From bugzilla at redhat.com Mon Sep 3 13:10:57 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Sep 2012 13:10:57 +0000 Subject: [RHSA-2012:1221-01] Critical: java-1.6.0-openjdk security update Message-ID: <201209031310.q83DAwCB027436@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:1221-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1221.html Issue date: 2012-09-03 CVE Names: CVE-2012-0547 CVE-2012-1682 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.4/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQRKwlXlSAg2UNWIIRAuBpAJ9PVRcgXwYAfcHDVDY+XnH8eZ/EvACfZ3rd /XJCTtikB1oO+KTYuOUgdEM= =VrOF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 3 13:12:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Sep 2012 13:12:16 +0000 Subject: [RHSA-2012:1222-01] Important: java-1.6.0-openjdk security update Message-ID: <201209031312.q83DCGGf019950@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:1222-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1222.html Issue date: 2012-09-03 CVE Names: CVE-2012-0547 CVE-2012-1682 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 846709 - Kerberos auth failing to work in openjdk due to two upstream bugs 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.9.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.9/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQRKx0XlSAg2UNWIIRAvYLAKDDSO9dy44uzKkJIqo3l4S1J0T6lgCdHkqG XqkxJT8OdIpLqE4b/b5pAGg= =96Z2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 3 13:14:20 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Sep 2012 13:14:20 +0000 Subject: [RHSA-2012:1223-01] Important: java-1.7.0-openjdk security update Message-ID: <201209031314.q83DELvH011535@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2012:1223-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1223.html Issue date: 2012-09-03 CVE Names: CVE-2012-0547 CVE-2012-1682 CVE-2012-3136 CVE-2012-4681 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 852051 - CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473) 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853138 - CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://www.redhat.com/security/data/cve/CVE-2012-3136.html https://www.redhat.com/security/data/cve/CVE-2012-4681.html https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQRKzHXlSAg2UNWIIRAt9QAJ9qt+dYZrGWLZfelO3gxXIHLRIrjgCdE0e8 0vzPqUIZfBkT+eNBNebUuVE= =WYyS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 4 07:01:34 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Sep 2012 07:01:34 +0000 Subject: [RHSA-2012:1225-01] Critical: java-1.7.0-oracle security update Message-ID: <201209040707.q8477rLE007303@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2012:1225-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1225.html Issue date: 2012-09-04 CVE Names: CVE-2012-0547 CVE-2012-1682 CVE-2012-3136 CVE-2012-4681 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Security Alert page, listed in the References section. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, CVE-2012-0547) Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 7 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 852051 - CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473) 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853138 - CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.7-1jpp.5.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.7-1jpp.5.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://www.redhat.com/security/data/cve/CVE-2012-3136.html https://www.redhat.com/security/data/cve/CVE-2012-4681.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQRaiZXlSAg2UNWIIRApINAKCpoTdO2pSoGk+OYeQ0hdCAtDzBugCbB6Up UmqNKtPLcEzgLTk34btAwPM= =mz2x -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 5 17:06:53 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Sep 2012 17:06:53 +0000 Subject: [RHSA-2012:1234-01] Important: qemu-kvm security update Message-ID: <201209051706.q85H6rU5006092@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2012:1234-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1234.html Issue date: 2012-09-05 CVE Names: CVE-2012-3515 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of KVM. Affected configurations were: * When guests were started from the command line ("/usr/libexec/qemu-kvm") without the "-nodefaults" option, and also without specifying a serial or parallel device, or a virtio-console device, that specifically does not use a virtual console (vc) back-end. (Note that Red Hat does not support invoking "qemu-kvm" from the command line without "-nodefaults" on Red Hat Enterprise Linux 6.) * Guests that were managed via libvirt, such as when using Virtual Machine Manager (virt-manager), but that have a serial or parallel device, or a virtio-console device, that uses a virtual console back-end. By default, guests managed via libvirt will not use a virtual console back-end for such devices. Red Hat would like to thank the Xen project for reporting this issue. All users of qemu-kvm should upgrade to these updated packages, which resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.295.el6_3.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-img-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3515.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQR4aLXlSAg2UNWIIRAuX1AKCtm0W/vBwvrWRdSz61z5ZJNn2njgCgw2um TP5x39UypbWuP2VGJSvlSws= =9N5w -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 5 17:07:46 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Sep 2012 17:07:46 +0000 Subject: [RHSA-2012:1235-01] Important: kvm security update Message-ID: <201209051707.q85H7l2J026901@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2012:1235-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1235.html Issue date: 2012-09-05 CVE Names: CVE-2012-3515 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of KVM. Affected configurations were: * When guests were started from the command line ("/usr/libexec/qemu-kvm"), and without specifying a serial or parallel device that specifically does not use a virtual console (vc) back-end. (Note that Red Hat does not support invoking "qemu-kvm" from the command line on Red Hat Enterprise Linux 5.) * Guests that were managed via libvirt, such as when using Virtual Machine Manager (virt-manager), but that have a serial or parallel device that uses a virtual console back-end. By default, guests managed via libvirt will not use a virtual console back-end for such devices. Red Hat would like to thank the Xen project for reporting this issue. All KVM users should upgrade to these updated packages, which correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-249.el5_8.5.src.rpm x86_64: kmod-kvm-83-249.el5_8.5.x86_64.rpm kmod-kvm-debug-83-249.el5_8.5.x86_64.rpm kvm-83-249.el5_8.5.x86_64.rpm kvm-debuginfo-83-249.el5_8.5.x86_64.rpm kvm-qemu-img-83-249.el5_8.5.x86_64.rpm kvm-tools-83-249.el5_8.5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-249.el5_8.5.src.rpm x86_64: kmod-kvm-83-249.el5_8.5.x86_64.rpm kmod-kvm-debug-83-249.el5_8.5.x86_64.rpm kvm-83-249.el5_8.5.x86_64.rpm kvm-debuginfo-83-249.el5_8.5.x86_64.rpm kvm-qemu-img-83-249.el5_8.5.x86_64.rpm kvm-tools-83-249.el5_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3515.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQR4a9XlSAg2UNWIIRAhmlAKCQoRr+yx3FFIbE0hFwcJxrtKcgYgCfa4MW WuzMrb3s542bwmcl9ef21qc= =C0+E -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 5 17:08:32 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Sep 2012 17:08:32 +0000 Subject: [RHSA-2012:1236-01] Important: xen security update Message-ID: <201209051708.q85H8W9S025890@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2012:1236-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1236.html Issue date: 2012-09-05 CVE Names: CVE-2012-3515 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console (vc) back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected. Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-135.el5_8.5.src.rpm i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-135.el5_8.5.src.rpm i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-135.el5_8.5.src.rpm i386: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm ia64: xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-libs-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-libs-3.0.3-135.el5_8.5.i386.rpm xen-libs-3.0.3-135.el5_8.5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-135.el5_8.5.src.rpm i386: xen-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm ia64: xen-3.0.3-135.el5_8.5.ia64.rpm xen-debuginfo-3.0.3-135.el5_8.5.ia64.rpm xen-devel-3.0.3-135.el5_8.5.ia64.rpm x86_64: xen-3.0.3-135.el5_8.5.x86_64.rpm xen-debuginfo-3.0.3-135.el5_8.5.i386.rpm xen-debuginfo-3.0.3-135.el5_8.5.x86_64.rpm xen-devel-3.0.3-135.el5_8.5.i386.rpm xen-devel-3.0.3-135.el5_8.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3515.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQR4bxXlSAg2UNWIIRArHnAJ40hJ85kcaujeunn+Roj+BwjUikJwCgpkyl JvqfaaqHDVoBwoVvwe2RY3g= =vXCr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 6 16:16:11 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Sep 2012 16:16:11 +0000 Subject: [RHSA-2012:1238-01] Critical: java-1.6.0-ibm security update Message-ID: <201209061616.q86GGBwx004279@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2012:1238-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1238.html Issue date: 2012-09-06 CVE Names: CVE-2012-0551 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-0551, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR11 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.i386.rpm ppc: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.ppc.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.s390.rpm java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.s390.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.s390.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.s390.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.i386.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.ppc.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.s390x.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.s390x.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.s390.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.s390x.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.i686.rpm java-1.6.0-ibm-devel-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm java-1.6.0-ibm-src-1.6.0.11.0-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQSMw4XlSAg2UNWIIRAshKAJ49SpnZkzi3qYDcliO3TJKzvAplQACgrwFW 2JWskMzQ+QkQ0agc+HQAbwo= =LO3L -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 7 13:18:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2012 13:18:05 +0000 Subject: [RHSA-2012:1243-01] Critical: java-1.4.2-ibm security update Message-ID: <201209071318.q87DI6Pb002740@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2012:1243-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1243.html Issue date: 2012-09-07 CVE Names: CVE-2012-1713 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 ===================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64 3. Description: IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1713, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM J2SE 1.4.2 SR13-FP13 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.s390.rpm java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.s390.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.s390.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.i386.rpm java-1.4.2-ibm-src-1.4.2.13.13-1jpp.1.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQSfPKXlSAg2UNWIIRAuaWAKC0zDvxO6eJjArBYhEf25qpyHwEIgCguHUT v5B6iZgjFZQ6OwNQsvo+mfo= =ZGLB -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 7 13:19:58 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2012 13:19:58 +0000 Subject: [RHSA-2012:1245-01] Critical: java-1.5.0-ibm security update Message-ID: <201209071319.q87DJwt2003352@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2012:1245-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1245.html Issue date: 2012-09-07 CVE Names: CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1725) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR14 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.i386.rpm ppc: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.ppc.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.s390.rpm java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.s390x.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.s390.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.s390x.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.s390.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.s390.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.s390.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.i386.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.ppc.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el6_3.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el6_3.ppc.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.s390x.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.s390x.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.s390.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el6_3.s390.