From bugzilla at redhat.com Tue Dec 3 16:53:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Dec 2013 16:53:22 +0000 Subject: [RHSA-2013:1778-01] Moderate: gimp security update Message-ID: <201312031653.rB3GrMoN005659@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2013:1778-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1778.html Issue date: 2013-12-03 CVE Names: CVE-2012-5576 CVE-2013-1913 CVE-2013-1978 ===================================================================== 1. Summary: Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978) The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray McAllister of the Red Hat Security Response Team. Users of the GIMP are advised to upgrade to these updated packages, which correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 879302 - CVE-2012-5576 gimp (XWD plug-in): Stack-based buffer overflow when loading XWD file 947868 - CVE-2013-1913 gimp: xwd plugin g_new() integer overflow 953902 - CVE-2013-1978 gimp: XWD plugin color map heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-3.el5_10.src.rpm i386: gimp-2.2.13-3.el5_10.i386.rpm gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-libs-2.2.13-3.el5_10.i386.rpm x86_64: gimp-2.2.13-3.el5_10.x86_64.rpm gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-debuginfo-2.2.13-3.el5_10.x86_64.rpm gimp-libs-2.2.13-3.el5_10.i386.rpm gimp-libs-2.2.13-3.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-3.el5_10.src.rpm i386: gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-devel-2.2.13-3.el5_10.i386.rpm x86_64: gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-debuginfo-2.2.13-3.el5_10.x86_64.rpm gimp-devel-2.2.13-3.el5_10.i386.rpm gimp-devel-2.2.13-3.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gimp-2.2.13-3.el5_10.src.rpm i386: gimp-2.2.13-3.el5_10.i386.rpm gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-devel-2.2.13-3.el5_10.i386.rpm gimp-libs-2.2.13-3.el5_10.i386.rpm ia64: gimp-2.2.13-3.el5_10.ia64.rpm gimp-debuginfo-2.2.13-3.el5_10.ia64.rpm gimp-devel-2.2.13-3.el5_10.ia64.rpm gimp-libs-2.2.13-3.el5_10.ia64.rpm ppc: gimp-2.2.13-3.el5_10.ppc.rpm gimp-debuginfo-2.2.13-3.el5_10.ppc.rpm gimp-debuginfo-2.2.13-3.el5_10.ppc64.rpm gimp-devel-2.2.13-3.el5_10.ppc.rpm gimp-devel-2.2.13-3.el5_10.ppc64.rpm gimp-libs-2.2.13-3.el5_10.ppc.rpm gimp-libs-2.2.13-3.el5_10.ppc64.rpm s390x: gimp-2.2.13-3.el5_10.s390x.rpm gimp-debuginfo-2.2.13-3.el5_10.s390.rpm gimp-debuginfo-2.2.13-3.el5_10.s390x.rpm gimp-devel-2.2.13-3.el5_10.s390.rpm gimp-devel-2.2.13-3.el5_10.s390x.rpm gimp-libs-2.2.13-3.el5_10.s390.rpm gimp-libs-2.2.13-3.el5_10.s390x.rpm x86_64: gimp-2.2.13-3.el5_10.x86_64.rpm gimp-debuginfo-2.2.13-3.el5_10.i386.rpm gimp-debuginfo-2.2.13-3.el5_10.x86_64.rpm gimp-devel-2.2.13-3.el5_10.i386.rpm gimp-devel-2.2.13-3.el5_10.x86_64.rpm gimp-libs-2.2.13-3.el5_10.i386.rpm gimp-libs-2.2.13-3.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-help-browser-2.6.9-6.el6_5.i686.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm x86_64: gimp-2.6.9-6.el6_5.x86_64.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-tools-2.6.9-6.el6_5.i686.rpm x86_64: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.x86_64.rpm gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-help-browser-2.6.9-6.el6_5.i686.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm ppc64: gimp-2.6.9-6.el6_5.ppc64.rpm gimp-debuginfo-2.6.9-6.el6_5.ppc64.rpm gimp-help-browser-2.6.9-6.el6_5.ppc64.rpm gimp-libs-2.6.9-6.el6_5.ppc64.rpm s390x: gimp-2.6.9-6.el6_5.s390x.rpm gimp-debuginfo-2.6.9-6.el6_5.s390x.rpm gimp-help-browser-2.6.9-6.el6_5.s390x.rpm gimp-libs-2.6.9-6.el6_5.s390x.rpm x86_64: gimp-2.6.9-6.el6_5.x86_64.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-tools-2.6.9-6.el6_5.i686.rpm ppc64: gimp-debuginfo-2.6.9-6.el6_5.ppc.rpm gimp-debuginfo-2.6.9-6.el6_5.ppc64.rpm gimp-devel-2.6.9-6.el6_5.ppc.rpm gimp-devel-2.6.9-6.el6_5.ppc64.rpm gimp-devel-tools-2.6.9-6.el6_5.ppc64.rpm gimp-libs-2.6.9-6.el6_5.ppc.rpm s390x: gimp-debuginfo-2.6.9-6.el6_5.s390.rpm gimp-debuginfo-2.6.9-6.el6_5.s390x.rpm gimp-devel-2.6.9-6.el6_5.s390.rpm gimp-devel-2.6.9-6.el6_5.s390x.rpm gimp-devel-tools-2.6.9-6.el6_5.s390x.rpm gimp-libs-2.6.9-6.el6_5.s390.rpm x86_64: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.x86_64.rpm gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-help-browser-2.6.9-6.el6_5.i686.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm x86_64: gimp-2.6.9-6.el6_5.x86_64.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-6.el6_5.src.rpm i386: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-tools-2.6.9-6.el6_5.i686.rpm x86_64: gimp-debuginfo-2.6.9-6.el6_5.i686.rpm gimp-debuginfo-2.6.9-6.el6_5.x86_64.rpm gimp-devel-2.6.9-6.el6_5.i686.rpm gimp-devel-2.6.9-6.el6_5.x86_64.rpm gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm gimp-libs-2.6.9-6.el6_5.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5576.html https://www.redhat.com/security/data/cve/CVE-2013-1913.html https://www.redhat.com/security/data/cve/CVE-2013-1978.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSngxzXlSAg2UNWIIRAnFBAJ4opD7E5LA5wie57jJ5XoGkM+GxQACfQmKq 7gjBdaXZaNRsv9fR5WefZrg= =dNF4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 3 16:54:04 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Dec 2013 16:54:04 +0000 Subject: [RHSA-2013:1779-01] Moderate: mod_nss security update Message-ID: <201312031654.rB3Gs4Tp011311@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mod_nss security update Advisory ID: RHSA-2013:1779-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1779.html Issue date: 2013-12-03 CVE Names: CVE-2013-4566 ===================================================================== 1. Summary: An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566) Red Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this issue. All mod_nss users should upgrade to this updated package, which contains a backported patch to correct this issue. The httpd service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mod_nss-1.0.8-8.el5_10.src.rpm i386: mod_nss-1.0.8-8.el5_10.i386.rpm mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm x86_64: mod_nss-1.0.8-8.el5_10.x86_64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mod_nss-1.0.8-8.el5_10.src.rpm i386: mod_nss-1.0.8-8.el5_10.i386.rpm mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm ia64: mod_nss-1.0.8-8.el5_10.ia64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.ia64.rpm ppc: mod_nss-1.0.8-8.el5_10.ppc.rpm mod_nss-debuginfo-1.0.8-8.el5_10.ppc.rpm s390x: mod_nss-1.0.8-8.el5_10.s390x.rpm mod_nss-debuginfo-1.0.8-8.el5_10.s390x.rpm x86_64: mod_nss-1.0.8-8.el5_10.x86_64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mod_nss-1.0.8-19.el6_5.src.rpm i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mod_nss-1.0.8-19.el6_5.src.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mod_nss-1.0.8-19.el6_5.src.rpm i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm ppc64: mod_nss-1.0.8-19.el6_5.ppc64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.ppc64.rpm s390x: mod_nss-1.0.8-19.el6_5.s390x.rpm mod_nss-debuginfo-1.0.8-19.el6_5.s390x.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mod_nss-1.0.8-19.el6_5.src.rpm i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4566.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSngyWXlSAg2UNWIIRApUcAKDBTUOXsHSak0LL4MpnXiB4PvsYTgCfbPiE Jva6bHVAzMoKKmQjxhc9g8k= =D+38 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 5 17:49:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Dec 2013 17:49:15 +0000 Subject: [RHSA-2013:1783-01] Important: kernel security and bug fix update Message-ID: <201312051749.rB5HnFXp026575@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:1783-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1783.html Issue date: 2013-12-05 CVE Names: CVE-2012-4508 CVE-2013-2851 CVE-2013-4299 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - noarch, x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508, Fujitsu for reporting CVE-2013-4299, and Kees Cook for reporting CVE-2013-2851. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 1004233 - CVE-2013-4299 kernel: dm: dm-snapshot data leak 6. Package List: Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: kernel-2.6.32-279.39.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.39.1.el6.noarch.rpm kernel-firmware-2.6.32-279.39.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.39.1.el6.x86_64.rpm kernel-devel-2.6.32-279.39.1.el6.x86_64.rpm kernel-headers-2.6.32-279.39.1.el6.x86_64.rpm perf-2.6.32-279.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) : Source: kernel-2.6.32-279.39.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm python-perf-2.6.32-279.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: kernel-2.6.32-279.39.1.el6.src.rpm i386: kernel-2.6.32-279.39.1.el6.i686.rpm kernel-debug-2.6.32-279.39.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.39.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.39.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.39.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.39.1.el6.i686.rpm kernel-devel-2.6.32-279.39.1.el6.i686.rpm kernel-headers-2.6.32-279.39.1.el6.i686.rpm perf-2.6.32-279.39.1.el6.i686.rpm perf-debuginfo-2.6.32-279.39.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.39.1.el6.noarch.rpm kernel-firmware-2.6.32-279.39.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.39.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.39.1.el6.ppc64.rpm kernel-debug-2.6.32-279.39.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.39.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.39.1.el6.ppc64.rpm kernel-devel-2.6.32-279.39.1.el6.ppc64.rpm kernel-headers-2.6.32-279.39.1.el6.ppc64.rpm perf-2.6.32-279.39.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.39.1.el6.s390x.rpm kernel-debug-2.6.32-279.39.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.39.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.39.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.39.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.39.1.el6.s390x.rpm kernel-devel-2.6.32-279.39.1.el6.s390x.rpm kernel-headers-2.6.32-279.39.1.el6.s390x.rpm kernel-kdump-2.6.32-279.39.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.39.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.39.1.el6.s390x.rpm perf-2.6.32-279.39.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.39.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.39.1.el6.x86_64.rpm kernel-devel-2.6.32-279.39.1.el6.x86_64.rpm kernel-headers-2.6.32-279.39.1.el6.x86_64.rpm perf-2.6.32-279.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: kernel-2.6.32-279.39.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.39.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.39.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.39.1.el6.i686.rpm perf-debuginfo-2.6.32-279.39.1.el6.i686.rpm python-perf-2.6.32-279.39.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.39.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm python-perf-2.6.32-279.39.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.39.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.39.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.39.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.39.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.39.1.el6.s390x.rpm python-perf-2.6.32-279.39.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm python-perf-2.6.32-279.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.39.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4508.html https://www.redhat.com/security/data/cve/CVE-2013-2851.html https://www.redhat.com/security/data/cve/CVE-2013-4299.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSoLxnXlSAg2UNWIIRAm9YAJ4sL64JK41N0X+WcyefPz9TAPeHowCeIIOv OMCMw5nf5RdP7BnNmKDy4jI= =OCMm -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 5 17:50:30 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Dec 2013 17:50:30 +0000 Subject: [RHSA-2013:1790-01] Moderate: kernel security and bug fix update Message-ID: <201312051750.rB5HoUbv017069@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1790-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1790.html Issue date: 2013-12-05 CVE Names: CVE-2013-4355 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileged user in a fully-virtualized guest could use this flaw to leak hypervisor stack memory to a guest. (CVE-2013-4355, Moderate) Red Hat would like to thank the Xen project for reporting this issue. This update also fixes the following bugs: * A previous fix to the kernel did not contain a memory barrier in the percpu_up_write() function. Consequently, under certain circumstances, a race condition could occur leading to memory corruption and a subsequent kernel panic. This update introduces a new memory barrier pair, light_mb() and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw-semaphores) ensuring that the race condition can no longer occur. In addition, the read path performance of "percpu-rw-semaphores" has been improved. (BZ#1014715) * Due to a bug in the tg3 driver, systems that had the Wake-on-LAN (WOL) feature enabled on their NICs could not have been woken up from suspension or hibernation using WOL. A missing pci_wake_from_d3() function call has been added to the tg3 driver, which ensures that WOL functions properly by setting the PME_ENABLE bit. (BZ#1014973) * Due to an incorrect test condition in the mpt2sas driver, the driver was unable to catch failures to map a SCSI scatter-gather list. The test condition has been corrected so that the mpt2sas driver now handles SCSI scatter-gather mapping failures as expected. (BZ#1018458) * A previous patch to the kernel introduced the "VLAN tag re-insertion" workaround to resolve a problem with incorrectly handled VLAN-tagged packets with no assigned VLAN group while the be2net driver was in promiscuous mode. However, this solution led to packet corruption and a subsequent kernel oops if such a processed packed was a GRO packet. Therefore, a patch has been applied to restrict VLAN tag re-insertion only to non-GRO packets. The be2net driver now processes VLAN-tagged packets with no assigned VLAN group correctly in this situation. (BZ#1023348) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1009598 - CVE-2013-4355 Kernel: Xen: Xsa-63: information leak via I/O instruction emulation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-371.3.1.el5.src.rpm i386: kernel-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debug-2.6.18-371.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.i686.rpm kernel-devel-2.6.18-371.3.1.el5.i686.rpm kernel-headers-2.6.18-371.3.1.el5.i386.rpm kernel-xen-2.6.18-371.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.3.1.el5.i686.rpm noarch: kernel-doc-2.6.18-371.3.1.el5.noarch.rpm x86_64: kernel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.x86_64.rpm kernel-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-headers-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.3.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-371.3.1.el5.src.rpm i386: kernel-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debug-2.6.18-371.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.i686.rpm kernel-devel-2.6.18-371.3.1.el5.i686.rpm kernel-headers-2.6.18-371.3.1.el5.i386.rpm kernel-xen-2.6.18-371.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.3.1.el5.i686.rpm ia64: kernel-2.6.18-371.3.1.el5.ia64.rpm kernel-debug-2.6.18-371.3.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.ia64.rpm kernel-debug-devel-2.6.18-371.3.1.el5.ia64.rpm kernel-debuginfo-2.6.18-371.3.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.ia64.rpm kernel-devel-2.6.18-371.3.1.el5.ia64.rpm kernel-headers-2.6.18-371.3.1.el5.ia64.rpm kernel-xen-2.6.18-371.3.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.ia64.rpm kernel-xen-devel-2.6.18-371.3.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-371.3.1.el5.noarch.rpm ppc: kernel-2.6.18-371.3.1.el5.ppc64.rpm kernel-debug-2.6.18-371.3.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-371.3.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-371.3.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.ppc64.rpm kernel-devel-2.6.18-371.3.1.el5.ppc64.rpm kernel-headers-2.6.18-371.3.1.el5.ppc.rpm kernel-headers-2.6.18-371.3.1.el5.ppc64.rpm kernel-kdump-2.6.18-371.3.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-371.3.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-371.3.1.el5.ppc64.rpm s390x: kernel-2.6.18-371.3.1.el5.s390x.rpm kernel-debug-2.6.18-371.3.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.s390x.rpm kernel-debug-devel-2.6.18-371.3.1.el5.s390x.rpm kernel-debuginfo-2.6.18-371.3.