginfo-0.9.10-21.el6.ppc64.rpm libvirt-devel-0.9.10-21.el6.ppc.rpm libvirt-devel-0.9.10-21.el6.ppc64.rpm libvirt-python-0.9.10-21.el6.ppc64.rpm s390x: libvirt-0.9.10-21.el6.s390x.rpm libvirt-client-0.9.10-21.el6.s390.rpm libvirt-client-0.9.10-21.el6.s390x.rpm libvirt-debuginfo-0.9.10-21.el6.s390.rpm libvirt-debuginfo-0.9.10-21.el6.s390x.rpm libvirt-devel-0.9.10-21.el6.s390.rpm libvirt-devel-0.9.10-21.el6.s390x.rpm libvirt-python-0.9.10-21.el6.s390x.rpm x86_64: libvirt-0.9.10-21.el6.x86_64.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.x86_64.rpm libvirt-python-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-python-0.9.10-21.el6.i686.rpm x86_64: libvirt-0.9.10-21.el6.x86_64.rpm libvirt-client-0.9.10-21.el6.i686.rpm libvirt-client-0.9.10-21.el6.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-devel-0.9.10-21.el6.i686.rpm libvirt-devel-0.9.10-21.el6.x86_64.rpm libvirt-python-0.9.10-21.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6.src.rpm i386: libvirt-debuginfo-0.9.10-21.el6.i686.rpm libvirt-lock-sanlock-0.9.10-21.el6.i686.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2693.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/libvirt.html#RHSA-2012-0748 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YjuXlSAg2UNWIIRAsFmAKCWvOy3GN0pBfbpW1lY3LHwG+TR/QCgva6Y VdwuylSrqCuLVPxmWqhLD/0= =ERgg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:27:10 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:27:10 +0000 Subject: [RHSA-2012:0774-04] Low: libguestfs security, bug fix, and enhancement update Message-ID: <201206200831.q5K8VFwn029631@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libguestfs security, bug fix, and enhancement update Advisory ID: RHSA-2012:0774-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0774.html Issue date: 2012-06-20 CVE Names: CVE-2012-2690 ===================================================================== 1. Summary: Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. (CVE-2012-2690) These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of libguestfs are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 647174 - RHEL6: virt-clone should remove old udev rules when changing MAC address 679737 - libguestfs: improve error message when zerofree is not available in the appliance 719879 - Rebase libguestfs in RHEL 6.3 729076 - libguestfs confuses Hp_recovery partition with Windows root filesystem 731742 - libguestfs should escape special/non-printing characters in debug output 741183 - [RFE] Write a tool to align the partition(s) in a Windows XP image to a multiple of 8 sectors 760221 - RFE: Support inspection of cciss devices 769359 - virt-resize on RHEL 6 kernel fails to re-read the partition table 785305 - ocaml (bytecode) bindings segfault in 'add_drive_opts' 785668 - aug-defnode: daemon crash 789960 - guestfsd crash when try to mount non-exist disk 790958 - multiprovider build error: RuntimeError: link: /tmp/.guestfs-0/kernel /tmp/.guestfs-0/kernel.10139: File exists 795322 - add_ro should return error if not running in a config state 796520 - [RFE] Prevent user from running some appliance configure commands after appliance boot up 797760 - virt-resize on Windows XP in sysprep state causes "UNMOUNTABLE_BOOT_VOLUME" BSOD 798197 - virt-resize confuses format and output_format variables; using --output-format sets the input format 798980 - Libguestfs live support should be disabled in RHEL 6 packages 799695 - guestfs.h fails to compile with c++ compiler 799798 - set_autosync: this function can only be called in the config state at /usr/share/perl5/vendor_perl/Sys/VirtConvert/GuestfsHandle.pm line 107 801273 - Document for set-pgroup need to be updated 801788 - libguestfs holds open file descriptors when handle is launched 803699 - libguestfs inspection fails on Windows XP: libguestfs: error: hivex: could not locate HKLM\SYSTEM\MountedDevices 807557 - virt-sysprep: wrong params are passed to virt-inspector 807905 - mkfs blocksize option breaks when creating btrfs 809401 - inspection doesn't recognize Fedora 17+ (because of grub2 and UsrMove) 811112 - [RFE][virt-sysprep] hostname can not be changed on rhel system 811117 - [RFE][virt-sysprep] net-hwaddr not removed from "ifcfg-*" files on rhel 811673 - guestfs_last_error not set when qemu fails early during launch 812092 - libguestfs cannot open disk images which are symlinks to files that contain ':' (colon) character 813329 - virt-p2v can not convert physical host on MD device 831117 - CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-1.16.19-1.el6.x86_64.rpm libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-java-1.16.19-1.el6.x86_64.rpm libguestfs-tools-1.16.19-1.el6.x86_64.rpm libguestfs-tools-c-1.16.19-1.el6.x86_64.rpm perl-Sys-Guestfs-1.16.19-1.el6.x86_64.rpm python-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-devel-1.16.19-1.el6.x86_64.rpm libguestfs-java-devel-1.16.19-1.el6.x86_64.rpm libguestfs-javadoc-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-devel-1.16.19-1.el6.x86_64.rpm ruby-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-1.16.19-1.el6.x86_64.rpm libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-java-1.16.19-1.el6.x86_64.rpm libguestfs-tools-1.16.19-1.el6.x86_64.rpm libguestfs-tools-c-1.16.19-1.el6.x86_64.rpm perl-Sys-Guestfs-1.16.19-1.el6.x86_64.rpm python-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-devel-1.16.19-1.el6.x86_64.rpm libguestfs-java-devel-1.16.19-1.el6.x86_64.rpm libguestfs-javadoc-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-devel-1.16.19-1.el6.x86_64.rpm ruby-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-1.16.19-1.el6.x86_64.rpm libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-java-1.16.19-1.el6.x86_64.rpm libguestfs-tools-1.16.19-1.el6.x86_64.rpm libguestfs-tools-c-1.16.19-1.el6.x86_64.rpm perl-Sys-Guestfs-1.16.19-1.el6.x86_64.rpm python-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-devel-1.16.19-1.el6.x86_64.rpm libguestfs-java-devel-1.16.19-1.el6.x86_64.rpm libguestfs-javadoc-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-devel-1.16.19-1.el6.x86_64.rpm ruby-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-1.16.19-1.el6.x86_64.rpm libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-java-1.16.19-1.el6.x86_64.rpm libguestfs-tools-1.16.19-1.el6.x86_64.rpm libguestfs-tools-c-1.16.19-1.el6.x86_64.rpm perl-Sys-Guestfs-1.16.19-1.el6.x86_64.rpm python-libguestfs-1.16.19-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.16.19-1.el6.src.rpm x86_64: libguestfs-debuginfo-1.16.19-1.el6.x86_64.rpm libguestfs-devel-1.16.19-1.el6.x86_64.rpm libguestfs-java-devel-1.16.19-1.el6.x86_64.rpm libguestfs-javadoc-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-1.16.19-1.el6.x86_64.rpm ocaml-libguestfs-devel-1.16.19-1.el6.x86_64.rpm ruby-libguestfs-1.16.19-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2690.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/libguestfs.html#RHSA-2012-0774 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YpNXlSAg2UNWIIRAjMvAJ4yxhGifi0V4xmFS1G2iq+02rBzOACgukdr ZV/+NIhPEbXZxQfrPYnY2mg= =kRks -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:27:46 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:27:46 +0000 Subject: [RHSA-2012:0796-04] Moderate: rsyslog security, bug fix, and enhancement update Message-ID: <201206200831.q5K8VpAw013052@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rsyslog security, bug fix, and enhancement update Advisory ID: RHSA-2012:0796-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0796.html Issue date: 2012-06-20 CVE Names: CVE-2011-4623 ===================================================================== 1. Summary: Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default. (CVE-2011-4623) Bug fixes: * Several variables were incorrectly deinitialized with Transport Layer Security (TLS) transport and keys in PKCS#8 format. The rsyslogd daemon aborted with a segmentation fault when keys in this format were provided. Now, the variables are correctly deinitialized. (BZ#727380) * Previously, the imgssapi plug-in initialization was incomplete. As a result, the rsyslogd daemon aborted when configured to provide a GSSAPI listener. Now, the plug-in is correctly initialized. (BZ#756664) * The fully qualified domain name (FQDN) for the localhost used in messages was the first alias found. This did not always produce the expected result on multihomed hosts. With this update, the algorithm uses the alias that corresponds to the hostname. (BZ#767527) * The gtls module leaked a file descriptor every time it was loaded due to an error in the GnuTLS library. No new files or network connections could be opened when the limit for the file descriptor count was reached. This update modifies the gtls module so that it is not unloaded during the process lifetime. (BZ#803550) * rsyslog could not override the hostname to set an alternative hostname for locally generated messages. Now, the local hostname can be overridden. (BZ#805424) * The rsyslogd init script did not pass the lock file path to the 'status' action. As a result, the lock file was ignored and a wrong exit code was returned. This update modifies the init script to pass the lock file to the 'status' action. Now, the correct exit code is returned. (BZ#807608) * Data could be incorrectly deinitialized when rsyslogd was supplied with malformed spool files. The rsyslogd daemon could be aborted with a segmentation fault. This update modifies the underlying code to correctly deinitialize the data. (BZ#813079) * Previously, deinitialization of non-existent data could, in certain error cases, occur. As a result, rsyslogd could abort with a segmentation fault when rsyslog was configured to use a disk assisted queue without specifying a spool file. With this update, the error cases are handled gracefully. (BZ#813084) * The manual page wrongly stated that the '-d' option to turn on debugging caused the daemon to run in the foreground, which was misleading as the current behavior is to run in the background. Now, the manual page reflects the correct behavior. (BZ#820311) * rsyslog attempted to write debugging messages to standard output even when run in the background. This resulted in the debugging information being written to some other output. This was corrected and the debug messages are no longer written to standard output when run in the background. (BZ#820996) * The string buffer to hold the distinguished name (DN) of a certificate was too small. DNs with more than 128 characters were not displayed. This update enlarges the buffer to process longer DNs. (BZ#822118) Enhancements: * Support for rate limiting and multi-line message capability. Now, rsyslogd can limit the number of messages it accepts through a UNIX socket. (BZ#672182) * The addition of the "/etc/rsyslog.d/" configuration directory to supply syslog configuration files. (BZ#740420) All users of rsyslog are advised to upgrade to these updated packages, which upgrade rsyslog to version 5.8.10 and correct these issues and add these enhancements. After installing this update, the rsyslog daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 740420 - Add a /etc/rsyslog.d config directory 769822 - CVE-2011-4623 rsyslog: DoS due integer signedness error while extending rsyslog counted string buffer 803550 - rsyslog fails to initialize gtls driver because of too many open files 813079 - rsyslog segfaults attempting to read a malformed / old format spool file 813084 - rsyslog segfaults when configured with disk queue with non-existent (unnamed) spool file 820311 - Manpage: rsyslogd does the fork in debug mode while manpage says otherwise 820996 - rsyslog writes debug messages to fd 1 even after forking 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-5.8.10-2.el6.i686.rpm rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-gnutls-5.8.10-2.el6.i686.rpm rsyslog-gssapi-5.8.10-2.el6.i686.rpm rsyslog-relp-5.8.10-2.el6.i686.rpm x86_64: rsyslog-5.8.10-2.el6.x86_64.rpm rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-gnutls-5.8.10-2.el6.x86_64.rpm rsyslog-gssapi-5.8.10-2.el6.x86_64.rpm rsyslog-relp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-mysql-5.8.10-2.el6.i686.rpm rsyslog-pgsql-5.8.10-2.el6.i686.rpm rsyslog-snmp-5.8.10-2.el6.i686.rpm x86_64: rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-mysql-5.8.10-2.el6.x86_64.rpm rsyslog-pgsql-5.8.10-2.el6.x86_64.rpm rsyslog-snmp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm x86_64: rsyslog-5.8.10-2.el6.x86_64.rpm rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-gnutls-5.8.10-2.el6.x86_64.rpm rsyslog-gssapi-5.8.10-2.el6.x86_64.rpm rsyslog-relp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm x86_64: rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-mysql-5.8.10-2.el6.x86_64.rpm rsyslog-pgsql-5.8.10-2.el6.x86_64.rpm rsyslog-snmp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-5.8.10-2.el6.i686.rpm rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-gnutls-5.8.10-2.el6.i686.rpm rsyslog-gssapi-5.8.10-2.el6.i686.rpm rsyslog-mysql-5.8.10-2.el6.i686.rpm rsyslog-pgsql-5.8.10-2.el6.i686.rpm rsyslog-relp-5.8.10-2.el6.i686.rpm ppc64: rsyslog-5.8.10-2.el6.ppc64.rpm rsyslog-debuginfo-5.8.10-2.el6.ppc64.rpm rsyslog-gnutls-5.8.10-2.el6.ppc64.rpm rsyslog-gssapi-5.8.10-2.el6.ppc64.rpm rsyslog-mysql-5.8.10-2.el6.ppc64.rpm rsyslog-pgsql-5.8.10-2.el6.ppc64.rpm rsyslog-relp-5.8.10-2.el6.ppc64.rpm s390x: rsyslog-5.8.10-2.el6.s390x.rpm rsyslog-debuginfo-5.8.10-2.el6.s390x.rpm rsyslog-gnutls-5.8.10-2.el6.s390x.rpm rsyslog-gssapi-5.8.10-2.el6.s390x.rpm rsyslog-mysql-5.8.10-2.el6.s390x.rpm rsyslog-pgsql-5.8.10-2.el6.s390x.rpm rsyslog-relp-5.8.10-2.el6.s390x.rpm x86_64: rsyslog-5.8.10-2.el6.x86_64.rpm rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-gnutls-5.8.10-2.el6.x86_64.rpm rsyslog-gssapi-5.8.10-2.el6.x86_64.rpm rsyslog-mysql-5.8.10-2.el6.x86_64.rpm rsyslog-pgsql-5.8.10-2.el6.x86_64.rpm rsyslog-relp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-snmp-5.8.10-2.el6.i686.rpm ppc64: rsyslog-debuginfo-5.8.10-2.el6.ppc64.rpm rsyslog-snmp-5.8.10-2.el6.ppc64.rpm s390x: rsyslog-debuginfo-5.8.10-2.el6.s390x.rpm rsyslog-snmp-5.8.10-2.el6.s390x.rpm x86_64: rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-snmp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-5.8.10-2.el6.i686.rpm rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-gnutls-5.8.10-2.el6.i686.rpm rsyslog-gssapi-5.8.10-2.el6.i686.rpm rsyslog-mysql-5.8.10-2.el6.i686.rpm rsyslog-pgsql-5.8.10-2.el6.i686.rpm rsyslog-relp-5.8.10-2.el6.i686.rpm x86_64: rsyslog-5.8.10-2.el6.x86_64.rpm rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-gnutls-5.8.10-2.el6.x86_64.rpm rsyslog-gssapi-5.8.10-2.el6.x86_64.rpm rsyslog-mysql-5.8.10-2.el6.x86_64.rpm rsyslog-pgsql-5.8.10-2.el6.x86_64.rpm rsyslog-relp-5.8.10-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rsyslog-5.8.10-2.el6.src.rpm i386: rsyslog-debuginfo-5.8.10-2.el6.i686.rpm rsyslog-snmp-5.8.10-2.el6.i686.rpm x86_64: rsyslog-debuginfo-5.8.10-2.el6.x86_64.rpm rsyslog-snmp-5.8.10-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4623.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YpyXlSAg2UNWIIRAj37AJ0aCt34AhiGAlp+8cGlA9wcczi3WgCgvyHt 9pnAdPo1W4pu4Vc1qX4xS1w= =Skcj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:28:44 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:28:44 +0000 Subject: [RHSA-2012:0810-04] Low: busybox security and bug fix update Message-ID: <201206200832.q5K8Wno9030525@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: busybox security and bug fix update Advisory ID: RHSA-2012:0810-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0810.html Issue date: 2012-06-20 CVE Names: CVE-2006-1168 CVE-2011-2716 ===================================================================== 1. Summary: Updated busybox packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168) The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716) This update also fixes the following bugs: * Prior to this update, the "findfs" command did not recognize Btrfs partitions. As a consequence, an error message could occur when dumping a core file. This update adds support for recognizing such partitions so the problem no longer occurs. (BZ#751927) * If the "grep" command was used with the "-F" and "-i" options at the same time, the "-i" option was ignored. As a consequence, the "grep -iF" command incorrectly performed a case-sensitive search instead of an insensitive search. A patch has been applied to ensure that the combination of the "-F" and "-i" options works as expected. (BZ#752134) * Prior to this update, the msh shell did not support the "set -o pipefail" command. This update adds support for this command. (BZ#782018) * Previously, the msh shell could terminate unexpectedly with a segmentation fault when attempting to execute an empty command as a result of variable substitution (for example msh -c '$nonexistent_variable'). With this update, msh has been modified to correctly interpret such commands and no longer crashes in this scenario. (BZ#809092) * Previously, the msh shell incorrectly executed empty loops. As a consequence, msh never exited such a loop even if the loop condition was false, which could cause scripts using the loop to become unresponsive. With this update, msh has been modified to execute and exit empty loops correctly, so that hangs no longer occur. (BZ#752132) All users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression 725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options 752134 - "busybox grep -Fi" doesn't work as expected 809092 - msh crasher bug 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-1.15.1-15.el6.i686.rpm x86_64: busybox-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-petitboot-1.15.1-15.el6.i686.rpm x86_64: busybox-petitboot-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm x86_64: busybox-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm x86_64: busybox-petitboot-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-1.15.1-15.el6.i686.rpm ppc64: busybox-1.15.1-15.el6.ppc64.rpm s390x: busybox-1.15.1-15.el6.s390x.rpm x86_64: busybox-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-petitboot-1.15.1-15.el6.i686.rpm ppc64: busybox-petitboot-1.15.1-15.el6.ppc64.rpm s390x: busybox-petitboot-1.15.1-15.el6.s390x.rpm x86_64: busybox-petitboot-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-1.15.1-15.el6.i686.rpm x86_64: busybox-1.15.1-15.