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-plugin-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.i686.rpm java-1.5.0-ibm-devel-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm java-1.5.0-ibm-src-1.5.0.14.0-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQSfQjXlSAg2UNWIIRAqCLAJsFsqey2tKW03coQV1/xOdj+M2zcgCbBDDQ Cx0jKMCYCCxvJtpWsrBs0tM= =SpyC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 11 18:34:27 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Sep 2012 18:34:27 +0000 Subject: [RHSA-2012:1255-01] Moderate: libexif security update Message-ID: <201209111834.q8BIYR1Y018870@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libexif security update Advisory ID: RHSA-2012:1255-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1255.html Issue date: 2012-09-11 CVE Names: CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 ===================================================================== 1. Summary: Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841) Red Hat would like to thank Dan Fandrich for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837. Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libexif must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 839182 - CVE-2012-2813 libexif: "exif_convert_utf16_to_utf8()" heap-based out-of-bounds array read 839183 - CVE-2012-2814 libexif: "exif_entry_format_value()" buffer overflow 839184 - CVE-2012-2836 libexif: "exif_data_load_data()" heap-based out-of-bounds array read 839185 - CVE-2012-2837 libexif: "mnote_olympus_entry_get_value()" division by zero 839188 - CVE-2012-2840 libexif: "exif_convert_utf16_to_utf8()" off-by-one 839189 - CVE-2012-2841 libexif: "exif_entry_get_value()" integer underflow 839203 - CVE-2012-2812 libexif: "exif_entry_get_value()" heap-based out-of-bounds array read 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.21-1.el5_8.src.rpm i386: libexif-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm x86_64: libexif-0.6.21-1.el5_8.i386.rpm libexif-0.6.21-1.el5_8.x86_64.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.21-1.el5_8.src.rpm i386: libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm x86_64: libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libexif-0.6.21-1.el5_8.src.rpm i386: libexif-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm ia64: libexif-0.6.21-1.el5_8.ia64.rpm libexif-debuginfo-0.6.21-1.el5_8.ia64.rpm libexif-devel-0.6.21-1.el5_8.ia64.rpm ppc: libexif-0.6.21-1.el5_8.ppc.rpm libexif-0.6.21-1.el5_8.ppc64.rpm libexif-debuginfo-0.6.21-1.el5_8.ppc.rpm libexif-debuginfo-0.6.21-1.el5_8.ppc64.rpm libexif-devel-0.6.21-1.el5_8.ppc.rpm libexif-devel-0.6.21-1.el5_8.ppc64.rpm s390x: libexif-0.6.21-1.el5_8.s390.rpm libexif-0.6.21-1.el5_8.s390x.rpm libexif-debuginfo-0.6.21-1.el5_8.s390.rpm libexif-debuginfo-0.6.21-1.el5_8.s390x.rpm libexif-devel-0.6.21-1.el5_8.s390.rpm libexif-devel-0.6.21-1.el5_8.s390x.rpm x86_64: libexif-0.6.21-1.el5_8.i386.rpm libexif-0.6.21-1.el5_8.x86_64.rpm libexif-debuginfo-0.6.21-1.el5_8.i386.rpm libexif-debuginfo-0.6.21-1.el5_8.x86_64.rpm libexif-devel-0.6.21-1.el5_8.i386.rpm libexif-devel-0.6.21-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libexif-0.6.21-5.el6_3.src.rpm i386: libexif-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm x86_64: libexif-0.6.21-5.el6_3.i686.rpm libexif-0.6.21-5.el6_3.x86_64.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libexif-0.6.21-5.el6_3.src.rpm i386: libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm x86_64: libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libexif-0.6.21-5.el6_3.src.rpm x86_64: libexif-0.6.21-5.el6_3.i686.rpm libexif-0.6.21-5.el6_3.x86_64.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libexif-0.6.21-5.el6_3.src.rpm i386: libexif-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm ppc64: libexif-0.6.21-5.el6_3.ppc.rpm libexif-0.6.21-5.el6_3.ppc64.rpm libexif-debuginfo-0.6.21-5.el6_3.ppc.rpm libexif-debuginfo-0.6.21-5.el6_3.ppc64.rpm libexif-devel-0.6.21-5.el6_3.ppc.rpm libexif-devel-0.6.21-5.el6_3.ppc64.rpm s390x: libexif-0.6.21-5.el6_3.s390.rpm libexif-0.6.21-5.el6_3.s390x.rpm libexif-debuginfo-0.6.21-5.el6_3.s390.rpm libexif-debuginfo-0.6.21-5.el6_3.s390x.rpm libexif-devel-0.6.21-5.el6_3.s390.rpm libexif-devel-0.6.21-5.el6_3.s390x.rpm x86_64: libexif-0.6.21-5.el6_3.i686.rpm libexif-0.6.21-5.el6_3.x86_64.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libexif-0.6.21-5.el6_3.src.rpm i386: libexif-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm x86_64: libexif-0.6.21-5.el6_3.i686.rpm libexif-0.6.21-5.el6_3.x86_64.rpm libexif-debuginfo-0.6.21-5.el6_3.i686.rpm libexif-debuginfo-0.6.21-5.el6_3.x86_64.rpm libexif-devel-0.6.21-5.el6_3.i686.rpm libexif-devel-0.6.21-5.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2812.html https://www.redhat.com/security/data/cve/CVE-2012-2813.html https://www.redhat.com/security/data/cve/CVE-2012-2814.html https://www.redhat.com/security/data/cve/CVE-2012-2836.html https://www.redhat.com/security/data/cve/CVE-2012-2837.html https://www.redhat.com/security/data/cve/CVE-2012-2840.html https://www.redhat.com/security/data/cve/CVE-2012-2841.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQT4QQXlSAg2UNWIIRAq72AKCU/zzD4WKVoJAof3UHs3r9MlKLrgCaAptm lRSrZ+X8CifEYk8LoOxzUsE= =NRGR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 11 18:35:16 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Sep 2012 18:35:16 +0000 Subject: [RHSA-2012:1256-01] Moderate: ghostscript security update Message-ID: <201209111835.q8BIZGI5016658@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2012:1256-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1256.html Issue date: 2012-09-11 CVE Names: CVE-2012-4405 ===================================================================== 1. Summary: Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Sch?nefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 854227 - CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-14.el5_8.1.src.rpm i386: ghostscript-8.70-14.el5_8.1.i386.rpm ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-gtk-8.70-14.el5_8.1.i386.rpm x86_64: ghostscript-8.70-14.el5_8.1.i386.rpm ghostscript-8.70-14.el5_8.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-debuginfo-8.70-14.el5_8.1.x86_64.rpm ghostscript-gtk-8.70-14.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-14.el5_8.1.src.rpm i386: ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-devel-8.70-14.el5_8.1.i386.rpm x86_64: ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-debuginfo-8.70-14.el5_8.1.x86_64.rpm ghostscript-devel-8.70-14.el5_8.1.i386.rpm ghostscript-devel-8.70-14.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.70-14.el5_8.1.src.rpm i386: ghostscript-8.70-14.el5_8.1.i386.rpm ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-devel-8.70-14.el5_8.1.i386.rpm ghostscript-gtk-8.70-14.el5_8.1.i386.rpm ia64: ghostscript-8.70-14.el5_8.1.ia64.rpm ghostscript-debuginfo-8.70-14.el5_8.1.ia64.rpm ghostscript-devel-8.70-14.el5_8.1.ia64.rpm ghostscript-gtk-8.70-14.el5_8.1.ia64.rpm ppc: ghostscript-8.70-14.el5_8.1.ppc.rpm ghostscript-8.70-14.el5_8.1.ppc64.rpm ghostscript-debuginfo-8.70-14.el5_8.1.ppc.rpm ghostscript-debuginfo-8.70-14.el5_8.1.ppc64.rpm ghostscript-devel-8.70-14.el5_8.1.ppc.rpm ghostscript-devel-8.70-14.el5_8.1.ppc64.rpm ghostscript-gtk-8.70-14.el5_8.1.ppc.rpm s390x: ghostscript-8.70-14.el5_8.1.s390.rpm ghostscript-8.70-14.el5_8.1.s390x.rpm ghostscript-debuginfo-8.70-14.el5_8.1.s390.rpm ghostscript-debuginfo-8.70-14.el5_8.1.s390x.rpm ghostscript-devel-8.70-14.el5_8.1.s390.rpm ghostscript-devel-8.70-14.el5_8.1.s390x.rpm ghostscript-gtk-8.70-14.el5_8.1.s390x.rpm x86_64: ghostscript-8.70-14.el5_8.1.i386.rpm ghostscript-8.70-14.el5_8.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el5_8.1.i386.rpm ghostscript-debuginfo-8.70-14.el5_8.1.x86_64.rpm ghostscript-devel-8.70-14.el5_8.1.i386.rpm ghostscript-devel-8.70-14.el5_8.1.x86_64.rpm ghostscript-gtk-8.70-14.el5_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm x86_64: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-8.70-14.el6_3.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-doc-8.70-14.el6_3.1.i686.rpm ghostscript-gtk-8.70-14.el6_3.1.i686.rpm x86_64: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.x86_64.rpm ghostscript-doc-8.70-14.el6_3.1.x86_64.rpm ghostscript-gtk-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm x86_64: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-8.70-14.el6_3.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm x86_64: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.x86_64.rpm ghostscript-doc-8.70-14.el6_3.1.x86_64.rpm ghostscript-gtk-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ppc64: ghostscript-8.70-14.el6_3.1.ppc.rpm ghostscript-8.70-14.el6_3.1.ppc64.rpm ghostscript-debuginfo-8.70-14.el6_3.1.ppc.rpm ghostscript-debuginfo-8.70-14.el6_3.1.ppc64.rpm s390x: ghostscript-8.70-14.el6_3.1.s390.rpm ghostscript-8.70-14.el6_3.1.s390x.rpm ghostscript-debuginfo-8.70-14.el6_3.1.s390.rpm ghostscript-debuginfo-8.70-14.el6_3.1.s390x.rpm x86_64: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-8.70-14.el6_3.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-doc-8.70-14.el6_3.1.i686.rpm ghostscript-gtk-8.70-14.el6_3.1.i686.rpm ppc64: ghostscript-debuginfo-8.70-14.el6_3.1.ppc.rpm ghostscript-debuginfo-8.70-14.el6_3.1.ppc64.rpm ghostscript-devel-8.70-14.el6_3.1.ppc.rpm ghostscript-devel-8.70-14.el6_3.1.ppc64.rpm ghostscript-doc-8.70-14.el6_3.1.ppc64.rpm ghostscript-gtk-8.70-14.el6_3.1.ppc64.rpm s390x: ghostscript-debuginfo-8.70-14.el6_3.1.s390.rpm ghostscript-debuginfo-8.70-14.el6_3.1.s390x.rpm ghostscript-devel-8.70-14.el6_3.1.s390.rpm ghostscript-devel-8.70-14.el6_3.1.s390x.rpm ghostscript-doc-8.70-14.el6_3.1.s390x.rpm ghostscript-gtk-8.70-14.el6_3.1.s390x.rpm x86_64: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.x86_64.rpm ghostscript-doc-8.70-14.el6_3.1.x86_64.rpm ghostscript-gtk-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm x86_64: ghostscript-8.70-14.el6_3.1.i686.rpm ghostscript-8.70-14.el6_3.1.x86_64.rpm ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-14.el6_3.1.src.rpm i386: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-doc-8.70-14.el6_3.1.i686.rpm ghostscript-gtk-8.70-14.el6_3.1.i686.rpm x86_64: ghostscript-debuginfo-8.70-14.el6_3.1.i686.rpm ghostscript-debuginfo-8.70-14.el6_3.1.x86_64.rpm ghostscript-devel-8.70-14.el6_3.1.i686.rpm ghostscript-devel-8.70-14.el6_3.1.x86_64.rpm ghostscript-doc-8.70-14.el6_3.1.x86_64.rpm ghostscript-gtk-8.70-14.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4405.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQT4RNXlSAg2UNWIIRAplCAKCrOf6bZMNj0/y5BSrDRRKkNgfPzQCgiWTW YIvqPdz/+NfvLxJ1XBSfbVg= =oBif -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 12 20:10:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Sep 2012 20:10:30 +0000 Subject: [RHSA-2012:1258-01] Moderate: quagga security update Message-ID: <201209122010.q8CKAUCS032206@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1258-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1258.html Issue date: 2012-09-12 CVE Names: CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietam?ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm i386: quagga-contrib-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm x86_64: quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm i386: quagga-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm x86_64: quagga-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm i386: quagga-0.98.6-7.el5_8.1.i386.rpm quagga-contrib-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm ia64: quagga-0.98.6-7.el5_8.1.ia64.rpm quagga-contrib-0.98.6-7.el5_8.1.ia64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ia64.rpm quagga-devel-0.98.6-7.el5_8.1.ia64.rpm ppc: quagga-0.98.6-7.el5_8.1.ppc.rpm quagga-contrib-0.98.6-7.el5_8.1.ppc.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ppc.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ppc64.rpm quagga-devel-0.98.6-7.el5_8.1.ppc.rpm quagga-devel-0.98.6-7.el5_8.1.ppc64.rpm s390x: quagga-0.98.6-7.el5_8.1.s390x.rpm quagga-contrib-0.98.6-7.el5_8.1.s390x.rpm quagga-debuginfo-0.98.6-7.el5_8.1.s390.rpm quagga-debuginfo-0.98.6-7.el5_8.1.s390x.rpm quagga-devel-0.98.6-7.el5_8.1.s390.rpm quagga-devel-0.98.6-7.el5_8.1.s390x.rpm x86_64: quagga-0.98.6-7.el5_8.1.x86_64.rpm quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1674.html https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOwgXlSAg2UNWIIRAnpmAKCmR0UYneuYqhGXzZc7Wol864tlKACeIGwA EBCd27eTiT5JPHMgOGBqNSI= =Q9Tw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 12 20:11:08 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Sep 2012 20:11:08 +0000 Subject: [RHSA-2012:1259-01] Moderate: quagga security update Message-ID: <201209122011.q8CKB9h6025721@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietam?ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 13 17:21:40 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2012 17:21:40 +0000 Subject: [RHSA-2012:1261-01] Moderate: dbus security update Message-ID: <201209131721.q8DHLfin003403@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dbus security update Advisory ID: RHSA-2012:1261-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1261.html Issue date: 2012-09-13 CVE Names: CVE-2012-3524 ===================================================================== 1. Summary: Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524) Note: With this update, libdbus ignores environment variables when used by setuid or setgid applications. The environment is not ignored when an application gains privileges via file system capabilities; however, no application shipped in Red Hat Enterprise Linux 6 gains privileges via file system capabilities. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 847402 - CVE-2012-3524 X.org: arbitrary code execution as root when libdbus >= 1.5 is used 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm i386: dbus-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-x11-1.2.24-7.el6_3.i686.rpm x86_64: dbus-1.2.24-7.el6_3.x86_64.