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.s390x.rpm kernel-devel-2.6.18-371.3.1.el5.s390x.rpm kernel-headers-2.6.18-371.3.1.el5.s390x.rpm kernel-kdump-2.6.18-371.3.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-371.3.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-371.3.1.el5.s390x.rpm x86_64: kernel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.x86_64.rpm kernel-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-headers-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.3.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4355.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSoLy2XlSAg2UNWIIRAnoHAJ9vXZTezyXbOywDIkGKpH5Dw24UgACfUdWX byS0svpyV/O0TCfUV584v3k= =qEXh -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 5 17:51:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Dec 2013 17:51:09 +0000 Subject: [RHSA-2013:1791-01] Important: nss and nspr security, bug fix, and enhancement update Message-ID: <201312051751.rB5Hp9K3000839@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2013:1791-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1791.html Issue date: 2013-12-05 CVE Names: CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 ===================================================================== 1. Summary: Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#1033478, BZ#1020520) This update also fixes the following bug: * The RHBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". (BZ#1033499) Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1012740 - CVE-2013-1739 nss: Avoid uninitialized data read in the event of a decryption failure 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) 1031457 - CVE-2013-5606 nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103) 1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) 1031461 - CVE-2013-5607 nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.10.2-2.el5_10.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.15.3-3.el5_10.src.rpm i386: nspr-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nss-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-tools-3.15.3-3.el5_10.i386.rpm x86_64: nspr-4.10.2-2.el5_10.i386.rpm nspr-4.10.2-2.el5_10.x86_64.rpm nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.x86_64.rpm nss-3.15.3-3.el5_10.i386.rpm nss-3.15.3-3.el5_10.x86_64.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.x86_64.rpm nss-tools-3.15.3-3.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.10.2-2.el5_10.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.15.3-3.el5_10.src.rpm i386: nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-devel-4.10.2-2.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-devel-3.15.3-3.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-3.el5_10.i386.rpm x86_64: nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.x86_64.rpm nspr-devel-4.10.2-2.el5_10.i386.rpm nspr-devel-4.10.2-2.el5_10.x86_64.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.x86_64.rpm nss-devel-3.15.3-3.el5_10.i386.rpm nss-devel-3.15.3-3.el5_10.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-3.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.10.2-2.el5_10.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.15.3-3.el5_10.src.rpm i386: nspr-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-devel-4.10.2-2.el5_10.i386.rpm nss-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-devel-3.15.3-3.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-3.el5_10.i386.rpm nss-tools-3.15.3-3.el5_10.i386.rpm ia64: nspr-4.10.2-2.el5_10.i386.rpm nspr-4.10.2-2.el5_10.ia64.rpm nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.ia64.rpm nspr-devel-4.10.2-2.el5_10.ia64.rpm nss-3.15.3-3.el5_10.i386.rpm nss-3.15.3-3.el5_10.ia64.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.ia64.rpm nss-devel-3.15.3-3.el5_10.ia64.rpm nss-pkcs11-devel-3.15.3-3.el5_10.ia64.rpm nss-tools-3.15.3-3.el5_10.ia64.rpm ppc: nspr-4.10.2-2.el5_10.ppc.rpm nspr-4.10.2-2.el5_10.ppc64.rpm nspr-debuginfo-4.10.2-2.el5_10.ppc.rpm nspr-debuginfo-4.10.2-2.el5_10.ppc64.rpm nspr-devel-4.10.2-2.el5_10.ppc.rpm nspr-devel-4.10.2-2.el5_10.ppc64.rpm nss-3.15.3-3.el5_10.ppc.rpm nss-3.15.3-3.el5_10.ppc64.rpm nss-debuginfo-3.15.3-3.el5_10.ppc.rpm nss-debuginfo-3.15.3-3.el5_10.ppc64.rpm nss-devel-3.15.3-3.el5_10.ppc.rpm nss-devel-3.15.3-3.el5_10.ppc64.rpm nss-pkcs11-devel-3.15.3-3.el5_10.ppc.rpm nss-pkcs11-devel-3.15.3-3.el5_10.ppc64.rpm nss-tools-3.15.3-3.el5_10.ppc.rpm s390x: nspr-4.10.2-2.el5_10.s390.rpm nspr-4.10.2-2.el5_10.s390x.rpm nspr-debuginfo-4.10.2-2.el5_10.s390.rpm nspr-debuginfo-4.10.2-2.el5_10.s390x.rpm nspr-devel-4.10.2-2.el5_10.s390.rpm nspr-devel-4.10.2-2.el5_10.s390x.rpm nss-3.15.3-3.el5_10.s390.rpm nss-3.15.3-3.el5_10.s390x.rpm nss-debuginfo-3.15.3-3.el5_10.s390.rpm nss-debuginfo-3.15.3-3.el5_10.s390x.rpm nss-devel-3.15.3-3.el5_10.s390.rpm nss-devel-3.15.3-3.el5_10.s390x.rpm nss-pkcs11-devel-3.15.3-3.el5_10.s390.rpm nss-pkcs11-devel-3.15.3-3.el5_10.s390x.rpm nss-tools-3.15.3-3.el5_10.s390x.rpm x86_64: nspr-4.10.2-2.el5_10.i386.rpm nspr-4.10.2-2.el5_10.x86_64.rpm nspr-debuginfo-4.10.2-2.el5_10.i386.rpm nspr-debuginfo-4.10.2-2.el5_10.x86_64.rpm nspr-devel-4.10.2-2.el5_10.i386.rpm nspr-devel-4.10.2-2.el5_10.x86_64.rpm nss-3.15.3-3.el5_10.i386.rpm nss-3.15.3-3.el5_10.x86_64.rpm nss-debuginfo-3.15.3-3.el5_10.i386.rpm nss-debuginfo-3.15.3-3.el5_10.x86_64.rpm nss-devel-3.15.3-3.el5_10.i386.rpm nss-devel-3.15.3-3.el5_10.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-3.el5_10.x86_64.rpm nss-tools-3.15.3-3.el5_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1739.html https://www.redhat.com/security/data/cve/CVE-2013-1741.html https://www.redhat.com/security/data/cve/CVE-2013-5605.html https://www.redhat.com/security/data/cve/CVE-2013-5606.html https://www.redhat.com/security/data/cve/CVE-2013-5607.html https://access.redhat.com/security/updates/classification/#important http://www.mozilla.org/security/announce/2013/mfsa2013-103.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSoLz+XlSAg2UNWIIRAjaOAKC1e50CeEPRmLfk0LmHjX/Esn4I4ACglhuw 9jyKZmZ6Wq61vCFsITja2vU= =46P5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 5 17:51:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Dec 2013 17:51:47 +0000 Subject: [RHSA-2013:1792-01] Low: Red Hat Enterprise Linux 6.2 Extended Update Support 1-Month Notice Message-ID: <201312051751.rB5HplH8000306@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.2 Extended Update Support 1-Month Notice Advisory ID: RHSA-2013:1792-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1792.html Issue date: 2013-12-05 ===================================================================== 1. Summary: This is the 1-Month notification for the retirement of Red Hat Enterprise Linux 6.2 Extended Update Support (EUS). 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired as of January 7, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 7, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.2. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.2 to a more recent version of Red Hat Enterprise Linux 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release (6.3 or 6.4, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://www.redhat.com/security/updates/errata/ 4. Solution: This advisory contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.2): Source: redhat-release-server-6Server-6.2.0.5.el6_2.src.rpm i386: redhat-release-server-6Server-6.2.0.5.el6_2.i686.rpm ppc64: redhat-release-server-6Server-6.2.0.5.el6_2.ppc64.rpm s390x: redhat-release-server-6Server-6.2.0.5.el6_2.s390x.rpm x86_64: redhat-release-server-6Server-6.2.0.5.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSoL0ZXlSAg2UNWIIRAimpAJ9qRn513vNIS1s9kwX9enE36z+nCACdGH+F 5kcaM0eb+U09/mYb8C7ciy8= =d3Ht -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 10 00:24:44 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Dec 2013 00:24:44 +0000 Subject: [RHSA-2013:1803-01] Moderate: libjpeg-turbo security update Message-ID: <201312100024.rBA0OiwF027022@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libjpeg-turbo security update Advisory ID: RHSA-2013:1803-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1803.html Issue date: 2013-12-09 CVE Names: CVE-2013-6629 CVE-2013-6630 ===================================================================== 1. Summary: Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1031749 - CVE-2013-6630 libjpeg: information leak (read of uninitialized memory) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm x86_64: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpm x86_64: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm x86_64: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm x86_64: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm ppc64: libjpeg-turbo-1.2.1-3.el6_5.ppc.rpm libjpeg-turbo-1.2.1-3.el6_5.ppc64.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.ppc.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.ppc64.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.ppc.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.ppc64.rpm s390x: libjpeg-turbo-1.2.1-3.el6_5.s390.rpm libjpeg-turbo-1.2.1-3.el6_5.s390x.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.s390.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.s390x.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.s390.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.s390x.rpm x86_64: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpm ppc64: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.ppc64.rpm libjpeg-turbo-static-1.2.1-3.el6_5.ppc64.rpm s390x: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.s390x.rpm libjpeg-turbo-static-1.2.1-3.el6_5.s390x.rpm x86_64: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm x86_64: libjpeg-turbo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-devel-1.2.1-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libjpeg-turbo-1.2.1-3.el6_5.src.rpm i386: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.i686.rpm libjpeg-turbo-static-1.2.1-3.el6_5.i686.rpm x86_64: libjpeg-turbo-debuginfo-1.2.1-3.el6_5.x86_64.rpm libjpeg-turbo-static-1.2.1-3.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://www.redhat.com/security/data/cve/CVE-2013-6630.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSpl87XlSAg2UNWIIRAiv1AKCmuV5AZmnbxQJj1NrKZLQDqL1MiwCcCB5v uiO5YC/cRuNA5HraCRePfuY= =05WB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 10 00:25:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Dec 2013 00:25:08 +0000 Subject: [RHSA-2013:1804-01] Moderate: libjpeg security update Message-ID: <201312100025.rBA0P8MP027171@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libjpeg security update Advisory ID: RHSA-2013:1804-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1804.html Issue date: 2013-12-09 CVE Names: CVE-2013-6629 ===================================================================== 1. Summary: An updated libjpeg package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libjpeg-6b-38.src.rpm i386: libjpeg-6b-38.i386.rpm libjpeg-debuginfo-6b-38.i386.rpm x86_64: libjpeg-6b-38.i386.rpm libjpeg-6b-38.x86_64.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-debuginfo-6b-38.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libjpeg-6b-38.src.rpm i386: libjpeg-debuginfo-6b-38.i386.rpm libjpeg-devel-6b-38.i386.rpm x86_64: libjpeg-debuginfo-6b-38.i386.rpm libjpeg-debuginfo-6b-38.x86_64.rpm libjpeg-devel-6b-38.i386.rpm libjpeg-devel-6b-38.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libjpeg-6b-38.src.rpm i386: libjpeg-6b-38.i386.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-devel-6b-38.i386.rpm ia64: libjpeg-6b-38.i386.rpm libjpeg-6b-38.ia64.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-debuginfo-6b-38.ia64.rpm libjpeg-devel-6b-38.ia64.rpm ppc: libjpeg-6b-38.ppc.rpm libjpeg-6b-38.ppc64.rpm libjpeg-debuginfo-6b-38.ppc.rpm libjpeg-debuginfo-6b-38.ppc64.rpm libjpeg-devel-6b-38.ppc.rpm libjpeg-devel-6b-38.ppc64.rpm s390x: libjpeg-6b-38.s390.rpm libjpeg-6b-38.s390x.rpm libjpeg-debuginfo-6b-38.s390.rpm libjpeg-debuginfo-6b-38.s390x.rpm libjpeg-devel-6b-38.s390.rpm libjpeg-devel-6b-38.s390x.rpm x86_64: libjpeg-6b-38.i386.rpm libjpeg-6b-38.x86_64.rpm libjpeg-debuginfo-6b-38.i386.rpm libjpeg-debuginfo-6b-38.x86_64.rpm libjpeg-devel-6b-38.i386.rpm libjpeg-devel-6b-38.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSpl9XXlSAg2UNWIIRAk36AJ9CSNu0JBf09Vu6Sa0yiClsBfNgNQCfXzY2 cV7eoPlOM8fprfo68fgpWSE= =ZYgY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 10 00:26:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Dec 2013 00:26:03 +0000 Subject: [RHSA-2013:1805-01] Important: samba4 security update Message-ID: <201312100026.rBA0Q40L004209@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba4 security update Advisory ID: RHSA-2013:1805-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1805.html Issue date: 2013-12-09 CVE Names: CVE-2013-4408 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1018032 - CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba4-4.0.0-60.el6_5.rc4.src.rpm i386: samba4-4.0.0-60.el6_5.rc4.i686.rpm samba4-client-4.0.0-60.el6_5.rc4.i686.rpm samba4-common-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.i686.rpm samba4-devel-4.0.0-60.el6_5.rc4.i686.rpm samba4-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-60.el6_5.rc4.i686.rpm samba4-python-4.0.0-60.el6_5.rc4.i686.rpm samba4-swat-4.0.0-60.el6_5.rc4.i686.rpm samba4-test-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba4-4.0.0-60.el6_5.rc4.src.rpm x86_64: samba4-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba4-4.0.0-60.el6_5.rc4.src.rpm i386: samba4-4.0.0-60.el6_5.rc4.i686.rpm samba4-client-4.0.0-60.el6_5.rc4.i686.rpm samba4-common-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.i686.rpm samba4-devel-4.0.0-60.el6_5.rc4.i686.rpm samba4-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-60.el6_5.rc4.i686.rpm samba4-python-4.0.0-60.el6_5.rc4.i686.rpm samba4-swat-4.0.0-60.el6_5.rc4.i686.rpm samba4-test-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.i686.rpm ppc64: samba4-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-client-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-common-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-dc-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-devel-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-libs-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-pidl-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-python-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-swat-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-test-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-winbind-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.ppc64.rpm s390x: samba4-4.0.0-60.el6_5.rc4.s390x.rpm samba4-client-4.0.0-60.el6_5.rc4.s390x.rpm samba4-common-4.0.0-60.el6_5.rc4.s390x.rpm samba4-dc-4.0.0-60.el6_5.rc4.s390x.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.s390x.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.s390x.rpm samba4-devel-4.0.0-60.el6_5.rc4.s390x.rpm samba4-libs-4.0.0-60.el6_5.rc4.s390x.rpm samba4-pidl-4.0.0-60.el6_5.rc4.s390x.rpm samba4-python-4.0.0-60.el6_5.rc4.s390x.rpm samba4-swat-4.0.0-60.el6_5.rc4.s390x.rpm samba4-test-4.0.0-60.el6_5.rc4.s390x.rpm samba4-winbind-4.0.0-60.el6_5.rc4.s390x.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.s390x.rpm x86_64: samba4-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba4-4.0.0-60.el6_5.rc4.src.rpm i386: samba4-4.0.0-60.el6_5.rc4.i686.rpm samba4-client-4.0.0-60.el6_5.rc4.i686.rpm samba4-common-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-4.0.0-60.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.i686.rpm samba4-devel-4.0.0-60.el6_5.rc4.i686.rpm samba4-libs-4.0.0-60.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-60.el6_5.rc4.i686.rpm samba4-python-4.0.0-60.el6_5.rc4.i686.rpm samba4-swat-4.0.0-60.el6_5.rc4.i686.rpm samba4-test-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4408.html https://access.redhat.com/security/updates/classification/#important http://www.samba.org/samba/security/CVE-2013-4408 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSpl97XlSAg2UNWIIRAraMAJ9QDJ6G3/HEWa7MZrt6ZMjg6dFAcACfZJQs 7KQUkm1BLNvcfvag553nKnE= =6MHF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 10 00:27:29 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Dec 2013 00:27:29 +0000 Subject: [RHSA-2013:1806-01] Important: samba and samba3x security update Message-ID: <201312100027.rBA0RTvf028747@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba and samba3x security update Advisory ID: RHSA-2013:1806-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1806.html Issue date: 2013-12-09 CVE Names: CVE-2013-4408 CVE-2013-4475 ===================================================================== 1. Summary: Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1018032 - CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check 1024542 - CVE-2013-4475 samba: no access check verification on stream files 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.6.6-0.138.el5_10.src.rpm i386: samba3x-3.6.6-0.138.el5_10.i386.rpm samba3x-client-3.6.6-0.138.el5_10.i386.rpm samba3x-common-3.6.6-0.138.el5_10.i386.