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-15.el6.src.rpm i386: busybox-petitboot-1.15.1-15.el6.i686.rpm x86_64: busybox-petitboot-1.15.1-15.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2006-1168.html https://www.redhat.com/security/data/cve/CVE-2011-2716.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YqqXlSAg2UNWIIRAjdVAJ96VHA7n7IOhYAWL7vwHeOPTn3YJQCdFRUW bt1lqoyrBL1/TH4AmucaKNs= =dzKG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:29:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:29:16 +0000 Subject: [RHSA-2012:0811-04] Low: php-pecl-apc security, bug fix, and enhancement update Message-ID: <201206200833.q5K8XLlQ013688@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: php-pecl-apc security, bug fix, and enhancement update Advisory ID: RHSA-2012:0811-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0811.html Issue date: 2012-06-20 CVE Names: CVE-2010-3294 ===================================================================== 1. Summary: Updated php-pecl-apc packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The php-pecl-apc packages contain APC (Alternative PHP Cache), the framework for caching and optimization of intermediate PHP code. A cross-site scripting (XSS) flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. (CVE-2010-3294) Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root (the default is "/var/www/html/", for example). In addition, the php-pecl-apc packages have been upgraded to upstream version 3.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#662655) All users of php-pecl-apc are advised to upgrade to these updated packages, which fix these issues and add these enhancements. If the "apc.php" script was previously deployed in the web root, it must manually be re-deployed to replace the vulnerable version to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 634334 - CVE-2010-3294 php-pecl-apc: potential XSS in apc.php 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-pecl-apc-3.1.9-2.el6.src.rpm i386: php-pecl-apc-3.1.9-2.el6.i686.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm ppc64: php-pecl-apc-3.1.9-2.el6.ppc64.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.ppc64.rpm s390x: php-pecl-apc-3.1.9-2.el6.s390x.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.s390x.rpm x86_64: php-pecl-apc-3.1.9-2.el6.x86_64.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-pecl-apc-3.1.9-2.el6.src.rpm i386: php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm php-pecl-apc-devel-3.1.9-2.el6.i686.rpm ppc64: php-pecl-apc-debuginfo-3.1.9-2.el6.ppc.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.ppc64.rpm php-pecl-apc-devel-3.1.9-2.el6.ppc.rpm php-pecl-apc-devel-3.1.9-2.el6.ppc64.rpm s390x: php-pecl-apc-debuginfo-3.1.9-2.el6.s390.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.s390x.rpm php-pecl-apc-devel-3.1.9-2.el6.s390.rpm php-pecl-apc-devel-3.1.9-2.el6.s390x.rpm x86_64: php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm php-pecl-apc-devel-3.1.9-2.el6.i686.rpm php-pecl-apc-devel-3.1.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-pecl-apc-3.1.9-2.el6.src.rpm i386: php-pecl-apc-3.1.9-2.el6.i686.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm x86_64: php-pecl-apc-3.1.9-2.el6.x86_64.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-pecl-apc-3.1.9-2.el6.src.rpm i386: php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm php-pecl-apc-devel-3.1.9-2.el6.i686.rpm x86_64: php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm php-pecl-apc-devel-3.1.9-2.el6.i686.rpm php-pecl-apc-devel-3.1.9-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-3294.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YrIXlSAg2UNWIIRAg92AKCh6WeL4UQW57TD3rgXFefq5EODuACgq2fv qKB15fu7LLXs5T+wC0B4jOk= =LOeF -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:29:47 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:29:47 +0000 Subject: [RHSA-2012:0813-04] Low: 389-ds-base security, bug fix, and enhancement update Message-ID: <201206200833.q5K8Xqr4001539@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: 389-ds-base security, bug fix, and enhancement update Advisory ID: RHSA-2012:0813-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0813.html Issue date: 2012-06-20 CVE Names: CVE-2012-0833 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-0833) Red Hat would like to thank Graham Leggett for reporting this issue. These updated 389-ds-base packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users are advised to upgrade to these updated 389-ds-base packages, which resolve these issues and add these enhancements. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 766322 - [RFE] Please support setting defaultNamingContext in the rootdse. 768086 - [RFE] minssf should not apply to rootdse 768091 - [RFE] Permit 'Delete' operation for Managed Entry Config entries 772777 - pre compile and normalize search filter 772778 - acl cache overflown problem 772779 - bak2db gets stuck in infinite loop 781529 - Managed Entry Plugin runs against managed entries upon any update without validating 781534 - Review and address latest Coverity issues 784343 - upgrade needs better check for "server is running" 784344 - repl-monitor doesn't work if leftmost hostnames are the same 787014 - CVE-2012-0833 389: denial of service when using certificate groups 788140 - cannot set repl referrals or state 788722 - problematic copyright information on 389-ds-base/ldap/servers/snmp/* 788723 - TLS not working with latest openldap 788724 - extensible binary filters do not work 788725 - filter normalization does not use matching rules 788726 - Schema replication update failed: Invalid syntax 788728 - Invalid read reported by valgrind 788729 - Reindexing entryrdn fails if ancestors are also tombstoned 788731 - ruv tombstone searches don't work after reindex entryrdn 788732 - add tombstonenumsubordinates to schema 788741 - 389 DS DNA Plugin / Replication failing on GSSAPI 788745 - Data inconsitency during replication 788749 - Log not clear enough on schema errors 788750 - nisDomain schema is incorrect, causes errors upon upgrade 788751 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled 788753 - aci on cn=monitor warning about connection attribute 788755 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given 788756 - Manpages fixes 788760 - [RFE] Logconv improvements 788764 - 389 programs linked against openldap crash during shutdown 790433 - [RFE] Automemberships 790491 - 389 DS Segfaults during replica install in FreeIPA 800215 - Certain CMP operations hang or cause ns-slapd to crash 800217 - fix valgrind reported issues 803930 - ipa not starting after upgade because of missing data 811291 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) 813964 - IPA dirsvr seg-fault during system longevity test 815991 - crash in ldap_initialize with multiple threads 819643 - Database RUV could mismatch the one in changelog under the stress 821176 - ns-slapd segfault in libreplication-plugin after IPA upgrade from 2.1.3 to 2.2.0 821542 - letters in object's cn get converted to lowercase when renaming object 822700 - Bad DNs in ACIs can segfault ns-slapd 824014 - DS Shuts down intermittently 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm i386: 389-ds-base-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm x86_64: 389-ds-base-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm x86_64: 389-ds-base-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm i386: 389-ds-base-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm x86_64: 389-ds-base-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm i386: 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm i386: 389-ds-base-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm x86_64: 389-ds-base-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-libs-1.2.10.2-15.el6.i686.rpm 389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.10.2-15.el6.src.rpm i386: 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm 389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm 389-ds-base-devel-1.2.10.2-15.el6.i686.rpm 389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0833.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/pkg-389-ds-base.html#RHSA-2012-0813 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4YrqXlSAg2UNWIIRAk4OAJ4qQS6YIWdS2mbJzpSx6VMumvOvewCfQbfu PRFq91s1hjTDr8c+4R70CwU= =m+kw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 08:40:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 08:40:14 +0000 Subject: [RHSA-2012:0841-04] Low: abrt, libreport, btparser, and python-meh security and bug fix update Message-ID: <201206200844.q5K8iJD8010789@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: abrt, libreport, btparser, and python-meh security and bug fix update Advisory ID: RHSA-2012:0841-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0841.html Issue date: 2012-06-20 CVE Names: CVE-2011-4088 CVE-2012-1106 ===================================================================== 1. Summary: Updated abrt, libreport, btparser, and python-meh packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps of set user ID (setuid) programs were created with insecure group ID permissions. This could allow local, unprivileged users to obtain sensitive information from the core dump files of setuid processes they would otherwise not be able to access. (CVE-2012-1106) ABRT did not allow users to easily search the collected crash information for sensitive data prior to submitting it. This could lead to users unintentionally exposing sensitive information via the submitted crash reports. This update adds functionality to search across all the collected data. Note that this fix does not apply to the default configuration, where reports are sent to Red Hat Customer Support. It only takes effect for users sending information to Red Hat Bugzilla. (CVE-2011-4088) Red Hat would like to thank Jan Iven for reporting CVE-2011-4088. These updated packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of abrt, libreport, btparser, and python-meh are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 625485 - XML report generated by report lib from within Anaconda is not valid XML 727494 - [RFE] warn if user wants to re-report the same problem 745976 - "Report problem with ABRT" creates incomplete reports 746727 - /tmp/anaconda-tb-* is not handled properly 747594 - Can't proceed from "Select reporter" window when item is deselected 747624 - abrt-cli man page is missing 749100 - abrt-dump-oops contains non-translatable strings 749854 - CVE-2011-4088 abrt: may leak some personal information to bugzilla with some certain applications 751068 - abrt-cli shouldn't require abrt-addon-python 758366 - Typo in /etc/libreport/events.d/python_event.conf 759375 - ABRT rebase 759377 - libreport rebase 768377 - btparser rebase 770357 - default config file for mailx is missing 773242 - Moved copy 785163 - CVE-2012-1106 abrt: Setuid process core dump archived with unsafe GID permissions 796176 - Run all unit tests in build process 796216 - Double free in abrt-action-analyze-oops.c 799027 - ABRT-INSTALL-CCPPH(1) man page is misleading 803618 - ABRT mailx plugin on by default causes crashes being always labelled as reported 811147 - Report correct crash_function in the crash sumary 823411 - Searching for duplicate anaconda bugs while reporting exception against partner-bugzilla during install fails 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-meh-0.12.1-3.el6.src.rpm i386: btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm libreport-2.0.9-5.el6.i686.rpm libreport-cli-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-newt-2.0.9-5.el6.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6.i686.rpm libreport-plugin-logger-2.0.9-5.el6.i686.rpm libreport-plugin-mailx-2.0.9-5.el6.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.i686.rpm libreport-python-2.0.9-5.el6.i686.rpm noarch: python-meh-0.12.1-3.el6.noarch.rpm x86_64: btparser-0.16-3.el6.x86_64.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm libreport-2.0.9-5.el6.i686.rpm libreport-2.0.9-5.el6.x86_64.rpm libreport-cli-2.0.9-5.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.x86_64.rpm libreport-newt-2.0.9-5.el6.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.x86_64.rpm libreport-python-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/abrt-2.0.8-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-python-0.16-3.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6.i686.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6.x86_64.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-devel-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.x86_64.rpm btparser-python-0.16-3.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/abrt-2.0.8-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm x86_64: abrt-2.0.8-6.el6.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6.x86_64.rpm abrt-addon-python-2.0.8-6.el6.x86_64.rpm abrt-cli-2.0.8-6.el6.x86_64.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-libs-2.0.8-6.el6.i686.rpm abrt-libs-2.0.8-6.el6.x86_64.rpm abrt-tui-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.x86_64.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm libreport-2.0.9-5.el6.i686.rpm libreport-2.0.9-5.el6.x86_64.rpm libreport-cli-2.0.9-5.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.x86_64.rpm libreport-python-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/abrt-2.0.8-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-meh-0.12.1-3.el6.src.rpm noarch: python-meh-0.12.1-3.el6.noarch.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6.x86_64.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-desktop-2.0.8-6.el6.x86_64.rpm abrt-devel-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.x86_64.rpm abrt-gui-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.x86_64.rpm btparser-python-0.16-3.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.x86_64.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.x86_64.rpm libreport-newt-2.0.9-5.el6.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-meh-0.12.1-3.el6.src.rpm i386: abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-gui-2.0.8-6.el6.i686.rpm btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm libreport-2.0.9-5.el6.i686.rpm libreport-cli-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-newt-2.0.9-5.el6.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6.i686.rpm libreport-plugin-logger-2.0.9-5.el6.i686.rpm libreport-plugin-mailx-2.0.9-5.el6.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.i686.rpm libreport-python-2.0.9-5.el6.i686.rpm noarch: python-meh-0.12.1-3.el6.noarch.rpm ppc64: abrt-debuginfo-2.0.8-6.el6.ppc.rpm abrt-debuginfo-2.0.8-6.el6.ppc64.rpm abrt-gui-2.0.8-6.el6.ppc64.rpm btparser-0.16-3.el6.ppc64.rpm btparser-debuginfo-0.16-3.el6.ppc64.rpm libreport-2.0.9-5.el6.ppc.rpm libreport-2.0.9-5.el6.ppc64.rpm libreport-cli-2.0.9-5.el6.ppc64.rpm libreport-debuginfo-2.0.9-5.el6.ppc.rpm libreport-debuginfo-2.0.9-5.el6.ppc64.rpm libreport-gtk-2.0.9-5.el6.ppc.rpm libreport-gtk-2.0.9-5.el6.ppc64.rpm libreport-newt-2.0.9-5.el6.ppc64.rpm libreport-plugin-kerneloops-2.0.9-5.el6.ppc64.rpm libreport-plugin-logger-2.0.9-5.el6.ppc64.rpm libreport-plugin-mailx-2.0.9-5.el6.ppc64.rpm libreport-plugin-reportuploader-2.0.9-5.el6.ppc64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.ppc64.rpm libreport-python-2.0.9-5.el6.ppc64.rpm s390x: abrt-debuginfo-2.0.8-6.el6.s390.rpm abrt-debuginfo-2.0.8-6.el6.s390x.rpm abrt-gui-2.0.8-6.el6.s390x.rpm btparser-0.16-3.el6.s390x.rpm btparser-debuginfo-0.16-3.el6.s390x.rpm libreport-2.0.9-5.el6.s390.rpm libreport-2.0.9-5.el6.s390x.rpm libreport-cli-2.0.9-5.el6.s390x.rpm libreport-debuginfo-2.0.9-5.el6.s390.rpm libreport-debuginfo-2.0.9-5.el6.s390x.rpm libreport-gtk-2.0.9-5.el6.s390.rpm libreport-gtk-2.0.9-5.el6.s390x.rpm libreport-newt-2.0.9-5.el6.s390x.rpm libreport-plugin-kerneloops-2.0.9-5.el6.s390x.rpm libreport-plugin-logger-2.0.9-5.el6.s390x.rpm libreport-plugin-mailx-2.0.9-5.el6.s390x.rpm libreport-plugin-reportuploader-2.0.9-5.el6.s390x.