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.x86_64.rpm dbus-x11-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm i386: dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm noarch: dbus-doc-1.2.24-7.el6_3.noarch.rpm x86_64: dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm x86_64: dbus-1.2.24-7.el6_3.x86_64.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.x86_64.rpm dbus-x11-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm noarch: dbus-doc-1.2.24-7.el6_3.noarch.rpm x86_64: dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm i386: dbus-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-x11-1.2.24-7.el6_3.i686.rpm ppc64: dbus-1.2.24-7.el6_3.ppc64.rpm dbus-debuginfo-1.2.24-7.el6_3.ppc.rpm dbus-debuginfo-1.2.24-7.el6_3.ppc64.rpm dbus-devel-1.2.24-7.el6_3.ppc.rpm dbus-devel-1.2.24-7.el6_3.ppc64.rpm dbus-libs-1.2.24-7.el6_3.ppc.rpm dbus-libs-1.2.24-7.el6_3.ppc64.rpm dbus-x11-1.2.24-7.el6_3.ppc64.rpm s390x: dbus-1.2.24-7.el6_3.s390x.rpm dbus-debuginfo-1.2.24-7.el6_3.s390.rpm dbus-debuginfo-1.2.24-7.el6_3.s390x.rpm dbus-devel-1.2.24-7.el6_3.s390.rpm dbus-devel-1.2.24-7.el6_3.s390x.rpm dbus-libs-1.2.24-7.el6_3.s390.rpm dbus-libs-1.2.24-7.el6_3.s390x.rpm dbus-x11-1.2.24-7.el6_3.s390x.rpm x86_64: dbus-1.2.24-7.el6_3.x86_64.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.x86_64.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.x86_64.rpm dbus-x11-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm noarch: dbus-doc-1.2.24-7.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm i386: dbus-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-x11-1.2.24-7.el6_3.i686.rpm x86_64: dbus-1.2.24-7.el6_3.x86_64.rpm dbus-debuginfo-1.2.24-7.el6_3.i686.rpm dbus-debuginfo-1.2.24-7.el6_3.x86_64.rpm dbus-devel-1.2.24-7.el6_3.i686.rpm dbus-devel-1.2.24-7.el6_3.x86_64.rpm dbus-libs-1.2.24-7.el6_3.i686.rpm dbus-libs-1.2.24-7.el6_3.x86_64.rpm dbus-x11-1.2.24-7.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-1.2.24-7.el6_3.src.rpm noarch: dbus-doc-1.2.24-7.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3524.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUhYLXlSAg2UNWIIRAk4LAJ0XMDkKrx8BKrQ5ebuS77IoErxi/gCeJQnS Xf4NI8lqycSfoi+up1nqc5o= =Pf0m -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 13 17:23:14 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2012 17:23:14 +0000 Subject: [RHSA-2012:1263-01] Moderate: postgresql and postgresql84 security update Message-ID: <201209131723.q8DHNEqu003728@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql and postgresql84 security update Advisory ID: RHSA-2012:1263-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1263.html Issue date: 2012-09-13 CVE Names: CVE-2012-3488 CVE-2012-3489 ===================================================================== 1. Summary: Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) It was found that the "xml" data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages. (CVE-2012-3489) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Peter Eisentraut as the original reporter of CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489. These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release-8-4-13.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 849172 - CVE-2012-3488 postgresql (xml2 contrib module): XXE by applying XSL stylesheet to the document 849173 - CVE-2012-3489 postgresql: File disclosure through XXE in xmlparse by DTD validation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-8.4.13-1.el5_8.i386.rpm postgresql84-contrib-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-docs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-python-8.4.13-1.el5_8.i386.rpm postgresql84-tcl-8.4.13-1.el5_8.i386.rpm x86_64: postgresql84-8.4.13-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm postgresql84-python-8.4.13-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-plperl-8.4.13-1.el5_8.i386.rpm postgresql84-plpython-8.4.13-1.el5_8.i386.rpm postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm postgresql84-server-8.4.13-1.el5_8.i386.rpm postgresql84-test-8.4.13-1.el5_8.i386.rpm x86_64: postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-server-8.4.13-1.el5_8.x86_64.rpm postgresql84-test-8.4.13-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql84-8.4.13-1.el5_8.src.rpm i386: postgresql84-8.4.13-1.el5_8.i386.rpm postgresql84-contrib-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-docs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-plperl-8.4.13-1.el5_8.i386.rpm postgresql84-plpython-8.4.13-1.el5_8.i386.rpm postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm postgresql84-python-8.4.13-1.el5_8.i386.rpm postgresql84-server-8.4.13-1.el5_8.i386.rpm postgresql84-tcl-8.4.13-1.el5_8.i386.rpm postgresql84-test-8.4.13-1.el5_8.i386.rpm ia64: postgresql84-8.4.13-1.el5_8.ia64.rpm postgresql84-contrib-8.4.13-1.el5_8.ia64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ia64.rpm postgresql84-devel-8.4.13-1.el5_8.ia64.rpm postgresql84-docs-8.4.13-1.el5_8.ia64.rpm postgresql84-libs-8.4.13-1.el5_8.ia64.rpm postgresql84-plperl-8.4.13-1.el5_8.ia64.rpm postgresql84-plpython-8.4.13-1.el5_8.ia64.rpm postgresql84-pltcl-8.4.13-1.el5_8.ia64.rpm postgresql84-python-8.4.13-1.el5_8.ia64.rpm postgresql84-server-8.4.13-1.el5_8.ia64.rpm postgresql84-tcl-8.4.13-1.el5_8.ia64.rpm postgresql84-test-8.4.13-1.el5_8.ia64.rpm ppc: postgresql84-8.4.13-1.el5_8.ppc.rpm postgresql84-8.4.13-1.el5_8.ppc64.rpm postgresql84-contrib-8.4.13-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ppc.rpm postgresql84-debuginfo-8.4.13-1.el5_8.ppc64.rpm postgresql84-devel-8.4.13-1.el5_8.ppc.rpm postgresql84-devel-8.4.13-1.el5_8.ppc64.rpm postgresql84-docs-8.4.13-1.el5_8.ppc.rpm postgresql84-libs-8.4.13-1.el5_8.ppc.rpm postgresql84-libs-8.4.13-1.el5_8.ppc64.rpm postgresql84-plperl-8.4.13-1.el5_8.ppc.rpm postgresql84-plpython-8.4.13-1.el5_8.ppc.rpm postgresql84-pltcl-8.4.13-1.el5_8.ppc.rpm postgresql84-python-8.4.13-1.el5_8.ppc.rpm postgresql84-server-8.4.13-1.el5_8.ppc.rpm postgresql84-tcl-8.4.13-1.el5_8.ppc.rpm postgresql84-test-8.4.13-1.el5_8.ppc.rpm s390x: postgresql84-8.4.13-1.el5_8.s390x.rpm postgresql84-contrib-8.4.13-1.el5_8.s390x.rpm postgresql84-debuginfo-8.4.13-1.el5_8.s390.rpm postgresql84-debuginfo-8.4.13-1.el5_8.s390x.rpm postgresql84-devel-8.4.13-1.el5_8.s390.rpm postgresql84-devel-8.4.13-1.el5_8.s390x.rpm postgresql84-docs-8.4.13-1.el5_8.s390x.rpm postgresql84-libs-8.4.13-1.el5_8.s390.rpm postgresql84-libs-8.4.13-1.el5_8.s390x.rpm postgresql84-plperl-8.4.13-1.el5_8.s390x.rpm postgresql84-plpython-8.4.13-1.el5_8.s390x.rpm postgresql84-pltcl-8.4.13-1.el5_8.s390x.rpm postgresql84-python-8.4.13-1.el5_8.s390x.rpm postgresql84-server-8.4.13-1.el5_8.s390x.rpm postgresql84-tcl-8.4.13-1.el5_8.s390x.rpm postgresql84-test-8.4.13-1.el5_8.s390x.rpm x86_64: postgresql84-8.4.13-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.13-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.13-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.13-1.el5_8.x86_64.rpm postgresql84-devel-8.4.13-1.el5_8.i386.rpm postgresql84-devel-8.4.13-1.el5_8.x86_64.rpm postgresql84-docs-8.4.13-1.el5_8.x86_64.rpm postgresql84-libs-8.4.13-1.el5_8.i386.rpm postgresql84-libs-8.4.13-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.13-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.13-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-python-8.4.13-1.el5_8.x86_64.rpm postgresql84-server-8.4.13-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.13-1.el5_8.x86_64.rpm postgresql84-test-8.4.13-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm x86_64: postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm ppc64: postgresql-8.4.13-1.el6_3.ppc.rpm postgresql-8.4.13-1.el6_3.ppc64.rpm postgresql-contrib-8.4.13-1.el6_3.ppc64.rpm postgresql-debuginfo-8.4.13-1.el6_3.ppc.rpm postgresql-debuginfo-8.4.13-1.el6_3.ppc64.rpm postgresql-devel-8.4.13-1.el6_3.ppc.rpm postgresql-devel-8.4.13-1.el6_3.ppc64.rpm postgresql-docs-8.4.13-1.el6_3.ppc64.rpm postgresql-libs-8.4.13-1.el6_3.ppc.rpm postgresql-libs-8.4.13-1.el6_3.ppc64.rpm postgresql-plperl-8.4.13-1.el6_3.ppc64.rpm postgresql-plpython-8.4.13-1.el6_3.ppc64.rpm postgresql-pltcl-8.4.13-1.el6_3.ppc64.rpm postgresql-server-8.4.13-1.el6_3.ppc64.rpm postgresql-test-8.4.13-1.el6_3.ppc64.rpm s390x: postgresql-8.4.13-1.el6_3.s390.rpm postgresql-8.4.13-1.el6_3.s390x.rpm postgresql-contrib-8.4.13-1.el6_3.s390x.rpm postgresql-debuginfo-8.4.13-1.el6_3.s390.rpm postgresql-debuginfo-8.4.13-1.el6_3.s390x.rpm postgresql-devel-8.4.13-1.el6_3.s390.rpm postgresql-devel-8.4.13-1.el6_3.s390x.rpm postgresql-docs-8.4.13-1.el6_3.s390x.rpm postgresql-libs-8.4.13-1.el6_3.s390.rpm postgresql-libs-8.4.13-1.el6_3.s390x.rpm postgresql-plperl-8.4.13-1.el6_3.s390x.rpm postgresql-plpython-8.4.13-1.el6_3.s390x.rpm postgresql-pltcl-8.4.13-1.el6_3.s390x.rpm postgresql-server-8.4.13-1.el6_3.s390x.rpm postgresql-test-8.4.13-1.el6_3.s390x.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/postgresql-8.4.13-1.el6_3.src.rpm i386: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-contrib-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-docs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-plperl-8.4.13-1.el6_3.i686.rpm postgresql-plpython-8.4.13-1.el6_3.i686.rpm postgresql-pltcl-8.4.13-1.el6_3.i686.rpm postgresql-server-8.4.13-1.el6_3.i686.rpm postgresql-test-8.4.13-1.el6_3.i686.rpm x86_64: postgresql-8.4.13-1.el6_3.i686.rpm postgresql-8.4.13-1.el6_3.x86_64.rpm postgresql-contrib-8.4.13-1.el6_3.x86_64.rpm postgresql-debuginfo-8.4.13-1.el6_3.i686.rpm postgresql-debuginfo-8.4.13-1.el6_3.x86_64.rpm postgresql-devel-8.4.13-1.el6_3.i686.rpm postgresql-devel-8.4.13-1.el6_3.x86_64.rpm postgresql-docs-8.4.13-1.el6_3.x86_64.rpm postgresql-libs-8.4.13-1.el6_3.i686.rpm postgresql-libs-8.4.13-1.el6_3.x86_64.rpm postgresql-plperl-8.4.13-1.el6_3.x86_64.rpm postgresql-plpython-8.4.13-1.el6_3.x86_64.rpm postgresql-pltcl-8.4.13-1.el6_3.x86_64.rpm postgresql-server-8.4.13-1.el6_3.x86_64.rpm postgresql-test-8.4.13-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3488.html https://www.redhat.com/security/data/cve/CVE-2012-3489.html https://access.redhat.com/security/updates/classification/#moderate http://www.postgresql.org/docs/8.4/static/release-8-4-13.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUhZaXlSAg2UNWIIRAnFcAKCUV20Qg47ebYn8lbYdNrX7GchF9ACdGq2x nSm8XF7zfpwFhOqAQSVVrF4= =y5VZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 13 17:25:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2012 17:25:05 +0000 Subject: [RHSA-2012:1264-01] Moderate: postgresql security update Message-ID: <201209131725.q8DHP53V004161@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2012:1264-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1264.html Issue date: 2012-09-13 CVE Names: CVE-2012-3488 ===================================================================== 1. Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut as the original reporter. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 849172 - CVE-2012-3488 postgresql (xml2 contrib module): XXE by applying XSL stylesheet to the document 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-6.el5_8.src.rpm i386: postgresql-8.1.23-6.el5_8.i386.rpm postgresql-contrib-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-docs-8.1.23-6.el5_8.i386.rpm postgresql-libs-8.1.23-6.el5_8.i386.rpm postgresql-python-8.1.23-6.el5_8.i386.rpm postgresql-tcl-8.1.23-6.el5_8.i386.rpm x86_64: postgresql-8.1.23-6.el5_8.x86_64.rpm postgresql-contrib-8.1.23-6.el5_8.x86_64.rpm postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.x86_64.rpm postgresql-docs-8.1.23-6.el5_8.x86_64.rpm postgresql-libs-8.1.23-6.el5_8.i386.rpm postgresql-libs-8.1.23-6.el5_8.x86_64.rpm postgresql-python-8.1.23-6.el5_8.x86_64.rpm postgresql-tcl-8.1.23-6.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.23-6.el5_8.src.rpm i386: postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-devel-8.1.23-6.el5_8.i386.rpm postgresql-pl-8.1.23-6.el5_8.i386.rpm postgresql-server-8.1.23-6.el5_8.i386.rpm postgresql-test-8.1.23-6.el5_8.i386.rpm x86_64: postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.x86_64.rpm postgresql-devel-8.1.23-6.el5_8.i386.rpm postgresql-devel-8.1.23-6.el5_8.x86_64.rpm postgresql-pl-8.1.23-6.el5_8.x86_64.rpm postgresql-server-8.1.23-6.el5_8.x86_64.rpm postgresql-test-8.1.23-6.