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-doc-3.6.6-0.138.el5_10.i386.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.i386.rpm samba3x-swat-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-3.6.6-0.138.el5_10.i386.rpm x86_64: samba3x-3.6.6-0.138.el5_10.x86_64.rpm samba3x-client-3.6.6-0.138.el5_10.x86_64.rpm samba3x-common-3.6.6-0.138.el5_10.x86_64.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.x86_64.rpm samba3x-doc-3.6.6-0.138.el5_10.x86_64.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.x86_64.rpm samba3x-swat-3.6.6-0.138.el5_10.x86_64.rpm samba3x-winbind-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-3.6.6-0.138.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.6.6-0.138.el5_10.src.rpm i386: samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.i386.rpm x86_64: samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.x86_64.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.6.6-0.138.el5_10.src.rpm i386: samba3x-3.6.6-0.138.el5_10.i386.rpm samba3x-client-3.6.6-0.138.el5_10.i386.rpm samba3x-common-3.6.6-0.138.el5_10.i386.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-doc-3.6.6-0.138.el5_10.i386.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.i386.rpm samba3x-swat-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.i386.rpm ia64: samba3x-3.6.6-0.138.el5_10.ia64.rpm samba3x-client-3.6.6-0.138.el5_10.ia64.rpm samba3x-common-3.6.6-0.138.el5_10.ia64.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.ia64.rpm samba3x-doc-3.6.6-0.138.el5_10.ia64.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.ia64.rpm samba3x-swat-3.6.6-0.138.el5_10.ia64.rpm samba3x-winbind-3.6.6-0.138.el5_10.ia64.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.ia64.rpm ppc: samba3x-3.6.6-0.138.el5_10.ppc.rpm samba3x-client-3.6.6-0.138.el5_10.ppc.rpm samba3x-common-3.6.6-0.138.el5_10.ppc.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.ppc.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.ppc64.rpm samba3x-doc-3.6.6-0.138.el5_10.ppc.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.ppc.rpm samba3x-swat-3.6.6-0.138.el5_10.ppc.rpm samba3x-winbind-3.6.6-0.138.el5_10.ppc.rpm samba3x-winbind-3.6.6-0.138.el5_10.ppc64.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.ppc.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.ppc64.rpm s390x: samba3x-3.6.6-0.138.el5_10.s390x.rpm samba3x-client-3.6.6-0.138.el5_10.s390x.rpm samba3x-common-3.6.6-0.138.el5_10.s390x.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.s390.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.s390x.rpm samba3x-doc-3.6.6-0.138.el5_10.s390x.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.s390x.rpm samba3x-swat-3.6.6-0.138.el5_10.s390x.rpm samba3x-winbind-3.6.6-0.138.el5_10.s390.rpm samba3x-winbind-3.6.6-0.138.el5_10.s390x.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.s390.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.s390x.rpm x86_64: samba3x-3.6.6-0.138.el5_10.x86_64.rpm samba3x-client-3.6.6-0.138.el5_10.x86_64.rpm samba3x-common-3.6.6-0.138.el5_10.x86_64.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.i386.rpm samba3x-debuginfo-3.6.6-0.138.el5_10.x86_64.rpm samba3x-doc-3.6.6-0.138.el5_10.x86_64.rpm samba3x-domainjoin-gui-3.6.6-0.138.el5_10.x86_64.rpm samba3x-swat-3.6.6-0.138.el5_10.x86_64.rpm samba3x-winbind-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-3.6.6-0.138.el5_10.x86_64.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.i386.rpm samba3x-winbind-devel-3.6.6-0.138.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-3.6.9-167.el6_5.i686.rpm samba-client-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-winbind-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm x86_64: libsmbclient-3.6.9-167.el6_5.i686.rpm libsmbclient-3.6.9-167.el6_5.x86_64.rpm samba-client-3.6.9-167.el6_5.x86_64.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-winbind-3.6.9-167.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm samba-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-doc-3.6.9-167.el6_5.i686.rpm samba-domainjoin-gui-3.6.9-167.el6_5.i686.rpm samba-swat-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.i686.rpm x86_64: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm libsmbclient-devel-3.6.9-167.el6_5.x86_64.rpm samba-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-doc-3.6.9-167.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-167.el6_5.x86_64.rpm samba-swat-3.6.9-167.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm x86_64: samba-client-3.6.9-167.el6_5.x86_64.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-winbind-3.6.9-167.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm x86_64: libsmbclient-3.6.9-167.el6_5.i686.rpm libsmbclient-3.6.9-167.el6_5.x86_64.rpm libsmbclient-devel-3.6.9-167.el6_5.i686.rpm libsmbclient-devel-3.6.9-167.el6_5.x86_64.rpm samba-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-doc-3.6.9-167.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-167.el6_5.x86_64.rpm samba-swat-3.6.9-167.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-3.6.9-167.el6_5.i686.rpm samba-3.6.9-167.el6_5.i686.rpm samba-client-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-winbind-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm ppc64: libsmbclient-3.6.9-167.el6_5.ppc.rpm libsmbclient-3.6.9-167.el6_5.ppc64.rpm samba-3.6.9-167.el6_5.ppc64.rpm samba-client-3.6.9-167.el6_5.ppc64.rpm samba-common-3.6.9-167.el6_5.ppc.rpm samba-common-3.6.9-167.el6_5.ppc64.rpm samba-debuginfo-3.6.9-167.el6_5.ppc.rpm samba-debuginfo-3.6.9-167.el6_5.ppc64.rpm samba-winbind-3.6.9-167.el6_5.ppc64.rpm samba-winbind-clients-3.6.9-167.el6_5.ppc.rpm samba-winbind-clients-3.6.9-167.el6_5.ppc64.rpm s390x: libsmbclient-3.6.9-167.el6_5.s390.rpm libsmbclient-3.6.9-167.el6_5.s390x.rpm samba-3.6.9-167.el6_5.s390x.rpm samba-client-3.6.9-167.el6_5.s390x.rpm samba-common-3.6.9-167.el6_5.s390.rpm samba-common-3.6.9-167.el6_5.s390x.rpm samba-debuginfo-3.6.9-167.el6_5.s390.rpm samba-debuginfo-3.6.9-167.el6_5.s390x.rpm samba-winbind-3.6.9-167.el6_5.s390x.rpm samba-winbind-clients-3.6.9-167.el6_5.s390.rpm samba-winbind-clients-3.6.9-167.el6_5.s390x.rpm x86_64: libsmbclient-3.6.9-167.el6_5.i686.rpm libsmbclient-3.6.9-167.el6_5.x86_64.rpm samba-3.6.9-167.el6_5.x86_64.rpm samba-client-3.6.9-167.el6_5.x86_64.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-winbind-3.6.9-167.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-doc-3.6.9-167.el6_5.i686.rpm samba-domainjoin-gui-3.6.9-167.el6_5.i686.rpm samba-swat-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.i686.rpm ppc64: libsmbclient-devel-3.6.9-167.el6_5.ppc.rpm libsmbclient-devel-3.6.9-167.el6_5.ppc64.rpm samba-debuginfo-3.6.9-167.el6_5.ppc.rpm samba-debuginfo-3.6.9-167.el6_5.ppc64.rpm samba-doc-3.6.9-167.el6_5.ppc64.rpm samba-domainjoin-gui-3.6.9-167.el6_5.ppc64.rpm samba-swat-3.6.9-167.el6_5.ppc64.rpm samba-winbind-devel-3.6.9-167.el6_5.ppc.rpm samba-winbind-devel-3.6.9-167.el6_5.ppc64.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.ppc64.rpm s390x: libsmbclient-devel-3.6.9-167.el6_5.s390.rpm libsmbclient-devel-3.6.9-167.el6_5.s390x.rpm samba-debuginfo-3.6.9-167.el6_5.s390.rpm samba-debuginfo-3.6.9-167.el6_5.s390x.rpm samba-doc-3.6.9-167.el6_5.s390x.rpm samba-domainjoin-gui-3.6.9-167.el6_5.s390x.rpm samba-swat-3.6.9-167.el6_5.s390x.rpm samba-winbind-devel-3.6.9-167.el6_5.s390.rpm samba-winbind-devel-3.6.9-167.el6_5.s390x.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.s390x.rpm x86_64: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm libsmbclient-devel-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-doc-3.6.9-167.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-167.el6_5.x86_64.rpm samba-swat-3.6.9-167.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-3.6.9-167.el6_5.i686.rpm samba-3.6.9-167.el6_5.i686.rpm samba-client-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-winbind-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm x86_64: libsmbclient-3.6.9-167.el6_5.i686.rpm libsmbclient-3.6.9-167.el6_5.x86_64.rpm samba-3.6.9-167.el6_5.x86_64.rpm samba-client-3.6.9-167.el6_5.x86_64.rpm samba-common-3.6.9-167.el6_5.i686.rpm samba-common-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-winbind-3.6.9-167.el6_5.x86_64.rpm samba-winbind-clients-3.6.9-167.el6_5.i686.rpm samba-winbind-clients-3.6.9-167.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.6.9-167.el6_5.src.rpm i386: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-doc-3.6.9-167.el6_5.i686.rpm samba-domainjoin-gui-3.6.9-167.el6_5.i686.rpm samba-swat-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.i686.rpm x86_64: libsmbclient-devel-3.6.9-167.el6_5.i686.rpm libsmbclient-devel-3.6.9-167.el6_5.x86_64.rpm samba-debuginfo-3.6.9-167.el6_5.i686.rpm samba-debuginfo-3.6.9-167.el6_5.x86_64.rpm samba-doc-3.6.9-167.el6_5.x86_64.rpm samba-domainjoin-gui-3.6.9-167.el6_5.x86_64.rpm samba-swat-3.6.9-167.el6_5.x86_64.rpm samba-winbind-devel-3.6.9-167.el6_5.i686.rpm samba-winbind-devel-3.6.9-167.el6_5.x86_64.rpm samba-winbind-krb5-locator-3.6.9-167.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4408.html https://www.redhat.com/security/data/cve/CVE-2013-4475.html https://access.redhat.com/security/updates/classification/#important http://www.samba.org/samba/security/CVE-2013-4408 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSpl+9XlSAg2UNWIIRAntpAJ4vPhfKGwIUTApbnDgnn4y7MpK12ACdF7YK ZnGtmuSkcKrvL/Du9IvuMnY= =W1Zo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 05:36:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 05:36:35 +0000 Subject: [RHSA-2013:1812-01] Critical: firefox security update Message-ID: <201312110532.rBB5WhoG019372@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:1812-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1812.html Issue date: 2013-12-11 CVE Names: CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039417 - CVE-2013-5609 Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) 1039420 - CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106) 1039421 - CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107) 1039422 - CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108) 1039423 - CVE-2013-5618 Mozilla: Use-after-free during Table Editing (MFSA 2013-109) 1039426 - CVE-2013-6671 Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111) 1039429 - CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-24.2.0-1.el5_10.src.rpm i386: firefox-24.2.0-1.el5_10.i386.rpm firefox-debuginfo-24.2.0-1.el5_10.i386.rpm x86_64: firefox-24.2.0-1.el5_10.i386.rpm firefox-24.2.0-1.el5_10.x86_64.rpm firefox-debuginfo-24.2.0-1.el5_10.i386.rpm firefox-debuginfo-24.2.0-1.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-24.2.0-1.el5_10.src.rpm i386: firefox-24.2.0-1.el5_10.i386.rpm firefox-debuginfo-24.2.0-1.el5_10.i386.rpm ia64: firefox-24.2.0-1.el5_10.ia64.rpm firefox-debuginfo-24.2.0-1.el5_10.ia64.rpm ppc: firefox-24.2.0-1.el5_10.ppc.rpm firefox-debuginfo-24.2.0-1.el5_10.ppc.rpm s390x: firefox-24.2.0-1.el5_10.s390.rpm firefox-24.2.0-1.el5_10.s390x.rpm firefox-debuginfo-24.2.0-1.el5_10.s390.rpm firefox-debuginfo-24.2.0-1.el5_10.s390x.rpm x86_64: firefox-24.2.0-1.el5_10.i386.rpm firefox-24.2.0-1.el5_10.x86_64.rpm firefox-debuginfo-24.2.0-1.el5_10.i386.rpm firefox-debuginfo-24.2.0-1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-24.2.0-1.el6_5.src.rpm i386: firefox-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm x86_64: firefox-24.2.0-1.el6_5.i686.rpm firefox-24.2.0-1.el6_5.x86_64.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-24.2.0-1.el6_5.src.rpm x86_64: firefox-24.2.0-1.el6_5.i686.rpm firefox-24.2.0-1.el6_5.x86_64.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-24.2.0-1.el6_5.src.rpm i386: firefox-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm ppc64: firefox-24.2.0-1.el6_5.ppc.rpm firefox-24.2.0-1.el6_5.ppc64.rpm firefox-debuginfo-24.2.0-1.el6_5.ppc.rpm firefox-debuginfo-24.2.0-1.el6_5.ppc64.rpm s390x: firefox-24.2.0-1.el6_5.s390.rpm firefox-24.2.0-1.el6_5.s390x.rpm firefox-debuginfo-24.2.0-1.el6_5.s390.rpm firefox-debuginfo-24.2.0-1.el6_5.s390x.rpm x86_64: firefox-24.2.0-1.el6_5.i686.rpm firefox-24.2.0-1.el6_5.x86_64.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-24.2.0-1.el6_5.src.rpm i386: firefox-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm x86_64: firefox-24.2.0-1.el6_5.i686.rpm firefox-24.2.0-1.el6_5.x86_64.rpm firefox-debuginfo-24.2.0-1.el6_5.i686.rpm firefox-debuginfo-24.2.0-1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5609.html https://www.redhat.com/security/data/cve/CVE-2013-5612.html https://www.redhat.com/security/data/cve/CVE-2013-5613.html https://www.redhat.com/security/data/cve/CVE-2013-5614.html https://www.redhat.com/security/data/cve/CVE-2013-5616.html https://www.redhat.com/security/data/cve/CVE-2013-5618.html https://www.redhat.com/security/data/cve/CVE-2013-6671.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/izXlSAg2UNWIIRAugaAJ4lymQu8kCSOPdpYAz1SPvv3p+iegCfbubu BwNjWgdqMa9q9zKrkWGcpQ0= =lj49 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 05:37:42 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 05:37:42 +0000 Subject: [RHSA-2013:1813-01] Critical: php53 and php security update Message-ID: <201312110533.rBB5Xo5F019538@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 and php security update Advisory ID: RHSA-2013:1813-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1813.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-22.el5_10.src.rpm i386: php53-5.3.3-22.el5_10.i386.rpm php53-bcmath-5.3.3-22.el5_10.i386.rpm php53-cli-5.3.3-22.el5_10.i386.rpm php53-common-5.3.3-22.el5_10.i386.rpm php53-dba-5.3.3-22.el5_10.i386.rpm php53-debuginfo-5.3.3-22.el5_10.i386.rpm php53-devel-5.3.3-22.el5_10.i386.rpm php53-gd-5.3.3-22.el5_10.i386.rpm php53-imap-5.3.3-22.el5_10.i386.rpm php53-intl-5.3.3-22.el5_10.i386.rpm php53-ldap-5.3.3-22.el5_10.i386.rpm php53-mbstring-5.3.3-22.el5_10.i386.rpm php53-mysql-5.3.3-22.el5_10.i386.rpm php53-odbc-5.3.3-22.el5_10.i386.rpm php53-pdo-5.3.3-22.el5_10.i386.rpm php53-pgsql-5.3.3-22.el5_10.i386.rpm php53-process-5.3.3-22.el5_10.i386.rpm php53-pspell-5.3.3-22.el5_10.i386.rpm php53-snmp-5.3.3-22.el5_10.i386.rpm php53-soap-5.3.3-22.el5_10.i386.rpm php53-xml-5.3.3-22.el5_10.i386.rpm php53-xmlrpc-5.3.3-22.el5_10.i386.rpm ia64: php53-5.3.3-22.el5_10.ia64.rpm php53-bcmath-5.3.3-22.el5_10.ia64.rpm php53-cli-5.3.3-22.el5_10.ia64.rpm php53-common-5.3.3-22.el5_10.ia64.rpm php53-dba-5.3.3-22.el5_10.ia64.rpm php53-debuginfo-5.3.3-22.el5_10.ia64.rpm php53-devel-5.3.3-22.el5_10.ia64.rpm php53-gd-5.3.3-22.el5_10.ia64.rpm php53-imap-5.3.3-22.el5_10.ia64.rpm php53-intl-5.3.3-22.el5_10.ia64.rpm php53-ldap-5.3.3-22.el5_10.ia64.rpm php53-mbstring-5.3.3-22.el5_10.ia64.rpm php53-mysql-5.3.3-22.el5_10.ia64.rpm php53-odbc-5.3.3-22.el5_10.ia64.rpm php53-pdo-5.3.3-22.el5_10.ia64.rpm php53-pgsql-5.3.3-22.el5_10.ia64.rpm php53-process-5.3.3-22.el5_10.ia64.rpm php53-pspell-5.3.3-22.el5_10.ia64.rpm php53-snmp-5.3.3-22.el5_10.ia64.rpm php53-soap-5.3.3-22.el5_10.ia64.rpm php53-xml-5.3.3-22.el5_10.ia64.rpm php53-xmlrpc-5.3.3-22.el5_10.ia64.rpm ppc: php53-5.3.3-22.el5_10.ppc.rpm php53-bcmath-5.3.3-22.el5_10.ppc.rpm php53-cli-5.3.3-22.el5_10.ppc.rpm php53-common-5.3.3-22.el5_10.ppc.rpm php53-dba-5.3.3-22.el5_10.ppc.rpm php53-debuginfo-5.3.3-22.el5_10.ppc.rpm php53-devel-5.3.3-22.el5_10.ppc.rpm php53-gd-5.3.3-22.el5_10.ppc.rpm php53-imap-5.3.3-22.el5_10.ppc.rpm php53-intl-5.3.3-22.el5_10.ppc.rpm php53-ldap-5.3.3-22.el5_10.ppc.rpm php53-mbstring-5.3.3-22.el5_10.ppc.rpm php53-mysql-5.3.3-22.el5_10.ppc.rpm php53-odbc-5.3.3-22.el5_10.ppc.rpm php53-pdo-5.3.3-22.el5_10.ppc.rpm php53-pgsql-5.3.3-22.el5_10.ppc.rpm php53-process-5.3.3-22.el5_10.ppc.rpm php53-pspell-5.3.3-22.el5_10.ppc.rpm php53-snmp-5.3.3-22.el5_10.ppc.rpm php53-soap-5.3.3-22.el5_10.ppc.rpm php53-xml-5.3.3-22.el5_10.ppc.rpm php53-xmlrpc-5.3.3-22.el5_10.ppc.rpm s390x: php53-5.3.3-22.el5_10.s390x.rpm php53-bcmath-5.3.3-22.el5_10.s390x.rpm php53-cli-5.3.3-22.el5_10.s390x.rpm php53-common-5.3.3-22.el5_10.s390x.rpm php53-dba-5.3.3-22.el5_10.s390x.rpm php53-debuginfo-5.3.3-22.el5_10.s390x.rpm php53-devel-5.3.3-22.el5_10.s390x.rpm php53-gd-5.3.3-22.el5_10.s390x.rpm php53-imap-5.3.3-22.el5_10.s390x.rpm php53-intl-5.3.3-22.el5_10.s390x.rpm php53-ldap-5.3.3-22.el5_10.s390x.rpm php53-mbstring-5.3.3-22.el5_10.s390x.rpm php53-mysql-5.3.3-22.el5_10.s390x.rpm php53-odbc-5.3.3-22.el5_10.s390x.rpm php53-pdo-5.3.3-22.el5_10.s390x.rpm php53-pgsql-5.3.3-22.el5_10.s390x.rpm php53-process-5.3.3-22.el5_10.s390x.rpm php53-pspell-5.3.3-22.el5_10.s390x.rpm php53-snmp-5.3.3-22.el5_10.s390x.rpm php53-soap-5.3.3-22.el5_10.s390x.rpm php53-xml-5.3.3-22.el5_10.s390x.rpm php53-xmlrpc-5.3.3-22.el5_10.s390x.rpm x86_64: php53-5.3.3-22.el5_10.x86_64.rpm php53-bcmath-5.3.3-22.el5_10.x86_64.rpm php53-cli-5.3.3-22.el5_10.x86_64.rpm php53-common-5.3.3-22.el5_10.x86_64.rpm php53-dba-5.3.3-22.el5_10.x86_64.rpm php53-debuginfo-5.3.3-22.el5_10.x86_64.rpm php53-devel-5.3.3-22.el5_10.x86_64.rpm php53-gd-5.3.3-22.el5_10.x86_64.rpm php53-imap-5.3.3-22.el5_10.x86_64.rpm php53-intl-5.3.3-22.el5_10.x86_64.rpm php53-ldap-5.3.3-22.el5_10.x86_64.rpm php53-mbstring-5.3.3-22.el5_10.x86_64.rpm php53-mysql-5.3.3-22.el5_10.x86_64.rpm php53-odbc-5.3.3-22.el5_10.x86_64.rpm php53-pdo-5.3.3-22.el5_10.x86_64.rpm php53-pgsql-5.3.3-22.el5_10.x86_64.rpm php53-process-5.3.3-22.el5_10.x86_64.rpm php53-pspell-5.3.3-22.el5_10.x86_64.rpm php53-snmp-5.3.3-22.el5_10.x86_64.rpm php53-soap-5.3.3-22.el5_10.x86_64.rpm php53-xml-5.3.3-22.