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.s390x.rpm libreport-python-2.0.9-5.el6.s390x.rpm x86_64: abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-gui-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.x86_64.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm libreport-2.0.9-5.el6.i686.rpm libreport-2.0.9-5.el6.x86_64.rpm libreport-cli-2.0.9-5.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.x86_64.rpm libreport-newt-2.0.9-5.el6.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.x86_64.rpm libreport-python-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/abrt-2.0.8-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-python-0.16-3.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6.i686.rpm ppc64: abrt-addon-vmcore-2.0.8-6.el6.ppc64.rpm abrt-debuginfo-2.0.8-6.el6.ppc.rpm abrt-debuginfo-2.0.8-6.el6.ppc64.rpm abrt-devel-2.0.8-6.el6.ppc.rpm abrt-devel-2.0.8-6.el6.ppc64.rpm btparser-0.16-3.el6.ppc.rpm btparser-debuginfo-0.16-3.el6.ppc.rpm btparser-debuginfo-0.16-3.el6.ppc64.rpm btparser-devel-0.16-3.el6.ppc.rpm btparser-devel-0.16-3.el6.ppc64.rpm btparser-python-0.16-3.el6.ppc64.rpm libreport-debuginfo-2.0.9-5.el6.ppc.rpm libreport-debuginfo-2.0.9-5.el6.ppc64.rpm libreport-devel-2.0.9-5.el6.ppc.rpm libreport-devel-2.0.9-5.el6.ppc64.rpm libreport-gtk-devel-2.0.9-5.el6.ppc.rpm libreport-gtk-devel-2.0.9-5.el6.ppc64.rpm libreport-plugin-bugzilla-2.0.9-5.el6.ppc64.rpm s390x: abrt-addon-vmcore-2.0.8-6.el6.s390x.rpm abrt-debuginfo-2.0.8-6.el6.s390.rpm abrt-debuginfo-2.0.8-6.el6.s390x.rpm abrt-devel-2.0.8-6.el6.s390.rpm abrt-devel-2.0.8-6.el6.s390x.rpm btparser-0.16-3.el6.s390.rpm btparser-debuginfo-0.16-3.el6.s390.rpm btparser-debuginfo-0.16-3.el6.s390x.rpm btparser-devel-0.16-3.el6.s390.rpm btparser-devel-0.16-3.el6.s390x.rpm btparser-python-0.16-3.el6.s390x.rpm libreport-debuginfo-2.0.9-5.el6.s390.rpm libreport-debuginfo-2.0.9-5.el6.s390x.rpm libreport-devel-2.0.9-5.el6.s390.rpm libreport-devel-2.0.9-5.el6.s390x.rpm libreport-gtk-devel-2.0.9-5.el6.s390.rpm libreport-gtk-devel-2.0.9-5.el6.s390x.rpm libreport-plugin-bugzilla-2.0.9-5.el6.s390x.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6.x86_64.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-devel-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.x86_64.rpm btparser-python-0.16-3.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-meh-0.12.1-3.el6.src.rpm i386: btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm libreport-2.0.9-5.el6.i686.rpm libreport-cli-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-newt-2.0.9-5.el6.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6.i686.rpm libreport-plugin-logger-2.0.9-5.el6.i686.rpm libreport-plugin-mailx-2.0.9-5.el6.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.i686.rpm libreport-python-2.0.9-5.el6.i686.rpm noarch: python-meh-0.12.1-3.el6.noarch.rpm x86_64: btparser-0.16-3.el6.x86_64.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm libreport-2.0.9-5.el6.i686.rpm libreport-2.0.9-5.el6.x86_64.rpm libreport-cli-2.0.9-5.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-gtk-2.0.9-5.el6.i686.rpm libreport-gtk-2.0.9-5.el6.x86_64.rpm libreport-newt-2.0.9-5.el6.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6.x86_64.rpm libreport-python-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/abrt-2.0.8-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/btparser-0.16-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreport-2.0.9-5.el6.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-python-0.16-3.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6.i686.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6.x86_64.rpm abrt-debuginfo-2.0.8-6.el6.i686.rpm abrt-debuginfo-2.0.8-6.el6.x86_64.rpm abrt-devel-2.0.8-6.el6.i686.rpm abrt-devel-2.0.8-6.el6.x86_64.rpm btparser-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.i686.rpm btparser-debuginfo-0.16-3.el6.x86_64.rpm btparser-devel-0.16-3.el6.i686.rpm btparser-devel-0.16-3.el6.x86_64.rpm btparser-python-0.16-3.el6.x86_64.rpm libreport-debuginfo-2.0.9-5.el6.i686.rpm libreport-debuginfo-2.0.9-5.el6.x86_64.rpm libreport-devel-2.0.9-5.el6.i686.rpm libreport-devel-2.0.9-5.el6.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6.i686.rpm libreport-gtk-devel-2.0.9-5.el6.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4088.html https://www.redhat.com/security/data/cve/CVE-2012-1106.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/abrt.html#RHSA-2012-0841 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4Y1VXlSAg2UNWIIRAviiAKCJacM1eajfNIyl4GmXyFd9CZ9azQCfSXnb fvNrUCQJxOXHvk/OqAg9smM= =HNUf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:24:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:24:16 +0000 Subject: [RHSA-2012:0862-04] Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update Message-ID: <201206200928.q5K9SLLh029799@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update Advisory ID: RHSA-2012:0862-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0862.html Issue date: 2012-06-20 CVE Names: CVE-2011-1083 CVE-2011-4131 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the third regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1083, and Andy Adamson for reporting CVE-2011-4131. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.3 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.3 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 542378 - fix suspend to disk of virtio block 596419 - capability check in pci_read_config() bypasses lsm/selinux 623913 - [virtio] virtio-serial doesn't work after s3/s4 in kvm guest. 624189 - [virtio] virtio-balloon doesn't work after s3/s4 in kvm guest. 624756 - idle time accounted for twice in /proc/stat for Xen guest 645365 - KVM: Implement emulation of emulated virtual PMU 681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures 694801 - Guest fail to resume from S4 if guest using kvmclock 726369 - host reboot auto when run guest with cgroup charge_migrate enabled 727700 - Anomaly in mbind memory map causing Java Hotspot JVM Seg fault with NUMA aware ParallelScavange GC 729586 - xen: fix drive naming 735105 - ext4 corruption via Ceph userspace program 738151 - xHCI driver died after times of attach/detach usb3 hub(with usb3 device) from usb3 root hub 745713 - command-line clocksource override fails 745775 - Unable to unmount autofs filesystems inside a container 745952 - cxgb4: remove forgotten real_num_tx_queues inicialization 746929 - nVidia NVS 300 -- won't boot 747034 - nVidia NVS 450 -- won't boot 747106 - CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops 749117 - extN: new file created even if open(2) returned -EPERM 752137 - memcg: catch memcg page accounting leaks in debug kernel 755046 - max_segments in dm is always 128 756307 - Failed to boot RHEL6.2 hvm guest with three NICs when using xvdx disk 757040 - Network RPS miscellaneous bugs, RPS unusable 758707 - hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler 766554 - ecryptfs keeps directory busy even after umount 767992 - nfnetlink_log.h - missing definitions in userspace 769652 - scsi_alloc_sdev can leak memory 770250 - readdir64_r calls fail with ELOOP 772317 - Disable LRO for all NICs that have LRO enabled 772874 - cifs: multiple process stuck waiting for page lock 773219 - Detach a busy block device for 64 bit pv guest sometimes crash 773705 - cifs: i/o error on copying file > 102336 bytes 781524 - AMD IOMMU driver hands out dma handles that are in the MSI address range 784351 - IMA audit events don't show success correctly 784856 - KVM: expose FMA4 & TBM to guest 786149 - CIFS DFS doesn't work in kernel versions 2.6.32-220.x.x.el6.x86_64 786610 - PCI device reset can cause a kernel bug 786693 - Fix recently identified races within the autofs kernel wait code 788562 - kvm guest hangs when hot-plugged vcpu is onlined due to uninitialized hv_clock 790418 - Request for kernal ABI additions 790961 - pNFS: Auto-load the pNFS kernel module 796099 - add myri10ge firmware 799075 - Fix setting of bio flags 800041 - iSER (iscsi rdma) connection can get broken as of missing receive buffers 801111 - [Mellanox 6.3 Feature]: update mlx4_en driver to support SRIOV 803132 - [Kernel-251] Guest got reboot instead of wakeup after resume from S3 with kvmclock 803187 - Guest mouse and keyboard got unresponsive after resume from S3 with virtio devices 803239 - Call Trace when use netfront NIC on RHEL6.3 HVM guest with xen_emul_unplug=never 803620 - backport vpmu fixes from upstream 807215 - after host S4 the guest can not work normally 807354 - xenpv guests fail to find root device 808571 - rhel 6.3 -- add relevant wireless fixes from upstream 3.2.y tree 809231 - merged back raid image (with change tracking) doesn't appear to get synced properly 810222 - Revert "[virt] xen: mask MTRR feature from guest BZ#750758" 811669 - Suspend/resume of an out-of-sync RAID LV will cause the sync process to stall 812259 - add option to disable 5GHz band to iwlwifi 813550 - [REGRESSION] be2iscsi: fix softirq errors when logging in and doing IO 813678 - [FCoE Target] Please disable debug logging of "tcm_fc" "ft_dump_cmd 2700002a 00009aba 000000bc 00000000" 813948 - DM RAID: Reintegrating RAID1 devices causes fullsync even when partial would do 814302 - large writes to ext4 may return incorrect value 815751 - cifs: Show backupuid/gid in /proc/mounts 815785 - kdump fails with lapic error in xen hvm guest 816099 - Guest doesn't let host know of open virtio console ports after resume 816569 - Cannot un/mute audio via alsamixer for HDA codec CX20561 (Hermosa) 817236 - Regression since 2.6.32-266.el6 AMD host writes 150+ GB dmesg logs 818371 - kernel crashes when snapshots of mounted raid volumes are taken 820507 - idle field does not increase monotonically in /proc/stat 822189 - [RHEL6.3][kernel debug] Connectathon 'Special' test failures NFSv2,3 824287 - [REGRESSION] be2iscsi: fix dma free size mismatch 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-2.6.32-279.el6.i686.rpm kernel-debug-2.6.32-279.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debug-devel-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm kernel-devel-2.6.32-279.el6.i686.rpm kernel-headers-2.6.32-279.el6.i686.rpm perf-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm noarch: kernel-doc-2.6.32-279.el6.noarch.rpm kernel-firmware-2.6.32-279.el6.noarch.rpm x86_64: kernel-2.6.32-279.el6.x86_64.rpm kernel-debug-2.6.32-279.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm kernel-devel-2.6.32-279.el6.x86_64.rpm kernel-headers-2.6.32-279.el6.x86_64.rpm perf-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm noarch: kernel-doc-2.6.32-279.el6.noarch.rpm kernel-firmware-2.6.32-279.el6.noarch.rpm x86_64: kernel-2.6.32-279.el6.x86_64.rpm kernel-debug-2.6.32-279.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm kernel-devel-2.6.32-279.el6.x86_64.rpm kernel-headers-2.6.32-279.el6.x86_64.rpm perf-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-2.6.32-279.el6.i686.rpm kernel-debug-2.6.32-279.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debug-devel-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm kernel-devel-2.6.32-279.el6.i686.rpm kernel-headers-2.6.32-279.el6.i686.rpm perf-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm noarch: kernel-doc-2.6.32-279.el6.noarch.rpm kernel-firmware-2.6.32-279.el6.noarch.rpm ppc64: kernel-2.6.32-279.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.el6.ppc64.rpm kernel-debug-2.6.32-279.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.el6.ppc64.rpm kernel-devel-2.6.32-279.el6.ppc64.rpm kernel-headers-2.6.32-279.el6.ppc64.rpm perf-2.6.32-279.el6.ppc64.rpm perf-debuginfo-2.6.32-279.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.el6.ppc64.rpm s390x: kernel-2.6.32-279.el6.s390x.rpm kernel-debug-2.6.32-279.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.el6.s390x.rpm kernel-debug-devel-2.6.32-279.el6.s390x.rpm kernel-debuginfo-2.6.32-279.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.el6.s390x.rpm kernel-devel-2.6.32-279.el6.s390x.rpm kernel-headers-2.6.32-279.el6.s390x.rpm kernel-kdump-2.6.32-279.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.el6.s390x.rpm perf-2.6.32-279.el6.s390x.rpm perf-debuginfo-2.6.32-279.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.el6.s390x.rpm x86_64: kernel-2.6.32-279.el6.x86_64.rpm kernel-debug-2.6.32-279.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm kernel-devel-2.6.32-279.el6.x86_64.rpm kernel-headers-2.6.32-279.el6.x86_64.rpm perf-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.el6.ppc64.rpm perf-debuginfo-2.6.32-279.el6.ppc64.rpm python-perf-2.6.32-279.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.el6.s390x.rpm kernel-debuginfo-2.6.32-279.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.el6.s390x.rpm perf-debuginfo-2.6.32-279.el6.s390x.rpm python-perf-2.6.32-279.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-2.6.32-279.el6.i686.rpm kernel-debug-2.6.32-279.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debug-devel-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm kernel-devel-2.6.32-279.el6.i686.rpm kernel-headers-2.6.32-279.el6.i686.rpm perf-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm noarch: kernel-doc-2.6.32-279.el6.noarch.rpm kernel-firmware-2.6.32-279.el6.noarch.rpm x86_64: kernel-2.6.32-279.el6.x86_64.rpm kernel-debug-2.6.32-279.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm kernel-devel-2.6.32-279.el6.x86_64.rpm kernel-headers-2.6.32-279.el6.x86_64.rpm perf-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-2.6.32-279.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm perf-debuginfo-2.6.32-279.el6.i686.rpm python-perf-2.6.32-279.el6.i686.rpm python-perf-debuginfo-2.6.32-279.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm perf-debuginfo-2.6.32-279.el6.x86_64.rpm python-perf-2.6.32-279.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1083.html https://www.redhat.com/security/data/cve/CVE-2011-4131.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-0862 https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZeqXlSAg2UNWIIRAmjVAKCqM4LQnNQaTHKp2bA1U1R9mqshJACcCCq4 ID8pBpylp9S8NPlHAYH/tRw= =Bx7n -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:24:43 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:24:43 +0000 Subject: [RHSA-2012:0874-04] Low: mysql security and enhancement update Message-ID: <201206200928.q5K9SmOx027449@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: mysql security and enhancement update Advisory ID: RHSA-2012:0874-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0874.html Issue date: 2012-06-20 CVE Names: CVE-2012-2102 ===================================================================== 1. Summary: Updated mysql packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2012-2102) This update also adds the following enhancement: * The InnoDB storage engine is built-in for all architectures. This update adds InnoDB Plugin, the InnoDB storage engine as a plug-in for the 32-bit x86, AMD64, and Intel 64 architectures. The plug-in offers additional features and better performance than when using the built-in InnoDB storage engine. Refer to the MySQL documentation, linked to in the References section, for information about enabling the plug-in. (BZ#740224) All MySQL users should upgrade to these updated packages, which add this enhancement and contain a backported patch to correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 740224 - Enabling MySQL InnoDB Plugin 812431 - CVE-2012-2102 mysql: Server crash on HANDLER READ NEXT after DELETE 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-server-5.1.61-4.el6.i686.rpm x86_64: mysql-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.x86_64.rpm mysql-server-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-bench-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm mysql-test-5.1.61-4.el6.i686.rpm x86_64: mysql-bench-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.x86_64.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.x86_64.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.x86_64.rpm mysql-test-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm x86_64: mysql-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm x86_64: mysql-bench-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.x86_64.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.x86_64.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.x86_64.rpm mysql-server-5.1.61-4.el6.x86_64.rpm mysql-test-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-5.1.61-4.el6.i686.rpm mysql-bench-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-server-5.1.61-4.el6.i686.rpm mysql-test-5.1.61-4.el6.i686.rpm ppc64: mysql-5.1.61-4.el6.ppc64.rpm mysql-bench-5.1.61-4.el6.ppc64.rpm mysql-debuginfo-5.1.61-4.el6.ppc.rpm mysql-debuginfo-5.1.61-4.el6.ppc64.rpm mysql-devel-5.1.61-4.el6.ppc.rpm mysql-devel-5.1.61-4.el6.ppc64.rpm mysql-libs-5.1.61-4.el6.ppc.rpm mysql-libs-5.1.61-4.el6.ppc64.rpm mysql-server-5.1.61-4.el6.ppc64.rpm mysql-test-5.1.61-4.el6.ppc64.rpm s390x: mysql-5.1.61-4.el6.s390x.rpm mysql-bench-5.1.61-4.el6.s390x.rpm mysql-debuginfo-5.1.61-4.el6.s390.rpm mysql-debuginfo-5.1.61-4.el6.s390x.rpm mysql-devel-5.1.61-4.el6.s390.rpm mysql-devel-5.1.61-4.el6.s390x.rpm mysql-libs-5.1.61-4.el6.s390.rpm mysql-libs-5.1.61-4.el6.s390x.rpm mysql-server-5.1.61-4.el6.s390x.rpm mysql-test-5.1.61-4.el6.s390x.rpm x86_64: mysql-5.1.61-4.el6.x86_64.rpm mysql-bench-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.x86_64.