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.23-6.el5_8.src.rpm i386: postgresql-8.1.23-6.el5_8.i386.rpm postgresql-contrib-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-devel-8.1.23-6.el5_8.i386.rpm postgresql-docs-8.1.23-6.el5_8.i386.rpm postgresql-libs-8.1.23-6.el5_8.i386.rpm postgresql-pl-8.1.23-6.el5_8.i386.rpm postgresql-python-8.1.23-6.el5_8.i386.rpm postgresql-server-8.1.23-6.el5_8.i386.rpm postgresql-tcl-8.1.23-6.el5_8.i386.rpm postgresql-test-8.1.23-6.el5_8.i386.rpm ia64: postgresql-8.1.23-6.el5_8.ia64.rpm postgresql-contrib-8.1.23-6.el5_8.ia64.rpm postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.ia64.rpm postgresql-devel-8.1.23-6.el5_8.ia64.rpm postgresql-docs-8.1.23-6.el5_8.ia64.rpm postgresql-libs-8.1.23-6.el5_8.i386.rpm postgresql-libs-8.1.23-6.el5_8.ia64.rpm postgresql-pl-8.1.23-6.el5_8.ia64.rpm postgresql-python-8.1.23-6.el5_8.ia64.rpm postgresql-server-8.1.23-6.el5_8.ia64.rpm postgresql-tcl-8.1.23-6.el5_8.ia64.rpm postgresql-test-8.1.23-6.el5_8.ia64.rpm ppc: postgresql-8.1.23-6.el5_8.ppc.rpm postgresql-8.1.23-6.el5_8.ppc64.rpm postgresql-contrib-8.1.23-6.el5_8.ppc.rpm postgresql-debuginfo-8.1.23-6.el5_8.ppc.rpm postgresql-debuginfo-8.1.23-6.el5_8.ppc64.rpm postgresql-devel-8.1.23-6.el5_8.ppc.rpm postgresql-devel-8.1.23-6.el5_8.ppc64.rpm postgresql-docs-8.1.23-6.el5_8.ppc.rpm postgresql-libs-8.1.23-6.el5_8.ppc.rpm postgresql-libs-8.1.23-6.el5_8.ppc64.rpm postgresql-pl-8.1.23-6.el5_8.ppc.rpm postgresql-python-8.1.23-6.el5_8.ppc.rpm postgresql-server-8.1.23-6.el5_8.ppc.rpm postgresql-tcl-8.1.23-6.el5_8.ppc.rpm postgresql-test-8.1.23-6.el5_8.ppc.rpm s390x: postgresql-8.1.23-6.el5_8.s390x.rpm postgresql-contrib-8.1.23-6.el5_8.s390x.rpm postgresql-debuginfo-8.1.23-6.el5_8.s390.rpm postgresql-debuginfo-8.1.23-6.el5_8.s390x.rpm postgresql-devel-8.1.23-6.el5_8.s390.rpm postgresql-devel-8.1.23-6.el5_8.s390x.rpm postgresql-docs-8.1.23-6.el5_8.s390x.rpm postgresql-libs-8.1.23-6.el5_8.s390.rpm postgresql-libs-8.1.23-6.el5_8.s390x.rpm postgresql-pl-8.1.23-6.el5_8.s390x.rpm postgresql-python-8.1.23-6.el5_8.s390x.rpm postgresql-server-8.1.23-6.el5_8.s390x.rpm postgresql-tcl-8.1.23-6.el5_8.s390x.rpm postgresql-test-8.1.23-6.el5_8.s390x.rpm x86_64: postgresql-8.1.23-6.el5_8.x86_64.rpm postgresql-contrib-8.1.23-6.el5_8.x86_64.rpm postgresql-debuginfo-8.1.23-6.el5_8.i386.rpm postgresql-debuginfo-8.1.23-6.el5_8.x86_64.rpm postgresql-devel-8.1.23-6.el5_8.i386.rpm postgresql-devel-8.1.23-6.el5_8.x86_64.rpm postgresql-docs-8.1.23-6.el5_8.x86_64.rpm postgresql-libs-8.1.23-6.el5_8.i386.rpm postgresql-libs-8.1.23-6.el5_8.x86_64.rpm postgresql-pl-8.1.23-6.el5_8.x86_64.rpm postgresql-python-8.1.23-6.el5_8.x86_64.rpm postgresql-server-8.1.23-6.el5_8.x86_64.rpm postgresql-tcl-8.1.23-6.el5_8.x86_64.rpm postgresql-test-8.1.23-6.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3488.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUhajXlSAg2UNWIIRArf0AKCdNF6ZUZqifLWMVNbPGJo4rhR1IgCfXroe kMJ4sTWYPieMUH3Dl1IcqgE= =RxI/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 13 17:59:24 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2012 17:59:24 +0000 Subject: [RHSA-2012:1265-01] Important: libxslt security update Message-ID: <201209131759.q8DHxOcI012017@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxslt security update Advisory ID: RHSA-2012:1265-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1265.html Issue date: 2012-09-13 CVE Names: CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 ===================================================================== 1. Summary: Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 684386 - CVE-2011-1202 libxslt: Heap address leak in XLST 788826 - CVE-2011-3970 libxslt: Out-of-bounds read when parsing certain patterns 835982 - CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT 852935 - CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms 852937 - CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm x86_64: libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm i386: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-python-1.1.17-4.el5_8.3.i386.rpm ia64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.ia64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ia64.rpm libxslt-devel-1.1.17-4.el5_8.3.ia64.rpm libxslt-python-1.1.17-4.el5_8.3.ia64.rpm ppc: libxslt-1.1.17-4.el5_8.3.ppc.rpm libxslt-1.1.17-4.el5_8.3.ppc64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.ppc64.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc.rpm libxslt-devel-1.1.17-4.el5_8.3.ppc64.rpm libxslt-python-1.1.17-4.el5_8.3.ppc.rpm s390x: libxslt-1.1.17-4.el5_8.3.s390.rpm libxslt-1.1.17-4.el5_8.3.s390x.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.s390x.rpm libxslt-devel-1.1.17-4.el5_8.3.s390.rpm libxslt-devel-1.1.17-4.el5_8.3.s390x.rpm libxslt-python-1.1.17-4.el5_8.3.s390x.rpm x86_64: libxslt-1.1.17-4.el5_8.3.i386.rpm libxslt-1.1.17-4.el5_8.3.x86_64.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm libxslt-devel-1.1.17-4.el5_8.3.i386.rpm libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-1.1.26-2.el6_3.1.ppc.rpm libxslt-1.1.26-2.el6_3.1.ppc64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc.rpm libxslt-devel-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-1.1.26-2.el6_3.1.s390.rpm libxslt-1.1.26-2.el6_3.1.s390x.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-devel-1.1.26-2.el6_3.1.s390.rpm libxslt-devel-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm ppc64: libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm libxslt-python-1.1.26-2.el6_3.1.ppc64.rpm s390x: libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm libxslt-python-1.1.26-2.el6_3.1.s390x.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-1.1.26-2.el6_3.1.i686.rpm libxslt-1.1.26-2.el6_3.1.x86_64.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-devel-1.1.26-2.el6_3.1.i686.rpm libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm i386: libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm libxslt-python-1.1.26-2.el6_3.1.i686.rpm x86_64: libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1202.html https://www.redhat.com/security/data/cve/CVE-2011-3970.html https://www.redhat.com/security/data/cve/CVE-2012-2825.html https://www.redhat.com/security/data/cve/CVE-2012-2870.html https://www.redhat.com/security/data/cve/CVE-2012-2871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUh7JXlSAg2UNWIIRAsJmAJ9pVP2vkhEuIh3hhi9lyVfa/cnCmwCgtTiS bhFgk6Ez9OXi3ibu0HSzdxg= =c8UZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 14 09:27:40 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 14 Sep 2012 09:27:40 +0000 Subject: [RHSA-2012:1266-01] Important: bind97 security update Message-ID: <201209140934.q8E9YIxm005651@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2012:1266-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1266.html Issue date: 2012-09-14 CVE Names: CVE-2012-4244 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856754 - CVE-2012-4244 bind: specially crafted resource record causes named to exit 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.3.src.rpm i386: bind97-9.7.0-10.P2.el5_8.3.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.3.i386.rpm x86_64: bind97-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-10.P2.el5_8.3.src.rpm i386: bind97-9.7.0-10.P2.el5_8.3.i386.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm bind97-utils-9.7.0-10.P2.el5_8.3.i386.rpm ia64: bind97-9.7.0-10.P2.el5_8.3.ia64.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.ia64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.ia64.rpm bind97-devel-9.7.0-10.P2.el5_8.3.ia64.rpm bind97-libs-9.7.0-10.P2.el5_8.3.ia64.rpm bind97-utils-9.7.0-10.P2.el5_8.3.ia64.rpm ppc: bind97-9.7.0-10.P2.el5_8.3.ppc.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.ppc.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.ppc64.rpm bind97-devel-9.7.0-10.P2.el5_8.3.ppc.rpm bind97-devel-9.7.0-10.P2.el5_8.3.ppc64.rpm bind97-libs-9.7.0-10.P2.el5_8.3.ppc.rpm bind97-libs-9.7.0-10.P2.el5_8.3.ppc64.rpm bind97-utils-9.7.0-10.P2.el5_8.3.ppc.rpm s390x: bind97-9.7.0-10.P2.el5_8.3.s390x.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.s390x.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.s390.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.s390x.rpm bind97-devel-9.7.0-10.P2.el5_8.3.s390.rpm bind97-devel-9.7.0-10.P2.el5_8.3.s390x.rpm bind97-libs-9.7.0-10.P2.el5_8.3.s390.rpm bind97-libs-9.7.0-10.P2.el5_8.3.s390x.rpm bind97-utils-9.7.0-10.P2.el5_8.3.s390x.rpm x86_64: bind97-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-chroot-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.i386.rpm bind97-debuginfo-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm bind97-devel-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm bind97-libs-9.7.0-10.P2.el5_8.3.x86_64.rpm bind97-utils-9.7.0-10.P2.el5_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4244.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-4244 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUvoCXlSAg2UNWIIRAgoHAKCpMCHCd24a14N0NnQZiuZgaXkpAwCfSNi5 Hm2X64Gy5WLvJv+p1PvyixY= =oI/l -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 14 09:28:34 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 14 Sep 2012 09:28:34 +0000 Subject: [RHSA-2012:1267-01] Important: bind security and bug fix update Message-ID: <201209140935.q8E9ZCaE007630@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2012:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1267.html Issue date: 2012-09-14 CVE Names: CVE-2012-4244 ===================================================================== 1. Summary: Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) This update also fixes the following bug: * The bind-chroot-admin script, executed when upgrading the bind-chroot package, failed to correctly update the permissions of the /var/named/chroot/etc/named.conf file. Depending on the permissions of the file, this could have prevented named from starting after installing package updates. With this update, bind-chroot-admin correctly updates the permissions and ownership of the file. (BZ#857056) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856754 - CVE-2012-4244 bind: specially crafted resource record causes named to exit 857056 - bind-chroot-admin changes /etc/named.conf owhership but doesn't change it's perms 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.4.src.rpm i386: bind-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.4.i386.rpm bind-utils-9.3.6-20.P1.el5_8.4.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm bind-libs-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.4.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-devel-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.4.src.rpm i386: bind-9.3.6-20.P1.el5_8.4.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.4.i386.rpm bind-utils-9.3.6-20.P1.el5_8.4.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.4.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.4.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.4.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm bind-libs-9.3.6-20.P1.el5_8.4.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.4.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.4.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.4.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.4.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.4.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.4.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.4.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.4.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.4.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.4.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.4.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.4.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.4.s390.rpm bind-devel-9.3.6-20.P1.el5_8.4.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.4.s390.rpm bind-libs-9.3.6-20.P1.el5_8.4.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.4.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.4.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-devel-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm bind-libs-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.4.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.4.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4244.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-4244 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUvpCXlSAg2UNWIIRAoReAJ4pGZuwuu3O2IEqzwyjyZohgqkzKgCgrloz QhHSweEwwp5n/ZI5oE0jVAg= =k95K -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Sep 14 09:29:52 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 14 Sep 2012 09:29:52 +0000 Subject: [RHSA-2012:1268-01] Important: bind security update Message-ID: <201209140936.q8E9aUbf016582@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1268-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1268.html Issue date: 2012-09-14 CVE Names: CVE-2012-4244 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856754 - CVE-2012-4244 bind: specially crafted resource record causes named to exit 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.3.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4244.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-4244 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUvqMXlSAg2UNWIIRAijEAJ9TxoNMAj24PW1EjpUpxnI9D/murACgtKFD aD/e6/ARke4tVBUI6ZdaC0c= =zd5U -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 17 17:00:55 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Sep 2012 17:00:55 +0000 Subject: [RHSA-2012:1283-01] Important: openjpeg security update Message-ID: <201209171700.q8HH0tXL032284@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openjpeg security update Advisory ID: RHSA-2012:1283-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1283.html Issue date: 2012-09-17 CVE Names: CVE-2012-3535 ===================================================================== 1. Summary: Updated openjpeg packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. (CVE-2012-3535) This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Users of OpenJPEG should upgrade to these updated packages, which contain a patch to correct this issue. All running applications using OpenJPEG must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842918 - CVE-2012-3535 openjpeg: heap-based buffer overflow when decoding jpeg2000 files 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm x86_64: openjpeg-1.3-9.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm x86_64: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm x86_64: openjpeg-1.3-9.