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-22.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-bcmath-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm ppc64: php-5.3.3-27.el6_5.ppc64.rpm php-cli-5.3.3-27.el6_5.ppc64.rpm php-common-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-gd-5.3.3-27.el6_5.ppc64.rpm php-ldap-5.3.3-27.el6_5.ppc64.rpm php-mysql-5.3.3-27.el6_5.ppc64.rpm php-odbc-5.3.3-27.el6_5.ppc64.rpm php-pdo-5.3.3-27.el6_5.ppc64.rpm php-pgsql-5.3.3-27.el6_5.ppc64.rpm php-soap-5.3.3-27.el6_5.ppc64.rpm php-xml-5.3.3-27.el6_5.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.ppc64.rpm s390x: php-5.3.3-27.el6_5.s390x.rpm php-cli-5.3.3-27.el6_5.s390x.rpm php-common-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-gd-5.3.3-27.el6_5.s390x.rpm php-ldap-5.3.3-27.el6_5.s390x.rpm php-mysql-5.3.3-27.el6_5.s390x.rpm php-odbc-5.3.3-27.el6_5.s390x.rpm php-pdo-5.3.3-27.el6_5.s390x.rpm php-pgsql-5.3.3-27.el6_5.s390x.rpm php-soap-5.3.3-27.el6_5.s390x.rpm php-xml-5.3.3-27.el6_5.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.s390x.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.ppc64.rpm php-dba-5.3.3-27.el6_5.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.ppc64.rpm php-devel-5.3.3-27.el6_5.ppc64.rpm php-embedded-5.3.3-27.el6_5.ppc64.rpm php-enchant-5.3.3-27.el6_5.ppc64.rpm php-fpm-5.3.3-27.el6_5.ppc64.rpm php-imap-5.3.3-27.el6_5.ppc64.rpm php-intl-5.3.3-27.el6_5.ppc64.rpm php-mbstring-5.3.3-27.el6_5.ppc64.rpm php-process-5.3.3-27.el6_5.ppc64.rpm php-pspell-5.3.3-27.el6_5.ppc64.rpm php-recode-5.3.3-27.el6_5.ppc64.rpm php-snmp-5.3.3-27.el6_5.ppc64.rpm php-tidy-5.3.3-27.el6_5.ppc64.rpm php-zts-5.3.3-27.el6_5.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.s390x.rpm php-dba-5.3.3-27.el6_5.s390x.rpm php-debuginfo-5.3.3-27.el6_5.s390x.rpm php-devel-5.3.3-27.el6_5.s390x.rpm php-embedded-5.3.3-27.el6_5.s390x.rpm php-enchant-5.3.3-27.el6_5.s390x.rpm php-fpm-5.3.3-27.el6_5.s390x.rpm php-imap-5.3.3-27.el6_5.s390x.rpm php-intl-5.3.3-27.el6_5.s390x.rpm php-mbstring-5.3.3-27.el6_5.s390x.rpm php-process-5.3.3-27.el6_5.s390x.rpm php-pspell-5.3.3-27.el6_5.s390x.rpm php-recode-5.3.3-27.el6_5.s390x.rpm php-snmp-5.3.3-27.el6_5.s390x.rpm php-tidy-5.3.3-27.el6_5.s390x.rpm php-zts-5.3.3-27.el6_5.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-5.3.3-27.el6_5.i686.rpm php-cli-5.3.3-27.el6_5.i686.rpm php-common-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-gd-5.3.3-27.el6_5.i686.rpm php-ldap-5.3.3-27.el6_5.i686.rpm php-mysql-5.3.3-27.el6_5.i686.rpm php-odbc-5.3.3-27.el6_5.i686.rpm php-pdo-5.3.3-27.el6_5.i686.rpm php-pgsql-5.3.3-27.el6_5.i686.rpm php-soap-5.3.3-27.el6_5.i686.rpm php-xml-5.3.3-27.el6_5.i686.rpm php-xmlrpc-5.3.3-27.el6_5.i686.rpm x86_64: php-5.3.3-27.el6_5.x86_64.rpm php-cli-5.3.3-27.el6_5.x86_64.rpm php-common-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-gd-5.3.3-27.el6_5.x86_64.rpm php-ldap-5.3.3-27.el6_5.x86_64.rpm php-mysql-5.3.3-27.el6_5.x86_64.rpm php-odbc-5.3.3-27.el6_5.x86_64.rpm php-pdo-5.3.3-27.el6_5.x86_64.rpm php-pgsql-5.3.3-27.el6_5.x86_64.rpm php-soap-5.3.3-27.el6_5.x86_64.rpm php-xml-5.3.3-27.el6_5.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-27.el6_5.src.rpm i386: php-bcmath-5.3.3-27.el6_5.i686.rpm php-dba-5.3.3-27.el6_5.i686.rpm php-debuginfo-5.3.3-27.el6_5.i686.rpm php-devel-5.3.3-27.el6_5.i686.rpm php-embedded-5.3.3-27.el6_5.i686.rpm php-enchant-5.3.3-27.el6_5.i686.rpm php-fpm-5.3.3-27.el6_5.i686.rpm php-imap-5.3.3-27.el6_5.i686.rpm php-intl-5.3.3-27.el6_5.i686.rpm php-mbstring-5.3.3-27.el6_5.i686.rpm php-process-5.3.3-27.el6_5.i686.rpm php-pspell-5.3.3-27.el6_5.i686.rpm php-recode-5.3.3-27.el6_5.i686.rpm php-snmp-5.3.3-27.el6_5.i686.rpm php-tidy-5.3.3-27.el6_5.i686.rpm php-zts-5.3.3-27.el6_5.i686.rpm x86_64: php-bcmath-5.3.3-27.el6_5.x86_64.rpm php-dba-5.3.3-27.el6_5.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.x86_64.rpm php-devel-5.3.3-27.el6_5.x86_64.rpm php-embedded-5.3.3-27.el6_5.x86_64.rpm php-enchant-5.3.3-27.el6_5.x86_64.rpm php-fpm-5.3.3-27.el6_5.x86_64.rpm php-imap-5.3.3-27.el6_5.x86_64.rpm php-intl-5.3.3-27.el6_5.x86_64.rpm php-mbstring-5.3.3-27.el6_5.x86_64.rpm php-process-5.3.3-27.el6_5.x86_64.rpm php-pspell-5.3.3-27.el6_5.x86_64.rpm php-recode-5.3.3-27.el6_5.x86_64.rpm php-snmp-5.3.3-27.el6_5.x86_64.rpm php-tidy-5.3.3-27.el6_5.x86_64.rpm php-zts-5.3.3-27.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/kuXlSAg2UNWIIRAsN9AJsFWuIF8JEVoF1Y/goPkg1yI/+3IACePCiV 2CQU+cEMP+4u5wqoYxKwBKs= =Wg9C -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 05:38:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 05:38:14 +0000 Subject: [RHSA-2013:1814-01] Critical: php security update Message-ID: <201312110534.rBB5YMIt024520@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1814-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1814.html Issue date: 2013-12-11 CVE Names: CVE-2011-1398 CVE-2012-2688 CVE-2013-1643 CVE-2013-6420 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-43.el5_10.src.rpm i386: php-5.1.6-43.el5_10.i386.rpm php-bcmath-5.1.6-43.el5_10.i386.rpm php-cli-5.1.6-43.el5_10.i386.rpm php-common-5.1.6-43.el5_10.i386.rpm php-dba-5.1.6-43.el5_10.i386.rpm php-debuginfo-5.1.6-43.el5_10.i386.rpm php-devel-5.1.6-43.el5_10.i386.rpm php-gd-5.1.6-43.el5_10.i386.rpm php-imap-5.1.6-43.el5_10.i386.rpm php-ldap-5.1.6-43.el5_10.i386.rpm php-mbstring-5.1.6-43.el5_10.i386.rpm php-mysql-5.1.6-43.el5_10.i386.rpm php-ncurses-5.1.6-43.el5_10.i386.rpm php-odbc-5.1.6-43.el5_10.i386.rpm php-pdo-5.1.6-43.el5_10.i386.rpm php-pgsql-5.1.6-43.el5_10.i386.rpm php-snmp-5.1.6-43.el5_10.i386.rpm php-soap-5.1.6-43.el5_10.i386.rpm php-xml-5.1.6-43.el5_10.i386.rpm php-xmlrpc-5.1.6-43.el5_10.i386.rpm x86_64: php-5.1.6-43.el5_10.x86_64.rpm php-bcmath-5.1.6-43.el5_10.x86_64.rpm php-cli-5.1.6-43.el5_10.x86_64.rpm php-common-5.1.6-43.el5_10.x86_64.rpm php-dba-5.1.6-43.el5_10.x86_64.rpm php-debuginfo-5.1.6-43.el5_10.x86_64.rpm php-devel-5.1.6-43.el5_10.x86_64.rpm php-gd-5.1.6-43.el5_10.x86_64.rpm php-imap-5.1.6-43.el5_10.x86_64.rpm php-ldap-5.1.6-43.el5_10.x86_64.rpm php-mbstring-5.1.6-43.el5_10.x86_64.rpm php-mysql-5.1.6-43.el5_10.x86_64.rpm php-ncurses-5.1.6-43.el5_10.x86_64.rpm php-odbc-5.1.6-43.el5_10.x86_64.rpm php-pdo-5.1.6-43.el5_10.x86_64.rpm php-pgsql-5.1.6-43.el5_10.x86_64.rpm php-snmp-5.1.6-43.el5_10.x86_64.rpm php-soap-5.1.6-43.el5_10.x86_64.rpm php-xml-5.1.6-43.el5_10.x86_64.rpm php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-43.el5_10.src.rpm i386: php-5.1.6-43.el5_10.i386.rpm php-bcmath-5.1.6-43.el5_10.i386.rpm php-cli-5.1.6-43.el5_10.i386.rpm php-common-5.1.6-43.el5_10.i386.rpm php-dba-5.1.6-43.el5_10.i386.rpm php-debuginfo-5.1.6-43.el5_10.i386.rpm php-devel-5.1.6-43.el5_10.i386.rpm php-gd-5.1.6-43.el5_10.i386.rpm php-imap-5.1.6-43.el5_10.i386.rpm php-ldap-5.1.6-43.el5_10.i386.rpm php-mbstring-5.1.6-43.el5_10.i386.rpm php-mysql-5.1.6-43.el5_10.i386.rpm php-ncurses-5.1.6-43.el5_10.i386.rpm php-odbc-5.1.6-43.el5_10.i386.rpm php-pdo-5.1.6-43.el5_10.i386.rpm php-pgsql-5.1.6-43.el5_10.i386.rpm php-snmp-5.1.6-43.el5_10.i386.rpm php-soap-5.1.6-43.el5_10.i386.rpm php-xml-5.1.6-43.el5_10.i386.rpm php-xmlrpc-5.1.6-43.el5_10.i386.rpm ia64: php-5.1.6-43.el5_10.ia64.rpm php-bcmath-5.1.6-43.el5_10.ia64.rpm php-cli-5.1.6-43.el5_10.ia64.rpm php-common-5.1.6-43.el5_10.ia64.rpm php-dba-5.1.6-43.el5_10.ia64.rpm php-debuginfo-5.1.6-43.el5_10.ia64.rpm php-devel-5.1.6-43.el5_10.ia64.rpm php-gd-5.1.6-43.el5_10.ia64.rpm php-imap-5.1.6-43.el5_10.ia64.rpm php-ldap-5.1.6-43.el5_10.ia64.rpm php-mbstring-5.1.6-43.el5_10.ia64.rpm php-mysql-5.1.6-43.el5_10.ia64.rpm php-ncurses-5.1.6-43.el5_10.ia64.rpm php-odbc-5.1.6-43.el5_10.ia64.rpm php-pdo-5.1.6-43.el5_10.ia64.rpm php-pgsql-5.1.6-43.el5_10.ia64.rpm php-snmp-5.1.6-43.el5_10.ia64.rpm php-soap-5.1.6-43.el5_10.ia64.rpm php-xml-5.1.6-43.el5_10.ia64.rpm php-xmlrpc-5.1.6-43.el5_10.ia64.rpm ppc: php-5.1.6-43.el5_10.ppc.rpm php-bcmath-5.1.6-43.el5_10.ppc.rpm php-cli-5.1.6-43.el5_10.ppc.rpm php-common-5.1.6-43.el5_10.ppc.rpm php-dba-5.1.6-43.el5_10.ppc.rpm php-debuginfo-5.1.6-43.el5_10.ppc.rpm php-devel-5.1.6-43.el5_10.ppc.rpm php-gd-5.1.6-43.el5_10.ppc.rpm php-imap-5.1.6-43.el5_10.ppc.rpm php-ldap-5.1.6-43.el5_10.ppc.rpm php-mbstring-5.1.6-43.el5_10.ppc.rpm php-mysql-5.1.6-43.el5_10.ppc.rpm php-ncurses-5.1.6-43.el5_10.ppc.rpm php-odbc-5.1.6-43.el5_10.ppc.rpm php-pdo-5.1.6-43.el5_10.ppc.rpm php-pgsql-5.1.6-43.el5_10.ppc.rpm php-snmp-5.1.6-43.el5_10.ppc.rpm php-soap-5.1.6-43.el5_10.ppc.rpm php-xml-5.1.6-43.el5_10.ppc.rpm php-xmlrpc-5.1.6-43.el5_10.ppc.rpm s390x: php-5.1.6-43.el5_10.s390x.rpm php-bcmath-5.1.6-43.el5_10.s390x.rpm php-cli-5.1.6-43.el5_10.s390x.rpm php-common-5.1.6-43.el5_10.s390x.rpm php-dba-5.1.6-43.el5_10.s390x.rpm php-debuginfo-5.1.6-43.el5_10.s390x.rpm php-devel-5.1.6-43.el5_10.s390x.rpm php-gd-5.1.6-43.el5_10.s390x.rpm php-imap-5.1.6-43.el5_10.s390x.rpm php-ldap-5.1.6-43.el5_10.s390x.rpm php-mbstring-5.1.6-43.el5_10.s390x.rpm php-mysql-5.1.6-43.el5_10.s390x.rpm php-ncurses-5.1.6-43.el5_10.s390x.rpm php-odbc-5.1.6-43.el5_10.s390x.rpm php-pdo-5.1.6-43.el5_10.s390x.rpm php-pgsql-5.1.6-43.el5_10.s390x.rpm php-snmp-5.1.6-43.el5_10.s390x.rpm php-soap-5.1.6-43.el5_10.s390x.rpm php-xml-5.1.6-43.el5_10.s390x.rpm php-xmlrpc-5.1.6-43.el5_10.s390x.rpm x86_64: php-5.1.6-43.el5_10.x86_64.rpm php-bcmath-5.1.6-43.el5_10.x86_64.rpm php-cli-5.1.6-43.el5_10.x86_64.rpm php-common-5.1.6-43.el5_10.x86_64.rpm php-dba-5.1.6-43.el5_10.x86_64.rpm php-debuginfo-5.1.6-43.el5_10.x86_64.rpm php-devel-5.1.6-43.el5_10.x86_64.rpm php-gd-5.1.6-43.el5_10.x86_64.rpm php-imap-5.1.6-43.el5_10.x86_64.rpm php-ldap-5.1.6-43.el5_10.x86_64.rpm php-mbstring-5.1.6-43.el5_10.x86_64.rpm php-mysql-5.1.6-43.el5_10.x86_64.rpm php-ncurses-5.1.6-43.el5_10.x86_64.rpm php-odbc-5.1.6-43.el5_10.x86_64.rpm php-pdo-5.1.6-43.el5_10.x86_64.rpm php-pgsql-5.1.6-43.el5_10.x86_64.rpm php-snmp-5.1.6-43.el5_10.x86_64.rpm php-soap-5.1.6-43.el5_10.x86_64.rpm php-xml-5.1.6-43.el5_10.x86_64.rpm php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1398.html https://www.redhat.com/security/data/cve/CVE-2012-2688.html https://www.redhat.com/security/data/cve/CVE-2013-1643.html https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/lUXlSAg2UNWIIRAg3qAKCLrXnldIIb+gT/ejo0mArGTwf5/wCeKWU6 7KTGqsotCnj/o6YIFWGea9k= =hKGM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 09:26:10 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 09:26:10 +0000 Subject: [RHSA-2013:1818-01] Critical: flash-plugin security update Message-ID: <201312110922.rBB9MIVS027673@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1818-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1818.html Issue date: 2013-12-11 CVE Names: CVE-2013-5331 CVE-2013-5332 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-5331, CVE-2013-5332) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.332. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1040185 - CVE-2013-5331 CVE-2013-5332 flash-plugin: multiple code execution flaws (APSB13-28) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.332-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.332-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.332-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.332-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.332-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.332-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.332-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.332-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.332-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.332-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5331.html https://www.redhat.com/security/data/cve/CVE-2013-5332.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb13-28.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqC7DXlSAg2UNWIIRApzcAJ4ig90zjF7UGfFZoMkZJk0g/fnfKgCgj9QY SsamXBrZw/FLphazKM9ncZ8= =+nu5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 17:33:19 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 17:33:19 +0000 Subject: [RHSA-2013:1823-01] Important: thunderbird security update Message-ID: <201312111729.rBBHTWMb032316@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2013:1823-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1823.html Issue date: 2013-12-11 CVE Names: CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.2.0 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039417 - CVE-2013-5609 Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) 1039420 - CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106) 1039421 - CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107) 1039422 - CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108) 1039423 - CVE-2013-5618 Mozilla: Use-after-free during Table Editing (MFSA 2013-109) 1039426 - CVE-2013-6671 Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111) 1039429 - CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-24.2.0-2.el5_10.src.rpm i386: thunderbird-24.2.0-2.el5_10.i386.rpm thunderbird-debuginfo-24.2.0-2.el5_10.i386.rpm x86_64: thunderbird-24.2.0-2.el5_10.x86_64.rpm thunderbird-debuginfo-24.2.0-2.el5_10.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-24.2.0-2.el5_10.src.rpm i386: thunderbird-24.2.0-2.el5_10.i386.rpm thunderbird-debuginfo-24.2.0-2.el5_10.i386.rpm x86_64: thunderbird-24.2.0-2.el5_10.x86_64.rpm thunderbird-debuginfo-24.2.0-2.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-24.2.0-1.el6_5.src.rpm i386: thunderbird-24.2.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.2.0-1.el6_5.i686.rpm x86_64: thunderbird-24.2.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.2.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-24.2.0-1.el6_5.src.rpm i386: thunderbird-24.2.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.2.0-1.el6_5.i686.rpm ppc64: thunderbird-24.2.0-1.el6_5.ppc64.rpm thunderbird-debuginfo-24.2.0-1.el6_5.ppc64.rpm s390x: thunderbird-24.2.0-1.el6_5.s390x.rpm thunderbird-debuginfo-24.2.0-1.el6_5.s390x.rpm x86_64: thunderbird-24.2.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.2.0-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-24.2.0-1.el6_5.src.rpm i386: thunderbird-24.2.0-1.el6_5.i686.rpm thunderbird-debuginfo-24.2.0-1.el6_5.i686.rpm x86_64: thunderbird-24.2.0-1.el6_5.x86_64.rpm thunderbird-debuginfo-24.2.0-1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5609.html https://www.redhat.com/security/data/cve/CVE-2013-5612.html https://www.redhat.com/security/data/cve/CVE-2013-5613.html https://www.redhat.com/security/data/cve/CVE-2013-5614.html https://www.redhat.com/security/data/cve/CVE-2013-5616.html https://www.redhat.com/security/data/cve/CVE-2013-5618.html https://www.redhat.com/security/data/cve/CVE-2013-6671.html https://access.redhat.com/security/updates/classification/#important http://www.mozilla.org/security/known-vulnerabilities/thunderbirdESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqKDaXlSAg2UNWIIRAjsPAJ0e66uAB37f0CUyIrW8dVMu+SEr0QCfccsA YMcpODpwM+5jKlUIKKT3fWQ= =YROo -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 17:41:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 17:41:59 +0000 Subject: [RHSA-2013:1824-01] Critical: php security update Message-ID: <201312111742.rBBHgAbx003673@babylon.pnq.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1824-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1824.