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.x86_64.rpm mysql-server-5.1.61-4.el6.x86_64.rpm mysql-test-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm ppc64: mysql-debuginfo-5.1.61-4.el6.ppc.rpm mysql-debuginfo-5.1.61-4.el6.ppc64.rpm mysql-embedded-5.1.61-4.el6.ppc.rpm mysql-embedded-5.1.61-4.el6.ppc64.rpm mysql-embedded-devel-5.1.61-4.el6.ppc.rpm mysql-embedded-devel-5.1.61-4.el6.ppc64.rpm s390x: mysql-debuginfo-5.1.61-4.el6.s390.rpm mysql-debuginfo-5.1.61-4.el6.s390x.rpm mysql-embedded-5.1.61-4.el6.s390.rpm mysql-embedded-5.1.61-4.el6.s390x.rpm mysql-embedded-devel-5.1.61-4.el6.s390.rpm mysql-embedded-devel-5.1.61-4.el6.s390x.rpm x86_64: mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.x86_64.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-5.1.61-4.el6.i686.rpm mysql-bench-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-server-5.1.61-4.el6.i686.rpm mysql-test-5.1.61-4.el6.i686.rpm x86_64: mysql-5.1.61-4.el6.x86_64.rpm mysql-bench-5.1.61-4.el6.x86_64.rpm mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-devel-5.1.61-4.el6.i686.rpm mysql-devel-5.1.61-4.el6.x86_64.rpm mysql-libs-5.1.61-4.el6.i686.rpm mysql-libs-5.1.61-4.el6.x86_64.rpm mysql-server-5.1.61-4.el6.x86_64.rpm mysql-test-5.1.61-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.61-4.el6.src.rpm i386: mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm x86_64: mysql-debuginfo-5.1.61-4.el6.i686.rpm mysql-debuginfo-5.1.61-4.el6.x86_64.rpm mysql-embedded-5.1.61-4.el6.i686.rpm mysql-embedded-5.1.61-4.el6.x86_64.rpm mysql-embedded-devel-5.1.61-4.el6.i686.rpm mysql-embedded-devel-5.1.61-4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2102.html https://access.redhat.com/security/updates/classification/#low http://dev.mysql.com/doc/refman/5.1/en/replacing-builtin-innodb.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZfMXlSAg2UNWIIRAjKzAJ9yLiRH+CNRmsM1yhL9TXgdb0T9qgCcCoSw 3VNRyscXarmejLBdkwgsnto= =/Uk0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:25:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:25:05 +0000 Subject: [RHSA-2012:0876-04] Moderate: net-snmp security and bug fix update Message-ID: <201206200929.q5K9TB8j011625@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security and bug fix update Advisory ID: RHSA-2012:0876-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0876.html Issue date: 2012-06-20 CVE Names: CVE-2012-2141 ===================================================================== 1. Summary: Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the "extend" directive (in "/etc/snmp/snmpd.conf") could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 736580 - snmpd memory leak when AgentX subagent disconnects while processing a request 748410 - hrStorageSize from HOST-RESOURCES-TYPES mib reports incorrect size for filesystems > 16TB 754275 - Cannot create new rows in snmpTargetAddrTable 757685 - net-snmp ignores reiserfs formatted partitions 786931 - sysObjectID cannot be set to an OID value with a length greater than 10. 788954 - snmpd: error finding row index in _ifXTable_container_row_restore 799291 - proxied OIDs unspecified in proxy statement in snmpd.conf 815813 - CVE-2012-2141 net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) 822480 - move /var/lib/net-snmp from net-snmp to net-snmp-libs 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm i386: net-snmp-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.i686.rpm x86_64: net-snmp-5.5-41.el6.x86_64.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm i386: net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-perl-5.5-41.el6.i686.rpm net-snmp-python-5.5-41.el6.i686.rpm net-snmp-utils-5.5-41.el6.i686.rpm x86_64: net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.x86_64.rpm net-snmp-perl-5.5-41.el6.x86_64.rpm net-snmp-python-5.5-41.el6.x86_64.rpm net-snmp-utils-5.5-41.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm x86_64: net-snmp-5.5-41.el6.x86_64.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.x86_64.rpm net-snmp-perl-5.5-41.el6.x86_64.rpm net-snmp-python-5.5-41.el6.x86_64.rpm net-snmp-utils-5.5-41.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm x86_64: net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm i386: net-snmp-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-perl-5.5-41.el6.i686.rpm net-snmp-python-5.5-41.el6.i686.rpm net-snmp-utils-5.5-41.el6.i686.rpm ppc64: net-snmp-5.5-41.el6.ppc64.rpm net-snmp-debuginfo-5.5-41.el6.ppc.rpm net-snmp-debuginfo-5.5-41.el6.ppc64.rpm net-snmp-devel-5.5-41.el6.ppc.rpm net-snmp-devel-5.5-41.el6.ppc64.rpm net-snmp-libs-5.5-41.el6.ppc.rpm net-snmp-libs-5.5-41.el6.ppc64.rpm net-snmp-perl-5.5-41.el6.ppc64.rpm net-snmp-python-5.5-41.el6.ppc64.rpm net-snmp-utils-5.5-41.el6.ppc64.rpm s390x: net-snmp-5.5-41.el6.s390x.rpm net-snmp-debuginfo-5.5-41.el6.s390.rpm net-snmp-debuginfo-5.5-41.el6.s390x.rpm net-snmp-devel-5.5-41.el6.s390.rpm net-snmp-devel-5.5-41.el6.s390x.rpm net-snmp-libs-5.5-41.el6.s390.rpm net-snmp-libs-5.5-41.el6.s390x.rpm net-snmp-perl-5.5-41.el6.s390x.rpm net-snmp-python-5.5-41.el6.s390x.rpm net-snmp-utils-5.5-41.el6.s390x.rpm x86_64: net-snmp-5.5-41.el6.x86_64.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.x86_64.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.x86_64.rpm net-snmp-perl-5.5-41.el6.x86_64.rpm net-snmp-python-5.5-41.el6.x86_64.rpm net-snmp-utils-5.5-41.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/net-snmp-5.5-41.el6.src.rpm i386: net-snmp-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-perl-5.5-41.el6.i686.rpm net-snmp-python-5.5-41.el6.i686.rpm net-snmp-utils-5.5-41.el6.i686.rpm x86_64: net-snmp-5.5-41.el6.x86_64.rpm net-snmp-debuginfo-5.5-41.el6.i686.rpm net-snmp-debuginfo-5.5-41.el6.x86_64.rpm net-snmp-devel-5.5-41.el6.i686.rpm net-snmp-devel-5.5-41.el6.x86_64.rpm net-snmp-libs-5.5-41.el6.i686.rpm net-snmp-libs-5.5-41.el6.x86_64.rpm net-snmp-perl-5.5-41.el6.x86_64.rpm net-snmp-python-5.5-41.el6.x86_64.rpm net-snmp-utils-5.5-41.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2141.html https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/net-snmp.html#RHSA-2012-0876 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZfiXlSAg2UNWIIRAsYgAKCLsoxZOZQtMLUOf+8VvWI9C2rWPgCgpx9x UN4cIzACysILLCURFVFdMdI= =DrsT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:25:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:25:32 +0000 Subject: [RHSA-2012:0880-04] Moderate: qt security and bug fix update Message-ID: <201206200929.q5K9TbeR000587@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qt security and bug fix update Advisory ID: RHSA-2012:0880-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0880.html Issue date: 2012-06-20 CVE Names: CVE-2010-5076 CVE-2011-3922 ===================================================================== 1. Summary: Updated qt packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3922) A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component. (CVE-2010-5076) This update also fixes the following bugs: * The Phonon API allowed premature freeing of the media object. Consequently, GStreamer could terminate unexpectedly as it failed to access the released media object. This update modifies the underlying Phonon API code and the problem no longer occurs. (BZ#694684) * Previously, Qt could output the "Unrecognized OpenGL version" error and fall back to OpenGL-version-1 compatibility mode. This happened because Qt failed to recognize the version of OpenGL installed on the system if the system was using a version of OpenGL released later than the Qt version in use. This update adds the code for recognition of OpenGL versions to Qt and if the OpenGL version is unknown, Qt assumes that the last-known version of OpenGL is available. (BZ#757793) * Previously Qt included a compiled-in list of trusted CA (Certificate Authority) certificates, that could have been used if Qt failed to open a system's ca-bundle.crt file. With this update, Qt no longer includes compiled-in CA certificates and only uses the system bundle. (BZ#734444) Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 630063 - CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name 694684 - [abrt] kdebase-workspace-4.3.4-19.el6: Process /usr/bin/systemsettings was killed by signal 11 (SIGSEGV) 734444 - qt: list of trusted CA certificates should not be compiled into library [rhel-6] 772125 - CVE-2011-3922 qt: Stack-based buffer overflow in embedded harfbuzz code 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.i686.rpm x86_64: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm phonon-backend-gstreamer-4.6.2-24.el6.x86_64.rpm qt-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.x86_64.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.x86_64.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.x86_64.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.x86_64.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.x86_64.rpm qt-x11-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: qt-debuginfo-4.6.2-24.el6.i686.rpm qt-demos-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-examples-4.6.2-24.el6.i686.rpm noarch: qt-doc-4.6.2-24.el6.noarch.rpm x86_64: qt-debuginfo-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-demos-4.6.2-24.el6.x86_64.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.x86_64.rpm qt-examples-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm x86_64: phonon-backend-gstreamer-4.6.2-24.el6.x86_64.rpm qt-4.6.2-24.el6.x86_64.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-sqlite-4.6.2-24.el6.x86_64.rpm qt-x11-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm noarch: qt-doc-4.6.2-24.el6.noarch.rpm x86_64: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-demos-4.6.2-24.el6.x86_64.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.x86_64.rpm qt-examples-4.6.2-24.el6.x86_64.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.x86_64.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.x86_64.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.x86_64.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.i686.rpm noarch: qt-doc-4.6.2-24.el6.noarch.rpm ppc64: phonon-backend-gstreamer-4.6.2-24.el6.ppc.rpm phonon-backend-gstreamer-4.6.2-24.el6.ppc64.rpm qt-4.6.2-24.el6.ppc.rpm qt-4.6.2-24.el6.ppc64.rpm qt-debuginfo-4.6.2-24.el6.ppc.rpm qt-debuginfo-4.6.2-24.el6.ppc64.rpm qt-devel-4.6.2-24.el6.ppc.rpm qt-devel-4.6.2-24.el6.ppc64.rpm qt-mysql-4.6.2-24.el6.ppc.rpm qt-mysql-4.6.2-24.el6.ppc64.rpm qt-odbc-4.6.2-24.el6.ppc.rpm qt-odbc-4.6.2-24.el6.ppc64.rpm qt-postgresql-4.6.2-24.el6.ppc.rpm qt-postgresql-4.6.2-24.el6.ppc64.rpm qt-sqlite-4.6.2-24.el6.ppc.rpm qt-sqlite-4.6.2-24.el6.ppc64.rpm qt-x11-4.6.2-24.el6.ppc.rpm qt-x11-4.6.2-24.el6.ppc64.rpm s390x: phonon-backend-gstreamer-4.6.2-24.el6.s390.rpm phonon-backend-gstreamer-4.6.2-24.el6.s390x.rpm qt-4.6.2-24.el6.s390.rpm qt-4.6.2-24.el6.s390x.rpm qt-debuginfo-4.6.2-24.el6.s390.rpm qt-debuginfo-4.6.2-24.el6.s390x.rpm qt-devel-4.6.2-24.el6.s390.rpm qt-devel-4.6.2-24.el6.s390x.rpm qt-mysql-4.6.2-24.el6.s390.rpm qt-mysql-4.6.2-24.el6.s390x.rpm qt-odbc-4.6.2-24.el6.s390.rpm qt-odbc-4.6.2-24.el6.s390x.rpm qt-postgresql-4.6.2-24.el6.s390.rpm qt-postgresql-4.6.2-24.el6.s390x.rpm qt-sqlite-4.6.2-24.el6.s390.rpm qt-sqlite-4.6.2-24.el6.s390x.rpm qt-x11-4.6.2-24.el6.s390.rpm qt-x11-4.6.2-24.el6.s390x.rpm x86_64: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm phonon-backend-gstreamer-4.6.2-24.el6.x86_64.rpm qt-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.x86_64.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.x86_64.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.x86_64.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.x86_64.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.x86_64.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.x86_64.rpm qt-x11-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: qt-debuginfo-4.6.2-24.el6.i686.rpm qt-demos-4.6.2-24.el6.i686.rpm qt-examples-4.6.2-24.el6.i686.rpm ppc64: qt-debuginfo-4.6.2-24.el6.ppc64.rpm qt-demos-4.6.2-24.el6.ppc64.rpm qt-examples-4.6.2-24.el6.ppc64.rpm s390x: qt-debuginfo-4.6.2-24.el6.s390x.rpm qt-demos-4.6.2-24.el6.s390x.rpm qt-examples-4.6.2-24.el6.s390x.rpm x86_64: qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-demos-4.6.2-24.el6.x86_64.rpm qt-examples-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.i686.rpm noarch: qt-doc-4.6.2-24.el6.noarch.rpm x86_64: phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm phonon-backend-gstreamer-4.6.2-24.el6.x86_64.rpm qt-4.6.2-24.el6.i686.rpm qt-4.6.2-24.el6.x86_64.rpm qt-debuginfo-4.6.2-24.el6.i686.rpm qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-devel-4.6.2-24.el6.i686.rpm qt-devel-4.6.2-24.el6.x86_64.rpm qt-mysql-4.6.2-24.el6.i686.rpm qt-mysql-4.6.2-24.el6.x86_64.rpm qt-odbc-4.6.2-24.el6.i686.rpm qt-odbc-4.6.2-24.el6.x86_64.rpm qt-postgresql-4.6.2-24.el6.i686.rpm qt-postgresql-4.6.2-24.el6.x86_64.rpm qt-sqlite-4.6.2-24.el6.i686.rpm qt-sqlite-4.6.2-24.el6.x86_64.rpm qt-x11-4.6.2-24.el6.i686.rpm qt-x11-4.6.2-24.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-24.el6.src.rpm i386: qt-debuginfo-4.6.2-24.el6.i686.rpm qt-demos-4.6.2-24.el6.i686.rpm qt-examples-4.6.2-24.el6.i686.rpm x86_64: qt-debuginfo-4.6.2-24.el6.x86_64.rpm qt-demos-4.6.2-24.el6.x86_64.rpm qt-examples-4.6.2-24.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-5076.html https://www.redhat.com/security/data/cve/CVE-2011-3922.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4Zf8XlSAg2UNWIIRArY7AKCYyFvS+QtZXLG6QXejdFejVXIdGwCguLrc m0DEB+ZPFxMyji0T1BAly08= =bSZP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:25:57 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:25:57 +0000 Subject: [RHSA-2012:0884-04] Low: openssh security, bug fix, and enhancement update Message-ID: <201206200930.q5K9U266031055@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2012:0884-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0884.html Issue date: 2012-06-20 CVE Names: CVE-2011-5000 ===================================================================== 1. Summary: Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon (sshd) use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default ("GSSAPIAuthentication yes" in "/etc/ssh/sshd_config"). (CVE-2011-5000) These updated openssh packages also provide fixes for the following bugs: * SSH X11 forwarding failed if IPv6 was enabled and the parameter X11UseLocalhost was set to "no". Consequently, users could not set X forwarding. This update fixes sshd and ssh to correctly bind the port for the IPv6 protocol. As a result, X11 forwarding now works as expected with IPv6. (BZ#732955) * The sshd daemon was killed by the OOM killer when running a stress test. Consequently, a user could not log in. With this update, the sshd daemon sets its oom_adj value to -17. As a result, sshd is not chosen by OOM killer and users are able to log in to solve problems with memory. (BZ#744236) * If the SSH server is configured with a banner that contains a backslash character, then the client will escape it with another "\" character, so it prints double backslashes. An upstream patch has been applied to correct the problem and the SSH banner is now correctly displayed. (BZ#809619) In addition, these updated openssh packages provide the following enhancements: * Previously, SSH allowed multiple ways of authentication of which only one was required for a successful login. SSH can now be set up to require multiple ways of authentication. For example, logging in to an SSH-enabled machine requires both a passphrase and a public key to be entered. The RequiredAuthentications1 and RequiredAuthentications2 options can be configured in the /etc/ssh/sshd_config file to specify authentications that are required for a successful login. For example, to set key and password authentication for SSH version 2, type: echo "RequiredAuthentications2 publickey,password" >> /etc/ssh/sshd_config For more information on the aforementioned /etc/ssh/sshd_config options, refer to the sshd_config man page. (BZ#657378) * Previously, OpenSSH could use the Advanced Encryption Standard New Instructions (AES-NI) instruction set only with the AES Cipher-block chaining (CBC) cipher. This update adds support for Counter (CTR) mode encryption in OpenSSH so the AES-NI instruction set can now be used efficiently also with the AES CTR cipher. (BZ#756929) * Prior to this update, an unprivileged slave sshd process was run as the sshd_t context during privilege separation (privsep). sshd_t is the SELinux context used for running the sshd daemon. Given that the unprivileged slave process is run under the user's UID, it is fitting to run this process under the user's SELinux context instead of the privileged sshd_t context. With this update, the unprivileged slave process is now run as the user's context instead of the sshd_t context in accordance with the principle of privilege separation. The unprivileged process, which might be potentially more sensitive to security threats, is now run under the user's SELinux context. (BZ#798241) Users are advised to upgrade to these updated openssh packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 657378 - [RFE] ability to require password and public-key for login 732955 - X11 forwarding fails, if IPv6 is enabled and X11UseLocalhost=no 797384 - Init scripts tries to read missing file 809938 - CVE-2011-5000 openssh: post-authentication resource exhaustion bug via GSSAPI 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-5.3p1-81.el6.i686.rpm openssh-askpass-5.3p1-81.el6.i686.rpm openssh-clients-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-server-5.3p1-81.el6.i686.rpm x86_64: openssh-5.3p1-81.el6.x86_64.rpm openssh-askpass-5.3p1-81.el6.x86_64.rpm openssh-clients-5.3p1-81.el6.x86_64.