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm ppc64: openjpeg-debuginfo-1.3-9.el6_3.ppc.rpm openjpeg-debuginfo-1.3-9.el6_3.ppc64.rpm openjpeg-libs-1.3-9.el6_3.ppc.rpm openjpeg-libs-1.3-9.el6_3.ppc64.rpm s390x: openjpeg-debuginfo-1.3-9.el6_3.s390.rpm openjpeg-debuginfo-1.3-9.el6_3.s390x.rpm openjpeg-libs-1.3-9.el6_3.s390.rpm openjpeg-libs-1.3-9.el6_3.s390x.rpm x86_64: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm ppc64: openjpeg-1.3-9.el6_3.ppc64.rpm openjpeg-debuginfo-1.3-9.el6_3.ppc.rpm openjpeg-debuginfo-1.3-9.el6_3.ppc64.rpm openjpeg-devel-1.3-9.el6_3.ppc.rpm openjpeg-devel-1.3-9.el6_3.ppc64.rpm s390x: openjpeg-1.3-9.el6_3.s390x.rpm openjpeg-debuginfo-1.3-9.el6_3.s390.rpm openjpeg-debuginfo-1.3-9.el6_3.s390x.rpm openjpeg-devel-1.3-9.el6_3.s390.rpm openjpeg-devel-1.3-9.el6_3.s390x.rpm x86_64: openjpeg-1.3-9.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm x86_64: openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-libs-1.3-9.el6_3.i686.rpm openjpeg-libs-1.3-9.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-9.el6_3.src.rpm i386: openjpeg-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm x86_64: openjpeg-1.3-9.el6_3.x86_64.rpm openjpeg-debuginfo-1.3-9.el6_3.i686.rpm openjpeg-debuginfo-1.3-9.el6_3.x86_64.rpm openjpeg-devel-1.3-9.el6_3.i686.rpm openjpeg-devel-1.3-9.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3535.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQV1ckXlSAg2UNWIIRAl+6AKCmPqlv5OMXxXyeoVtLv8bDK8dsnACdGf33 JQ3b1bS6aZriJkNroj6im+Q= =+lv0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 17 17:02:08 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Sep 2012 17:02:08 +0000 Subject: [RHSA-2012:1284-01] Moderate: spice-gtk security update Message-ID: <201209171702.q8HH29tB020132@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: spice-gtk security update Advisory ID: RHSA-2012:1284-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1284.html Issue date: 2012-09-17 CVE Names: CVE-2012-4425 ===================================================================== 1. Summary: Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application. (CVE-2012-4425) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 857283 - CVE-2012-4425 spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-python-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-0.11-11.el6_3.1.i686.rpm spice-glib-0.11-11.el6_3.1.x86_64.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-tools-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm x86_64: spice-glib-0.11-11.el6_3.1.i686.rpm spice-glib-0.11-11.el6_3.1.x86_64.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm x86_64: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-python-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-0.11-11.el6_3.1.i686.rpm spice-glib-0.11-11.el6_3.1.x86_64.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-tools-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-python-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-0.11-11.el6_3.1.i686.rpm spice-glib-0.11-11.el6_3.1.x86_64.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-python-0.11-11.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-gtk-0.11-11.el6_3.1.src.rpm i386: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-tools-0.11-11.el6_3.1.i686.rpm x86_64: spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.i686.rpm spice-gtk-debuginfo-0.11-11.el6_3.1.x86_64.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4425.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQV1ddXlSAg2UNWIIRAu/BAJ4uf6RWxxW9Ru63HcMWjoOJLTtyVQCfUHf4 MzBuDCow6lSozjfJfs4a8io= =U9Of -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 18 17:24:03 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Sep 2012 17:24:03 +0000 Subject: [RHSA-2012:1288-01] Moderate: libxml2 security update Message-ID: <201209181724.q8IHO3A0010625@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2012:1288-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1288.html Issue date: 2012-09-18 CVE Names: CVE-2011-3102 CVE-2012-2807 ===================================================================== 1. Summary: Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 835863 - CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.5.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.i386.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.5.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.5.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.i386.rpm ia64: libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-2.6.26-2.1.15.el5_8.5.ia64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.ia64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.ia64.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.ia64.rpm ppc: libxml2-2.6.26-2.1.15.el5_8.5.ppc.rpm libxml2-2.6.26-2.1.15.el5_8.5.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.ppc.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.ppc64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.ppc.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.ppc64.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.ppc.rpm s390x: libxml2-2.6.26-2.1.15.el5_8.5.s390.rpm libxml2-2.6.26-2.1.15.el5_8.5.s390x.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.s390.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.s390x.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.s390.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.s390x.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.s390x.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.5.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-python-2.7.6-8.el6_3.3.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-2.7.6-8.el6_3.3.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-python-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-static-2.7.6-8.el6_3.3.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.x86_64.rpm libxml2-static-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm x86_64: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-2.7.6-8.el6_3.3.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-python-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.x86_64.rpm libxml2-static-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-python-2.7.6-8.el6_3.3.i686.rpm ppc64: libxml2-2.7.6-8.el6_3.3.ppc.rpm libxml2-2.7.6-8.el6_3.3.ppc64.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.ppc.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.ppc64.rpm libxml2-devel-2.7.6-8.el6_3.3.ppc.rpm libxml2-devel-2.7.6-8.el6_3.3.ppc64.rpm libxml2-python-2.7.6-8.el6_3.3.ppc64.rpm s390x: libxml2-2.7.6-8.el6_3.3.s390.rpm libxml2-2.7.6-8.el6_3.3.s390x.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.s390.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.s390x.rpm libxml2-devel-2.7.6-8.el6_3.3.s390.rpm libxml2-devel-2.7.6-8.el6_3.3.s390x.rpm libxml2-python-2.7.6-8.el6_3.3.s390x.rpm x86_64: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-2.7.6-8.el6_3.3.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.x86_64.rpm libxml2-python-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-static-2.7.6-8.el6_3.3.i686.rpm ppc64: libxml2-debuginfo-2.7.6-8.el6_3.3.ppc64.rpm libxml2-static-2.7.6-8.el6_3.3.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-8.el6_3.3.s390x.rpm libxml2-static-2.7.6-8.el6_3.3.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-static-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-python-2.7.6-8.el6_3.3.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.3.i686.rpm libxml2-2.7.6-8.el6_3.3.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.3.i686.rpm libxml2-devel-2.7.6-8.el6_3.3.x86_64.rpm libxml2-python-2.7.6-8.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.3.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.3.i686.rpm libxml2-static-2.7.6-8.el6_3.3.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.3.x86_64.rpm libxml2-static-2.7.6-8.el6_3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2012-2807.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWK4WXlSAg2UNWIIRApfNAJoDZ1KoFa1ivJ3RsvwbJWpyEuNlTQCfTIoL SRXAYXEnPqGXXAYUv7EtpKQ= =iP+5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 18 22:53:57 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Sep 2012 22:53:57 +0000 Subject: [RHSA-2012:1289-01] Critical: java-1.7.0-ibm security update Message-ID: <201209182253.q8IMrvpT005745@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2012:1289-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1289.html Issue date: 2012-09-18 CVE Names: CVE-2012-0547 CVE-2012-0551 CVE-2012-1682 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-4681 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1726, CVE-2012-3136, CVE-2012-4681) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial verification (HotSpot, 7160757) 829377 - CVE-2012-1726 OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 852051 - CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473) 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853138 - CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.ppc64.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.s390x.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.s390x.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.s390x.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.i686.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm java-1.7.0-ibm-src-1.7.0.2.0-1jpp.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1682.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://www.redhat.com/security/data/cve/CVE-2012-1726.html https://www.redhat.com/security/data/cve/CVE-2012-3136.html https://www.redhat.com/security/data/cve/CVE-2012-4681.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWPtvXlSAg2UNWIIRAjubAJ9aWLiD24KwCpPXVoVavMOB69e9AACeIDJA 8OG2piuC4TOxhny9zXTzdXQ= =XCmb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:10:38 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:10:38 +0000 Subject: [RHSA-2012:1269-01] Moderate: qpid security, bug fix, and enhancement update Message-ID: <201209191810.q8JIAdtP008097@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qpid security, bug fix, and enhancement update Advisory ID: RHSA-2012:1269-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1269.html Issue date: 2012-09-19 CVE Names: CVE-2012-2145 ===================================================================== 1. Summary: Updated qpid packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol (AMQP) in several common programming languages. It was discovered that the Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. (CVE-2012-2145) To address CVE-2012-2145, new qpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP. Refer to the qpidd manual page for additional details. In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages have been upgraded to upstream version 0.14, which provides support for Red Hat Enterprise MRG 2.2, as well as a number of bug fixes and enhancements over the previous version. (BZ#840053, BZ#840055, BZ#840056, BZ#840058) All users of qpid are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 817175 - CVE-2012-2145 qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS 840053 - Build qpid-cpp, qpid-qmf, qpid-tools and python-qpid to support MRG 2.2 on RHEL 6.3 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-qpid-0.14-11.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qpid-cpp-0.14-22.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qpid-qmf-0.14-14.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qpid-tools-0.14-6.el6_3.src.rpm i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-qpid-0.14-11.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qpid-cpp-0.14-22.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qpid-qmf-0.14-14.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qpid-tools-0.14-6.el6_3.src.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-qpid-0.14-11.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qpid-cpp-0.14-22.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qpid-qmf-0.14-14.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qpid-tools-0.14-6.el6_3.src.rpm i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm ppc64: python-qpid-qmf-0.14-14.el6_3.ppc64.rpm qpid-cpp-client-0.14-22.el6_3.ppc.rpm qpid-cpp-client-0.14-22.el6_3.ppc64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.ppc.rpm qpid-cpp-client-ssl-0.14-22.el6_3.ppc64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.ppc.rpm qpid-cpp-debuginfo-0.14-22.el6_3.ppc64.rpm qpid-cpp-server-0.14-22.el6_3.ppc.rpm qpid-cpp-server-0.14-22.el6_3.ppc64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.ppc64.rpm qpid-qmf-0.14-14.el6_3.ppc.rpm qpid-qmf-0.14-14.el6_3.ppc64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.ppc.rpm qpid-qmf-debuginfo-0.14-14.el6_3.ppc64.rpm s390x: python-qpid-qmf-0.14-14.el6_3.s390x.rpm qpid-cpp-client-0.14-22.el6_3.s390.rpm qpid-cpp-client-0.14-22.el6_3.s390x.rpm qpid-cpp-client-ssl-0.14-22.el6_3.s390.rpm qpid-cpp-client-ssl-0.14-22.el6_3.s390x.rpm qpid-cpp-debuginfo-0.14-22.el6_3.s390.rpm qpid-cpp-debuginfo-0.14-22.el6_3.s390x.rpm qpid-cpp-server-0.14-22.el6_3.s390.rpm qpid-cpp-server-0.14-22.el6_3.s390x.rpm qpid-cpp-server-ssl-0.14-22.el6_3.s390x.rpm qpid-qmf-0.14-14.el6_3.s390.rpm qpid-qmf-0.14-14.el6_3.s390x.rpm qpid-qmf-debuginfo-0.14-14.el6_3.s390.rpm qpid-qmf-debuginfo-0.14-14.el6_3.s390x.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-qpid-0.14-11.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qpid-cpp-0.14-22.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qpid-qmf-0.14-14.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qpid-tools-0.14-6.el6_3.src.rpm i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2145.