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 5.9, 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: php-5.1.6-23.5.el5_3.src.rpm i386: php-5.1.6-23.5.el5_3.i386.rpm php-bcmath-5.1.6-23.5.el5_3.i386.rpm php-cli-5.1.6-23.5.el5_3.i386.rpm php-common-5.1.6-23.5.el5_3.i386.rpm php-dba-5.1.6-23.5.el5_3.i386.rpm php-debuginfo-5.1.6-23.5.el5_3.i386.rpm php-devel-5.1.6-23.5.el5_3.i386.rpm php-gd-5.1.6-23.5.el5_3.i386.rpm php-imap-5.1.6-23.5.el5_3.i386.rpm php-ldap-5.1.6-23.5.el5_3.i386.rpm php-mbstring-5.1.6-23.5.el5_3.i386.rpm php-mysql-5.1.6-23.5.el5_3.i386.rpm php-ncurses-5.1.6-23.5.el5_3.i386.rpm php-odbc-5.1.6-23.5.el5_3.i386.rpm php-pdo-5.1.6-23.5.el5_3.i386.rpm php-pgsql-5.1.6-23.5.el5_3.i386.rpm php-snmp-5.1.6-23.5.el5_3.i386.rpm php-soap-5.1.6-23.5.el5_3.i386.rpm php-xml-5.1.6-23.5.el5_3.i386.rpm php-xmlrpc-5.1.6-23.5.el5_3.i386.rpm ia64: php-5.1.6-23.5.el5_3.ia64.rpm php-bcmath-5.1.6-23.5.el5_3.ia64.rpm php-cli-5.1.6-23.5.el5_3.ia64.rpm php-common-5.1.6-23.5.el5_3.ia64.rpm php-dba-5.1.6-23.5.el5_3.ia64.rpm php-debuginfo-5.1.6-23.5.el5_3.ia64.rpm php-devel-5.1.6-23.5.el5_3.ia64.rpm php-gd-5.1.6-23.5.el5_3.ia64.rpm php-imap-5.1.6-23.5.el5_3.ia64.rpm php-ldap-5.1.6-23.5.el5_3.ia64.rpm php-mbstring-5.1.6-23.5.el5_3.ia64.rpm php-mysql-5.1.6-23.5.el5_3.ia64.rpm php-ncurses-5.1.6-23.5.el5_3.ia64.rpm php-odbc-5.1.6-23.5.el5_3.ia64.rpm php-pdo-5.1.6-23.5.el5_3.ia64.rpm php-pgsql-5.1.6-23.5.el5_3.ia64.rpm php-snmp-5.1.6-23.5.el5_3.ia64.rpm php-soap-5.1.6-23.5.el5_3.ia64.rpm php-xml-5.1.6-23.5.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.5.el5_3.ia64.rpm x86_64: php-5.1.6-23.5.el5_3.x86_64.rpm php-bcmath-5.1.6-23.5.el5_3.x86_64.rpm php-cli-5.1.6-23.5.el5_3.x86_64.rpm php-common-5.1.6-23.5.el5_3.x86_64.rpm php-dba-5.1.6-23.5.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.5.el5_3.x86_64.rpm php-devel-5.1.6-23.5.el5_3.x86_64.rpm php-gd-5.1.6-23.5.el5_3.x86_64.rpm php-imap-5.1.6-23.5.el5_3.x86_64.rpm php-ldap-5.1.6-23.5.el5_3.x86_64.rpm php-mbstring-5.1.6-23.5.el5_3.x86_64.rpm php-mysql-5.1.6-23.5.el5_3.x86_64.rpm php-ncurses-5.1.6-23.5.el5_3.x86_64.rpm php-odbc-5.1.6-23.5.el5_3.x86_64.rpm php-pdo-5.1.6-23.5.el5_3.x86_64.rpm php-pgsql-5.1.6-23.5.el5_3.x86_64.rpm php-snmp-5.1.6-23.5.el5_3.x86_64.rpm php-soap-5.1.6-23.5.el5_3.x86_64.rpm php-xml-5.1.6-23.5.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.5.el5_3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php-5.1.6-27.el5_6.6.src.rpm i386: php-5.1.6-27.el5_6.6.i386.rpm php-bcmath-5.1.6-27.el5_6.6.i386.rpm php-cli-5.1.6-27.el5_6.6.i386.rpm php-common-5.1.6-27.el5_6.6.i386.rpm php-dba-5.1.6-27.el5_6.6.i386.rpm php-debuginfo-5.1.6-27.el5_6.6.i386.rpm php-devel-5.1.6-27.el5_6.6.i386.rpm php-gd-5.1.6-27.el5_6.6.i386.rpm php-imap-5.1.6-27.el5_6.6.i386.rpm php-ldap-5.1.6-27.el5_6.6.i386.rpm php-mbstring-5.1.6-27.el5_6.6.i386.rpm php-mysql-5.1.6-27.el5_6.6.i386.rpm php-ncurses-5.1.6-27.el5_6.6.i386.rpm php-odbc-5.1.6-27.el5_6.6.i386.rpm php-pdo-5.1.6-27.el5_6.6.i386.rpm php-pgsql-5.1.6-27.el5_6.6.i386.rpm php-snmp-5.1.6-27.el5_6.6.i386.rpm php-soap-5.1.6-27.el5_6.6.i386.rpm php-xml-5.1.6-27.el5_6.6.i386.rpm php-xmlrpc-5.1.6-27.el5_6.6.i386.rpm ia64: php-5.1.6-27.el5_6.6.ia64.rpm php-bcmath-5.1.6-27.el5_6.6.ia64.rpm php-cli-5.1.6-27.el5_6.6.ia64.rpm php-common-5.1.6-27.el5_6.6.ia64.rpm php-dba-5.1.6-27.el5_6.6.ia64.rpm php-debuginfo-5.1.6-27.el5_6.6.ia64.rpm php-devel-5.1.6-27.el5_6.6.ia64.rpm php-gd-5.1.6-27.el5_6.6.ia64.rpm php-imap-5.1.6-27.el5_6.6.ia64.rpm php-ldap-5.1.6-27.el5_6.6.ia64.rpm php-mbstring-5.1.6-27.el5_6.6.ia64.rpm php-mysql-5.1.6-27.el5_6.6.ia64.rpm php-ncurses-5.1.6-27.el5_6.6.ia64.rpm php-odbc-5.1.6-27.el5_6.6.ia64.rpm php-pdo-5.1.6-27.el5_6.6.ia64.rpm php-pgsql-5.1.6-27.el5_6.6.ia64.rpm php-snmp-5.1.6-27.el5_6.6.ia64.rpm php-soap-5.1.6-27.el5_6.6.ia64.rpm php-xml-5.1.6-27.el5_6.6.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.6.ia64.rpm ppc: php-5.1.6-27.el5_6.6.ppc.rpm php-bcmath-5.1.6-27.el5_6.6.ppc.rpm php-cli-5.1.6-27.el5_6.6.ppc.rpm php-common-5.1.6-27.el5_6.6.ppc.rpm php-dba-5.1.6-27.el5_6.6.ppc.rpm php-debuginfo-5.1.6-27.el5_6.6.ppc.rpm php-devel-5.1.6-27.el5_6.6.ppc.rpm php-gd-5.1.6-27.el5_6.6.ppc.rpm php-imap-5.1.6-27.el5_6.6.ppc.rpm php-ldap-5.1.6-27.el5_6.6.ppc.rpm php-mbstring-5.1.6-27.el5_6.6.ppc.rpm php-mysql-5.1.6-27.el5_6.6.ppc.rpm php-ncurses-5.1.6-27.el5_6.6.ppc.rpm php-odbc-5.1.6-27.el5_6.6.ppc.rpm php-pdo-5.1.6-27.el5_6.6.ppc.rpm php-pgsql-5.1.6-27.el5_6.6.ppc.rpm php-snmp-5.1.6-27.el5_6.6.ppc.rpm php-soap-5.1.6-27.el5_6.6.ppc.rpm php-xml-5.1.6-27.el5_6.6.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.6.ppc.rpm s390x: php-5.1.6-27.el5_6.6.s390x.rpm php-bcmath-5.1.6-27.el5_6.6.s390x.rpm php-cli-5.1.6-27.el5_6.6.s390x.rpm php-common-5.1.6-27.el5_6.6.s390x.rpm php-dba-5.1.6-27.el5_6.6.s390x.rpm php-debuginfo-5.1.6-27.el5_6.6.s390x.rpm php-devel-5.1.6-27.el5_6.6.s390x.rpm php-gd-5.1.6-27.el5_6.6.s390x.rpm php-imap-5.1.6-27.el5_6.6.s390x.rpm php-ldap-5.1.6-27.el5_6.6.s390x.rpm php-mbstring-5.1.6-27.el5_6.6.s390x.rpm php-mysql-5.1.6-27.el5_6.6.s390x.rpm php-ncurses-5.1.6-27.el5_6.6.s390x.rpm php-odbc-5.1.6-27.el5_6.6.s390x.rpm php-pdo-5.1.6-27.el5_6.6.s390x.rpm php-pgsql-5.1.6-27.el5_6.6.s390x.rpm php-snmp-5.1.6-27.el5_6.6.s390x.rpm php-soap-5.1.6-27.el5_6.6.s390x.rpm php-xml-5.1.6-27.el5_6.6.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.6.s390x.rpm x86_64: php-5.1.6-27.el5_6.6.x86_64.rpm php-bcmath-5.1.6-27.el5_6.6.x86_64.rpm php-cli-5.1.6-27.el5_6.6.x86_64.rpm php-common-5.1.6-27.el5_6.6.x86_64.rpm php-dba-5.1.6-27.el5_6.6.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.6.x86_64.rpm php-devel-5.1.6-27.el5_6.6.x86_64.rpm php-gd-5.1.6-27.el5_6.6.x86_64.rpm php-imap-5.1.6-27.el5_6.6.x86_64.rpm php-ldap-5.1.6-27.el5_6.6.x86_64.rpm php-mbstring-5.1.6-27.el5_6.6.x86_64.rpm php-mysql-5.1.6-27.el5_6.6.x86_64.rpm php-ncurses-5.1.6-27.el5_6.6.x86_64.rpm php-odbc-5.1.6-27.el5_6.6.x86_64.rpm php-pdo-5.1.6-27.el5_6.6.x86_64.rpm php-pgsql-5.1.6-27.el5_6.6.x86_64.rpm php-snmp-5.1.6-27.el5_6.6.x86_64.rpm php-soap-5.1.6-27.el5_6.6.x86_64.rpm php-xml-5.1.6-27.el5_6.6.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: php-5.1.6-40.el5_9.1.src.rpm i386: php-5.1.6-40.el5_9.1.i386.rpm php-bcmath-5.1.6-40.el5_9.1.i386.rpm php-cli-5.1.6-40.el5_9.1.i386.rpm php-common-5.1.6-40.el5_9.1.i386.rpm php-dba-5.1.6-40.el5_9.1.i386.rpm php-debuginfo-5.1.6-40.el5_9.1.i386.rpm php-devel-5.1.6-40.el5_9.1.i386.rpm php-gd-5.1.6-40.el5_9.1.i386.rpm php-imap-5.1.6-40.el5_9.1.i386.rpm php-ldap-5.1.6-40.el5_9.1.i386.rpm php-mbstring-5.1.6-40.el5_9.1.i386.rpm php-mysql-5.1.6-40.el5_9.1.i386.rpm php-ncurses-5.1.6-40.el5_9.1.i386.rpm php-odbc-5.1.6-40.el5_9.1.i386.rpm php-pdo-5.1.6-40.el5_9.1.i386.rpm php-pgsql-5.1.6-40.el5_9.1.i386.rpm php-snmp-5.1.6-40.el5_9.1.i386.rpm php-soap-5.1.6-40.el5_9.1.i386.rpm php-xml-5.1.6-40.el5_9.1.i386.rpm php-xmlrpc-5.1.6-40.el5_9.1.i386.rpm ia64: php-5.1.6-40.el5_9.1.ia64.rpm php-bcmath-5.1.6-40.el5_9.1.ia64.rpm php-cli-5.1.6-40.el5_9.1.ia64.rpm php-common-5.1.6-40.el5_9.1.ia64.rpm php-dba-5.1.6-40.el5_9.1.ia64.rpm php-debuginfo-5.1.6-40.el5_9.1.ia64.rpm php-devel-5.1.6-40.el5_9.1.ia64.rpm php-gd-5.1.6-40.el5_9.1.ia64.rpm php-imap-5.1.6-40.el5_9.1.ia64.rpm php-ldap-5.1.6-40.el5_9.1.ia64.rpm php-mbstring-5.1.6-40.el5_9.1.ia64.rpm php-mysql-5.1.6-40.el5_9.1.ia64.rpm php-ncurses-5.1.6-40.el5_9.1.ia64.rpm php-odbc-5.1.6-40.el5_9.1.ia64.rpm php-pdo-5.1.6-40.el5_9.1.ia64.rpm php-pgsql-5.1.6-40.el5_9.1.ia64.rpm php-snmp-5.1.6-40.el5_9.1.ia64.rpm php-soap-5.1.6-40.el5_9.1.ia64.rpm php-xml-5.1.6-40.el5_9.1.ia64.rpm php-xmlrpc-5.1.6-40.el5_9.1.ia64.rpm ppc: php-5.1.6-40.el5_9.1.ppc.rpm php-bcmath-5.1.6-40.el5_9.1.ppc.rpm php-cli-5.1.6-40.el5_9.1.ppc.rpm php-common-5.1.6-40.el5_9.1.ppc.rpm php-dba-5.1.6-40.el5_9.1.ppc.rpm php-debuginfo-5.1.6-40.el5_9.1.ppc.rpm php-devel-5.1.6-40.el5_9.1.ppc.rpm php-gd-5.1.6-40.el5_9.1.ppc.rpm php-imap-5.1.6-40.el5_9.1.ppc.rpm php-ldap-5.1.6-40.el5_9.1.ppc.rpm php-mbstring-5.1.6-40.el5_9.1.ppc.rpm php-mysql-5.1.6-40.el5_9.1.ppc.rpm php-ncurses-5.1.6-40.el5_9.1.ppc.rpm php-odbc-5.1.6-40.el5_9.1.ppc.rpm php-pdo-5.1.6-40.el5_9.1.ppc.rpm php-pgsql-5.1.6-40.el5_9.1.ppc.rpm php-snmp-5.1.6-40.el5_9.1.ppc.rpm php-soap-5.1.6-40.el5_9.1.ppc.rpm php-xml-5.1.6-40.el5_9.1.ppc.rpm php-xmlrpc-5.1.6-40.el5_9.1.ppc.rpm s390x: php-5.1.6-40.el5_9.1.s390x.rpm php-bcmath-5.1.6-40.el5_9.1.s390x.rpm php-cli-5.1.6-40.el5_9.1.s390x.rpm php-common-5.1.6-40.el5_9.1.s390x.rpm php-dba-5.1.6-40.el5_9.1.s390x.rpm php-debuginfo-5.1.6-40.el5_9.1.s390x.rpm php-devel-5.1.6-40.el5_9.1.s390x.rpm php-gd-5.1.6-40.el5_9.1.s390x.rpm php-imap-5.1.6-40.el5_9.1.s390x.rpm php-ldap-5.1.6-40.el5_9.1.s390x.rpm php-mbstring-5.1.6-40.el5_9.1.s390x.rpm php-mysql-5.1.6-40.el5_9.1.s390x.rpm php-ncurses-5.1.6-40.el5_9.1.s390x.rpm php-odbc-5.1.6-40.el5_9.1.s390x.rpm php-pdo-5.1.6-40.el5_9.1.s390x.rpm php-pgsql-5.1.6-40.el5_9.1.s390x.rpm php-snmp-5.1.6-40.el5_9.1.s390x.rpm php-soap-5.1.6-40.el5_9.1.s390x.rpm php-xml-5.1.6-40.el5_9.1.s390x.rpm php-xmlrpc-5.1.6-40.el5_9.1.s390x.rpm x86_64: php-5.1.6-40.el5_9.1.x86_64.rpm php-bcmath-5.1.6-40.el5_9.1.x86_64.rpm php-cli-5.1.6-40.el5_9.1.x86_64.rpm php-common-5.1.6-40.el5_9.1.x86_64.rpm php-dba-5.1.6-40.el5_9.1.x86_64.rpm php-debuginfo-5.1.6-40.el5_9.1.x86_64.rpm php-devel-5.1.6-40.el5_9.1.x86_64.rpm php-gd-5.1.6-40.el5_9.1.x86_64.rpm php-imap-5.1.6-40.el5_9.1.x86_64.rpm php-ldap-5.1.6-40.el5_9.1.x86_64.rpm php-mbstring-5.1.6-40.el5_9.1.x86_64.rpm php-mysql-5.1.6-40.el5_9.1.x86_64.rpm php-ncurses-5.1.6-40.el5_9.1.x86_64.rpm php-odbc-5.1.6-40.el5_9.1.x86_64.rpm php-pdo-5.1.6-40.el5_9.1.x86_64.rpm php-pgsql-5.1.6-40.el5_9.1.x86_64.rpm php-snmp-5.1.6-40.el5_9.1.x86_64.rpm php-soap-5.1.6-40.el5_9.1.x86_64.rpm php-xml-5.1.6-40.el5_9.1.x86_64.rpm php-xmlrpc-5.1.6-40.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm x86_64: php-cli-5.3.3-3.el6_2.11.x86_64.rpm php-common-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.3.x86_64.rpm php-common-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm x86_64: php-cli-5.3.3-23.el6_4.1.x86_64.rpm php-common-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm x86_64: php-5.3.3-3.el6_2.11.x86_64.rpm php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm php-dba-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-devel-5.3.3-3.el6_2.11.x86_64.rpm php-embedded-5.3.3-3.el6_2.11.x86_64.rpm php-enchant-5.3.3-3.el6_2.11.x86_64.rpm php-gd-5.3.3-3.el6_2.11.x86_64.rpm php-imap-5.3.3-3.el6_2.11.x86_64.rpm php-intl-5.3.3-3.el6_2.11.x86_64.rpm php-ldap-5.3.3-3.el6_2.11.x86_64.rpm php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm php-mysql-5.3.3-3.el6_2.11.x86_64.rpm php-odbc-5.3.3-3.el6_2.11.x86_64.rpm php-pdo-5.3.3-3.el6_2.11.x86_64.rpm php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm php-process-5.3.3-3.el6_2.11.x86_64.rpm php-pspell-5.3.3-3.el6_2.11.x86_64.rpm php-recode-5.3.3-3.el6_2.11.x86_64.rpm php-snmp-5.3.3-3.el6_2.11.x86_64.rpm php-soap-5.3.3-3.el6_2.11.x86_64.rpm php-tidy-5.3.3-3.el6_2.11.x86_64.rpm php-xml-5.3.3-3.el6_2.11.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm php-zts-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) : Source: php-5.3.3-14.el6_3.3.src.rpm x86_64: php-5.3.3-14.el6_3.3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm php-dba-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-devel-5.3.3-14.el6_3.3.x86_64.rpm php-embedded-5.3.3-14.el6_3.3.x86_64.rpm php-enchant-5.3.3-14.el6_3.3.x86_64.rpm php-gd-5.3.3-14.el6_3.3.x86_64.rpm php-imap-5.3.3-14.el6_3.3.x86_64.rpm php-intl-5.3.3-14.el6_3.3.x86_64.rpm php-ldap-5.3.3-14.el6_3.3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm php-mysql-5.3.3-14.el6_3.3.x86_64.rpm php-odbc-5.3.3-14.el6_3.3.x86_64.rpm php-pdo-5.3.3-14.el6_3.3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm php-process-5.3.3-14.el6_3.3.x86_64.rpm php-pspell-5.3.3-14.el6_3.3.x86_64.rpm php-recode-5.3.3-14.el6_3.3.x86_64.rpm php-snmp-5.3.3-14.el6_3.3.x86_64.rpm php-soap-5.3.3-14.el6_3.3.x86_64.rpm php-tidy-5.3.3-14.el6_3.3.x86_64.rpm php-xml-5.3.3-14.el6_3.3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm php-zts-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm x86_64: php-5.3.3-23.el6_4.1.x86_64.rpm php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm php-dba-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-devel-5.3.3-23.el6_4.1.x86_64.rpm php-embedded-5.3.3-23.el6_4.1.x86_64.rpm php-enchant-5.3.3-23.el6_4.1.x86_64.rpm php-fpm-5.3.3-23.el6_4.1.x86_64.rpm php-gd-5.3.3-23.el6_4.1.x86_64.rpm php-imap-5.3.3-23.el6_4.1.x86_64.rpm php-intl-5.3.3-23.el6_4.1.x86_64.rpm php-ldap-5.3.3-23.el6_4.1.x86_64.rpm php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm php-mysql-5.3.3-23.el6_4.1.x86_64.rpm php-odbc-5.3.3-23.el6_4.1.x86_64.rpm php-pdo-5.3.3-23.el6_4.1.x86_64.rpm php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm php-process-5.3.3-23.el6_4.1.x86_64.rpm php-pspell-5.3.3-23.el6_4.1.x86_64.rpm php-recode-5.3.3-23.el6_4.1.x86_64.rpm php-snmp-5.3.3-23.el6_4.1.x86_64.rpm php-soap-5.3.3-23.el6_4.1.x86_64.rpm php-tidy-5.3.3-23.el6_4.1.x86_64.rpm php-xml-5.3.3-23.el6_4.1.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm php-zts-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm i386: php-5.3.3-3.el6_2.11.i686.rpm php-cli-5.3.3-3.el6_2.11.i686.rpm php-common-5.3.3-3.el6_2.11.i686.rpm php-debuginfo-5.3.3-3.el6_2.11.i686.rpm php-gd-5.3.3-3.el6_2.11.i686.rpm php-ldap-5.3.3-3.el6_2.11.i686.rpm php-mysql-5.3.3-3.el6_2.11.i686.rpm php-odbc-5.3.3-3.el6_2.11.i686.rpm php-pdo-5.3.3-3.el6_2.11.i686.rpm php-pgsql-5.3.3-3.el6_2.11.i686.rpm php-soap-5.3.3-3.el6_2.11.i686.rpm php-xml-5.3.3-3.el6_2.11.i686.rpm php-xmlrpc-5.3.3-3.el6_2.11.i686.rpm ppc64: php-5.3.3-3.el6_2.11.ppc64.rpm php-cli-5.3.3-3.el6_2.11.ppc64.rpm php-common-5.3.3-3.el6_2.11.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm php-gd-5.3.3-3.el6_2.11.ppc64.rpm php-ldap-5.3.3-3.el6_2.11.ppc64.rpm php-mysql-5.3.3-3.el6_2.11.ppc64.rpm php-odbc-5.3.3-3.el6_2.11.ppc64.rpm php-pdo-5.3.3-3.el6_2.11.ppc64.rpm php-pgsql-5.3.3-3.el6_2.11.ppc64.rpm php-soap-5.3.3-3.el6_2.11.ppc64.rpm php-xml-5.3.3-3.el6_2.11.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.11.ppc64.rpm s390x: php-5.3.3-3.el6_2.11.s390x.rpm php-cli-5.3.3-3.el6_2.11.s390x.rpm php-common-5.3.3-3.el6_2.11.s390x.rpm php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm php-gd-5.3.3-3.el6_2.11.s390x.rpm php-ldap-5.3.3-3.el6_2.11.s390x.rpm php-mysql-5.3.3-3.el6_2.11.s390x.rpm php-odbc-5.3.3-3.el6_2.11.s390x.rpm php-pdo-5.3.3-3.el6_2.11.s390x.rpm php-pgsql-5.3.3-3.el6_2.11.s390x.rpm php-soap-5.3.3-3.el6_2.11.s390x.rpm php-xml-5.3.3-3.el6_2.11.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.11.s390x.rpm x86_64: php-5.3.3-3.el6_2.11.x86_64.rpm php-cli-5.3.3-3.el6_2.11.x86_64.rpm php-common-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-gd-5.3.3-3.el6_2.11.x86_64.rpm php-ldap-5.3.3-3.el6_2.11.x86_64.rpm php-mysql-5.3.3-3.el6_2.11.x86_64.rpm php-odbc-5.3.3-3.el6_2.11.x86_64.rpm php-pdo-5.3.3-3.el6_2.11.x86_64.rpm php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm php-soap-5.3.3-3.el6_2.11.x86_64.rpm php-xml-5.3.3-3.el6_2.11.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm i386: php-5.3.3-14.el6_3.3.i686.rpm php-cli-5.3.3-14.el6_3.3.i686.rpm php-common-5.3.3-14.el6_3.3.i686.rpm php-debuginfo-5.3.3-14.el6_3.3.i686.rpm php-gd-5.3.3-14.el6_3.3.i686.rpm php-ldap-5.3.3-14.el6_3.3.i686.rpm php-mysql-5.3.3-14.el6_3.3.i686.rpm php-odbc-5.3.3-14.el6_3.3.i686.rpm php-pdo-5.3.3-14.el6_3.3.i686.rpm php-pgsql-5.3.3-14.el6_3.3.i686.rpm php-soap-5.3.3-14.el6_3.3.i686.rpm php-xml-5.3.3-14.el6_3.3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.3.i686.rpm ppc64: php-5.3.3-14.el6_3.3.ppc64.rpm php-cli-5.3.3-14.el6_3.3.ppc64.rpm php-common-5.3.3-14.el6_3.3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm php-gd-5.3.3-14.el6_3.3.ppc64.rpm php-ldap-5.3.3-14.el6_3.3.ppc64.rpm php-mysql-5.3.3-14.el6_3.3.ppc64.rpm php-odbc-5.3.3-14.el6_3.3.ppc64.rpm php-pdo-5.3.3-14.el6_3.3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.3.ppc64.rpm php-soap-5.3.3-14.el6_3.3.ppc64.rpm php-xml-5.3.3-14.el6_3.3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.3.ppc64.rpm s390x: php-5.3.3-14.el6_3.3.s390x.rpm php-cli-5.3.3-14.el6_3.3.s390x.rpm php-common-5.3.3-14.el6_3.3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm php-gd-5.3.3-14.el6_3.3.s390x.rpm php-ldap-5.3.3-14.el6_3.3.s390x.rpm php-mysql-5.3.3-14.el6_3.3.s390x.rpm php-odbc-5.3.3-14.el6_3.3.s390x.rpm php-pdo-5.3.3-14.el6_3.3.s390x.rpm php-pgsql-5.3.3-14.el6_3.3.s390x.rpm php-soap-5.3.3-14.el6_3.3.s390x.rpm php-xml-5.3.3-14.el6_3.3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.3.s390x.rpm x86_64: php-5.3.3-14.el6_3.3.x86_64.rpm php-cli-5.3.3-14.el6_3.3.x86_64.rpm php-common-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-gd-5.3.3-14.el6_3.3.x86_64.rpm php-ldap-5.3.3-14.el6_3.3.x86_64.rpm php-mysql-5.3.3-14.el6_3.3.x86_64.rpm php-odbc-5.3.3-14.el6_3.3.x86_64.rpm php-pdo-5.3.3-14.el6_3.3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm php-soap-5.3.3-14.el6_3.3.x86_64.rpm php-xml-5.3.3-14.el6_3.3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm i386: php-5.3.3-23.el6_4.1.i686.rpm php-cli-5.3.3-23.el6_4.1.i686.rpm php-common-5.3.3-23.el6_4.1.i686.rpm php-debuginfo-5.3.3-23.el6_4.1.i686.rpm php-gd-5.3.3-23.el6_4.1.i686.rpm php-ldap-5.3.3-23.el6_4.1.i686.rpm php-mysql-5.3.3-23.el6_4.1.i686.rpm php-odbc-5.3.3-23.el6_4.1.i686.rpm php-pdo-5.3.3-23.el6_4.1.i686.rpm php-pgsql-5.3.3-23.el6_4.1.i686.rpm php-soap-5.3.3-23.el6_4.1.i686.rpm php-xml-5.3.3-23.el6_4.1.i686.rpm php-xmlrpc-5.3.3-23.el6_4.1.i686.rpm ppc64: php-5.3.3-23.el6_4.1.ppc64.rpm php-cli-5.3.3-23.el6_4.1.ppc64.rpm php-common-5.3.3-23.el6_4.1.