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-server-5.3p1-81.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-ldap-5.3p1-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-ldap-5.3p1-81.el6.x86_64.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm x86_64: openssh-5.3p1-81.el6.x86_64.rpm openssh-clients-5.3p1-81.el6.x86_64.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-server-5.3p1-81.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm x86_64: openssh-askpass-5.3p1-81.el6.x86_64.rpm openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-ldap-5.3p1-81.el6.x86_64.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-5.3p1-81.el6.i686.rpm openssh-askpass-5.3p1-81.el6.i686.rpm openssh-clients-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-server-5.3p1-81.el6.i686.rpm ppc64: openssh-5.3p1-81.el6.ppc64.rpm openssh-askpass-5.3p1-81.el6.ppc64.rpm openssh-clients-5.3p1-81.el6.ppc64.rpm openssh-debuginfo-5.3p1-81.el6.ppc64.rpm openssh-server-5.3p1-81.el6.ppc64.rpm s390x: openssh-5.3p1-81.el6.s390x.rpm openssh-askpass-5.3p1-81.el6.s390x.rpm openssh-clients-5.3p1-81.el6.s390x.rpm openssh-debuginfo-5.3p1-81.el6.s390x.rpm openssh-server-5.3p1-81.el6.s390x.rpm x86_64: openssh-5.3p1-81.el6.x86_64.rpm openssh-askpass-5.3p1-81.el6.x86_64.rpm openssh-clients-5.3p1-81.el6.x86_64.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-server-5.3p1-81.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-ldap-5.3p1-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-81.el6.ppc.rpm openssh-debuginfo-5.3p1-81.el6.ppc64.rpm openssh-ldap-5.3p1-81.el6.ppc64.rpm pam_ssh_agent_auth-0.9-81.el6.ppc.rpm pam_ssh_agent_auth-0.9-81.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-81.el6.s390.rpm openssh-debuginfo-5.3p1-81.el6.s390x.rpm openssh-ldap-5.3p1-81.el6.s390x.rpm pam_ssh_agent_auth-0.9-81.el6.s390.rpm pam_ssh_agent_auth-0.9-81.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-ldap-5.3p1-81.el6.x86_64.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-5.3p1-81.el6.i686.rpm openssh-askpass-5.3p1-81.el6.i686.rpm openssh-clients-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-server-5.3p1-81.el6.i686.rpm x86_64: openssh-5.3p1-81.el6.x86_64.rpm openssh-askpass-5.3p1-81.el6.x86_64.rpm openssh-clients-5.3p1-81.el6.x86_64.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-server-5.3p1-81.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-81.el6.src.rpm i386: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-ldap-5.3p1-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-81.el6.i686.rpm openssh-debuginfo-5.3p1-81.el6.x86_64.rpm openssh-ldap-5.3p1-81.el6.x86_64.rpm pam_ssh_agent_auth-0.9-81.el6.i686.rpm pam_ssh_agent_auth-0.9-81.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-5000.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZgUXlSAg2UNWIIRAqstAJ9KvG7vG5oxpJ3dQ8WZ/LcoIVOK9ACeKYTc AIxdFbAQv3n8KXk613bwPKo= =WreZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:26:29 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:26:29 +0000 Subject: [RHSA-2012:0899-04] Low: openldap security and bug fix update Message-ID: <201206200930.q5K9UYYq028743@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openldap security and bug fix update Advisory ID: RHSA-2012:0899-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0899.html Issue date: 2012-06-20 CVE Names: CVE-2012-1164 ===================================================================== 1. Summary: Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. (CVE-2012-1164) These updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 732916 - SASL_NOCANON option missing in ldap.conf manual page 742023 - Default SSL certificate bundle is not found by openldap library 742163 - Overlay constraint with count option work bad with modify operation 743781 - ldapsearch crashes with invalid prameters 745470 - missing options in manual pages of client tools 783445 - replication (syncrepl) with TLS causes segfault 784203 - Duplicate close() calls in OpenLDAP 790687 - openldap should be using portreserve 796808 - slapd segfaults when certificate key cannot be loaded 802514 - CVE-2012-1164 openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry 807363 - openldap libraries leak memory when following referrals 816168 - memory leak: def_urlpre is not freed 818844 - MozNSS CA cert dir does not work together with PEM CA cert file 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-2.4.23-26.el6.i686.rpm openldap-clients-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm x86_64: openldap-2.4.23-26.el6.i686.rpm openldap-2.4.23-26.el6.x86_64.rpm openldap-clients-2.4.23-26.el6.x86_64.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-servers-2.4.23-26.el6.i686.rpm openldap-servers-sql-2.4.23-26.el6.i686.rpm x86_64: openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.x86_64.rpm openldap-servers-2.4.23-26.el6.x86_64.rpm openldap-servers-sql-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm x86_64: openldap-2.4.23-26.el6.i686.rpm openldap-2.4.23-26.el6.x86_64.rpm openldap-clients-2.4.23-26.el6.x86_64.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm x86_64: openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.x86_64.rpm openldap-servers-2.4.23-26.el6.x86_64.rpm openldap-servers-sql-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-2.4.23-26.el6.i686.rpm openldap-clients-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-servers-2.4.23-26.el6.i686.rpm ppc64: openldap-2.4.23-26.el6.ppc.rpm openldap-2.4.23-26.el6.ppc64.rpm openldap-clients-2.4.23-26.el6.ppc64.rpm openldap-debuginfo-2.4.23-26.el6.ppc.rpm openldap-debuginfo-2.4.23-26.el6.ppc64.rpm openldap-devel-2.4.23-26.el6.ppc.rpm openldap-devel-2.4.23-26.el6.ppc64.rpm openldap-servers-2.4.23-26.el6.ppc64.rpm s390x: openldap-2.4.23-26.el6.s390.rpm openldap-2.4.23-26.el6.s390x.rpm openldap-clients-2.4.23-26.el6.s390x.rpm openldap-debuginfo-2.4.23-26.el6.s390.rpm openldap-debuginfo-2.4.23-26.el6.s390x.rpm openldap-devel-2.4.23-26.el6.s390.rpm openldap-devel-2.4.23-26.el6.s390x.rpm openldap-servers-2.4.23-26.el6.s390x.rpm x86_64: openldap-2.4.23-26.el6.i686.rpm openldap-2.4.23-26.el6.x86_64.rpm openldap-clients-2.4.23-26.el6.x86_64.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.x86_64.rpm openldap-servers-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-servers-sql-2.4.23-26.el6.i686.rpm ppc64: openldap-debuginfo-2.4.23-26.el6.ppc64.rpm openldap-servers-sql-2.4.23-26.el6.ppc64.rpm s390x: openldap-debuginfo-2.4.23-26.el6.s390x.rpm openldap-servers-sql-2.4.23-26.el6.s390x.rpm x86_64: openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-servers-sql-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-2.4.23-26.el6.i686.rpm openldap-clients-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-servers-2.4.23-26.el6.i686.rpm x86_64: openldap-2.4.23-26.el6.i686.rpm openldap-2.4.23-26.el6.x86_64.rpm openldap-clients-2.4.23-26.el6.x86_64.rpm openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-devel-2.4.23-26.el6.i686.rpm openldap-devel-2.4.23-26.el6.x86_64.rpm openldap-servers-2.4.23-26.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openldap-2.4.23-26.el6.src.rpm i386: openldap-debuginfo-2.4.23-26.el6.i686.rpm openldap-servers-sql-2.4.23-26.el6.i686.rpm x86_64: openldap-debuginfo-2.4.23-26.el6.x86_64.rpm openldap-servers-sql-2.4.23-26.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1164.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/openldap.html#RHSA-2012-0899 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZgzXlSAg2UNWIIRAh0zAJ9Tmhulsq6aAdZ/N6OLElEY4V24kQCffMga qoOTOPlFLOPy+I2pIfik4xU= =33Rn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:26:50 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:26:50 +0000 Subject: [RHSA-2012:0902-04] Low: cifs-utils security, bug fix, and enhancement update Message-ID: <201206200930.q5K9UtIC032030@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: cifs-utils security, bug fix, and enhancement update Advisory ID: RHSA-2012:0902-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0902.html Issue date: 2012-06-20 CVE Names: CVE-2012-1586 ===================================================================== 1. Summary: An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. (CVE-2012-1586) Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. This update also fixes the following bugs: * The cifs.mount(8) manual page was previously missing documentation for several mount options. With this update, the missing entries have been added to the manual page. (BZ#769923) * Previously, the mount.cifs utility did not properly update the "/etc/mtab" system information file when remounting an existing CIFS mount. Consequently, mount.cifs created a duplicate entry of the existing mount entry. This update adds the del_mtab() function to cifs.mount, which ensures that the old mount entry is removed from "/etc/mtab" before adding the updated mount entry. (BZ#770004) * The mount.cifs utility did not properly convert user and group names to numeric UIDs and GIDs. Therefore, when the "uid", "gid" or "cruid" mount options were specified with user or group names, CIFS shares were mounted with default values. This caused shares to be inaccessible to the intended users because UID and GID is set to "0" by default. With this update, user and group names are properly converted so that CIFS shares are now mounted with specified user and group ownership as expected. (BZ#796463) * The cifs.upcall utility did not respect the "domain_realm" section in the "krb5.conf" file and worked only with the default domain. Consequently, an attempt to mount a CIFS share from a different than the default domain failed with the following error message: mount error(126): Required key not available This update modifies the underlying code so that cifs.upcall handles multiple Kerberos domains correctly and CIFS shares can now be mounted as expected in a multi-domain environment. (BZ#805490) In addition, this update adds the following enhancements: * The cifs.upcall utility previously always used the "/etc/krb5.conf" file regardless of whether the user had specified a custom Kerberos configuration file. This update adds the "--krb5conf" option to cifs.upcall allowing the administrator to specify an alternate krb5.conf file. For more information on this option, refer to the cifs.upcall(8) manual page. (BZ#748756) * The cifs.upcall utility did not optimally determine the correct service principal name (SPN) used for Kerberos authentication, which occasionally caused krb5 authentication to fail when mounting a server's unqualified domain name. This update improves cifs.upcall so that the method used to determine the SPN is now more versatile. (BZ#748757) * This update adds the "backupuid" and "backupgid" mount options to the mount.cifs utility. When specified, these options grant a user or a group the right to access files with the backup intent. For more information on these options, refer to the mount.cifs(8) manual page. (BZ#806337) All users of cifs-utils are advised to upgrade to this updated package, which contains backported patches to fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 748756 - mount.cifs does not use KRB5_CONFIG 748757 - RFE: Improve selection of SPNs with cifs.upcall 807252 - CVE-2012-1586 samba / cifs-utils: mount.cifs file existence disclosure vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cifs-utils-4.8.1-10.el6.src.rpm i386: cifs-utils-4.8.1-10.el6.i686.rpm cifs-utils-debuginfo-4.8.1-10.el6.i686.rpm x86_64: cifs-utils-4.8.1-10.el6.x86_64.rpm cifs-utils-debuginfo-4.8.1-10.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cifs-utils-4.8.1-10.el6.src.rpm x86_64: cifs-utils-4.8.1-10.el6.x86_64.rpm cifs-utils-debuginfo-4.8.1-10.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cifs-utils-4.8.1-10.el6.src.rpm i386: cifs-utils-4.8.1-10.el6.i686.rpm cifs-utils-debuginfo-4.8.1-10.el6.i686.rpm ppc64: cifs-utils-4.8.1-10.el6.ppc64.rpm cifs-utils-debuginfo-4.8.1-10.el6.ppc64.rpm s390x: cifs-utils-4.8.1-10.el6.s390x.rpm cifs-utils-debuginfo-4.8.1-10.el6.s390x.rpm x86_64: cifs-utils-4.8.1-10.el6.x86_64.rpm cifs-utils-debuginfo-4.8.1-10.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cifs-utils-4.8.1-10.el6.src.rpm i386: cifs-utils-4.8.1-10.el6.i686.rpm cifs-utils-debuginfo-4.8.1-10.el6.i686.rpm x86_64: cifs-utils-4.8.1-10.el6.x86_64.rpm cifs-utils-debuginfo-4.8.1-10.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1586.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZhKXlSAg2UNWIIRAgltAJ9ckpwC6RSzVsOrozAAV2YZR5roGwCfX3gJ MGBwsosfi453Eh+GOSTSYKI= =EWaq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:27:15 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:27:15 +0000 Subject: [RHSA-2012:0939-04] Low: xorg-x11-server security and bug fix update Message-ID: <201206200931.q5K9VKAW002472@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: xorg-x11-server security and bug fix update Advisory ID: RHSA-2012:0939-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0939.html Issue date: 2012-06-20 CVE Names: CVE-2011-4028 CVE-2011-4029 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs: * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor." could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 732467 - Pointer gets stuck on right-most screen 745024 - CVE-2011-4029 xorg-x11-server: lock file chmod change race condition 745755 - CVE-2011-4028 xorg-x11-server: File existence disclosure vulnerability 748704 - "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor. 805377 - Regression: raw events do not contain relative values 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm ppc64: xorg-x11-server-Xephyr-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.ppc64.rpm xorg-x11-server-common-1.10.6-1.el6.ppc64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.10.6-1.el6.s390x.rpm xorg-x11-server-common-1.10.6-1.el6.s390x.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.ppc64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm xorg-x11-server-devel-1.10.6-1.el6.ppc.rpm xorg-x11-server-devel-1.10.6-1.el6.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.10.6-1.el6.s390x.rpm xorg-x11-server-Xnest-1.10.6-1.el6.s390x.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.s390x.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4028.html https://www.redhat.com/security/data/cve/CVE-2011-4029.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZhjXlSAg2UNWIIRAir0AJ9sHey+kq1VKcjWOVTayWXlMxoMTwCdEnl0 aGxVQ3Zeu4DOVNqsul/Nulo= =US1w -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:27:35 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:27:35 +0000 Subject: [RHSA-2012:0958-04] Low: sos security, bug fix, and enhancement update Message-ID: <201206200931.q5K9VeF2030125@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sos security, bug fix, and enhancement update Advisory ID: RHSA-2012:0958-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0958.html Issue date: 2012-06-20 CVE Names: CVE-2012-2664 ===================================================================== 1. Summary: An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 730641 - sosreport does not collect /proc/net details 749262 - sosreport does not gather RHN Proxy squid logs 749279 - rhn plugin should collect tomcat version 6 info, instead of obsoleted version 5 749919 - teach sos to collect /etc/modprobe.d/* 771393 - Sosreport fails for default values when rhn user name contains character '/' in it. 771501 - capture non standard log files via syslog - fix filename regexp 782589 - When copying directory into report using addCopySpec, links inside are not handled correctly 784862 - sos does not collect /proc/irq 784874 - sos does not collect /proc/cgroups 790402 - sosreport should blank root password in anaconda plugin 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sos-2.2-29.el6.src.rpm noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sos-2.2-29.el6.src.rpm noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sos-2.2-29.el6.src.rpm noarch: sos-2.2-29.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sos-2.2-29.el6.src.rpm noarch: sos-2.2-29.