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgqHXlSAg2UNWIIRAn/sAJ48rNQs0s/YBsRQ/4+tXSaXzoJvlQCfZvZB o+f8xwCzqivGsoGmA6Msvqg= =YrBU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:11:15 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:11:15 +0000 Subject: [RHSA-2012:1277-01] Moderate: Red Hat Enterprise MRG Messaging 2.2 update Message-ID: <201209191811.q8JIBF4Y014200@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.2 update Advisory ID: RHSA-2012:1277-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1277.html Issue date: 2012-09-19 CVE Names: CVE-2012-2145 CVE-2012-3467 ===================================================================== 1. Summary: Updated Messaging component packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - noarch MRG Grid for RHEL 5 Server v.2 - noarch MRG Management for RHEL 5 Server v.2 - noarch Red Hat MRG Messaging for RHEL 5 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was discovered that the Apache Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. (CVE-2012-2145) To address CVE-2012-2145, new qpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP. Refer to the qpidd manual page for additional details. It was discovered that qpidd did not require authentication for "catch-up" shadow connections created when a new broker joins a cluster. A malicious client could use this flaw to bypass client authentication. (CVE-2012-3467) This update also fixes multiple bugs and adds enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG 2.2 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 689408 - ACL denials while replicating exclusive queues to a newly joined node 693444 - Inconsistency in clients on reliability of receiver link from exchange 809357 - "qpid-perftest.exe" and "qpid-latency-test.exe" fail with option "--tcp-nodelay" on Windows 817175 - CVE-2012-2145 qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS 836276 - CVE-2012-3467 qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections 841488 - qpid-stat does not support multi-byte characters (UTF-8) 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.2.0-1.el5.src.rpm noarch: mrg-release-2.2.0-1.el5.noarch.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.2.0-1.el5.src.rpm noarch: mrg-release-2.2.0-1.el5.noarch.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.2.0-1.el5.src.rpm noarch: mrg-release-2.2.0-1.el5.noarch.rpm Red Hat MRG Messaging for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.2.0-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-qpid-0.14-11.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.14-22.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-java-0.18-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-jca-0.18-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-qmf-0.14-14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-tools-0.14-6.el5.src.rpm i386: python-qpid-qmf-0.14-14.el5.i386.rpm qpid-cpp-client-0.14-22.el5.i386.rpm qpid-cpp-client-devel-0.14-22.el5.i386.rpm qpid-cpp-client-devel-docs-0.14-22.el5.i386.rpm qpid-cpp-client-rdma-0.14-22.el5.i386.rpm qpid-cpp-client-ssl-0.14-22.el5.i386.rpm qpid-cpp-mrg-debuginfo-0.14-22.el5.i386.rpm qpid-cpp-server-0.14-22.el5.i386.rpm qpid-cpp-server-cluster-0.14-22.el5.i386.rpm qpid-cpp-server-devel-0.14-22.el5.i386.rpm qpid-cpp-server-rdma-0.14-22.el5.i386.rpm qpid-cpp-server-ssl-0.14-22.el5.i386.rpm qpid-cpp-server-store-0.14-22.el5.i386.rpm qpid-cpp-server-xml-0.14-22.el5.i386.rpm qpid-qmf-0.14-14.el5.i386.rpm qpid-qmf-debuginfo-0.14-14.el5.i386.rpm qpid-qmf-devel-0.14-14.el5.i386.rpm ruby-qpid-qmf-0.14-14.el5.i386.rpm noarch: mrg-release-2.2.0-1.el5.noarch.rpm python-qpid-0.14-11.el5.noarch.rpm qpid-java-client-0.18-2.el5.noarch.rpm qpid-java-common-0.18-2.el5.noarch.rpm qpid-java-example-0.18-2.el5.noarch.rpm qpid-jca-0.18-2.el5.noarch.rpm qpid-jca-xarecovery-0.18-2.el5.noarch.rpm qpid-tools-0.14-6.el5.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el5.x86_64.rpm qpid-cpp-client-0.14-22.el5.x86_64.rpm qpid-cpp-client-devel-0.14-22.el5.x86_64.rpm qpid-cpp-client-devel-docs-0.14-22.el5.x86_64.rpm qpid-cpp-client-rdma-0.14-22.el5.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el5.x86_64.rpm qpid-cpp-mrg-debuginfo-0.14-22.el5.x86_64.rpm qpid-cpp-server-0.14-22.el5.x86_64.rpm qpid-cpp-server-cluster-0.14-22.el5.x86_64.rpm qpid-cpp-server-devel-0.14-22.el5.x86_64.rpm qpid-cpp-server-rdma-0.14-22.el5.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el5.x86_64.rpm qpid-cpp-server-store-0.14-22.el5.x86_64.rpm qpid-cpp-server-xml-0.14-22.el5.x86_64.rpm qpid-qmf-0.14-14.el5.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el5.x86_64.rpm qpid-qmf-devel-0.14-14.el5.x86_64.rpm ruby-qpid-qmf-0.14-14.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2145.html https://www.redhat.com/security/data/cve/CVE-2012-3467.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1277 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgqvXlSAg2UNWIIRAtWxAJ0UwqOnuXuQZjHA2kAZOCjSmFh0VwCfcLeq 0AgwBmt7K25jUjguuvr9GME= =2nmw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:12:30 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:12:30 +0000 Subject: [RHSA-2012:1278-01] Moderate: Red Hat Enterprise MRG Grid 2.2 security update Message-ID: <201209191812.q8JICUew014666@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.2 security update Advisory ID: RHSA-2012:1278-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1278.html Issue date: 2012-09-19 CVE Names: CVE-2012-2680 CVE-2012-2681 CVE-2012-2683 CVE-2012-2684 CVE-2012-2685 CVE-2012-2734 CVE-2012-2735 CVE-2012-3459 CVE-2012-3491 CVE-2012-3492 CVE-2012-3493 ===================================================================== 1. Summary: Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 5 Server v.2 - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 5 Server v.2 - i386, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources (web pages, export functionality, image viewing) were found in Cumin. An unauthenticated user could bypass intended access restrictions, resulting in information disclosure. (CVE-2012-2680) Cumin could generate weak session keys, potentially allowing remote attackers to predict session keys and obtain unauthorized access to Cumin. (CVE-2012-2681) Multiple cross-site scripting flaws in Cumin could allow remote attackers to inject arbitrary web script on a web page displayed by Cumin. (CVE-2012-2683) An SQL injection flaw in Cumin could allow remote attackers to manipulate the contents of the back-end database via a specially-crafted URL. (CVE-2012-2684) When Cumin handled image requests, clients could request images of arbitrary sizes. This could result in large memory allocations on the Cumin server, leading to an out-of-memory condition. (CVE-2012-2685) Cumin did not protect against Cross-Site Request Forgery attacks. If an attacker could trick a user, who was logged into the Cumin web interface, into visiting a specially-crafted web page, it could lead to unauthorized command execution in the Cumin web interface with the privileges of the logged-in user. (CVE-2012-2734) A session fixation flaw was found in Cumin. An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin. (CVE-2012-2735) It was found that authenticated users could send a specially-crafted HTTP POST request to Cumin that would cause it to submit a job attribute change to Condor. This could be used to change internal Condor attributes, including the Owner attribute, which could allow Cumin users to elevate their privileges. (CVE-2012-3459) It was discovered that Condor's file system authentication challenge accepted directories with weak permissions (for example, world readable, writable and executable permissions). If a user created a directory with such permissions, a local attacker could rename it, allowing them to execute jobs with the privileges of the victim user. (CVE-2012-3492) It was discovered that Condor exposed private information in the data in the ClassAds format served by condor_startd. An unauthenticated user able to connect to condor_startd's port could request a ClassAd for a running job, provided they could guess or brute-force the PID of the job. This could expose the ClaimId which, if obtained, could be used to control the job as well as start new jobs on the system. (CVE-2012-3493) It was discovered that the ability to abort a job in Condor only required WRITE authorization, instead of a combination of WRITE authorization and job ownership. This could allow an authenticated attacker to bypass intended restrictions and abort any idle job on the system. (CVE-2012-3491) The above issues were discovered by Florian Weimer of the Red Hat Product Security Team. This update also provides defense in depth patches for Condor. (BZ#848212, BZ#835592, BZ#841173, BZ#843476) These updated packages for Red Hat Enterprise Linux 5 provide numerous enhancements and bug fixes for the Grid component of MRG. Some highlights include: * Integration with Red Hat Enterprise Virtualization Manager via Deltacloud * Role enforcement in Cumin * Cumin authentication integration with LDAP * Enhanced Red Hat HA integration managing multiple-schedulers nodes * Generic local resource limits for partitionable slots * Concurrency limit groups Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the References section, for information on these changes. 4. Solution: All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor and Cumin must be restarted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 721110 - RFE: Concurrency limit default grouping 748507 - Wallaby provides DAEMON_LIST = >=MASTER -> condor_master failed to startup 769573 - Role enforcement in Cumin 794660 - Partitionable slots can create more dynamic slots than CPUs 799838 - Jobs in IDLE or RUNNING state aren't visible via aviary API after HISTORY_INTERVAL period. 806071 - Update Job/Query Server definition 806079 - Add VM_NETWORKING_BRIDGE_INTERFACE 807738 - DAEMON_LIST should not be needs_restart 810519 - Wrong deltacloud hold jobs are not removed 812126 - Do not accept configuration of *.PLUGINS outside of wallaby 827558 - CVE-2012-2681 cumin: weak session keys 829421 - CVE-2012-2680 cumin: authentication bypass flaws 830243 - CVE-2012-2683 cumin: multiple XSS flaws 830245 - CVE-2012-2684 cumin: SQL injection flaw 830248 - CVE-2012-2685 cumin: DoS via large image requests 832124 - CVE-2012-2734 cumin: CSRF flaw 832151 - CVE-2012-2735 cumin: session fixation flaw 846501 - CVE-2012-3459 cumin: allows for editing internal Condor job attributes 848212 - CVE-2012-3490 condor: does not check return value of setuid and similar calls, exploitable via VMware support 848214 - CVE-2012-3491 condor: local users can abort any idle jobs 848218 - CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass 848222 - CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information 852321 - Missing SPOOL settings in HAScheduler feature 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.22.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-4.1.3-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.23-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5444-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.12.5-10.el5.src.rpm i386: condor-7.6.5-0.22.el5.i386.rpm condor-aviary-7.6.5-0.22.el5.i386.rpm condor-classads-7.6.5-0.22.el5.i386.rpm condor-debuginfo-7.6.5-0.22.el5.i386.rpm condor-kbdd-7.6.5-0.22.el5.i386.rpm condor-qmf-7.6.5-0.22.el5.i386.rpm condor-vm-gahp-7.6.5-0.22.el5.i386.rpm sesame-1.0-4.el5.i386.rpm sesame-debuginfo-1.0-4.el5.i386.rpm noarch: condor-wallaby-base-db-1.23-1.el5.noarch.rpm condor-wallaby-client-4.1.3-1.el5.noarch.rpm condor-wallaby-tools-4.1.3-1.el5.noarch.rpm cumin-0.1.5444-3.el5.noarch.rpm python-wallaby-0.12.5-10.el5.noarch.rpm python-wallabyclient-4.1.3-1.el5.noarch.rpm ruby-wallaby-0.12.5-10.el5.noarch.rpm wallaby-0.12.5-10.el5.noarch.rpm wallaby-utils-0.12.5-10.el5.noarch.rpm x86_64: condor-7.6.5-0.22.el5.x86_64.rpm condor-aviary-7.6.5-0.22.el5.x86_64.rpm condor-classads-7.6.5-0.22.el5.x86_64.rpm condor-debuginfo-7.6.5-0.22.el5.x86_64.rpm condor-kbdd-7.6.5-0.22.el5.x86_64.rpm condor-qmf-7.6.5-0.22.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.22.el5.x86_64.rpm sesame-1.0-4.el5.x86_64.rpm sesame-debuginfo-1.0-4.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.6.5-0.22.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-4.1.3-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.23-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.12.5-10.el5.src.rpm i386: condor-7.6.5-0.22.el5.i386.rpm condor-classads-7.6.5-0.22.el5.i386.rpm condor-debuginfo-7.6.5-0.22.el5.i386.rpm condor-kbdd-7.6.5-0.22.el5.i386.rpm condor-qmf-7.6.5-0.22.el5.i386.rpm condor-vm-gahp-7.6.5-0.22.el5.i386.rpm noarch: condor-wallaby-base-db-1.23-1.el5.noarch.rpm condor-wallaby-client-4.1.3-1.el5.noarch.rpm condor-wallaby-tools-4.1.3-1.el5.noarch.rpm python-wallabyclient-4.1.3-1.el5.noarch.rpm ruby-wallaby-0.12.5-10.el5.noarch.rpm wallaby-utils-0.12.5-10.el5.noarch.rpm x86_64: condor-7.6.5-0.22.el5.x86_64.rpm condor-classads-7.6.5-0.22.el5.x86_64.rpm condor-debuginfo-7.6.5-0.22.el5.x86_64.rpm condor-kbdd-7.6.5-0.22.el5.x86_64.rpm condor-qmf-7.6.5-0.22.el5.x86_64.rpm condor-vm-gahp-7.6.5-0.22.el5.x86_64.