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm php-gd-5.3.3-23.el6_4.1.ppc64.rpm php-ldap-5.3.3-23.el6_4.1.ppc64.rpm php-mysql-5.3.3-23.el6_4.1.ppc64.rpm php-odbc-5.3.3-23.el6_4.1.ppc64.rpm php-pdo-5.3.3-23.el6_4.1.ppc64.rpm php-pgsql-5.3.3-23.el6_4.1.ppc64.rpm php-soap-5.3.3-23.el6_4.1.ppc64.rpm php-xml-5.3.3-23.el6_4.1.ppc64.rpm php-xmlrpc-5.3.3-23.el6_4.1.ppc64.rpm s390x: php-5.3.3-23.el6_4.1.s390x.rpm php-cli-5.3.3-23.el6_4.1.s390x.rpm php-common-5.3.3-23.el6_4.1.s390x.rpm php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm php-gd-5.3.3-23.el6_4.1.s390x.rpm php-ldap-5.3.3-23.el6_4.1.s390x.rpm php-mysql-5.3.3-23.el6_4.1.s390x.rpm php-odbc-5.3.3-23.el6_4.1.s390x.rpm php-pdo-5.3.3-23.el6_4.1.s390x.rpm php-pgsql-5.3.3-23.el6_4.1.s390x.rpm php-soap-5.3.3-23.el6_4.1.s390x.rpm php-xml-5.3.3-23.el6_4.1.s390x.rpm php-xmlrpc-5.3.3-23.el6_4.1.s390x.rpm x86_64: php-5.3.3-23.el6_4.1.x86_64.rpm php-cli-5.3.3-23.el6_4.1.x86_64.rpm php-common-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-gd-5.3.3-23.el6_4.1.x86_64.rpm php-ldap-5.3.3-23.el6_4.1.x86_64.rpm php-mysql-5.3.3-23.el6_4.1.x86_64.rpm php-odbc-5.3.3-23.el6_4.1.x86_64.rpm php-pdo-5.3.3-23.el6_4.1.x86_64.rpm php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm php-soap-5.3.3-23.el6_4.1.x86_64.rpm php-xml-5.3.3-23.el6_4.1.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: php-5.3.3-3.el6_2.11.src.rpm i386: php-bcmath-5.3.3-3.el6_2.11.i686.rpm php-dba-5.3.3-3.el6_2.11.i686.rpm php-debuginfo-5.3.3-3.el6_2.11.i686.rpm php-devel-5.3.3-3.el6_2.11.i686.rpm php-embedded-5.3.3-3.el6_2.11.i686.rpm php-enchant-5.3.3-3.el6_2.11.i686.rpm php-imap-5.3.3-3.el6_2.11.i686.rpm php-intl-5.3.3-3.el6_2.11.i686.rpm php-mbstring-5.3.3-3.el6_2.11.i686.rpm php-process-5.3.3-3.el6_2.11.i686.rpm php-pspell-5.3.3-3.el6_2.11.i686.rpm php-recode-5.3.3-3.el6_2.11.i686.rpm php-snmp-5.3.3-3.el6_2.11.i686.rpm php-tidy-5.3.3-3.el6_2.11.i686.rpm php-zts-5.3.3-3.el6_2.11.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.11.ppc64.rpm php-dba-5.3.3-3.el6_2.11.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm php-devel-5.3.3-3.el6_2.11.ppc64.rpm php-embedded-5.3.3-3.el6_2.11.ppc64.rpm php-enchant-5.3.3-3.el6_2.11.ppc64.rpm php-imap-5.3.3-3.el6_2.11.ppc64.rpm php-intl-5.3.3-3.el6_2.11.ppc64.rpm php-mbstring-5.3.3-3.el6_2.11.ppc64.rpm php-process-5.3.3-3.el6_2.11.ppc64.rpm php-pspell-5.3.3-3.el6_2.11.ppc64.rpm php-recode-5.3.3-3.el6_2.11.ppc64.rpm php-snmp-5.3.3-3.el6_2.11.ppc64.rpm php-tidy-5.3.3-3.el6_2.11.ppc64.rpm php-zts-5.3.3-3.el6_2.11.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.11.s390x.rpm php-dba-5.3.3-3.el6_2.11.s390x.rpm php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm php-devel-5.3.3-3.el6_2.11.s390x.rpm php-embedded-5.3.3-3.el6_2.11.s390x.rpm php-enchant-5.3.3-3.el6_2.11.s390x.rpm php-imap-5.3.3-3.el6_2.11.s390x.rpm php-intl-5.3.3-3.el6_2.11.s390x.rpm php-mbstring-5.3.3-3.el6_2.11.s390x.rpm php-process-5.3.3-3.el6_2.11.s390x.rpm php-pspell-5.3.3-3.el6_2.11.s390x.rpm php-recode-5.3.3-3.el6_2.11.s390x.rpm php-snmp-5.3.3-3.el6_2.11.s390x.rpm php-tidy-5.3.3-3.el6_2.11.s390x.rpm php-zts-5.3.3-3.el6_2.11.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm php-dba-5.3.3-3.el6_2.11.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm php-devel-5.3.3-3.el6_2.11.x86_64.rpm php-embedded-5.3.3-3.el6_2.11.x86_64.rpm php-enchant-5.3.3-3.el6_2.11.x86_64.rpm php-imap-5.3.3-3.el6_2.11.x86_64.rpm php-intl-5.3.3-3.el6_2.11.x86_64.rpm php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm php-process-5.3.3-3.el6_2.11.x86_64.rpm php-pspell-5.3.3-3.el6_2.11.x86_64.rpm php-recode-5.3.3-3.el6_2.11.x86_64.rpm php-snmp-5.3.3-3.el6_2.11.x86_64.rpm php-tidy-5.3.3-3.el6_2.11.x86_64.rpm php-zts-5.3.3-3.el6_2.11.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: php-5.3.3-14.el6_3.3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.3.i686.rpm php-dba-5.3.3-14.el6_3.3.i686.rpm php-debuginfo-5.3.3-14.el6_3.3.i686.rpm php-devel-5.3.3-14.el6_3.3.i686.rpm php-embedded-5.3.3-14.el6_3.3.i686.rpm php-enchant-5.3.3-14.el6_3.3.i686.rpm php-imap-5.3.3-14.el6_3.3.i686.rpm php-intl-5.3.3-14.el6_3.3.i686.rpm php-mbstring-5.3.3-14.el6_3.3.i686.rpm php-process-5.3.3-14.el6_3.3.i686.rpm php-pspell-5.3.3-14.el6_3.3.i686.rpm php-recode-5.3.3-14.el6_3.3.i686.rpm php-snmp-5.3.3-14.el6_3.3.i686.rpm php-tidy-5.3.3-14.el6_3.3.i686.rpm php-zts-5.3.3-14.el6_3.3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.3.ppc64.rpm php-dba-5.3.3-14.el6_3.3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm php-devel-5.3.3-14.el6_3.3.ppc64.rpm php-embedded-5.3.3-14.el6_3.3.ppc64.rpm php-enchant-5.3.3-14.el6_3.3.ppc64.rpm php-imap-5.3.3-14.el6_3.3.ppc64.rpm php-intl-5.3.3-14.el6_3.3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.3.ppc64.rpm php-process-5.3.3-14.el6_3.3.ppc64.rpm php-pspell-5.3.3-14.el6_3.3.ppc64.rpm php-recode-5.3.3-14.el6_3.3.ppc64.rpm php-snmp-5.3.3-14.el6_3.3.ppc64.rpm php-tidy-5.3.3-14.el6_3.3.ppc64.rpm php-zts-5.3.3-14.el6_3.3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.3.s390x.rpm php-dba-5.3.3-14.el6_3.3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm php-devel-5.3.3-14.el6_3.3.s390x.rpm php-embedded-5.3.3-14.el6_3.3.s390x.rpm php-enchant-5.3.3-14.el6_3.3.s390x.rpm php-imap-5.3.3-14.el6_3.3.s390x.rpm php-intl-5.3.3-14.el6_3.3.s390x.rpm php-mbstring-5.3.3-14.el6_3.3.s390x.rpm php-process-5.3.3-14.el6_3.3.s390x.rpm php-pspell-5.3.3-14.el6_3.3.s390x.rpm php-recode-5.3.3-14.el6_3.3.s390x.rpm php-snmp-5.3.3-14.el6_3.3.s390x.rpm php-tidy-5.3.3-14.el6_3.3.s390x.rpm php-zts-5.3.3-14.el6_3.3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm php-dba-5.3.3-14.el6_3.3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm php-devel-5.3.3-14.el6_3.3.x86_64.rpm php-embedded-5.3.3-14.el6_3.3.x86_64.rpm php-enchant-5.3.3-14.el6_3.3.x86_64.rpm php-imap-5.3.3-14.el6_3.3.x86_64.rpm php-intl-5.3.3-14.el6_3.3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm php-process-5.3.3-14.el6_3.3.x86_64.rpm php-pspell-5.3.3-14.el6_3.3.x86_64.rpm php-recode-5.3.3-14.el6_3.3.x86_64.rpm php-snmp-5.3.3-14.el6_3.3.x86_64.rpm php-tidy-5.3.3-14.el6_3.3.x86_64.rpm php-zts-5.3.3-14.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: php-5.3.3-23.el6_4.1.src.rpm i386: php-bcmath-5.3.3-23.el6_4.1.i686.rpm php-dba-5.3.3-23.el6_4.1.i686.rpm php-debuginfo-5.3.3-23.el6_4.1.i686.rpm php-devel-5.3.3-23.el6_4.1.i686.rpm php-embedded-5.3.3-23.el6_4.1.i686.rpm php-enchant-5.3.3-23.el6_4.1.i686.rpm php-fpm-5.3.3-23.el6_4.1.i686.rpm php-imap-5.3.3-23.el6_4.1.i686.rpm php-intl-5.3.3-23.el6_4.1.i686.rpm php-mbstring-5.3.3-23.el6_4.1.i686.rpm php-process-5.3.3-23.el6_4.1.i686.rpm php-pspell-5.3.3-23.el6_4.1.i686.rpm php-recode-5.3.3-23.el6_4.1.i686.rpm php-snmp-5.3.3-23.el6_4.1.i686.rpm php-tidy-5.3.3-23.el6_4.1.i686.rpm php-zts-5.3.3-23.el6_4.1.i686.rpm ppc64: php-bcmath-5.3.3-23.el6_4.1.ppc64.rpm php-dba-5.3.3-23.el6_4.1.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm php-devel-5.3.3-23.el6_4.1.ppc64.rpm php-embedded-5.3.3-23.el6_4.1.ppc64.rpm php-enchant-5.3.3-23.el6_4.1.ppc64.rpm php-fpm-5.3.3-23.el6_4.1.ppc64.rpm php-imap-5.3.3-23.el6_4.1.ppc64.rpm php-intl-5.3.3-23.el6_4.1.ppc64.rpm php-mbstring-5.3.3-23.el6_4.1.ppc64.rpm php-process-5.3.3-23.el6_4.1.ppc64.rpm php-pspell-5.3.3-23.el6_4.1.ppc64.rpm php-recode-5.3.3-23.el6_4.1.ppc64.rpm php-snmp-5.3.3-23.el6_4.1.ppc64.rpm php-tidy-5.3.3-23.el6_4.1.ppc64.rpm php-zts-5.3.3-23.el6_4.1.ppc64.rpm s390x: php-bcmath-5.3.3-23.el6_4.1.s390x.rpm php-dba-5.3.3-23.el6_4.1.s390x.rpm php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm php-devel-5.3.3-23.el6_4.1.s390x.rpm php-embedded-5.3.3-23.el6_4.1.s390x.rpm php-enchant-5.3.3-23.el6_4.1.s390x.rpm php-fpm-5.3.3-23.el6_4.1.s390x.rpm php-imap-5.3.3-23.el6_4.1.s390x.rpm php-intl-5.3.3-23.el6_4.1.s390x.rpm php-mbstring-5.3.3-23.el6_4.1.s390x.rpm php-process-5.3.3-23.el6_4.1.s390x.rpm php-pspell-5.3.3-23.el6_4.1.s390x.rpm php-recode-5.3.3-23.el6_4.1.s390x.rpm php-snmp-5.3.3-23.el6_4.1.s390x.rpm php-tidy-5.3.3-23.el6_4.1.s390x.rpm php-zts-5.3.3-23.el6_4.1.s390x.rpm x86_64: php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm php-dba-5.3.3-23.el6_4.1.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm php-devel-5.3.3-23.el6_4.1.x86_64.rpm php-embedded-5.3.3-23.el6_4.1.x86_64.rpm php-enchant-5.3.3-23.el6_4.1.x86_64.rpm php-fpm-5.3.3-23.el6_4.1.x86_64.rpm php-imap-5.3.3-23.el6_4.1.x86_64.rpm php-intl-5.3.3-23.el6_4.1.x86_64.rpm php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm php-process-5.3.3-23.el6_4.1.x86_64.rpm php-pspell-5.3.3-23.el6_4.1.x86_64.rpm php-recode-5.3.3-23.el6_4.1.x86_64.rpm php-snmp-5.3.3-23.el6_4.1.x86_64.rpm php-tidy-5.3.3-23.el6_4.1.x86_64.rpm php-zts-5.3.3-23.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqKLhXlSAg2UNWIIRAnSIAKCghJudv/nUjGlRyial77jiDvzgOACghRSP XX2uwN0qecAwBgiL2cJNyh4= =6m6W -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 11 17:43:05 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Dec 2013 17:43:05 +0000 Subject: [RHSA-2013:1825-01] Critical: php53 security update Message-ID: <201312111739.rBBHdG02023871@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 security update Advisory ID: RHSA-2013:1825-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1825.html Issue date: 2013-12-11 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 and 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php53-5.3.3-1.el5_6.4.src.rpm i386: php53-5.3.3-1.el5_6.4.i386.rpm php53-bcmath-5.3.3-1.el5_6.4.i386.rpm php53-cli-5.3.3-1.el5_6.4.i386.rpm php53-common-5.3.3-1.el5_6.4.i386.rpm php53-dba-5.3.3-1.el5_6.4.i386.rpm php53-debuginfo-5.3.3-1.el5_6.4.i386.rpm php53-devel-5.3.3-1.el5_6.4.i386.rpm php53-gd-5.3.3-1.el5_6.4.i386.rpm php53-imap-5.3.3-1.el5_6.4.i386.rpm php53-intl-5.3.3-1.el5_6.4.i386.rpm php53-ldap-5.3.3-1.el5_6.4.i386.rpm php53-mbstring-5.3.3-1.el5_6.4.i386.rpm php53-mysql-5.3.3-1.el5_6.4.i386.rpm php53-odbc-5.3.3-1.el5_6.4.i386.rpm php53-pdo-5.3.3-1.el5_6.4.i386.rpm php53-pgsql-5.3.3-1.el5_6.4.i386.rpm php53-process-5.3.3-1.el5_6.4.i386.rpm php53-pspell-5.3.3-1.el5_6.4.i386.rpm php53-snmp-5.3.3-1.el5_6.4.i386.rpm php53-soap-5.3.3-1.el5_6.4.i386.rpm php53-xml-5.3.3-1.el5_6.4.i386.rpm php53-xmlrpc-5.3.3-1.el5_6.4.i386.rpm ia64: php53-5.3.3-1.el5_6.4.ia64.rpm php53-bcmath-5.3.3-1.el5_6.4.ia64.rpm php53-cli-5.3.3-1.el5_6.4.ia64.rpm php53-common-5.3.3-1.el5_6.4.ia64.rpm php53-dba-5.3.3-1.el5_6.4.ia64.rpm php53-debuginfo-5.3.3-1.el5_6.4.ia64.rpm php53-devel-5.3.3-1.el5_6.4.ia64.rpm php53-gd-5.3.3-1.el5_6.4.ia64.rpm php53-imap-5.3.3-1.el5_6.4.ia64.rpm php53-intl-5.3.3-1.el5_6.4.ia64.rpm php53-ldap-5.3.3-1.el5_6.4.ia64.rpm php53-mbstring-5.3.3-1.el5_6.4.ia64.rpm php53-mysql-5.3.3-1.el5_6.4.ia64.rpm php53-odbc-5.3.3-1.el5_6.4.ia64.rpm php53-pdo-5.3.3-1.el5_6.4.ia64.rpm php53-pgsql-5.3.3-1.el5_6.4.ia64.rpm php53-process-5.3.3-1.el5_6.4.ia64.rpm php53-pspell-5.3.3-1.el5_6.4.ia64.rpm php53-snmp-5.3.3-1.el5_6.4.ia64.rpm php53-soap-5.3.3-1.el5_6.4.ia64.rpm php53-xml-5.3.3-1.el5_6.4.ia64.rpm php53-xmlrpc-5.3.3-1.el5_6.4.ia64.rpm ppc: php53-5.3.3-1.el5_6.4.ppc.rpm php53-bcmath-5.3.3-1.el5_6.4.ppc.rpm php53-cli-5.3.3-1.el5_6.4.ppc.rpm php53-common-5.3.3-1.el5_6.4.ppc.rpm php53-dba-5.3.3-1.el5_6.4.ppc.rpm php53-debuginfo-5.3.3-1.el5_6.4.ppc.rpm php53-devel-5.3.3-1.el5_6.4.ppc.rpm php53-gd-5.3.3-1.el5_6.4.ppc.rpm php53-imap-5.3.3-1.el5_6.4.ppc.rpm php53-intl-5.3.3-1.el5_6.4.ppc.rpm php53-ldap-5.3.3-1.el5_6.4.ppc.rpm php53-mbstring-5.3.3-1.el5_6.4.ppc.rpm php53-mysql-5.3.3-1.el5_6.4.ppc.rpm php53-odbc-5.3.3-1.el5_6.4.ppc.rpm php53-pdo-5.3.3-1.el5_6.4.ppc.rpm php53-pgsql-5.3.3-1.el5_6.4.ppc.rpm php53-process-5.3.3-1.el5_6.4.ppc.rpm php53-pspell-5.3.3-1.el5_6.4.ppc.rpm php53-snmp-5.3.3-1.el5_6.4.ppc.rpm php53-soap-5.3.3-1.el5_6.4.ppc.rpm php53-xml-5.3.3-1.el5_6.4.ppc.rpm php53-xmlrpc-5.3.3-1.el5_6.4.ppc.rpm s390x: php53-5.3.3-1.el5_6.4.s390x.rpm php53-bcmath-5.3.3-1.el5_6.4.s390x.rpm php53-cli-5.3.3-1.el5_6.4.s390x.rpm php53-common-5.3.3-1.el5_6.4.s390x.rpm php53-dba-5.3.3-1.el5_6.4.s390x.rpm php53-debuginfo-5.3.3-1.el5_6.4.s390x.rpm php53-devel-5.3.3-1.el5_6.4.s390x.rpm php53-gd-5.3.3-1.el5_6.4.s390x.rpm php53-imap-5.3.3-1.el5_6.4.s390x.rpm php53-intl-5.3.3-1.el5_6.4.s390x.rpm php53-ldap-5.3.3-1.el5_6.4.s390x.rpm php53-mbstring-5.3.3-1.el5_6.4.s390x.rpm php53-mysql-5.3.3-1.el5_6.4.s390x.rpm php53-odbc-5.3.3-1.el5_6.4.s390x.rpm php53-pdo-5.3.3-1.el5_6.4.s390x.rpm php53-pgsql-5.3.3-1.el5_6.4.s390x.rpm php53-process-5.3.3-1.el5_6.4.s390x.rpm php53-pspell-5.3.3-1.el5_6.4.s390x.rpm php53-snmp-5.3.3-1.el5_6.4.s390x.rpm php53-soap-5.3.3-1.el5_6.4.s390x.rpm php53-xml-5.3.3-1.el5_6.4.s390x.rpm php53-xmlrpc-5.3.3-1.el5_6.4.s390x.rpm x86_64: php53-5.3.3-1.el5_6.4.x86_64.rpm php53-bcmath-5.3.3-1.el5_6.4.x86_64.rpm php53-cli-5.3.3-1.el5_6.4.x86_64.rpm php53-common-5.3.3-1.el5_6.4.x86_64.rpm php53-dba-5.3.3-1.el5_6.4.x86_64.rpm php53-debuginfo-5.3.3-1.el5_6.4.x86_64.rpm php53-devel-5.3.3-1.el5_6.4.x86_64.rpm php53-gd-5.3.3-1.el5_6.4.x86_64.rpm php53-imap-5.3.3-1.el5_6.4.x86_64.rpm php53-intl-5.3.3-1.el5_6.4.x86_64.rpm php53-ldap-5.3.3-1.el5_6.4.x86_64.rpm php53-mbstring-5.3.3-1.el5_6.4.x86_64.rpm php53-mysql-5.3.3-1.el5_6.4.x86_64.rpm php53-odbc-5.3.3-1.el5_6.4.x86_64.rpm php53-pdo-5.3.3-1.el5_6.4.x86_64.rpm php53-pgsql-5.3.3-1.el5_6.4.x86_64.rpm php53-process-5.3.3-1.el5_6.4.x86_64.rpm php53-pspell-5.3.3-1.el5_6.4.x86_64.rpm php53-snmp-5.3.3-1.el5_6.4.x86_64.rpm php53-soap-5.3.3-1.el5_6.4.x86_64.rpm php53-xml-5.3.3-1.el5_6.4.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_6.4.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: php53-5.3.3-13.el5_9.2.src.rpm i386: php53-5.3.3-13.el5_9.2.i386.rpm php53-bcmath-5.3.3-13.el5_9.2.i386.rpm php53-cli-5.3.3-13.el5_9.2.i386.rpm php53-common-5.3.3-13.el5_9.2.i386.rpm php53-dba-5.3.3-13.el5_9.2.i386.rpm php53-debuginfo-5.3.3-13.el5_9.2.i386.rpm php53-devel-5.3.3-13.el5_9.2.i386.rpm php53-gd-5.3.3-13.el5_9.2.i386.rpm php53-imap-5.3.3-13.el5_9.2.i386.rpm php53-intl-5.3.3-13.el5_9.2.i386.rpm php53-ldap-5.3.3-13.el5_9.2.i386.rpm php53-mbstring-5.3.3-13.el5_9.2.i386.rpm php53-mysql-5.3.3-13.el5_9.2.i386.rpm php53-odbc-5.3.3-13.el5_9.2.i386.rpm php53-pdo-5.3.3-13.el5_9.2.i386.rpm php53-pgsql-5.3.3-13.el5_9.2.i386.rpm php53-process-5.3.3-13.el5_9.2.i386.rpm php53-pspell-5.3.3-13.el5_9.2.i386.rpm php53-snmp-5.3.3-13.el5_9.2.i386.rpm php53-soap-5.3.3-13.el5_9.2.i386.rpm php53-xml-5.3.3-13.el5_9.2.i386.rpm php53-xmlrpc-5.3.3-13.el5_9.2.i386.rpm ia64: php53-5.3.3-13.el5_9.2.ia64.rpm php53-bcmath-5.3.3-13.el5_9.2.ia64.rpm php53-cli-5.3.3-13.el5_9.2.ia64.rpm php53-common-5.3.3-13.el5_9.2.ia64.rpm php53-dba-5.3.3-13.el5_9.2.ia64.rpm php53-debuginfo-5.3.3-13.el5_9.2.ia64.rpm php53-devel-5.3.3-13.el5_9.2.ia64.rpm php53-gd-5.3.3-13.el5_9.2.ia64.rpm php53-imap-5.3.3-13.el5_9.2.ia64.rpm php53-intl-5.3.3-13.el5_9.2.ia64.rpm php53-ldap-5.3.3-13.el5_9.2.ia64.rpm php53-mbstring-5.3.3-13.el5_9.2.ia64.rpm php53-mysql-5.3.3-13.el5_9.2.ia64.rpm php53-odbc-5.3.3-13.el5_9.2.ia64.rpm php53-pdo-5.3.3-13.el5_9.2.ia64.rpm php53-pgsql-5.3.3-13.el5_9.2.ia64.rpm php53-process-5.3.3-13.el5_9.2.ia64.rpm php53-pspell-5.3.3-13.el5_9.2.ia64.rpm php53-snmp-5.3.3-13.el5_9.2.ia64.rpm php53-soap-5.3.3-13.el5_9.2.ia64.rpm php53-xml-5.3.3-13.el5_9.2.ia64.rpm php53-xmlrpc-5.3.3-13.el5_9.2.ia64.rpm ppc: php53-5.3.3-13.el5_9.2.ppc.rpm php53-bcmath-5.3.3-13.el5_9.2.ppc.rpm php53-cli-5.3.3-13.el5_9.2.ppc.rpm php53-common-5.3.3-13.el5_9.2.ppc.rpm php53-dba-5.3.3-13.el5_9.2.ppc.rpm php53-debuginfo-5.3.3-13.el5_9.2.ppc.rpm php53-devel-5.3.3-13.el5_9.2.ppc.rpm php53-gd-5.3.3-13.el5_9.2.ppc.rpm php53-imap-5.3.3-13.el5_9.2.ppc.rpm php53-intl-5.3.3-13.el5_9.2.ppc.rpm php53-ldap-5.3.3-13.el5_9.2.ppc.rpm php53-mbstring-5.3.3-13.el5_9.2.ppc.rpm php53-mysql-5.3.3-13.el5_9.2.ppc.rpm php53-odbc-5.3.3-13.el5_9.2.ppc.rpm php53-pdo-5.3.3-13.el5_9.2.ppc.rpm php53-pgsql-5.3.3-13.el5_9.2.ppc.rpm php53-process-5.3.3-13.el5_9.2.ppc.rpm php53-pspell-5.3.3-13.el5_9.2.ppc.rpm php53-snmp-5.3.3-13.el5_9.2.ppc.rpm php53-soap-5.3.3-13.el5_9.2.ppc.rpm php53-xml-5.3.3-13.el5_9.2.ppc.rpm php53-xmlrpc-5.3.3-13.el5_9.2.ppc.rpm s390x: php53-5.3.3-13.el5_9.2.s390x.rpm php53-bcmath-5.3.3-13.el5_9.2.s390x.rpm php53-cli-5.3.3-13.el5_9.2.s390x.rpm php53-common-5.3.3-13.el5_9.2.s390x.rpm php53-dba-5.3.3-13.el5_9.2.s390x.rpm php53-debuginfo-5.3.3-13.el5_9.2.s390x.rpm php53-devel-5.3.3-13.el5_9.2.s390x.rpm php53-gd-5.3.3-13.el5_9.2.s390x.rpm php53-imap-5.3.3-13.el5_9.2.s390x.rpm php53-intl-5.3.3-13.el5_9.2.s390x.rpm php53-ldap-5.3.3-13.el5_9.2.s390x.rpm php53-mbstring-5.3.3-13.el5_9.2.s390x.rpm php53-mysql-5.3.3-13.el5_9.2.s390x.rpm php53-odbc-5.3.3-13.el5_9.2.s390x.rpm php53-pdo-5.3.3-13.el5_9.2.s390x.rpm php53-pgsql-5.3.3-13.el5_9.2.s390x.rpm php53-process-5.3.3-13.el5_9.2.s390x.rpm php53-pspell-5.3.3-13.el5_9.2.s390x.rpm php53-snmp-5.3.3-13.el5_9.2.s390x.rpm php53-soap-5.3.3-13.el5_9.2.s390x.rpm php53-xml-5.3.3-13.el5_9.2.s390x.rpm php53-xmlrpc-5.3.3-13.el5_9.2.s390x.rpm x86_64: php53-5.3.3-13.el5_9.2.x86_64.rpm php53-bcmath-5.3.3-13.el5_9.2.x86_64.rpm php53-cli-5.3.3-13.el5_9.2.x86_64.rpm php53-common-5.3.3-13.el5_9.2.x86_64.rpm php53-dba-5.3.3-13.el5_9.2.x86_64.rpm php53-debuginfo-5.3.3-13.el5_9.2.x86_64.rpm php53-devel-5.3.3-13.el5_9.2.x86_64.rpm php53-gd-5.3.3-13.el5_9.2.x86_64.rpm php53-imap-5.3.3-13.el5_9.2.x86_64.rpm php53-intl-5.3.3-13.el5_9.2.x86_64.rpm php53-ldap-5.3.3-13.el5_9.2.x86_64.rpm php53-mbstring-5.3.3-13.el5_9.2.x86_64.rpm php53-mysql-5.3.3-13.el5_9.2.x86_64.rpm php53-odbc-5.3.3-13.el5_9.2.x86_64.rpm php53-pdo-5.3.3-13.el5_9.2.x86_64.rpm php53-pgsql-5.3.3-13.el5_9.2.x86_64.rpm php53-process-5.3.3-13.el5_9.2.x86_64.rpm php53-pspell-5.3.3-13.el5_9.2.x86_64.rpm php53-snmp-5.3.3-13.el5_9.2.x86_64.rpm php53-soap-5.3.3-13.el5_9.2.x86_64.rpm php53-xml-5.3.3-13.el5_9.2.x86_64.rpm php53-xmlrpc-5.3.3-13.el5_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqKM4XlSAg2UNWIIRApg6AJ9HEa6uGXh6m60P5Yfi0usCpen4vwCgw2v/ SOXQ/cza4nXISo4b9x5gqaM= =5wuA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 12 03:59:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Dec 2013 03:59:38 +0000 Subject: [RHSA-2013:1826-01] Critical: php security update Message-ID: <201312120355.rBC3tku3009833@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1826-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1826.html Issue date: 2013-12-12 CVE Names: CVE-2013-6420 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: php-4.3.2-57.ent.src.rpm i386: php-4.3.2-57.ent.i386.rpm php-debuginfo-4.3.2-57.ent.i386.rpm php-devel-4.3.2-57.ent.i386.rpm php-imap-4.3.2-57.ent.i386.rpm php-ldap-4.3.2-57.ent.i386.rpm php-mysql-4.3.2-57.ent.i386.rpm php-odbc-4.3.2-57.ent.i386.rpm php-pgsql-4.3.2-57.ent.