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2664.html https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/sos.html#RHSA-2012-0958 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4Zh3XlSAg2UNWIIRAqmgAJsGRyU7J5iAv1FtCCPIGp+KvlwvPwCgihL1 eLUK+sVscoBjiZ0PBgr4CKo= =Dev1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:28:01 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:28:01 +0000 Subject: [RHSA-2012:0973-04] Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update Message-ID: <201206200932.q5K9W69v000567@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2012:0973-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0973.html Issue date: 2012-06-20 ===================================================================== 1. Summary: Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. (BZ#798533) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. The nspr package has been upgraded to upstream version 4.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#799193) The nss-util package has been upgraded to upstream version 3.13.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#799192) The nss package has been upgraded to upstream version 3.13.3, which provides numerous bug fixes and enhancements over the previous version. In particular, SSL 2.0 is now disabled by default, support for SHA-224 has been added, PORT_ErrorToString and PORT_ErrorToName now return the error message and symbolic name of an NSS error code, and NSS_GetVersion now returns the NSS version string. (BZ#744070) These updated nss, nss-util, and nspr packages also provide fixes for the following bugs: * A PEM module internal function did not clean up memory when detecting a non-existent file name. Consequently, memory leaks in client code occurred. The code has been improved to deallocate such temporary objects and as a result the reported memory leakage is gone. (BZ#746632) * Recent changes to NSS re-introduced a problem where applications could not use multiple SSL client certificates in the same process. Therefore, any attempt to run commands that worked with multiple SSL client certificates, such as the "yum repolist" command, resulted in a re-negotiation handshake failure. With this update, a revised patch correcting this problem has been applied to NSS, and using multiple SSL client certificates in the same process is now possible again. (BZ#761086) * The PEM module did not fully initialize newly constructed objects with function pointers set to NULL. Consequently, a segmentation violation in libcurl was sometimes experienced while accessing a package repository. With this update, the code has been changed to fully initialize newly allocated objects. As a result, updates can now be installed without problems. (BZ#768669) * A lack-of-robustness flaw caused the administration server for Red Hat Directory Server to terminate unexpectedly because the mod_nss module made nss calls before initializing nss as per the documented API. With this update, nss protects itself against being called before it has been properly initialized by the caller. (BZ#784674) * Compilation errors occurred with some compilers when compiling code against NSS 3.13.1. The following error message was displayed: pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not defined An upstream patch has been applied to improve the code and the problem no longer occurs. (BZ#795693) * Unexpected terminations were reported in the messaging daemon (qpidd) included in Red Hat Enterprise MRG after a recent update to nss. This occurred because qpidd made nss calls before initializing nss. These updated packages prevent qpidd and other affected processes that call nss without initializing as mandated by the API from crashing. (BZ#797426) Users of NSS, NSPR, and nss-util are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 717913 - [PEM] various flaws detected by Coverity 746632 - [PEM] pem_CreateObject() leaks memory given a non-existing file name 768669 - [PEM] an unregistered callback causes a SIGSEGV 769616 - CKFW leaks memory when loading libnsspem.so after upgrade of nss 772053 - premature unloading of softoken crashes libcurl 772628 - nss_Init() leaks memory 784674 - nss should protect against being called before nss_Init 795693 - /usr/include/nss3/pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not defined 797426 - Qpid AMQP daemon fails to load after latest updates 798533 - nss: Distrust MITM subCAs issued by TrustWave 799192 - Rebase nss-util to 3.13.3 799193 - Update nspr to 4.9 805232 - pem module may attempt to free an uninitialized pointer 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm i386: nspr-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nss-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-sysinit-3.13.3-6.el6.i686.rpm nss-tools-3.13.3-6.el6.i686.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nss-3.13.3-6.el6.i686.rpm nss-3.13.3-6.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-sysinit-3.13.3-6.el6.x86_64.rpm nss-tools-3.13.3-6.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm i386: nspr-debuginfo-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.i686.rpm x86_64: nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nss-3.13.3-6.el6.i686.rpm nss-3.13.3-6.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-sysinit-3.13.3-6.el6.x86_64.rpm nss-tools-3.13.3-6.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm x86_64: nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm i386: nspr-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.i686.rpm nss-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-sysinit-3.13.3-6.el6.i686.rpm nss-tools-3.13.3-6.el6.i686.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.i686.rpm ppc64: nspr-4.9-1.el6.ppc.rpm nspr-4.9-1.el6.ppc64.rpm nspr-debuginfo-4.9-1.el6.ppc.rpm nspr-debuginfo-4.9-1.el6.ppc64.rpm nspr-devel-4.9-1.el6.ppc.rpm nspr-devel-4.9-1.el6.ppc64.rpm nss-3.13.3-6.el6.ppc.rpm nss-3.13.3-6.el6.ppc64.rpm nss-debuginfo-3.13.3-6.el6.ppc.rpm nss-debuginfo-3.13.3-6.el6.ppc64.rpm nss-devel-3.13.3-6.el6.ppc.rpm nss-devel-3.13.3-6.el6.ppc64.rpm nss-sysinit-3.13.3-6.el6.ppc64.rpm nss-tools-3.13.3-6.el6.ppc64.rpm nss-util-3.13.3-2.el6.ppc.rpm nss-util-3.13.3-2.el6.ppc64.rpm nss-util-debuginfo-3.13.3-2.el6.ppc.rpm nss-util-debuginfo-3.13.3-2.el6.ppc64.rpm nss-util-devel-3.13.3-2.el6.ppc.rpm nss-util-devel-3.13.3-2.el6.ppc64.rpm s390x: nspr-4.9-1.el6.s390.rpm nspr-4.9-1.el6.s390x.rpm nspr-debuginfo-4.9-1.el6.s390.rpm nspr-debuginfo-4.9-1.el6.s390x.rpm nspr-devel-4.9-1.el6.s390.rpm nspr-devel-4.9-1.el6.s390x.rpm nss-3.13.3-6.el6.s390.rpm nss-3.13.3-6.el6.s390x.rpm nss-debuginfo-3.13.3-6.el6.s390.rpm nss-debuginfo-3.13.3-6.el6.s390x.rpm nss-devel-3.13.3-6.el6.s390.rpm nss-devel-3.13.3-6.el6.s390x.rpm nss-sysinit-3.13.3-6.el6.s390x.rpm nss-tools-3.13.3-6.el6.s390x.rpm nss-util-3.13.3-2.el6.s390.rpm nss-util-3.13.3-2.el6.s390x.rpm nss-util-debuginfo-3.13.3-2.el6.s390.rpm nss-util-debuginfo-3.13.3-2.el6.s390x.rpm nss-util-devel-3.13.3-2.el6.s390.rpm nss-util-devel-3.13.3-2.el6.s390x.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-3.13.3-6.el6.i686.rpm nss-3.13.3-6.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.x86_64.rpm nss-sysinit-3.13.3-6.el6.x86_64.rpm nss-tools-3.13.3-6.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm i386: nss-debuginfo-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm ppc64: nss-debuginfo-3.13.3-6.el6.ppc.rpm nss-debuginfo-3.13.3-6.el6.ppc64.rpm nss-pkcs11-devel-3.13.3-6.el6.ppc.rpm nss-pkcs11-devel-3.13.3-6.el6.ppc64.rpm s390x: nss-debuginfo-3.13.3-6.el6.s390.rpm nss-debuginfo-3.13.3-6.el6.s390x.rpm nss-pkcs11-devel-3.13.3-6.el6.s390.rpm nss-pkcs11-devel-3.13.3-6.el6.s390x.rpm x86_64: nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.13.3-2.el6.src.rpm i386: nspr-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.i686.rpm nss-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-sysinit-3.13.3-6.el6.i686.rpm nss-tools-3.13.3-6.el6.i686.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.i686.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-debuginfo-4.9-1.el6.i686.rpm nspr-debuginfo-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-3.13.3-6.el6.i686.rpm nss-3.13.3-6.el6.x86_64.rpm nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-devel-3.13.3-6.el6.i686.rpm nss-devel-3.13.3-6.el6.x86_64.rpm nss-sysinit-3.13.3-6.el6.x86_64.rpm nss-tools-3.13.3-6.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-debuginfo-3.13.3-2.el6.i686.rpm nss-util-debuginfo-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.3-6.el6.src.rpm i386: nss-debuginfo-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm x86_64: nss-debuginfo-3.13.3-6.el6.i686.rpm nss-debuginfo-3.13.3-6.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZiSXlSAg2UNWIIRAus9AJ9V5rR1EsW3N10YSlIrlMU9cjFvPwCdEa9b adBvddOehQ81wPoAxtv5scw= =VpBT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 09:28:28 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 09:28:28 +0000 Subject: [RHSA-2012:0987-04] Low: sblim-cim-client2 security update Message-ID: <201206200932.q5K9WX5I030759@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sblim-cim-client2 security update Advisory ID: RHSA-2012:0987-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0987.html Issue date: 2012-06-20 CVE Names: CVE-2012-2328 ===================================================================== 1. Summary: Updated sblim-cim-client2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The SBLIM (Standards-Based Linux Instrumentation for Manageability) CIM (Common Information Model) Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF (Distributed Management Task Force) standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM (Web-Based Enterprise Management) server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions. (CVE-2012-2328) All users of sblim-cim-client2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 819733 - CVE-2012-2328 sblim: hash table collisions CPU usage DoS 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sblim-cim-client2-2.1.3-2.el6.src.rpm noarch: sblim-cim-client2-2.1.3-2.el6.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sblim-cim-client2-2.1.3-2.el6.src.rpm noarch: sblim-cim-client2-javadoc-2.1.3-2.el6.noarch.rpm sblim-cim-client2-manual-2.1.3-2.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sblim-cim-client2-2.1.3-2.el6.src.rpm noarch: sblim-cim-client2-2.1.3-2.el6.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sblim-cim-client2-2.1.3-2.el6.src.rpm noarch: sblim-cim-client2-javadoc-2.1.3-2.el6.noarch.rpm sblim-cim-client2-manual-2.1.3-2.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2328.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZipXlSAg2UNWIIRAmXcAJ9Z4epDpBt4aen+otdb1PZc8ualzgCgj97f 4iJ9nvF4xD96rSCdr/RISX0= =Wt6O -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 11:38:33 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 11:38:33 +0000 Subject: [RHSA-2012:0997-01] Moderate: 389-ds-base security update Message-ID: <201206201142.q5KBgdLC027048@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security update Advisory ID: RHSA-2012:0997-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0997.html Issue date: 2012-06-20 CVE Names: CVE-2012-2678 CVE-2012-2746 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on" (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif". (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829933 - CVE-2012-2678 rhds/389: plaintext password disclosure flaw 833482 - CVE-2012-2746 rhds/389: plaintext password disclosure in audit log 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm i386: 389-ds-base-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm x86_64: 389-ds-base-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm x86_64: 389-ds-base-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm i386: 389-ds-base-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm x86_64: 389-ds-base-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm i386: 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm i386: 389-ds-base-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm x86_64: 389-ds-base-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-libs-1.2.10.2-18.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.10.2-18.el6_3.src.rpm i386: 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-debuginfo-1.2.10.2-18.el6_3.x86_64.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.i686.rpm 389-ds-base-devel-1.2.10.2-18.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2678.html https://www.redhat.com/security/data/cve/CVE-2012-2746.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4bceXlSAg2UNWIIRAlr8AJ4nn/6Wp8SdYhN5+ukkZWAzdhAFVQCgrr2C kJiFAS86mDpRcaHMP+rIiNw= =OBpk -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 11:39:18 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 11:39:18 +0000 Subject: [RHSA-2012:1009-01] Important: java-1.7.0-openjdk security and bug fix update Message-ID: <201206201143.q5KBhNNs027189@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security and bug fix update Advisory ID: RHSA-2012:1009-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1009.html Issue date: 2012-06-20 CVE Names: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that java.lang.invoke.MethodHandles.Lookup did not properly honor access modes. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-1726) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) This update also fixes the following bug: * Attempting to compile a SystemTap script using the jstack tapset could have failed with an error similar to the following: error: the frame size of 272 bytes is larger than 256 bytes This update corrects the jstack tapset and resolves this issue. (BZ#833035) This erratum also upgrades the OpenJDK package to IcedTea7 2.2.1. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 829377 - CVE-2012-1726 OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://www.redhat.com/security/data/cve/CVE-2012-1726.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.2/file/icedtea-2.2.1/NEWS http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4bdMXlSAg2UNWIIRAgLZAJ4rVT0qeWA3N7RGN/RRjkpcTqtF4wCeNbiZ 7KUEsZqVLjXnfpCmLH3lpCM= =GGr3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 20 11:39:52 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2012 11:39:52 +0000 Subject: [RHSA-2012:1019-01] Critical: java-1.7.0-oracle security update Message-ID: <201206201143.q5KBhvXh027400@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2012:1019-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1019.html Issue date: 2012-06-20 CVE Names: CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 5 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 829377 - CVE-2012-1726 OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.5-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.5-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://www.redhat.com/security/data/cve/CVE-2012-1726.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4bdxXlSAg2UNWIIRAmfYAJ9TCuvKlVt54rLez7D1weEyGR9TFgCdGLJr qbBjH9XeCQS9nTZ1G1QdwKI= =38hN -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 25 18:17:33 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jun 2012 18:17:33 +0000 Subject: [RHSA-2012:1036-01] Moderate: postgresql security update Message-ID: <201206251817.q5PIHYwm020596@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2012:1036-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1036.html Issue date: 2012-06-25 CVE Names: CVE-2012-2143 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of this issue. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-5.el5_8.src.rpm i386: postgresql-8.1.23-5.el5_8.i386.rpm postgresql-contrib-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-docs-8.1.23-5.el5_8.i386.rpm postgresql-libs-8.1.23-5.el5_8.i386.rpm postgresql-python-8.1.23-5.el5_8.i386.rpm postgresql-tcl-8.1.23-5.el5_8.i386.rpm x86_64: postgresql-8.1.23-5.el5_8.x86_64.rpm postgresql-contrib-8.1.23-5.el5_8.x86_64.rpm postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.x86_64.rpm postgresql-docs-8.1.23-5.el5_8.x86_64.rpm postgresql-libs-8.1.23-5.el5_8.i386.rpm postgresql-libs-8.1.23-5.el5_8.x86_64.rpm postgresql-python-8.1.23-5.el5_8.x86_64.rpm postgresql-tcl-8.1.23-5.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-5.el5_8.src.rpm i386: postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-devel-8.1.23-5.el5_8.i386.rpm postgresql-pl-8.1.23-5.el5_8.i386.rpm postgresql-server-8.1.23-5.el5_8.i386.rpm postgresql-test-8.1.23-5.el5_8.i386.rpm x86_64: postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.x86_64.rpm postgresql-devel-8.1.23-5.el5_8.i386.rpm postgresql-devel-8.1.23-5.el5_8.x86_64.rpm postgresql-pl-8.1.23-5.el5_8.x86_64.rpm postgresql-server-8.1.23-5.el5_8.x86_64.rpm postgresql-test-8.1.23-5.