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5444-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.12.5-10.el5.src.rpm i386: sesame-1.0-4.el5.i386.rpm sesame-debuginfo-1.0-4.el5.i386.rpm noarch: cumin-0.1.5444-3.el5.noarch.rpm python-wallaby-0.12.5-10.el5.noarch.rpm x86_64: sesame-1.0-4.el5.x86_64.rpm sesame-debuginfo-1.0-4.el5.x86_64.rpm Red Hat MRG Messaging for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-4.el5.src.rpm i386: sesame-1.0-4.el5.i386.rpm sesame-debuginfo-1.0-4.el5.i386.rpm x86_64: sesame-1.0-4.el5.x86_64.rpm sesame-debuginfo-1.0-4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2680.html https://www.redhat.com/security/data/cve/CVE-2012-2681.html https://www.redhat.com/security/data/cve/CVE-2012-2683.html https://www.redhat.com/security/data/cve/CVE-2012-2684.html https://www.redhat.com/security/data/cve/CVE-2012-2685.html https://www.redhat.com/security/data/cve/CVE-2012-2734.html https://www.redhat.com/security/data/cve/CVE-2012-2735.html https://www.redhat.com/security/data/cve/CVE-2012-3459.html https://www.redhat.com/security/data/cve/CVE-2012-3491.html https://www.redhat.com/security/data/cve/CVE-2012-3492.html https://www.redhat.com/security/data/cve/CVE-2012-3493.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_5.html#RHSA-2012-1278 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgrSXlSAg2UNWIIRAmeUAJsE5Zsg8ce+Xc/t2Qal8ikkTX/SeACfcgqg U1WCWYwxwPOvPsv7iLbr7dc= =N3jj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:13:18 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:13:18 +0000 Subject: [RHSA-2012:1279-01] Moderate: Red Hat Enterprise MRG Messaging 2.2 update Message-ID: <201209191813.q8JIDI40009994@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.2 update Advisory ID: RHSA-2012:1279-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1279.html Issue date: 2012-09-19 CVE Names: CVE-2012-3467 ===================================================================== 1. Summary: Updated Messaging component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch MRG Grid Execute Node for RHEL 6 Server v.2 - noarch MRG Grid for RHEL 6 Server v.2 - noarch MRG Management for RHEL 6 ComputeNode v.2 - noarch MRG Management for RHEL 6 Server v.2 - noarch MRG Realtime for RHEL 6 Server v.2 - noarch Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was discovered that the Apache Qpid daemon (qpidd) did not require authentication for "catch-up" shadow connections created when a new broker joins a cluster. A malicious client could use this flaw to bypass client authentication. (CVE-2012-3467) This update also fixes multiple bugs and adds enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG 2.2 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 836276 - CVE-2012-3467 qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm MRG Management for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.14-22.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-java-0.18-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-jca-0.18-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.14-14.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/xerces-c-3.0.1-20.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/xqilla-2.2.3-8.el6.src.rpm i386: qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm qpid-cpp-server-store-0.14-22.el6_3.i686.rpm qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-devel-0.14-14.el6_3.i686.rpm xerces-c-3.0.1-20.el6.i686.rpm xerces-c-debuginfo-3.0.1-20.el6.i686.rpm xerces-c-devel-3.0.1-20.el6.i686.rpm xqilla-2.2.3-8.el6.i686.rpm xqilla-debuginfo-2.2.3-8.el6.i686.rpm xqilla-devel-2.2.3-8.el6.i686.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm qpid-java-client-0.18-2.el6.noarch.rpm qpid-java-common-0.18-2.el6.noarch.rpm qpid-java-example-0.18-2.el6.noarch.rpm qpid-jca-0.18-2.el6.noarch.rpm qpid-jca-xarecovery-0.18-2.el6.noarch.rpm xerces-c-doc-3.0.1-20.el6.noarch.rpm xqilla-doc-2.2.3-8.el6.noarch.rpm x86_64: qpid-cpp-client-devel-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-rdma-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-cluster-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-devel-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-rdma-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-store-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-xml-0.14-22.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm qpid-qmf-devel-0.14-14.el6_3.x86_64.rpm xerces-c-3.0.1-20.el6.x86_64.rpm xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm xerces-c-devel-3.0.1-20.el6.x86_64.rpm xqilla-2.2.3-8.el6.x86_64.rpm xqilla-debuginfo-2.2.3-8.el6.x86_64.rpm xqilla-devel-2.2.3-8.el6.x86_64.rpm MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.2.0-1.el6.src.rpm noarch: mrg-release-2.2.0-1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3467.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1279 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgsjXlSAg2UNWIIRAukWAJ9qnbrWUxlEceB/9pmRmaJv/GBNSACfS1SX heRcFzikc+URNjBwpwR2pDs= =Fnmk -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:14:25 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:14:25 +0000 Subject: [RHSA-2012:1281-01] Moderate: Red Hat Enterprise MRG Grid 2.2 security update Message-ID: <201209191814.q8JIEPOo015266@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.2 security update Advisory ID: RHSA-2012:1281-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1281.html Issue date: 2012-09-19 CVE Names: CVE-2012-2680 CVE-2012-2681 CVE-2012-2683 CVE-2012-2684 CVE-2012-2685 CVE-2012-2734 CVE-2012-2735 CVE-2012-3459 CVE-2012-3491 CVE-2012-3492 CVE-2012-3493 ===================================================================== 1. Summary: Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch, x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 6 ComputeNode v.2 - x86_64 MRG Management for RHEL 6 Server v.2 - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources (web pages, export functionality, image viewing) were found in Cumin. An unauthenticated user could bypass intended access restrictions, resulting in information disclosure. (CVE-2012-2680) Cumin could generate weak session keys, potentially allowing remote attackers to predict session keys and obtain unauthorized access to Cumin. (CVE-2012-2681) Multiple cross-site scripting flaws in Cumin could allow remote attackers to inject arbitrary web script on a web page displayed by Cumin. (CVE-2012-2683) An SQL injection flaw in Cumin could allow remote attackers to manipulate the contents of the back-end database via a specially-crafted URL. (CVE-2012-2684) When Cumin handled image requests, clients could request images of arbitrary sizes. This could result in large memory allocations on the Cumin server, leading to an out-of-memory condition. (CVE-2012-2685) Cumin did not protect against Cross-Site Request Forgery attacks. If an attacker could trick a user, who was logged into the Cumin web interface, into visiting a specially-crafted web page, it could lead to unauthorized command execution in the Cumin web interface with the privileges of the logged-in user. (CVE-2012-2734) A session fixation flaw was found in Cumin. An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin. (CVE-2012-2735) It was found that authenticated users could send a specially-crafted HTTP POST request to Cumin that would cause it to submit a job attribute change to Condor. This could be used to change internal Condor attributes, including the Owner attribute, which could allow Cumin users to elevate their privileges. (CVE-2012-3459) It was discovered that Condor's file system authentication challenge accepted directories with weak permissions (for example, world readable, writable and executable permissions). If a user created a directory with such permissions, a local attacker could rename it, allowing them to execute jobs with the privileges of the victim user. (CVE-2012-3492) It was discovered that Condor exposed private information in the data in the ClassAds format served by condor_startd. An unauthenticated user able to connect to condor_startd's port could request a ClassAd for a running job, provided they could guess or brute-force the PID of the job. This could expose the ClaimId which, if obtained, could be used to control the job as well as start new jobs on the system. (CVE-2012-3493) It was discovered that the ability to abort a job in Condor only required WRITE authorization, instead of a combination of WRITE authorization and job ownership. This could allow an authenticated attacker to bypass intended restrictions and abort any idle job on the system. (CVE-2012-3491) The above issues were discovered by Florian Weimer of the Red Hat Product Security Team. This update also provides defense in depth patches for Condor. (BZ#848212, BZ#835592, BZ#841173, BZ#843476) These updated packages for Red Hat Enterprise Linux 6 provide numerous enhancements and bug fixes for the Grid component of MRG. Some highlights include: * Integration with Red Hat Enterprise Virtualization Manager via Deltacloud * Role enforcement in Cumin * Cumin authentication integration with LDAP * Enhanced Red Hat HA integration managing multiple-schedulers nodes * Generic local resource limits for partitionable slots * Concurrency limit groups Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes document, linked to in the References section, for information on these changes. 4. Solution: All users of the Grid capabilities of Red Hat Enterprise MRG 2 are advised to upgrade to these updated packages, which resolve the issues and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. Condor and Cumin must be restarted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827558 - CVE-2012-2681 cumin: weak session keys 828434 - Grid 2.2 for EL6 829421 - CVE-2012-2680 cumin: authentication bypass flaws 830243 - CVE-2012-2683 cumin: multiple XSS flaws 830245 - CVE-2012-2684 cumin: SQL injection flaw 830248 - CVE-2012-2685 cumin: DoS via large image requests 832124 - CVE-2012-2734 cumin: CSRF flaw 832151 - CVE-2012-2735 cumin: session fixation flaw 846501 - CVE-2012-3459 cumin: allows for editing internal Condor job attributes 848212 - CVE-2012-3490 condor: does not check return value of setuid and similar calls, exploitable via VMware support 848214 - CVE-2012-3491 condor: local users can abort any idle jobs 848218 - CVE-2012-3492 condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass 848222 - CVE-2012-3493 condor: GIVE_REQUEST_AD leaks privileged ClaimId information 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.22.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-4.1.3-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.23-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/wallaby-0.12.5-10.el6.src.rpm noarch: condor-wallaby-base-db-1.23-1.el6.noarch.rpm condor-wallaby-client-4.1.3-1.el6.noarch.rpm condor-wallaby-tools-4.1.3-1.el6.noarch.rpm python-wallabyclient-4.1.3-1.el6.noarch.rpm ruby-wallaby-0.12.5-10.el6.noarch.rpm wallaby-utils-0.12.5-10.el6.noarch.rpm x86_64: condor-7.6.5-0.22.el6.x86_64.rpm condor-classads-7.6.5-0.22.el6.x86_64.rpm condor-debuginfo-7.6.5-0.22.el6.x86_64.rpm condor-kbdd-7.6.5-0.22.el6.x86_64.rpm condor-qmf-7.6.5-0.22.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.22.el6.x86_64.rpm MRG Management for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-6.el6.src.rpm x86_64: sesame-1.0-6.el6.x86_64.rpm sesame-debuginfo-1.0-6.el6.x86_64.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.22.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-4.1.3-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.23-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5444-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/deltacloud-core-0.5.0-10.el6_2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/libdeltacloud-0.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-daemons-1.1.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-eventmachine-0.12.10-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-fssm-0.2.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-haml-3.1.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-hpricot-0.8.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-json-1.4.6-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-maruku-0.6.0-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-mime-types-1.16-4.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-mocha-0.9.7-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-net-ssh-2.0.23-6.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-nokogiri-1.5.0-0.8.beta4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rack-1.3.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rack-accept-0.4.3-6.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rack-test-0.6.1-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rake-0.8.7-2.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rest-client-1.6.1-2.el6_0.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-sass-3.1.4-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-sinatra-1.2.6-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-syntax-1.0.0-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-thin-1.2.11-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-tilt-1.3.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-yard-0.7.2-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygems-1.8.16-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.12.5-10.el6.src.rpm i386: condor-7.6.5-0.22.el6.i686.rpm condor-aviary-7.6.5-0.22.el6.i686.rpm condor-classads-7.6.5-0.22.el6.i686.rpm condor-cluster-resource-agent-7.6.5-0.22.el6.i686.rpm condor-debuginfo-7.6.5-0.22.el6.i686.rpm condor-kbdd-7.6.5-0.22.el6.i686.rpm condor-plumage-7.6.5-0.22.el6.i686.rpm condor-qmf-7.6.5-0.22.el6.i686.rpm sesame-1.0-6.el6.i686.rpm sesame-debuginfo-1.0-6.el6.i686.rpm noarch: condor-wallaby-base-db-1.23-1.el6.noarch.rpm condor-wallaby-client-4.1.3-1.el6.noarch.rpm condor-wallaby-tools-4.1.3-1.el6.noarch.rpm cumin-0.1.5444-3.el6.noarch.rpm deltacloud-core-0.5.0-10.el6_2.noarch.rpm deltacloud-core-doc-0.5.0-10.el6_2.noarch.rpm deltacloud-core-rhevm-0.5.0-10.el6_2.noarch.rpm python-wallaby-0.12.5-10.el6.noarch.rpm python-wallabyclient-4.1.3-1.el6.noarch.rpm ruby-wallaby-0.12.5-10.el6.noarch.rpm rubygem-daemons-1.1.4-2.el6.noarch.rpm rubygem-fssm-0.2.7-1.el6.noarch.rpm rubygem-haml-3.1.2-2.el6.noarch.rpm rubygem-hpricot-doc-0.8.4-2.el6.noarch.rpm rubygem-maruku-0.6.0-4.el6.noarch.rpm rubygem-mime-types-1.16-4.el6_0.noarch.rpm rubygem-mime-types-doc-1.16-4.el6_0.noarch.rpm rubygem-mocha-0.9.7-4.el6.noarch.rpm rubygem-net-ssh-2.0.23-6.el6_0.noarch.rpm rubygem-net-ssh-doc-2.0.23-6.el6_0.noarch.rpm rubygem-nokogiri-doc-1.5.0-0.8.beta4.el6.noarch.rpm rubygem-rack-1.3.0-2.el6.noarch.rpm rubygem-rack-accept-0.4.3-6.el6_0.noarch.rpm rubygem-rack-accept-doc-0.4.3-6.el6_0.noarch.rpm rubygem-rack-test-0.6.1-1.el6.noarch.