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: php-4.3.2-57.ent.src.rpm i386: php-4.3.2-57.ent.i386.rpm php-debuginfo-4.3.2-57.ent.i386.rpm php-devel-4.3.2-57.ent.i386.rpm php-imap-4.3.2-57.ent.i386.rpm php-ldap-4.3.2-57.ent.i386.rpm php-mysql-4.3.2-57.ent.i386.rpm php-odbc-4.3.2-57.ent.i386.rpm php-pgsql-4.3.2-57.ent.i386.rpm Red Hat Enterprise Linux AS (v. 4 ELS): Source: php-4.3.9-3.37.el4.1.src.rpm i386: php-4.3.9-3.37.el4.1.i386.rpm php-debuginfo-4.3.9-3.37.el4.1.i386.rpm php-devel-4.3.9-3.37.el4.1.i386.rpm php-domxml-4.3.9-3.37.el4.1.i386.rpm php-gd-4.3.9-3.37.el4.1.i386.rpm php-imap-4.3.9-3.37.el4.1.i386.rpm php-ldap-4.3.9-3.37.el4.1.i386.rpm php-mbstring-4.3.9-3.37.el4.1.i386.rpm php-mysql-4.3.9-3.37.el4.1.i386.rpm php-ncurses-4.3.9-3.37.el4.1.i386.rpm php-odbc-4.3.9-3.37.el4.1.i386.rpm php-pear-4.3.9-3.37.el4.1.i386.rpm php-pgsql-4.3.9-3.37.el4.1.i386.rpm php-snmp-4.3.9-3.37.el4.1.i386.rpm php-xmlrpc-4.3.9-3.37.el4.1.i386.rpm ia64: php-4.3.9-3.37.el4.1.ia64.rpm php-debuginfo-4.3.9-3.37.el4.1.ia64.rpm php-devel-4.3.9-3.37.el4.1.ia64.rpm php-domxml-4.3.9-3.37.el4.1.ia64.rpm php-gd-4.3.9-3.37.el4.1.ia64.rpm php-imap-4.3.9-3.37.el4.1.ia64.rpm php-ldap-4.3.9-3.37.el4.1.ia64.rpm php-mbstring-4.3.9-3.37.el4.1.ia64.rpm php-mysql-4.3.9-3.37.el4.1.ia64.rpm php-ncurses-4.3.9-3.37.el4.1.ia64.rpm php-odbc-4.3.9-3.37.el4.1.ia64.rpm php-pear-4.3.9-3.37.el4.1.ia64.rpm php-pgsql-4.3.9-3.37.el4.1.ia64.rpm php-snmp-4.3.9-3.37.el4.1.ia64.rpm php-xmlrpc-4.3.9-3.37.el4.1.ia64.rpm x86_64: php-4.3.9-3.37.el4.1.x86_64.rpm php-debuginfo-4.3.9-3.37.el4.1.x86_64.rpm php-devel-4.3.9-3.37.el4.1.x86_64.rpm php-domxml-4.3.9-3.37.el4.1.x86_64.rpm php-gd-4.3.9-3.37.el4.1.x86_64.rpm php-imap-4.3.9-3.37.el4.1.x86_64.rpm php-ldap-4.3.9-3.37.el4.1.x86_64.rpm php-mbstring-4.3.9-3.37.el4.1.x86_64.rpm php-mysql-4.3.9-3.37.el4.1.x86_64.rpm php-ncurses-4.3.9-3.37.el4.1.x86_64.rpm php-odbc-4.3.9-3.37.el4.1.x86_64.rpm php-pear-4.3.9-3.37.el4.1.x86_64.rpm php-pgsql-4.3.9-3.37.el4.1.x86_64.rpm php-snmp-4.3.9-3.37.el4.1.x86_64.rpm php-xmlrpc-4.3.9-3.37.el4.1.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: php-4.3.9-3.37.el4.1.src.rpm i386: php-4.3.9-3.37.el4.1.i386.rpm php-debuginfo-4.3.9-3.37.el4.1.i386.rpm php-devel-4.3.9-3.37.el4.1.i386.rpm php-domxml-4.3.9-3.37.el4.1.i386.rpm php-gd-4.3.9-3.37.el4.1.i386.rpm php-imap-4.3.9-3.37.el4.1.i386.rpm php-ldap-4.3.9-3.37.el4.1.i386.rpm php-mbstring-4.3.9-3.37.el4.1.i386.rpm php-mysql-4.3.9-3.37.el4.1.i386.rpm php-ncurses-4.3.9-3.37.el4.1.i386.rpm php-odbc-4.3.9-3.37.el4.1.i386.rpm php-pear-4.3.9-3.37.el4.1.i386.rpm php-pgsql-4.3.9-3.37.el4.1.i386.rpm php-snmp-4.3.9-3.37.el4.1.i386.rpm php-xmlrpc-4.3.9-3.37.el4.1.i386.rpm x86_64: php-4.3.9-3.37.el4.1.x86_64.rpm php-debuginfo-4.3.9-3.37.el4.1.x86_64.rpm php-devel-4.3.9-3.37.el4.1.x86_64.rpm php-domxml-4.3.9-3.37.el4.1.x86_64.rpm php-gd-4.3.9-3.37.el4.1.x86_64.rpm php-imap-4.3.9-3.37.el4.1.x86_64.rpm php-ldap-4.3.9-3.37.el4.1.x86_64.rpm php-mbstring-4.3.9-3.37.el4.1.x86_64.rpm php-mysql-4.3.9-3.37.el4.1.x86_64.rpm php-ncurses-4.3.9-3.37.el4.1.x86_64.rpm php-odbc-4.3.9-3.37.el4.1.x86_64.rpm php-pear-4.3.9-3.37.el4.1.x86_64.rpm php-pgsql-4.3.9-3.37.el4.1.x86_64.rpm php-snmp-4.3.9-3.37.el4.1.x86_64.rpm php-xmlrpc-4.3.9-3.37.el4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqTO1XlSAg2UNWIIRAmdZAJ9Jhq/P7Es51fo64zBDL+wkCCvHzACeM1rz mGpnAiKzrAuaWGqDjaiWhmQ= =avuD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 12 19:28:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Dec 2013 19:28:03 +0000 Subject: [RHSA-2013:1801-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201312121928.rBCJS3WG009383@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2013:1801-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1801.html Issue date: 2013-12-12 CVE Names: CVE-2013-2141 CVE-2013-4470 CVE-2013-6367 CVE-2013-6368 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-4470, Important) * A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367, Important) * A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368, Important) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4470, and Andrew Honig of Google for reporting CVE-2013-6367 and CVE-2013-6368. This update also fixes several bugs and adds two enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 970873 - CVE-2013-2141 Kernel: signal: information leak in tkill/tgkill 1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO 1032207 - CVE-2013-6367 kvm: division by zero in apic_get_tmcct() 1032210 - CVE-2013-6368 kvm: cross page vapic_addr access 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-2.6.32-431.1.2.el6.i686.rpm kernel-debug-2.6.32-431.1.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm kernel-devel-2.6.32-431.1.2.el6.i686.rpm kernel-headers-2.6.32-431.1.2.el6.i686.rpm perf-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.1.2.el6.noarch.rpm kernel-doc-2.6.32-431.1.2.el6.noarch.rpm kernel-firmware-2.6.32-431.1.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm kernel-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-headers-2.6.32-431.1.2.el6.x86_64.rpm perf-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.1.2.el6.noarch.rpm kernel-doc-2.6.32-431.1.2.el6.noarch.rpm kernel-firmware-2.6.32-431.1.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm kernel-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-headers-2.6.32-431.1.2.el6.x86_64.rpm perf-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-2.6.32-431.1.2.el6.i686.rpm kernel-debug-2.6.32-431.1.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm kernel-devel-2.6.32-431.1.2.el6.i686.rpm kernel-headers-2.6.32-431.1.2.el6.i686.rpm perf-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.1.2.el6.noarch.rpm kernel-doc-2.6.32-431.1.2.el6.noarch.rpm kernel-firmware-2.6.32-431.1.2.el6.noarch.rpm ppc64: kernel-2.6.32-431.1.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.1.2.el6.ppc64.rpm kernel-debug-2.6.32-431.1.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.1.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.1.2.el6.ppc64.rpm kernel-devel-2.6.32-431.1.2.el6.ppc64.rpm kernel-headers-2.6.32-431.1.2.el6.ppc64.rpm perf-2.6.32-431.1.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm s390x: kernel-2.6.32-431.1.2.el6.s390x.rpm kernel-debug-2.6.32-431.1.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.s390x.rpm kernel-debug-devel-2.6.32-431.1.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.1.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.1.2.el6.s390x.rpm kernel-devel-2.6.32-431.1.2.el6.s390x.rpm kernel-headers-2.6.32-431.1.2.el6.s390x.rpm kernel-kdump-2.6.32-431.1.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.1.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.1.2.el6.s390x.rpm perf-2.6.32-431.1.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.1.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.s390x.rpm x86_64: kernel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm kernel-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-headers-2.6.32-431.1.2.el6.x86_64.rpm perf-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.1.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm python-perf-2.6.32-431.1.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.1.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.1.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.1.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.1.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.1.2.el6.s390x.rpm python-perf-2.6.32-431.1.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-2.6.32-431.1.2.el6.i686.rpm kernel-debug-2.6.32-431.1.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm kernel-devel-2.6.32-431.1.2.el6.i686.rpm kernel-headers-2.6.32-431.1.2.el6.i686.rpm perf-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.1.2.el6.noarch.rpm kernel-doc-2.6.32-431.1.2.el6.noarch.rpm kernel-firmware-2.6.32-431.1.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm kernel-devel-2.6.32-431.1.2.el6.x86_64.rpm kernel-headers-2.6.32-431.1.2.el6.x86_64.rpm perf-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.1.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.1.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.1.2.el6.i686.rpm perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm python-perf-2.6.32-431.1.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.1.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm python-perf-2.6.32-431.1.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.1.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2141.html https://www.redhat.com/security/data/cve/CVE-2013-4470.html https://www.redhat.com/security/data/cve/CVE-2013-6367.html https://www.redhat.com/security/data/cve/CVE-2013-6368.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqg4hXlSAg2UNWIIRAncSAJ0XumimTl0mwo7Ooh321Ry3gD7mbQCfY70u AkTZWlsuO/xKveJ4l7MUBto= =la9H -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 12 19:30:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Dec 2013 19:30:12 +0000 Subject: [RHSA-2013:1829-01] Important: nss, nspr, and nss-util security update Message-ID: <201312121930.rBCJUDV9012229@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss, nspr, and nss-util security update Advisory ID: RHSA-2013:1829-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1829.html Issue date: 2013-12-12 CVE Names: CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 ===================================================================== 1. Summary: Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1012740 - CVE-2013-1739 nss: Avoid uninitialized data read in the event of a decryption failure 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) 1031457 - CVE-2013-5606 nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103) 1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) 1031461 - CVE-2013-5607 nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm i386: nspr-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nss-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-sysinit-3.15.3-2.el6_5.i686.rpm nss-tools-3.15.3-2.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm x86_64: nspr-4.10.2-1.el6_5.i686.rpm nspr-4.10.2-1.el6_5.x86_64.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nss-3.15.3-2.el6_5.i686.rpm nss-3.15.3-2.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-sysinit-3.15.3-2.el6_5.x86_64.rpm nss-tools-3.15.3-2.el6_5.x86_64.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm i386: nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm x86_64: nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm x86_64: nspr-4.10.2-1.el6_5.i686.rpm nspr-4.10.2-1.el6_5.x86_64.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nss-3.15.3-2.el6_5.i686.rpm nss-3.15.3-2.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-sysinit-3.15.3-2.el6_5.x86_64.rpm nss-tools-3.15.3-2.el6_5.x86_64.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm x86_64: nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm i386: nspr-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nss-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-sysinit-3.15.3-2.el6_5.i686.rpm nss-tools-3.15.3-2.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm ppc64: nspr-4.10.2-1.el6_5.ppc.rpm nspr-4.10.2-1.el6_5.ppc64.rpm nspr-debuginfo-4.10.2-1.el6_5.ppc.rpm nspr-debuginfo-4.10.2-1.el6_5.ppc64.rpm nspr-devel-4.10.2-1.el6_5.ppc.rpm nspr-devel-4.10.2-1.el6_5.ppc64.rpm nss-3.15.3-2.el6_5.ppc.rpm nss-3.15.3-2.el6_5.ppc64.rpm nss-debuginfo-3.15.3-2.el6_5.ppc.rpm nss-debuginfo-3.15.3-2.el6_5.ppc64.rpm nss-devel-3.15.3-2.el6_5.ppc.rpm nss-devel-3.15.3-2.el6_5.ppc64.rpm nss-sysinit-3.15.3-2.el6_5.ppc64.rpm nss-tools-3.15.3-2.el6_5.ppc64.rpm nss-util-3.15.3-1.el6_5.ppc.rpm nss-util-3.15.3-1.el6_5.ppc64.rpm nss-util-debuginfo-3.15.3-1.el6_5.ppc.rpm nss-util-debuginfo-3.15.3-1.el6_5.ppc64.rpm nss-util-devel-3.15.3-1.el6_5.ppc.rpm nss-util-devel-3.15.3-1.el6_5.ppc64.rpm s390x: nspr-4.10.2-1.el6_5.s390.rpm nspr-4.10.2-1.el6_5.s390x.rpm nspr-debuginfo-4.10.2-1.el6_5.s390.rpm nspr-debuginfo-4.10.2-1.el6_5.s390x.rpm nspr-devel-4.10.2-1.el6_5.s390.rpm nspr-devel-4.10.2-1.el6_5.s390x.rpm nss-3.15.3-2.el6_5.s390.rpm nss-3.15.3-2.el6_5.s390x.rpm nss-debuginfo-3.15.3-2.el6_5.s390.rpm nss-debuginfo-3.15.3-2.el6_5.s390x.rpm nss-devel-3.15.3-2.el6_5.s390.rpm nss-devel-3.15.3-2.el6_5.s390x.rpm nss-sysinit-3.15.3-2.el6_5.s390x.rpm nss-tools-3.15.3-2.el6_5.s390x.rpm nss-util-3.15.3-1.el6_5.s390.rpm nss-util-3.15.3-1.el6_5.s390x.rpm nss-util-debuginfo-3.15.3-1.el6_5.s390.rpm nss-util-debuginfo-3.15.3-1.el6_5.s390x.rpm nss-util-devel-3.15.3-1.el6_5.s390.rpm nss-util-devel-3.15.3-1.el6_5.s390x.rpm x86_64: nspr-4.10.2-1.el6_5.i686.rpm nspr-4.10.2-1.el6_5.x86_64.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.x86_64.rpm nss-3.15.3-2.el6_5.i686.rpm nss-3.15.3-2.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.x86_64.rpm nss-sysinit-3.15.3-2.el6_5.x86_64.rpm nss-tools-3.15.3-2.el6_5.x86_64.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm i386: nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm ppc64: nss-debuginfo-3.15.3-2.el6_5.ppc.rpm nss-debuginfo-3.15.3-2.el6_5.ppc64.rpm nss-pkcs11-devel-3.15.3-2.el6_5.ppc.rpm nss-pkcs11-devel-3.15.3-2.el6_5.ppc64.rpm s390x: nss-debuginfo-3.15.3-2.el6_5.s390.rpm nss-debuginfo-3.15.3-2.el6_5.s390x.rpm nss-pkcs11-devel-3.15.3-2.el6_5.s390.rpm nss-pkcs11-devel-3.15.3-2.el6_5.s390x.rpm x86_64: nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.10.2-1.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.15.3-1.el6_5.src.rpm i386: nspr-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nss-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-sysinit-3.15.3-2.el6_5.i686.rpm nss-tools-3.15.3-2.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm x86_64: nspr-4.10.2-1.el6_5.i686.rpm nspr-4.10.2-1.el6_5.x86_64.rpm nspr-debuginfo-4.10.2-1.el6_5.i686.rpm nspr-debuginfo-4.10.2-1.el6_5.x86_64.rpm nspr-devel-4.10.2-1.el6_5.i686.rpm nspr-devel-4.10.2-1.el6_5.x86_64.rpm nss-3.15.3-2.el6_5.i686.rpm nss-3.15.3-2.el6_5.x86_64.rpm nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-devel-3.15.3-2.el6_5.i686.rpm nss-devel-3.15.3-2.el6_5.x86_64.rpm nss-sysinit-3.15.3-2.el6_5.x86_64.rpm nss-tools-3.15.3-2.el6_5.x86_64.rpm nss-util-3.15.3-1.el6_5.i686.rpm nss-util-3.15.3-1.el6_5.x86_64.rpm nss-util-debuginfo-3.15.3-1.el6_5.i686.rpm nss-util-debuginfo-3.15.3-1.el6_5.x86_64.rpm nss-util-devel-3.15.3-1.el6_5.i686.rpm nss-util-devel-3.15.3-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.15.3-2.el6_5.src.rpm i386: nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm x86_64: nss-debuginfo-3.15.3-2.el6_5.i686.rpm nss-debuginfo-3.15.3-2.