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-5.el5_8.src.rpm i386: postgresql-8.1.23-5.el5_8.i386.rpm postgresql-contrib-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-devel-8.1.23-5.el5_8.i386.rpm postgresql-docs-8.1.23-5.el5_8.i386.rpm postgresql-libs-8.1.23-5.el5_8.i386.rpm postgresql-pl-8.1.23-5.el5_8.i386.rpm postgresql-python-8.1.23-5.el5_8.i386.rpm postgresql-server-8.1.23-5.el5_8.i386.rpm postgresql-tcl-8.1.23-5.el5_8.i386.rpm postgresql-test-8.1.23-5.el5_8.i386.rpm ia64: postgresql-8.1.23-5.el5_8.ia64.rpm postgresql-contrib-8.1.23-5.el5_8.ia64.rpm postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.ia64.rpm postgresql-devel-8.1.23-5.el5_8.ia64.rpm postgresql-docs-8.1.23-5.el5_8.ia64.rpm postgresql-libs-8.1.23-5.el5_8.i386.rpm postgresql-libs-8.1.23-5.el5_8.ia64.rpm postgresql-pl-8.1.23-5.el5_8.ia64.rpm postgresql-python-8.1.23-5.el5_8.ia64.rpm postgresql-server-8.1.23-5.el5_8.ia64.rpm postgresql-tcl-8.1.23-5.el5_8.ia64.rpm postgresql-test-8.1.23-5.el5_8.ia64.rpm ppc: postgresql-8.1.23-5.el5_8.ppc.rpm postgresql-8.1.23-5.el5_8.ppc64.rpm postgresql-contrib-8.1.23-5.el5_8.ppc.rpm postgresql-debuginfo-8.1.23-5.el5_8.ppc.rpm postgresql-debuginfo-8.1.23-5.el5_8.ppc64.rpm postgresql-devel-8.1.23-5.el5_8.ppc.rpm postgresql-devel-8.1.23-5.el5_8.ppc64.rpm postgresql-docs-8.1.23-5.el5_8.ppc.rpm postgresql-libs-8.1.23-5.el5_8.ppc.rpm postgresql-libs-8.1.23-5.el5_8.ppc64.rpm postgresql-pl-8.1.23-5.el5_8.ppc.rpm postgresql-python-8.1.23-5.el5_8.ppc.rpm postgresql-server-8.1.23-5.el5_8.ppc.rpm postgresql-tcl-8.1.23-5.el5_8.ppc.rpm postgresql-test-8.1.23-5.el5_8.ppc.rpm s390x: postgresql-8.1.23-5.el5_8.s390x.rpm postgresql-contrib-8.1.23-5.el5_8.s390x.rpm postgresql-debuginfo-8.1.23-5.el5_8.s390.rpm postgresql-debuginfo-8.1.23-5.el5_8.s390x.rpm postgresql-devel-8.1.23-5.el5_8.s390.rpm postgresql-devel-8.1.23-5.el5_8.s390x.rpm postgresql-docs-8.1.23-5.el5_8.s390x.rpm postgresql-libs-8.1.23-5.el5_8.s390.rpm postgresql-libs-8.1.23-5.el5_8.s390x.rpm postgresql-pl-8.1.23-5.el5_8.s390x.rpm postgresql-python-8.1.23-5.el5_8.s390x.rpm postgresql-server-8.1.23-5.el5_8.s390x.rpm postgresql-tcl-8.1.23-5.el5_8.s390x.rpm postgresql-test-8.1.23-5.el5_8.s390x.rpm x86_64: postgresql-8.1.23-5.el5_8.x86_64.rpm postgresql-contrib-8.1.23-5.el5_8.x86_64.rpm postgresql-debuginfo-8.1.23-5.el5_8.i386.rpm postgresql-debuginfo-8.1.23-5.el5_8.x86_64.rpm postgresql-devel-8.1.23-5.el5_8.i386.rpm postgresql-devel-8.1.23-5.el5_8.x86_64.rpm postgresql-docs-8.1.23-5.el5_8.x86_64.rpm postgresql-libs-8.1.23-5.el5_8.i386.rpm postgresql-libs-8.1.23-5.el5_8.x86_64.rpm postgresql-pl-8.1.23-5.el5_8.x86_64.rpm postgresql-python-8.1.23-5.el5_8.x86_64.rpm postgresql-server-8.1.23-5.el5_8.x86_64.rpm postgresql-tcl-8.1.23-5.el5_8.x86_64.rpm postgresql-test-8.1.23-5.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6KshXlSAg2UNWIIRAnNfAJsGS/3GOt6zxCmzDHLKSXgExHfgHACgoyN5 9ptMbgERL6EY0yPz2nCmCmE= =scBF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 25 18:18:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Jun 2012 18:18:30 +0000 Subject: [RHSA-2012:1037-01] Moderate: postgresql and postgresql84 security update Message-ID: <201206251818.q5PIIV2i023486@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql and postgresql84 security update Advisory ID: RHSA-2012:1037-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1037.html Issue date: 2012-06-25 CVE Names: CVE-2012-2143 CVE-2012-2655 ===================================================================== 1. Summary: Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of the CVE-2012-2143 issue. These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 825995 - CVE-2012-2655 postgresql: Ability of database owners to install procedural languages via CREATE LANGUAGE found unsafe (DoS) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.12-1.el5_8.src.rpm i386: postgresql84-8.4.12-1.el5_8.i386.rpm postgresql84-contrib-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-docs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-python-8.4.12-1.el5_8.i386.rpm postgresql84-tcl-8.4.12-1.el5_8.i386.rpm x86_64: postgresql84-8.4.12-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.12-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.x86_64.rpm postgresql84-docs-8.4.12-1.el5_8.x86_64.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.x86_64.rpm postgresql84-python-8.4.12-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.12-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.12-1.el5_8.src.rpm i386: postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-plperl-8.4.12-1.el5_8.i386.rpm postgresql84-plpython-8.4.12-1.el5_8.i386.rpm postgresql84-pltcl-8.4.12-1.el5_8.i386.rpm postgresql84-server-8.4.12-1.el5_8.i386.rpm postgresql84-test-8.4.12-1.el5_8.i386.rpm x86_64: postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.x86_64.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.12-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.12-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.12-1.el5_8.x86_64.rpm postgresql84-server-8.4.12-1.el5_8.x86_64.rpm postgresql84-test-8.4.12-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql84-8.4.12-1.el5_8.src.rpm i386: postgresql84-8.4.12-1.el5_8.i386.rpm postgresql84-contrib-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-docs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-plperl-8.4.12-1.el5_8.i386.rpm postgresql84-plpython-8.4.12-1.el5_8.i386.rpm postgresql84-pltcl-8.4.12-1.el5_8.i386.rpm postgresql84-python-8.4.12-1.el5_8.i386.rpm postgresql84-server-8.4.12-1.el5_8.i386.rpm postgresql84-tcl-8.4.12-1.el5_8.i386.rpm postgresql84-test-8.4.12-1.el5_8.i386.rpm ia64: postgresql84-8.4.12-1.el5_8.ia64.rpm postgresql84-contrib-8.4.12-1.el5_8.ia64.rpm postgresql84-debuginfo-8.4.12-1.el5_8.ia64.rpm postgresql84-devel-8.4.12-1.el5_8.ia64.rpm postgresql84-docs-8.4.12-1.el5_8.ia64.rpm postgresql84-libs-8.4.12-1.el5_8.ia64.rpm postgresql84-plperl-8.4.12-1.el5_8.ia64.rpm postgresql84-plpython-8.4.12-1.el5_8.ia64.rpm postgresql84-pltcl-8.4.12-1.el5_8.ia64.rpm postgresql84-python-8.4.12-1.el5_8.ia64.rpm postgresql84-server-8.4.12-1.el5_8.ia64.rpm postgresql84-tcl-8.4.12-1.el5_8.ia64.rpm postgresql84-test-8.4.12-1.el5_8.ia64.rpm ppc: postgresql84-8.4.12-1.el5_8.ppc.rpm postgresql84-8.4.12-1.el5_8.ppc64.rpm postgresql84-contrib-8.4.12-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.12-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.12-1.el5_8.ppc64.rpm postgresql84-devel-8.4.12-1.el5_8.ppc.rpm postgresql84-devel-8.4.12-1.el5_8.ppc64.rpm postgresql84-docs-8.4.12-1.el5_8.ppc.rpm postgresql84-libs-8.4.12-1.el5_8.ppc.rpm postgresql84-libs-8.4.12-1.el5_8.ppc64.rpm postgresql84-plperl-8.4.12-1.el5_8.ppc.rpm postgresql84-plpython-8.4.12-1.el5_8.ppc.rpm postgresql84-pltcl-8.4.12-1.el5_8.ppc.rpm postgresql84-python-8.4.12-1.el5_8.ppc.rpm postgresql84-server-8.4.12-1.el5_8.ppc.rpm postgresql84-tcl-8.4.12-1.el5_8.ppc.rpm postgresql84-test-8.4.12-1.el5_8.ppc.rpm s390x: postgresql84-8.4.12-1.el5_8.s390x.rpm postgresql84-contrib-8.4.12-1.el5_8.s390x.rpm postgresql84-debuginfo-8.4.12-1.el5_8.s390.rpm postgresql84-debuginfo-8.4.12-1.el5_8.s390x.rpm postgresql84-devel-8.4.12-1.el5_8.s390.rpm postgresql84-devel-8.4.12-1.el5_8.s390x.rpm postgresql84-docs-8.4.12-1.el5_8.s390x.rpm postgresql84-libs-8.4.12-1.el5_8.s390.rpm postgresql84-libs-8.4.12-1.el5_8.s390x.rpm postgresql84-plperl-8.4.12-1.el5_8.s390x.rpm postgresql84-plpython-8.4.12-1.el5_8.s390x.rpm postgresql84-pltcl-8.4.12-1.el5_8.s390x.rpm postgresql84-python-8.4.12-1.el5_8.s390x.rpm postgresql84-server-8.4.12-1.el5_8.s390x.rpm postgresql84-tcl-8.4.12-1.el5_8.s390x.rpm postgresql84-test-8.4.12-1.el5_8.s390x.rpm x86_64: postgresql84-8.4.12-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.12-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.x86_64.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.x86_64.rpm postgresql84-docs-8.4.12-1.el5_8.x86_64.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.12-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.12-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.12-1.el5_8.x86_64.rpm postgresql84-python-8.4.12-1.el5_8.x86_64.rpm postgresql84-server-8.4.12-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.12-1.el5_8.x86_64.rpm postgresql84-test-8.4.12-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm i386: postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm x86_64: postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm i386: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-contrib-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-docs-8.4.12-1.el6_2.i686.rpm postgresql-plperl-8.4.12-1.el6_2.i686.rpm postgresql-plpython-8.4.12-1.el6_2.i686.rpm postgresql-pltcl-8.4.12-1.el6_2.i686.rpm postgresql-server-8.4.12-1.el6_2.i686.rpm postgresql-test-8.4.12-1.el6_2.i686.rpm x86_64: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-8.4.12-1.el6_2.x86_64.rpm postgresql-contrib-8.4.12-1.el6_2.x86_64.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.x86_64.rpm postgresql-docs-8.4.12-1.el6_2.x86_64.rpm postgresql-plperl-8.4.12-1.el6_2.x86_64.rpm postgresql-plpython-8.4.12-1.el6_2.x86_64.rpm postgresql-pltcl-8.4.12-1.el6_2.x86_64.rpm postgresql-server-8.4.12-1.el6_2.x86_64.rpm postgresql-test-8.4.12-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm x86_64: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-8.4.12-1.el6_2.x86_64.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm x86_64: postgresql-contrib-8.4.12-1.el6_2.x86_64.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.x86_64.rpm postgresql-docs-8.4.12-1.el6_2.x86_64.rpm postgresql-plperl-8.4.12-1.el6_2.x86_64.rpm postgresql-plpython-8.4.12-1.el6_2.x86_64.rpm postgresql-pltcl-8.4.12-1.el6_2.x86_64.rpm postgresql-server-8.4.12-1.el6_2.x86_64.rpm postgresql-test-8.4.12-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm i386: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-contrib-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-docs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-plperl-8.4.12-1.el6_2.i686.rpm postgresql-plpython-8.4.12-1.el6_2.i686.rpm postgresql-pltcl-8.4.12-1.el6_2.i686.rpm postgresql-server-8.4.12-1.el6_2.i686.rpm postgresql-test-8.4.12-1.el6_2.i686.rpm ppc64: postgresql-8.4.12-1.el6_2.ppc.rpm postgresql-8.4.12-1.el6_2.ppc64.rpm postgresql-contrib-8.4.12-1.el6_2.ppc64.rpm postgresql-debuginfo-8.4.12-1.el6_2.ppc.rpm postgresql-debuginfo-8.4.12-1.el6_2.ppc64.rpm postgresql-devel-8.4.12-1.el6_2.ppc.rpm postgresql-devel-8.4.12-1.el6_2.ppc64.rpm postgresql-docs-8.4.12-1.el6_2.ppc64.rpm postgresql-libs-8.4.12-1.el6_2.ppc.rpm postgresql-libs-8.4.12-1.el6_2.ppc64.rpm postgresql-plperl-8.4.12-1.el6_2.ppc64.rpm postgresql-plpython-8.4.12-1.el6_2.ppc64.rpm postgresql-pltcl-8.4.12-1.el6_2.ppc64.rpm postgresql-server-8.4.12-1.el6_2.ppc64.rpm postgresql-test-8.4.12-1.el6_2.ppc64.rpm s390x: postgresql-8.4.12-1.el6_2.s390.rpm postgresql-8.4.12-1.el6_2.s390x.rpm postgresql-contrib-8.4.12-1.el6_2.s390x.rpm postgresql-debuginfo-8.4.12-1.el6_2.s390.rpm postgresql-debuginfo-8.4.12-1.el6_2.s390x.rpm postgresql-devel-8.4.12-1.el6_2.s390.rpm postgresql-devel-8.4.12-1.el6_2.s390x.rpm postgresql-docs-8.4.12-1.el6_2.s390x.rpm postgresql-libs-8.4.12-1.el6_2.s390.rpm postgresql-libs-8.4.12-1.el6_2.s390x.rpm postgresql-plperl-8.4.12-1.el6_2.s390x.rpm postgresql-plpython-8.4.12-1.el6_2.s390x.rpm postgresql-pltcl-8.4.12-1.el6_2.s390x.rpm postgresql-server-8.4.12-1.el6_2.s390x.rpm postgresql-test-8.4.12-1.el6_2.s390x.rpm x86_64: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-8.4.12-1.el6_2.x86_64.rpm postgresql-contrib-8.4.12-1.el6_2.x86_64.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.x86_64.rpm postgresql-docs-8.4.12-1.el6_2.x86_64.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.x86_64.rpm postgresql-plperl-8.4.12-1.el6_2.x86_64.rpm postgresql-plpython-8.4.12-1.el6_2.x86_64.rpm postgresql-pltcl-8.4.12-1.el6_2.x86_64.rpm postgresql-server-8.4.12-1.el6_2.x86_64.rpm postgresql-test-8.4.12-1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.12-1.el6_2.src.rpm i386: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-contrib-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-docs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-plperl-8.4.12-1.el6_2.i686.rpm postgresql-plpython-8.4.12-1.el6_2.i686.rpm postgresql-pltcl-8.4.12-1.el6_2.i686.rpm postgresql-server-8.4.12-1.el6_2.i686.rpm postgresql-test-8.4.12-1.el6_2.i686.rpm x86_64: postgresql-8.4.12-1.el6_2.i686.rpm postgresql-8.4.12-1.el6_2.x86_64.rpm postgresql-contrib-8.4.12-1.el6_2.x86_64.rpm postgresql-debuginfo-8.4.12-1.el6_2.i686.rpm postgresql-debuginfo-8.4.12-1.el6_2.x86_64.rpm postgresql-devel-8.4.12-1.el6_2.i686.rpm postgresql-devel-8.4.12-1.el6_2.x86_64.rpm postgresql-docs-8.4.12-1.el6_2.x86_64.rpm postgresql-libs-8.4.12-1.el6_2.i686.rpm postgresql-libs-8.4.12-1.el6_2.x86_64.rpm postgresql-plperl-8.4.12-1.el6_2.x86_64.rpm postgresql-plpython-8.4.12-1.el6_2.x86_64.rpm postgresql-pltcl-8.4.12-1.el6_2.x86_64.rpm postgresql-server-8.4.12-1.el6_2.x86_64.rpm postgresql-test-8.4.12-1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2655.html https://access.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.4/static/release.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6KtUXlSAg2UNWIIRAgLWAJ9EIlad8/PYSB96pGsKYl4qdSi1LgCfU0yE wws/uhKsOG81NYlMQHRfnCc= =NCvW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 26 18:45:42 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jun 2012 18:45:42 +0000 Subject: [RHSA-2012:1042-01] Important: kernel security and bug fix update Message-ID: <201206261845.q5QIjhI5005188@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:1042-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1042.html Issue date: 2012-06-26 CVE Names: CVE-2011-4347 CVE-2012-0038 CVE-2012-0044 CVE-2012-1097 CVE-2012-1179 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and three bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate) * A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2012-0038, Moderate) * It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Sasha Levin for reporting CVE-2011-4347; Wang Xi for reporting CVE-2012-0038; and H. Peter Anvin for reporting CVE-2012-1097. This update also fixes the following bugs: * When a RoCE (RDMA over Converged Ethernet) adapter with active RoCE communications was taken down suddenly (either by adapter failure or the intentional shutdown of the interface), the ongoing RoCE communications could cause the kernel to panic and render the machine unusable. A patch has been provided to protect the kernel in this situation and to pass an error up to the application still using the interface after it has been taken down instead. (BZ#799944) * The fix for Red Hat Bugzilla bug 713494, released via RHSA-2011:0928, introduced a regression. Attempting to change the state of certain features, such as GRO (Generic Receive Offload) or TSO (TCP segment offloading), for a 10 Gigabit Ethernet card that is being used in a virtual LAN (VLAN) resulted in a kernel panic. (BZ#816974) * If a new file was created on a Network File System version 4 (NFSv4) share, the ownership was set to nfsnobody (-2) until it was possible to upcall to the idmapper. As a consequence, subsequent file system operations could incorrectly use "-2" for the user and group IDs for the given file, causing certain operations to fail. In reported cases, this issue also caused "Viminfo file is not writable" errors for users running Vim with files on an NFSv4 share. (BZ#820960) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 756084 - CVE-2011-4347 kernel: kvm: device assignment DoS 772894 - CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() 773280 - CVE-2012-0038 kernel: xfs heap overflow 799209 - CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets 803793 - CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON() 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.1): Source: kernel-2.6.32-131.29.1.el6.src.rpm i386: kernel-2.6.32-131.29.1.el6.i686.rpm kernel-debug-2.6.32-131.29.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.29.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.29.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.29.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.29.1.el6.i686.rpm kernel-devel-2.6.32-131.29.1.el6.i686.rpm kernel-headers-2.6.32-131.29.1.el6.i686.rpm perf-2.6.32-131.29.1.el6.i686.rpm perf-debuginfo-2.6.32-131.29.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.29.1.el6.noarch.rpm kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.29.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.29.1.el6.ppc64.rpm kernel-debug-2.6.32-131.29.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.29.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.29.1.el6.ppc64.rpm kernel-devel-2.6.32-131.29.1.el6.ppc64.rpm kernel-headers-2.6.32-131.29.1.el6.ppc64.rpm perf-2.6.32-131.29.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.29.1.el6.s390x.rpm kernel-debug-2.6.32-131.29.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.29.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.29.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.29.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.29.1.el6.s390x.rpm kernel-devel-2.6.32-131.29.1.el6.s390x.rpm kernel-headers-2.6.32-131.29.1.el6.s390x.rpm kernel-kdump-2.6.32-131.29.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.29.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.29.1.el6.s390x.rpm perf-2.6.32-131.29.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.29.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.29.1.el6.x86_64.rpm kernel-debug-2.6.32-131.29.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.29.