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm rubygem-rest-client-1.6.1-2.el6_0.noarch.rpm rubygem-sass-3.1.4-4.el6.noarch.rpm rubygem-sass-doc-3.1.4-4.el6.noarch.rpm rubygem-sinatra-1.2.6-2.el6.noarch.rpm rubygem-syntax-1.0.0-4.el6.noarch.rpm rubygem-tilt-1.3.2-3.el6.noarch.rpm rubygem-tilt-doc-1.3.2-3.el6.noarch.rpm rubygem-yard-0.7.2-1.el6.noarch.rpm rubygems-1.8.16-1.el6.noarch.rpm wallaby-0.12.5-10.el6.noarch.rpm wallaby-utils-0.12.5-10.el6.noarch.rpm x86_64: condor-7.6.5-0.22.el6.x86_64.rpm condor-aviary-7.6.5-0.22.el6.x86_64.rpm condor-classads-7.6.5-0.22.el6.x86_64.rpm condor-cluster-resource-agent-7.6.5-0.22.el6.x86_64.rpm condor-debuginfo-7.6.5-0.22.el6.x86_64.rpm condor-deltacloud-gahp-7.6.5-0.22.el6.x86_64.rpm condor-kbdd-7.6.5-0.22.el6.x86_64.rpm condor-plumage-7.6.5-0.22.el6.x86_64.rpm condor-qmf-7.6.5-0.22.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.22.el6.x86_64.rpm libdeltacloud-0.9-1.el6.x86_64.rpm libdeltacloud-debuginfo-0.9-1.el6.x86_64.rpm libdeltacloud-devel-0.9-1.el6.x86_64.rpm ruby-hpricot-0.8.4-2.el6.x86_64.rpm ruby-json-1.4.6-10.el6.x86_64.rpm ruby-nokogiri-1.5.0-0.8.beta4.el6.x86_64.rpm rubygem-eventmachine-0.12.10-7.el6.x86_64.rpm rubygem-eventmachine-debuginfo-0.12.10-7.el6.x86_64.rpm rubygem-hpricot-0.8.4-2.el6.x86_64.rpm rubygem-hpricot-debuginfo-0.8.4-2.el6.x86_64.rpm rubygem-json-1.4.6-10.el6.x86_64.rpm rubygem-json-debuginfo-1.4.6-10.el6.x86_64.rpm rubygem-nokogiri-1.5.0-0.8.beta4.el6.x86_64.rpm rubygem-nokogiri-debuginfo-1.5.0-0.8.beta4.el6.x86_64.rpm rubygem-thin-1.2.11-3.el6.x86_64.rpm rubygem-thin-debuginfo-1.2.11-3.el6.x86_64.rpm rubygem-thin-doc-1.2.11-3.el6.x86_64.rpm sesame-1.0-6.el6.x86_64.rpm sesame-debuginfo-1.0-6.el6.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.6.5-0.22.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-4.1.3-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.23-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.12.5-10.el6.src.rpm i386: condor-7.6.5-0.22.el6.i686.rpm condor-classads-7.6.5-0.22.el6.i686.rpm condor-debuginfo-7.6.5-0.22.el6.i686.rpm condor-kbdd-7.6.5-0.22.el6.i686.rpm condor-qmf-7.6.5-0.22.el6.i686.rpm noarch: condor-wallaby-base-db-1.23-1.el6.noarch.rpm condor-wallaby-client-4.1.3-1.el6.noarch.rpm condor-wallaby-tools-4.1.3-1.el6.noarch.rpm python-wallabyclient-4.1.3-1.el6.noarch.rpm ruby-wallaby-0.12.5-10.el6.noarch.rpm wallaby-utils-0.12.5-10.el6.noarch.rpm x86_64: condor-7.6.5-0.22.el6.x86_64.rpm condor-classads-7.6.5-0.22.el6.x86_64.rpm condor-debuginfo-7.6.5-0.22.el6.x86_64.rpm condor-kbdd-7.6.5-0.22.el6.x86_64.rpm condor-qmf-7.6.5-0.22.el6.x86_64.rpm condor-vm-gahp-7.6.5-0.22.el6.x86_64.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5444-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.12.5-10.el6.src.rpm i386: sesame-1.0-6.el6.i686.rpm sesame-debuginfo-1.0-6.el6.i686.rpm noarch: cumin-0.1.5444-3.el6.noarch.rpm python-wallaby-0.12.5-10.el6.noarch.rpm x86_64: sesame-1.0-6.el6.x86_64.rpm sesame-debuginfo-1.0-6.el6.x86_64.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-6.el6.src.rpm i386: sesame-1.0-6.el6.i686.rpm sesame-debuginfo-1.0-6.el6.i686.rpm x86_64: sesame-1.0-6.el6.x86_64.rpm sesame-debuginfo-1.0-6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2680.html https://www.redhat.com/security/data/cve/CVE-2012-2681.html https://www.redhat.com/security/data/cve/CVE-2012-2683.html https://www.redhat.com/security/data/cve/CVE-2012-2684.html https://www.redhat.com/security/data/cve/CVE-2012-2685.html https://www.redhat.com/security/data/cve/CVE-2012-2734.html https://www.redhat.com/security/data/cve/CVE-2012-2735.html https://www.redhat.com/security/data/cve/CVE-2012-3459.html https://www.redhat.com/security/data/cve/CVE-2012-3491.html https://www.redhat.com/security/data/cve/CVE-2012-3492.html https://www.redhat.com/security/data/cve/CVE-2012-3493.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1281 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgtRXlSAg2UNWIIRArtmAJ0fMKniCsCtO2Wee0L5fnul2QPsFwCeOTCr OLT5XzyZark/2g5xcd/K6vA= =/Xy/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 19 18:15:05 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Sep 2012 18:15:05 +0000 Subject: [RHSA-2012:1282-01] Moderate: kernel-rt security, bug fix, and enhancement update Message-ID: <201209191815.q8JIF5hW009947@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2012:1282-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1282.html Issue date: 2012-09-19 CVE Names: CVE-2012-4398 ===================================================================== 1. Summary: Updated kernel-rt packages that fix one security issue, several bugs, and add enhancements are now available for Red Hat Enterprise MRG 2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) Red Hat would like to thank Tetsuo Handa for reporting this issue. The kernel-rt packages have been upgraded to upstream version 3.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#798421) This update also fixes various bugs and adds enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated kernel-rt packages, which correct this issue, fix these bugs, and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 725799 - diskless support for MRG 2.x 786083 - iptables unable to log to rsyslog 798421 - Rebase MRG RT kernel to 3.2-rtX series 798423 - InfiniBand stack refresh in MRG RT 799385 - Thread can dead lock in migrate timers 799386 - The futex proxy handler grabs the pi_lock without disabling interrupts 799389 - lglocks can be taken and never released on cpu offline and onlining 799391 - Tasks waiting on a state change of another task may get wrong result 799399 - ftrace_dump() can cause issues on RT 814689 - missing /proc/sys/crypto/fips_enabled in 3.2.14-rt24.22.el6rt.x86_64 causes openssh errors 815937 - 3.0.25-rt44.57.el6rt.x86_64 missing firmware rtl_nic/rtl8168e-2.fw 825344 - new mrg-rt-release sub-package [mrg2.2] 834583 - kernel-rt-3.2.20-rt32.44.el6rt.x86_64 floods the console with "DMAR [fault reason 02] Present bit in context entry is clear" 842680 - kernel 3.2.23-rt37.49.el6rt.x86_64 doesn't create symlinks to /lib/firmware/mrg-rt-firmware 853474 - CVE-2012-4398 kernel: request_module() OOM local DoS 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.2.23-rt37.56.el6rt.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rt-firmware-1.0-3.el6_3.src.rpm noarch: kernel-rt-doc-3.2.23-rt37.56.el6rt.noarch.rpm kernel-rt-firmware-3.2.23-rt37.56.el6rt.noarch.rpm mrg-rt-release-3.2.23-rt37.56.el6rt.noarch.rpm rt-firmware-1.0-3.el6_3.noarch.rpm x86_64: kernel-rt-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-debug-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-debug-devel-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-devel-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-trace-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-trace-devel-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-vanilla-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.2.23-rt37.56.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4398.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1282 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWguSXlSAg2UNWIIRAtvyAJ9NqjXmJUosNb16Zh3WuO7C+q5c9wCgjL9g jiW2xcBSkQ6Wue5ODcsauTE= =S4+I -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 25 19:04:50 2012 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Sep 2012 19:04:50 +0000 Subject: [RHSA-2012:1304-01] Moderate: kernel security and bug fix update Message-ID: <201209251904.q8PJ4stk028313@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2012:1304-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1304.html Issue date: 2012-09-25 CVE Names: CVE-2012-2313 CVE-2012-2384 CVE-2012-2390 CVE-2012-3430 CVE-2012-3552 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A race condition was found in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. (CVE-2012-3552, Moderate) * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) * A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) Red Hat would like to thank Hafid Lin for reporting CVE-2012-3552, and Stephan Mueller for reporting CVE-2012-2313. The CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users 820039 - CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory 824178 - CVE-2012-2384 kernel: drm/i915: integer overflow in i915_gem_do_execbuffer() 824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure 842982 - Change network with netconsole loaded cause kernel panic [rhel-6.3.z] 847945 - nfs_attr_use_mounted_on_file() returns wrong value [rhel-6.3.z] 849051 - dlm: deadlock between dlm_send and dlm_controld [rhel-6.3.z] 851444 - [qemu-kvm] [hot-plug] qemu-process (RHEL6.3 guest) goes into D state during nic hot unplug (netdev_del hostnet1) [rhel-6.3.z] 853465 - CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-2.6.32-279.9.1.el6.i686.rpm kernel-debug-2.6.32-279.9.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm kernel-devel-2.6.32-279.9.1.el6.i686.rpm kernel-headers-2.6.32-279.9.1.el6.i686.rpm perf-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.9.1.el6.noarch.rpm kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm kernel-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-headers-2.6.32-279.9.1.el6.x86_64.rpm perf-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.9.1.el6.noarch.rpm kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm kernel-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-headers-2.6.32-279.9.1.el6.x86_64.rpm perf-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-2.6.32-279.9.1.el6.i686.rpm kernel-debug-2.6.32-279.9.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm kernel-devel-2.6.32-279.9.1.el6.i686.rpm kernel-headers-2.6.32-279.9.1.el6.i686.rpm perf-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.9.1.el6.noarch.rpm kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.9.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.9.1.el6.ppc64.rpm kernel-debug-2.6.32-279.9.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.9.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.9.1.el6.ppc64.rpm kernel-devel-2.6.32-279.9.1.el6.ppc64.rpm kernel-headers-2.6.32-279.9.1.el6.ppc64.rpm perf-2.6.32-279.9.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.9.1.el6.s390x.rpm kernel-debug-2.6.32-279.9.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.9.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.9.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.9.1.el6.s390x.rpm kernel-devel-2.6.32-279.9.1.el6.s390x.rpm kernel-headers-2.6.32-279.9.1.el6.s390x.rpm kernel-kdump-2.6.32-279.9.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.9.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.9.1.el6.s390x.rpm perf-2.6.32-279.9.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.9.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm kernel-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-headers-2.6.32-279.9.1.el6.x86_64.rpm perf-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.9.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm python-perf-2.6.32-279.9.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.9.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.9.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.9.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.9.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.9.1.el6.s390x.rpm python-perf-2.6.32-279.9.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-2.6.32-279.9.1.el6.i686.rpm kernel-debug-2.6.32-279.9.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm kernel-devel-2.6.32-279.9.1.el6.i686.rpm kernel-headers-2.6.32-279.9.1.el6.i686.rpm perf-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.9.1.el6.noarch.rpm kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm kernel-devel-2.6.32-279.9.1.el6.x86_64.rpm kernel-headers-2.6.32-279.9.1.el6.x86_64.rpm perf-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.9.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.9.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.9.1.el6.i686.rpm perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm python-perf-2.6.32-279.9.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.9.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm python-perf-2.6.32-279.9.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.9.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2313.html https://www.redhat.com/security/data/cve/CVE-2012-2384.html https://www.redhat.com/security/data/cve/CVE-2012-2390.html https://www.redhat.com/security/data/cve/CVE-2012-3430.html https://www.redhat.com/security/data/cve/CVE-2012-3552.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1304 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQYgAvXlSAg2UNWIIRAhb1AKCDVK6IAGibNkohi4L2IP0n4ZFe4wCgiMfn pvqv5cPGOUDcYtsd97WKxgs= =4lZF -----END PGP SIGNATURE-----