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.29.1.el6.x86_64.rpm kernel-devel-2.6.32-131.29.1.el6.x86_64.rpm kernel-headers-2.6.32-131.29.1.el6.x86_64.rpm perf-2.6.32-131.29.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4347.html https://www.redhat.com/security/data/cve/CVE-2012-0038.html https://www.redhat.com/security/data/cve/CVE-2012-0044.html https://www.redhat.com/security/data/cve/CVE-2012-1097.html https://www.redhat.com/security/data/cve/CVE-2012-1179.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2011-0928.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6gMxXlSAg2UNWIIRAp0hAJ9EpNvBTuIJV1vvvNpd9N6ciCmK0QCfd3R7 A3SX3RBMjY6D37NcWXCZU2o= =aZdF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 26 18:46:09 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Jun 2012 18:46:09 +0000 Subject: [RHSA-2012:1043-01] Important: libwpd security update Message-ID: <201206261846.q5QIkARQ030383@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwpd security update Advisory ID: RHSA-2012:1043-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1043.html Issue date: 2012-06-26 CVE Names: CVE-2012-2149 ===================================================================== 1. Summary: Updated libwpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents (.wpd files). An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2149) All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 822207 - CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libwpd-0.8.7-3.1.el5_8.src.rpm i386: libwpd-0.8.7-3.1.el5_8.i386.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-tools-0.8.7-3.1.el5_8.i386.rpm x86_64: libwpd-0.8.7-3.1.el5_8.i386.rpm libwpd-0.8.7-3.1.el5_8.x86_64.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm libwpd-tools-0.8.7-3.1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libwpd-0.8.7-3.1.el5_8.src.rpm i386: libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-devel-0.8.7-3.1.el5_8.i386.rpm x86_64: libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm libwpd-devel-0.8.7-3.1.el5_8.i386.rpm libwpd-devel-0.8.7-3.1.el5_8.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libwpd-0.8.7-3.1.el5_8.src.rpm i386: libwpd-0.8.7-3.1.el5_8.i386.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-devel-0.8.7-3.1.el5_8.i386.rpm libwpd-tools-0.8.7-3.1.el5_8.i386.rpm x86_64: libwpd-0.8.7-3.1.el5_8.i386.rpm libwpd-0.8.7-3.1.el5_8.x86_64.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm libwpd-devel-0.8.7-3.1.el5_8.i386.rpm libwpd-devel-0.8.7-3.1.el5_8.x86_64.rpm libwpd-tools-0.8.7-3.1.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2149.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6gNhXlSAg2UNWIIRAgwnAJ0fcaIoNq5B58nZCMXFBPsmTKTPgQCfTUfG wiD8Q2zrlmRmvaYB2Q85Evs= =9+AZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 27 15:52:26 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2012 15:52:26 +0000 Subject: [RHSA-2012:1045-01] Moderate: php security update Message-ID: <201206271552.q5RFqR3u008768@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1045.html Issue date: 2012-06-27 CVE Names: CVE-2011-4153 CVE-2012-0057 CVE-2012-0789 CVE-2012-1172 CVE-2012-2336 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-39.el5_8.src.rpm i386: php-5.1.6-39.el5_8.i386.rpm php-bcmath-5.1.6-39.el5_8.i386.rpm php-cli-5.1.6-39.el5_8.i386.rpm php-common-5.1.6-39.el5_8.i386.rpm php-dba-5.1.6-39.el5_8.i386.rpm php-debuginfo-5.1.6-39.el5_8.i386.rpm php-devel-5.1.6-39.el5_8.i386.rpm php-gd-5.1.6-39.el5_8.i386.rpm php-imap-5.1.6-39.el5_8.i386.rpm php-ldap-5.1.6-39.el5_8.i386.rpm php-mbstring-5.1.6-39.el5_8.i386.rpm php-mysql-5.1.6-39.el5_8.i386.rpm php-ncurses-5.1.6-39.el5_8.i386.rpm php-odbc-5.1.6-39.el5_8.i386.rpm php-pdo-5.1.6-39.el5_8.i386.rpm php-pgsql-5.1.6-39.el5_8.i386.rpm php-snmp-5.1.6-39.el5_8.i386.rpm php-soap-5.1.6-39.el5_8.i386.rpm php-xml-5.1.6-39.el5_8.i386.rpm php-xmlrpc-5.1.6-39.el5_8.i386.rpm x86_64: php-5.1.6-39.el5_8.x86_64.rpm php-bcmath-5.1.6-39.el5_8.x86_64.rpm php-cli-5.1.6-39.el5_8.x86_64.rpm php-common-5.1.6-39.el5_8.x86_64.rpm php-dba-5.1.6-39.el5_8.x86_64.rpm php-debuginfo-5.1.6-39.el5_8.x86_64.rpm php-devel-5.1.6-39.el5_8.x86_64.rpm php-gd-5.1.6-39.el5_8.x86_64.rpm php-imap-5.1.6-39.el5_8.x86_64.rpm php-ldap-5.1.6-39.el5_8.x86_64.rpm php-mbstring-5.1.6-39.el5_8.x86_64.rpm php-mysql-5.1.6-39.el5_8.x86_64.rpm php-ncurses-5.1.6-39.el5_8.x86_64.rpm php-odbc-5.1.6-39.el5_8.x86_64.rpm php-pdo-5.1.6-39.el5_8.x86_64.rpm php-pgsql-5.1.6-39.el5_8.x86_64.rpm php-snmp-5.1.6-39.el5_8.x86_64.rpm php-soap-5.1.6-39.el5_8.x86_64.rpm php-xml-5.1.6-39.el5_8.x86_64.rpm php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-39.el5_8.src.rpm i386: php-5.1.6-39.el5_8.i386.rpm php-bcmath-5.1.6-39.el5_8.i386.rpm php-cli-5.1.6-39.el5_8.i386.rpm php-common-5.1.6-39.el5_8.i386.rpm php-dba-5.1.6-39.el5_8.i386.rpm php-debuginfo-5.1.6-39.el5_8.i386.rpm php-devel-5.1.6-39.el5_8.i386.rpm php-gd-5.1.6-39.el5_8.i386.rpm php-imap-5.1.6-39.el5_8.i386.rpm php-ldap-5.1.6-39.el5_8.i386.rpm php-mbstring-5.1.6-39.el5_8.i386.rpm php-mysql-5.1.6-39.el5_8.i386.rpm php-ncurses-5.1.6-39.el5_8.i386.rpm php-odbc-5.1.6-39.el5_8.i386.rpm php-pdo-5.1.6-39.el5_8.i386.rpm php-pgsql-5.1.6-39.el5_8.i386.rpm php-snmp-5.1.6-39.el5_8.i386.rpm php-soap-5.1.6-39.el5_8.i386.rpm php-xml-5.1.6-39.el5_8.i386.rpm php-xmlrpc-5.1.6-39.el5_8.i386.rpm ia64: php-5.1.6-39.el5_8.ia64.rpm php-bcmath-5.1.6-39.el5_8.ia64.rpm php-cli-5.1.6-39.el5_8.ia64.rpm php-common-5.1.6-39.el5_8.ia64.rpm php-dba-5.1.6-39.el5_8.ia64.rpm php-debuginfo-5.1.6-39.el5_8.ia64.rpm php-devel-5.1.6-39.el5_8.ia64.rpm php-gd-5.1.6-39.el5_8.ia64.rpm php-imap-5.1.6-39.el5_8.ia64.rpm php-ldap-5.1.6-39.el5_8.ia64.rpm php-mbstring-5.1.6-39.el5_8.ia64.rpm php-mysql-5.1.6-39.el5_8.ia64.rpm php-ncurses-5.1.6-39.el5_8.ia64.rpm php-odbc-5.1.6-39.el5_8.ia64.rpm php-pdo-5.1.6-39.el5_8.ia64.rpm php-pgsql-5.1.6-39.el5_8.ia64.rpm php-snmp-5.1.6-39.el5_8.ia64.rpm php-soap-5.1.6-39.el5_8.ia64.rpm php-xml-5.1.6-39.el5_8.ia64.rpm php-xmlrpc-5.1.6-39.el5_8.ia64.rpm ppc: php-5.1.6-39.el5_8.ppc.rpm php-bcmath-5.1.6-39.el5_8.ppc.rpm php-cli-5.1.6-39.el5_8.ppc.rpm php-common-5.1.6-39.el5_8.ppc.rpm php-dba-5.1.6-39.el5_8.ppc.rpm php-debuginfo-5.1.6-39.el5_8.ppc.rpm php-devel-5.1.6-39.el5_8.ppc.rpm php-gd-5.1.6-39.el5_8.ppc.rpm php-imap-5.1.6-39.el5_8.ppc.rpm php-ldap-5.1.6-39.el5_8.ppc.rpm php-mbstring-5.1.6-39.el5_8.ppc.rpm php-mysql-5.1.6-39.el5_8.ppc.rpm php-ncurses-5.1.6-39.el5_8.ppc.rpm php-odbc-5.1.6-39.el5_8.ppc.rpm php-pdo-5.1.6-39.el5_8.ppc.rpm php-pgsql-5.1.6-39.el5_8.ppc.rpm php-snmp-5.1.6-39.el5_8.ppc.rpm php-soap-5.1.6-39.el5_8.ppc.rpm php-xml-5.1.6-39.el5_8.ppc.rpm php-xmlrpc-5.1.6-39.el5_8.ppc.rpm s390x: php-5.1.6-39.el5_8.s390x.rpm php-bcmath-5.1.6-39.el5_8.s390x.rpm php-cli-5.1.6-39.el5_8.s390x.rpm php-common-5.1.6-39.el5_8.s390x.rpm php-dba-5.1.6-39.el5_8.s390x.rpm php-debuginfo-5.1.6-39.el5_8.s390x.rpm php-devel-5.1.6-39.el5_8.s390x.rpm php-gd-5.1.6-39.el5_8.s390x.rpm php-imap-5.1.6-39.el5_8.s390x.rpm php-ldap-5.1.6-39.el5_8.s390x.rpm php-mbstring-5.1.6-39.el5_8.s390x.rpm php-mysql-5.1.6-39.el5_8.s390x.rpm php-ncurses-5.1.6-39.el5_8.s390x.rpm php-odbc-5.1.6-39.el5_8.s390x.rpm php-pdo-5.1.6-39.el5_8.s390x.rpm php-pgsql-5.1.6-39.el5_8.s390x.rpm php-snmp-5.1.6-39.el5_8.s390x.rpm php-soap-5.1.6-39.el5_8.s390x.rpm php-xml-5.1.6-39.el5_8.s390x.rpm php-xmlrpc-5.1.6-39.el5_8.s390x.rpm x86_64: php-5.1.6-39.el5_8.x86_64.rpm php-bcmath-5.1.6-39.el5_8.x86_64.rpm php-cli-5.1.6-39.el5_8.x86_64.rpm php-common-5.1.6-39.el5_8.x86_64.rpm php-dba-5.1.6-39.el5_8.x86_64.rpm php-debuginfo-5.1.6-39.el5_8.x86_64.rpm php-devel-5.1.6-39.el5_8.x86_64.rpm php-gd-5.1.6-39.el5_8.x86_64.rpm php-imap-5.1.6-39.el5_8.x86_64.rpm php-ldap-5.1.6-39.el5_8.x86_64.rpm php-mbstring-5.1.6-39.el5_8.x86_64.rpm php-mysql-5.1.6-39.el5_8.x86_64.rpm php-ncurses-5.1.6-39.el5_8.x86_64.rpm php-odbc-5.1.6-39.el5_8.x86_64.rpm php-pdo-5.1.6-39.el5_8.x86_64.rpm php-pgsql-5.1.6-39.el5_8.x86_64.rpm php-snmp-5.1.6-39.el5_8.x86_64.rpm php-soap-5.1.6-39.el5_8.x86_64.rpm php-xml-5.1.6-39.el5_8.x86_64.rpm php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6ywiXlSAg2UNWIIRAlQdAKCSzJwQnIfnFO01xKNrbmqTB9P2twCeNtBm lAytZSQRsuydTO173PNQ5aY= =ShQh -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 27 15:53:26 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2012 15:53:26 +0000 Subject: [RHSA-2012:1046-01] Moderate: php security update Message-ID: <201206271553.q5RFrRmR022413@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024) 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-bcmath-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm ppc64: php-5.3.3-14.el6_3.ppc64.rpm php-cli-5.3.3-14.el6_3.ppc64.rpm php-common-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-gd-5.3.3-14.el6_3.ppc64.rpm php-ldap-5.3.3-14.el6_3.ppc64.rpm php-mysql-5.3.3-14.el6_3.ppc64.rpm php-odbc-5.3.3-14.el6_3.ppc64.rpm php-pdo-5.3.3-14.el6_3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.ppc64.rpm php-soap-5.3.3-14.el6_3.ppc64.rpm php-xml-5.3.3-14.el6_3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm s390x: php-5.3.3-14.el6_3.s390x.rpm php-cli-5.3.3-14.el6_3.s390x.rpm php-common-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-gd-5.3.3-14.el6_3.s390x.rpm php-ldap-5.3.3-14.el6_3.s390x.rpm php-mysql-5.3.3-14.el6_3.s390x.rpm php-odbc-5.3.3-14.el6_3.s390x.rpm php-pdo-5.3.3-14.el6_3.s390x.rpm php-pgsql-5.3.3-14.el6_3.s390x.rpm php-soap-5.3.3-14.el6_3.s390x.rpm php-xml-5.3.3-14.el6_3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.s390x.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.ppc64.rpm php-dba-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-devel-5.3.3-14.el6_3.ppc64.rpm php-embedded-5.3.3-14.el6_3.ppc64.rpm php-enchant-5.3.3-14.el6_3.ppc64.rpm php-imap-5.3.3-14.el6_3.ppc64.rpm php-intl-5.3.3-14.el6_3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.ppc64.rpm php-process-5.3.3-14.el6_3.ppc64.rpm php-pspell-5.3.3-14.el6_3.ppc64.rpm php-recode-5.3.3-14.el6_3.ppc64.rpm php-snmp-5.3.3-14.el6_3.ppc64.rpm php-tidy-5.3.3-14.el6_3.ppc64.rpm php-zts-5.3.3-14.el6_3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.s390x.rpm php-dba-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-devel-5.3.3-14.el6_3.s390x.rpm php-embedded-5.3.3-14.el6_3.s390x.rpm php-enchant-5.3.3-14.el6_3.s390x.rpm php-imap-5.3.3-14.el6_3.s390x.rpm php-intl-5.3.3-14.el6_3.s390x.rpm php-mbstring-5.3.3-14.el6_3.s390x.rpm php-process-5.3.3-14.el6_3.s390x.rpm php-pspell-5.3.3-14.el6_3.s390x.rpm php-recode-5.3.3-14.el6_3.s390x.rpm php-snmp-5.3.3-14.el6_3.s390x.rpm php-tidy-5.3.3-14.el6_3.s390x.rpm php-zts-5.3.3-14.el6_3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0781.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP 5dEIaw64iUF1AYJgb6tOHK0= =KioB -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 27 15:54:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2012 15:54:14 +0000 Subject: [RHSA-2012:1047-01] Moderate: php53 security update Message-ID: <201206271554.q5RFsFq5013057@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 security update Advisory ID: RHSA-2012:1047-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1047.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ===================================================================== 1. Summary: Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0547, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024) 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-13.el5_8.src.rpm i386: php53-5.3.3-13.el5_8.i386.rpm php53-bcmath-5.3.3-13.el5_8.i386.rpm php53-cli-5.3.3-13.el5_8.i386.rpm php53-common-5.3.3-13.el5_8.i386.rpm php53-dba-5.3.3-13.el5_8.i386.rpm php53-debuginfo-5.3.3-13.el5_8.i386.rpm php53-devel-5.3.3-13.el5_8.i386.rpm php53-gd-5.3.3-13.el5_8.i386.rpm php53-imap-5.3.3-13.el5_8.i386.rpm php53-intl-5.3.3-13.el5_8.i386.rpm php53-ldap-5.3.3-13.el5_8.i386.rpm php53-mbstring-5.3.3-13.el5_8.i386.rpm php53-mysql-5.3.3-13.el5_8.i386.rpm php53-odbc-5.3.3-13.el5_8.i386.rpm php53-pdo-5.3.3-13.el5_8.i386.rpm php53-pgsql-5.3.3-13.el5_8.i386.rpm php53-process-5.3.3-13.el5_8.i386.rpm php53-pspell-5.3.3-13.el5_8.i386.rpm php53-snmp-5.3.3-13.el5_8.i386.rpm php53-soap-5.3.3-13.el5_8.i386.rpm php53-xml-5.3.3-13.el5_8.i386.rpm php53-xmlrpc-5.3.3-13.el5_8.i386.rpm x86_64: php53-5.3.3-13.el5_8.x86_64.rpm php53-bcmath-5.3.3-13.el5_8.x86_64.rpm php53-cli-5.3.3-13.el5_8.x86_64.rpm php53-common-5.3.3-13.el5_8.x86_64.rpm php53-dba-5.3.3-13.el5_8.x86_64.rpm php53-debuginfo-5.3.3-13.el5_8.x86_64.rpm php53-devel-5.3.3-13.el5_8.x86_64.rpm php53-gd-5.3.3-13.el5_8.x86_64.rpm php53-imap-5.3.3-13.el5_8.x86_64.rpm php53-intl-5.3.3-13.el5_8.x86_64.rpm php53-ldap-5.3.3-13.el5_8.x86_64.rpm php53-mbstring-5.3.3-13.el5_8.x86_64.rpm php53-mysql-5.3.3-13.el5_8.x86_64.rpm php53-odbc-5.3.3-13.el5_8.x86_64.rpm php53-pdo-5.3.3-13.el5_8.x86_64.rpm php53-pgsql-5.3.3-13.el5_8.x86_64.rpm php53-process-5.3.3-13.el5_8.x86_64.rpm php53-pspell-5.3.3-13.el5_8.x86_64.rpm php53-snmp-5.3.3-13.el5_8.x86_64.rpm php53-soap-5.3.3-13.el5_8.x86_64.rpm php53-xml-5.3.3-13.el5_8.x86_64.rpm php53-xmlrpc-5.3.3-13.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-13.el5_8.src.rpm i386: php53-5.3.3-13.el5_8.i386.rpm php53-bcmath-5.3.3-13.el5_8.i386.rpm php53-cli-5.3.3-13.el5_8.i386.rpm php53-common-5.3.3-13.el5_8.i386.rpm php53-dba-5.3.3-13.el5_8.i386.rpm php53-debuginfo-5.3.3-13.el5_8.i386.rpm php53-devel-5.3.3-13.el5_8.i386.rpm php53-gd-5.3.3-13.el5_8.i386.rpm php53-imap-5.3.3-13.el5_8.i386.rpm php53-intl-5.3.3-13.el5_8.i386.rpm php53-ldap-5.3.3-13.el5_8.i386.rpm php53-mbstring-5.3.3-13.el5_8.i386.rpm php53-mysql-5.3.3-13.el5_8.i386.rpm php53-odbc-5.3.3-13.el5_8.i386.rpm php53-pdo-5.3.3-13.el5_8.i386.rpm php53-pgsql-5.3.3-13.el5_8.i386.rpm php53-process-5.3.3-13.el5_8.i386.rpm php53-pspell-5.3.3-13.el5_8.i386.rpm php53-snmp-5.3.3-13.el5_8.i386.rpm php53-soap-5.3.3-13.el5_8.i386.rpm php53-xml-5.3.3-13.el5_8.i386.rpm php53-xmlrpc-5.3.3-13.el5_8.i386.rpm ia64: php53-5.3.3-13.el5_8.ia64.rpm php53-bcmath-5.3.3-13.el5_8.ia64.rpm php53-cli-5.3.3-13.el5_8.ia64.rpm php53-common-5.3.3-13.el5_8.ia64.rpm php53-dba-5.3.3-13.el5_8.ia64.rpm php53-debuginfo-5.3.3-13.el5_8.ia64.rpm php53-devel-5.3.3-13.el5_8.ia64.rpm php53-gd-5.3.3-13.el5_8.ia64.rpm php53-imap-5.3.3-13.el5_8.ia64.rpm php53-intl-5.3.3-13.el5_8.ia64.rpm php53-ldap-5.3.3-13.el5_8.ia64.rpm php53-mbstring-5.3.3-13.el5_8.ia64.rpm php53-mysql-5.3.3-13.el5_8.ia64.rpm php53-odbc-5.3.3-13.el5_8.ia64.rpm php53-pdo-5.3.3-13.el5_8.ia64.rpm php53-pgsql-5.3.3-13.el5_8.ia64.rpm php53-process-5.3.3-13.el5_8.ia64.rpm php53-pspell-5.3.3-13.el5_8.ia64.rpm php53-snmp-5.3.3-13.el5_8.ia64.rpm php53-soap-5.3.3-13.el5_8.ia64.rpm php53-xml-5.3.3-13.el5_8.ia64.rpm php53-xmlrpc-5.3.3-13.el5_8.ia64.rpm ppc: php53-5.3.3-13.el5_8.ppc.rpm php53-bcmath-5.3.3-13.el5_8.ppc.rpm php53-cli-5.3.3-13.el5_8.ppc.rpm php53-common-5.3.3-13.el5_8.ppc.rpm php53-dba-5.3.3-13.el5_8.ppc.rpm php53-debuginfo-5.3.3-13.el5_8.ppc.rpm php53-devel-5.3.3-13.el5_8.ppc.rpm php53-gd-5.3.3-13.el5_8.ppc.rpm php53-imap-5.3.3-13.el5_8.ppc.rpm php53-intl-5.3.3-13.el5_8.ppc.rpm php53-ldap-5.3.3-13.el5_8.ppc.rpm php53-mbstring-5.3.3-13.el5_8.ppc.rpm php53-mysql-5.3.3-13.el5_8.ppc.rpm php53-odbc-5.3.3-13.el5_8.ppc.rpm php53-pdo-5.3.3-13.el5_8.ppc.rpm php53-pgsql-5.3.3-13.el5_8.ppc.rpm php53-process-5.3.3-13.el5_8.ppc.rpm php53-pspell-5.3.3-13.el5_8.ppc.rpm php53-snmp-5.3.3-13.el5_8.ppc.rpm php53-soap-5.3.3-13.el5_8.ppc.rpm php53-xml-5.3.3-13.el5_8.ppc.rpm php53-xmlrpc-5.3.3-13.el5_8.ppc.rpm s390x: php53-5.3.3-13.el5_8.s390x.rpm php53-bcmath-5.3.3-13.el5_8.s390x.rpm php53-cli-5.3.3-13.el5_8.s390x.rpm php53-common-5.3.3-13.el5_8.s390x.rpm php53-dba-5.3.3-13.el5_8.s390x.rpm php53-debuginfo-5.3.3-13.el5_8.s390x.rpm php53-devel-5.3.3-13.el5_8.s390x.rpm php53-gd-5.3.3-13.el5_8.s390x.rpm php53-imap-5.3.3-13.el5_8.s390x.rpm php53-intl-5.3.3-13.el5_8.s390x.rpm php53-ldap-5.3.3-13.el5_8.s390x.rpm php53-mbstring-5.3.3-13.el5_8.s390x.rpm php53-mysql-5.3.3-13.el5_8.s390x.rpm php53-odbc-5.3.3-13.el5_8.s390x.rpm php53-pdo-5.3.3-13.el5_8.s390x.rpm php53-pgsql-5.3.3-13.el5_8.s390x.rpm php53-process-5.3.3-13.el5_8.s390x.rpm php53-pspell-5.3.3-13.el5_8.s390x.rpm php53-snmp-5.3.3-13.el5_8.s390x.rpm php53-soap-5.3.3-13.el5_8.s390x.rpm php53-xml-5.3.3-13.el5_8.s390x.rpm php53-xmlrpc-5.3.3-13.el5_8.s390x.rpm x86_64: php53-5.3.3-13.el5_8.x86_64.rpm php53-bcmath-5.3.3-13.el5_8.x86_64.rpm php53-cli-5.3.3-13.el5_8.x86_64.rpm php53-common-5.3.3-13.el5_8.x86_64.rpm php53-dba-5.3.3-13.el5_8.x86_64.rpm php53-debuginfo-5.3.3-13.el5_8.x86_64.rpm php53-devel-5.3.3-13.el5_8.x86_64.rpm php53-gd-5.3.3-13.el5_8.x86_64.rpm php53-imap-5.3.3-13.el5_8.x86_64.rpm php53-intl-5.3.3-13.el5_8.x86_64.rpm php53-ldap-5.3.3-13.el5_8.x86_64.rpm php53-mbstring-5.3.3-13.el5_8.x86_64.rpm php53-mysql-5.3.3-13.el5_8.x86_64.rpm php53-odbc-5.3.3-13.el5_8.x86_64.rpm php53-pdo-5.3.3-13.el5_8.x86_64.rpm php53-pgsql-5.3.3-13.el5_8.x86_64.rpm php53-process-5.3.3-13.el5_8.x86_64.rpm php53-pspell-5.3.3-13.el5_8.x86_64.rpm php53-snmp-5.3.3-13.el5_8.x86_64.rpm php53-soap-5.3.3-13.el5_8.x86_64.rpm php53-xml-5.3.3-13.el5_8.x86_64.rpm php53-xmlrpc-5.3.3-13.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0547.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6yyDXlSAg2UNWIIRAu2zAKC8ROcChsz1MkTbSM921azTr7x5vACggc8v uQDSWVmKWcYfJwvqolSqJUI= =fzOC -----END PGP SIGNATURE-----