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-2.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1739.html https://www.redhat.com/security/data/cve/CVE-2013-1741.html https://www.redhat.com/security/data/cve/CVE-2013-5605.html https://www.redhat.com/security/data/cve/CVE-2013-5606.html https://www.redhat.com/security/data/cve/CVE-2013-5607.html https://access.redhat.com/security/updates/classification/#important http://www.mozilla.org/security/announce/2013/mfsa2013-103.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSqg6jXlSAg2UNWIIRAjD+AJ95g/FcBD44zcUxxK+JvoNqCB/SXwCgkwcM 7Qn5aqD10LLZJGBuOx0RKsI= =30e0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 16 18:46:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Dec 2013 18:46:28 +0000 Subject: [RHSA-2013:1840-01] Important: nss security update Message-ID: <201312161846.rBGIkSB9002709@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss security update Advisory ID: RHSA-2013:1840-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1840.html Issue date: 2013-12-16 CVE Names: CVE-2013-5605 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) 6. Package List: Red Hat Enterprise Linux Compute Node EUS (v. 6.2): Source: nss-3.13.1-9.el6_2.src.rpm x86_64: nss-3.13.1-9.el6_2.i686.rpm nss-3.13.1-9.el6_2.x86_64.rpm nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-debuginfo-3.13.1-9.el6_2.x86_64.rpm nss-sysinit-3.13.1-9.el6_2.x86_64.rpm nss-tools-3.13.1-9.el6_2.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: nss-3.13.6-3.el6_3.src.rpm x86_64: nss-3.13.6-3.el6_3.i686.rpm nss-3.13.6-3.el6_3.x86_64.rpm nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-debuginfo-3.13.6-3.el6_3.x86_64.rpm nss-sysinit-3.13.6-3.el6_3.x86_64.rpm nss-tools-3.13.6-3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: nss-3.14.3-5.el6_4.src.rpm x86_64: nss-3.14.3-5.el6_4.i686.rpm nss-3.14.3-5.el6_4.x86_64.rpm nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-debuginfo-3.14.3-5.el6_4.x86_64.rpm nss-sysinit-3.14.3-5.el6_4.x86_64.rpm nss-tools-3.14.3-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2): Source: nss-3.13.1-9.el6_2.src.rpm x86_64: nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-debuginfo-3.13.1-9.el6_2.x86_64.rpm nss-devel-3.13.1-9.el6_2.i686.rpm nss-devel-3.13.1-9.el6_2.x86_64.rpm nss-pkcs11-devel-3.13.1-9.el6_2.i686.rpm nss-pkcs11-devel-3.13.1-9.el6_2.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3): Source: nss-3.13.6-3.el6_3.src.rpm x86_64: nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-debuginfo-3.13.6-3.el6_3.x86_64.rpm nss-devel-3.13.6-3.el6_3.i686.rpm nss-devel-3.13.6-3.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-3.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-3.el6_3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: nss-3.14.3-5.el6_4.src.rpm x86_64: nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-debuginfo-3.14.3-5.el6_4.x86_64.rpm nss-devel-3.14.3-5.el6_4.i686.rpm nss-devel-3.14.3-5.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-5.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: nss-3.13.1-9.el6_2.src.rpm i386: nss-3.13.1-9.el6_2.i686.rpm nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-devel-3.13.1-9.el6_2.i686.rpm nss-sysinit-3.13.1-9.el6_2.i686.rpm nss-tools-3.13.1-9.el6_2.i686.rpm ppc64: nss-3.13.1-9.el6_2.ppc.rpm nss-3.13.1-9.el6_2.ppc64.rpm nss-debuginfo-3.13.1-9.el6_2.ppc.rpm nss-debuginfo-3.13.1-9.el6_2.ppc64.rpm nss-devel-3.13.1-9.el6_2.ppc.rpm nss-devel-3.13.1-9.el6_2.ppc64.rpm nss-sysinit-3.13.1-9.el6_2.ppc64.rpm nss-tools-3.13.1-9.el6_2.ppc64.rpm s390x: nss-3.13.1-9.el6_2.s390.rpm nss-3.13.1-9.el6_2.s390x.rpm nss-debuginfo-3.13.1-9.el6_2.s390.rpm nss-debuginfo-3.13.1-9.el6_2.s390x.rpm nss-devel-3.13.1-9.el6_2.s390.rpm nss-devel-3.13.1-9.el6_2.s390x.rpm nss-sysinit-3.13.1-9.el6_2.s390x.rpm nss-tools-3.13.1-9.el6_2.s390x.rpm x86_64: nss-3.13.1-9.el6_2.i686.rpm nss-3.13.1-9.el6_2.x86_64.rpm nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-debuginfo-3.13.1-9.el6_2.x86_64.rpm nss-devel-3.13.1-9.el6_2.i686.rpm nss-devel-3.13.1-9.el6_2.x86_64.rpm nss-sysinit-3.13.1-9.el6_2.x86_64.rpm nss-tools-3.13.1-9.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: nss-3.13.6-3.el6_3.src.rpm i386: nss-3.13.6-3.el6_3.i686.rpm nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-devel-3.13.6-3.el6_3.i686.rpm nss-sysinit-3.13.6-3.el6_3.i686.rpm nss-tools-3.13.6-3.el6_3.i686.rpm ppc64: nss-3.13.6-3.el6_3.ppc.rpm nss-3.13.6-3.el6_3.ppc64.rpm nss-debuginfo-3.13.6-3.el6_3.ppc.rpm nss-debuginfo-3.13.6-3.el6_3.ppc64.rpm nss-devel-3.13.6-3.el6_3.ppc.rpm nss-devel-3.13.6-3.el6_3.ppc64.rpm nss-sysinit-3.13.6-3.el6_3.ppc64.rpm nss-tools-3.13.6-3.el6_3.ppc64.rpm s390x: nss-3.13.6-3.el6_3.s390.rpm nss-3.13.6-3.el6_3.s390x.rpm nss-debuginfo-3.13.6-3.el6_3.s390.rpm nss-debuginfo-3.13.6-3.el6_3.s390x.rpm nss-devel-3.13.6-3.el6_3.s390.rpm nss-devel-3.13.6-3.el6_3.s390x.rpm nss-sysinit-3.13.6-3.el6_3.s390x.rpm nss-tools-3.13.6-3.el6_3.s390x.rpm x86_64: nss-3.13.6-3.el6_3.i686.rpm nss-3.13.6-3.el6_3.x86_64.rpm nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-debuginfo-3.13.6-3.el6_3.x86_64.rpm nss-devel-3.13.6-3.el6_3.i686.rpm nss-devel-3.13.6-3.el6_3.x86_64.rpm nss-sysinit-3.13.6-3.el6_3.x86_64.rpm nss-tools-3.13.6-3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: nss-3.14.3-5.el6_4.src.rpm i386: nss-3.14.3-5.el6_4.i686.rpm nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-devel-3.14.3-5.el6_4.i686.rpm nss-sysinit-3.14.3-5.el6_4.i686.rpm nss-tools-3.14.3-5.el6_4.i686.rpm ppc64: nss-3.14.3-5.el6_4.ppc.rpm nss-3.14.3-5.el6_4.ppc64.rpm nss-debuginfo-3.14.3-5.el6_4.ppc.rpm nss-debuginfo-3.14.3-5.el6_4.ppc64.rpm nss-devel-3.14.3-5.el6_4.ppc.rpm nss-devel-3.14.3-5.el6_4.ppc64.rpm nss-sysinit-3.14.3-5.el6_4.ppc64.rpm nss-tools-3.14.3-5.el6_4.ppc64.rpm s390x: nss-3.14.3-5.el6_4.s390.rpm nss-3.14.3-5.el6_4.s390x.rpm nss-debuginfo-3.14.3-5.el6_4.s390.rpm nss-debuginfo-3.14.3-5.el6_4.s390x.rpm nss-devel-3.14.3-5.el6_4.s390.rpm nss-devel-3.14.3-5.el6_4.s390x.rpm nss-sysinit-3.14.3-5.el6_4.s390x.rpm nss-tools-3.14.3-5.el6_4.s390x.rpm x86_64: nss-3.14.3-5.el6_4.i686.rpm nss-3.14.3-5.el6_4.x86_64.rpm nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-debuginfo-3.14.3-5.el6_4.x86_64.rpm nss-devel-3.14.3-5.el6_4.i686.rpm nss-devel-3.14.3-5.el6_4.x86_64.rpm nss-sysinit-3.14.3-5.el6_4.x86_64.rpm nss-tools-3.14.3-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: nss-3.13.1-9.el6_2.src.rpm i386: nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-pkcs11-devel-3.13.1-9.el6_2.i686.rpm ppc64: nss-debuginfo-3.13.1-9.el6_2.ppc.rpm nss-debuginfo-3.13.1-9.el6_2.ppc64.rpm nss-pkcs11-devel-3.13.1-9.el6_2.ppc.rpm nss-pkcs11-devel-3.13.1-9.el6_2.ppc64.rpm s390x: nss-debuginfo-3.13.1-9.el6_2.s390.rpm nss-debuginfo-3.13.1-9.el6_2.s390x.rpm nss-pkcs11-devel-3.13.1-9.el6_2.s390.rpm nss-pkcs11-devel-3.13.1-9.el6_2.s390x.rpm x86_64: nss-debuginfo-3.13.1-9.el6_2.i686.rpm nss-debuginfo-3.13.1-9.el6_2.x86_64.rpm nss-pkcs11-devel-3.13.1-9.el6_2.i686.rpm nss-pkcs11-devel-3.13.1-9.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: nss-3.13.6-3.el6_3.src.rpm i386: nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-3.el6_3.i686.rpm ppc64: nss-debuginfo-3.13.6-3.el6_3.ppc.rpm nss-debuginfo-3.13.6-3.el6_3.ppc64.rpm nss-pkcs11-devel-3.13.6-3.el6_3.ppc.rpm nss-pkcs11-devel-3.13.6-3.el6_3.ppc64.rpm s390x: nss-debuginfo-3.13.6-3.el6_3.s390.rpm nss-debuginfo-3.13.6-3.el6_3.s390x.rpm nss-pkcs11-devel-3.13.6-3.el6_3.s390.rpm nss-pkcs11-devel-3.13.6-3.el6_3.s390x.rpm x86_64: nss-debuginfo-3.13.6-3.el6_3.i686.rpm nss-debuginfo-3.13.6-3.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-3.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: nss-3.14.3-5.el6_4.src.rpm i386: nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-5.el6_4.i686.rpm ppc64: nss-debuginfo-3.14.3-5.el6_4.ppc.rpm nss-debuginfo-3.14.3-5.el6_4.ppc64.rpm nss-pkcs11-devel-3.14.3-5.el6_4.ppc.rpm nss-pkcs11-devel-3.14.3-5.el6_4.ppc64.rpm s390x: nss-debuginfo-3.14.3-5.el6_4.s390.rpm nss-debuginfo-3.14.3-5.el6_4.s390x.rpm nss-pkcs11-devel-3.14.3-5.el6_4.s390.rpm nss-pkcs11-devel-3.14.3-5.el6_4.s390x.rpm x86_64: nss-debuginfo-3.14.3-5.el6_4.i686.rpm nss-debuginfo-3.14.3-5.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-5.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-5.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5605.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0p2XlSAg2UNWIIRAlwEAKCY390rBP4fijrl+Gsfz2gYj5v+FgCePInv mNipf2UBj+3C3vtLjtgqULI= =NV/x -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 16 18:47:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Dec 2013 18:47:15 +0000 Subject: [RHSA-2013:1841-01] Important: nss security update Message-ID: <201312161847.rBGIlFK1002958@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss security update Advisory ID: RHSA-2013:1841-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1841.html Issue date: 2013-12-16 CVE Names: CVE-2013-5605 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6 and 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: nss-3.12.3.99.3-3.el5_3.src.rpm i386: nss-3.12.3.99.3-3.el5_3.i386.rpm nss-debuginfo-3.12.3.99.3-3.el5_3.i386.rpm nss-devel-3.12.3.99.3-3.el5_3.i386.rpm nss-pkcs11-devel-3.12.3.99.3-3.el5_3.i386.rpm nss-tools-3.12.3.99.3-3.el5_3.i386.rpm ia64: nss-3.12.3.99.3-3.el5_3.i386.rpm nss-3.12.3.99.3-3.el5_3.ia64.rpm nss-debuginfo-3.12.3.99.3-3.el5_3.i386.rpm nss-debuginfo-3.12.3.99.3-3.el5_3.ia64.rpm nss-devel-3.12.3.99.3-3.el5_3.ia64.rpm nss-pkcs11-devel-3.12.3.99.3-3.el5_3.ia64.rpm nss-tools-3.12.3.99.3-3.el5_3.ia64.rpm x86_64: nss-3.12.3.99.3-3.el5_3.i386.rpm nss-3.12.3.99.3-3.el5_3.x86_64.rpm nss-debuginfo-3.12.3.99.3-3.el5_3.i386.rpm nss-debuginfo-3.12.3.99.3-3.el5_3.x86_64.rpm nss-devel-3.12.3.99.3-3.el5_3.i386.rpm nss-devel-3.12.3.99.3-3.el5_3.x86_64.rpm nss-pkcs11-devel-3.12.3.99.3-3.el5_3.i386.rpm nss-pkcs11-devel-3.12.3.99.3-3.el5_3.x86_64.rpm nss-tools-3.12.3.99.3-3.el5_3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: nss-3.12.8-8.el5_6.src.rpm i386: nss-3.12.8-8.el5_6.i386.rpm nss-debuginfo-3.12.8-8.el5_6.i386.rpm nss-devel-3.12.8-8.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-8.el5_6.i386.rpm nss-tools-3.12.8-8.el5_6.i386.rpm ia64: nss-3.12.8-8.el5_6.i386.rpm nss-3.12.8-8.el5_6.ia64.rpm nss-debuginfo-3.12.8-8.el5_6.i386.rpm nss-debuginfo-3.12.8-8.el5_6.ia64.rpm nss-devel-3.12.8-8.el5_6.ia64.rpm nss-pkcs11-devel-3.12.8-8.el5_6.ia64.rpm nss-tools-3.12.8-8.el5_6.ia64.rpm ppc: nss-3.12.8-8.el5_6.ppc.rpm nss-3.12.8-8.el5_6.ppc64.rpm nss-debuginfo-3.12.8-8.el5_6.ppc.rpm nss-debuginfo-3.12.8-8.el5_6.ppc64.rpm nss-devel-3.12.8-8.el5_6.ppc.rpm nss-devel-3.12.8-8.el5_6.ppc64.rpm nss-pkcs11-devel-3.12.8-8.el5_6.ppc.rpm nss-pkcs11-devel-3.12.8-8.el5_6.ppc64.rpm nss-tools-3.12.8-8.el5_6.ppc.rpm s390x: nss-3.12.8-8.el5_6.s390.rpm nss-3.12.8-8.el5_6.s390x.rpm nss-debuginfo-3.12.8-8.el5_6.s390.rpm nss-debuginfo-3.12.8-8.el5_6.s390x.rpm nss-devel-3.12.8-8.el5_6.s390.rpm nss-devel-3.12.8-8.el5_6.s390x.rpm nss-pkcs11-devel-3.12.8-8.el5_6.s390.rpm nss-pkcs11-devel-3.12.8-8.el5_6.s390x.rpm nss-tools-3.12.8-8.el5_6.s390x.rpm x86_64: nss-3.12.8-8.el5_6.i386.rpm nss-3.12.8-8.el5_6.x86_64.rpm nss-debuginfo-3.12.8-8.el5_6.i386.rpm nss-debuginfo-3.12.8-8.el5_6.x86_64.rpm nss-devel-3.12.8-8.el5_6.i386.rpm nss-devel-3.12.8-8.el5_6.x86_64.rpm nss-pkcs11-devel-3.12.8-8.el5_6.i386.rpm nss-pkcs11-devel-3.12.8-8.el5_6.x86_64.rpm nss-tools-3.12.8-8.el5_6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: nss-3.14.3-8.el5_9.src.rpm i386: nss-3.14.3-8.el5_9.i386.rpm nss-debuginfo-3.14.3-8.el5_9.i386.rpm nss-devel-3.14.3-8.el5_9.i386.rpm nss-pkcs11-devel-3.14.3-8.el5_9.i386.rpm nss-tools-3.14.3-8.el5_9.i386.rpm ia64: nss-3.14.3-8.el5_9.i386.rpm nss-3.14.3-8.el5_9.ia64.rpm nss-debuginfo-3.14.3-8.el5_9.i386.rpm nss-debuginfo-3.14.3-8.el5_9.ia64.rpm nss-devel-3.14.3-8.el5_9.ia64.rpm nss-pkcs11-devel-3.14.3-8.el5_9.ia64.rpm nss-tools-3.14.3-8.el5_9.ia64.rpm ppc: nss-3.14.3-8.el5_9.ppc.rpm nss-3.14.3-8.el5_9.ppc64.rpm nss-debuginfo-3.14.3-8.el5_9.ppc.rpm nss-debuginfo-3.14.3-8.el5_9.ppc64.rpm nss-devel-3.14.3-8.el5_9.ppc.rpm nss-devel-3.14.3-8.el5_9.ppc64.rpm nss-pkcs11-devel-3.14.3-8.el5_9.ppc.rpm nss-pkcs11-devel-3.14.3-8.el5_9.ppc64.rpm nss-tools-3.14.3-8.el5_9.ppc.rpm s390x: nss-3.14.3-8.el5_9.s390.rpm nss-3.14.3-8.el5_9.s390x.rpm nss-debuginfo-3.14.3-8.el5_9.s390.rpm nss-debuginfo-3.14.3-8.el5_9.s390x.rpm nss-devel-3.14.3-8.el5_9.s390.rpm nss-devel-3.14.3-8.el5_9.s390x.rpm nss-pkcs11-devel-3.14.3-8.el5_9.s390.rpm nss-pkcs11-devel-3.14.3-8.el5_9.s390x.rpm nss-tools-3.14.3-8.el5_9.s390x.rpm x86_64: nss-3.14.3-8.el5_9.i386.rpm nss-3.14.3-8.el5_9.x86_64.rpm nss-debuginfo-3.14.3-8.el5_9.i386.rpm nss-debuginfo-3.14.3-8.el5_9.x86_64.rpm nss-devel-3.14.3-8.el5_9.i386.rpm nss-devel-3.14.3-8.el5_9.x86_64.rpm nss-pkcs11-devel-3.14.3-8.el5_9.i386.rpm nss-pkcs11-devel-3.14.3-8.el5_9.x86_64.rpm nss-tools-3.14.3-8.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5605.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0qgXlSAg2UNWIIRAlDrAJ4/3PtPbXCc6h5PRCaGbCzm1iEulwCgqTyD YqYJuhzwKJ8uunAurbPetuk= =r4kW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 16 18:47:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Dec 2013 18:47:47 +0000 Subject: [RHSA-2013:1842-01] Moderate: nodejs010-nodejs security update Message-ID: <201312161847.rBGIllkQ020170@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs010-nodejs security update Advisory ID: RHSA-2013:1842-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1842.html Issue date: 2013-12-16 CVE Names: CVE-2013-4450 ===================================================================== 1. Summary: Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - x86_64 Red Hat Software Collections for RHEL 6 Workstation - x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is exhausted. (CVE-2013-4450) Node.js is included in Red Hat Software Collections 1.0 as a Technology Preview. More information about Red Hat Technology Previews is available here: https://access.redhat.com/support/offerings/techpreview/ All nodejs010-nodejs users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1021170 - CVE-2013-4450 NodeJS: HTTP Pipelining DoS 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4450.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0q9XlSAg2UNWIIRAplZAKCNJooZ8mJA2a/ke2+zDonkXBgQMACgjYHJ q5tCftH+wfTRq0Xalgs8iMM= =7XqG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 17 18:42:16 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Dec 2013 18:42:16 +0000 Subject: [RHSA-2013:1850-01] Important: openjpeg security update Message-ID: <201312171842.rBHIgGJW012035@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openjpeg security update Advisory ID: RHSA-2013:1850-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1850.html Issue date: 2013-12-17 CVE Names: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054 ===================================================================== 1. Summary: Updated openjpeg packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045, CVE-2013-6054) Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052) Red Hat would like to thank Raphael Geissert for reporting these issues. Users of OpenJPEG are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using OpenJPEG must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036491 - CVE-2013-6052 openjpeg: out-of-bounds memory read flaws 1036495 - CVE-2013-6045 openjpeg: heap-based buffer overflows 1036499 - CVE-2013-6054 openjpeg: heap-based buffer overflows in version 1.3 1037945 - CVE-2013-1447 openjpeg: multiple denial of service flaws 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm x86_64: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm x86_64: openjpeg-1.3-10.el6_5.x86_64.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm x86_64: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm x86_64: openjpeg-1.3-10.el6_5.x86_64.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm ppc64: openjpeg-debuginfo-1.3-10.el6_5.ppc.rpm openjpeg-debuginfo-1.3-10.el6_5.ppc64.rpm openjpeg-libs-1.3-10.el6_5.ppc.rpm openjpeg-libs-1.3-10.el6_5.ppc64.rpm s390x: openjpeg-debuginfo-1.3-10.el6_5.s390.rpm openjpeg-debuginfo-1.3-10.el6_5.s390x.rpm openjpeg-libs-1.3-10.el6_5.s390.rpm openjpeg-libs-1.3-10.el6_5.s390x.rpm x86_64: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm ppc64: openjpeg-1.3-10.el6_5.ppc64.rpm openjpeg-debuginfo-1.3-10.el6_5.ppc.rpm openjpeg-debuginfo-1.3-10.el6_5.ppc64.rpm openjpeg-devel-1.3-10.el6_5.ppc.rpm openjpeg-devel-1.3-10.el6_5.ppc64.rpm s390x: openjpeg-1.3-10.el6_5.s390x.rpm openjpeg-debuginfo-1.3-10.el6_5.s390.rpm openjpeg-debuginfo-1.3-10.el6_5.s390x.rpm openjpeg-devel-1.3-10.el6_5.s390.rpm openjpeg-devel-1.3-10.el6_5.s390x.rpm x86_64: openjpeg-1.3-10.el6_5.x86_64.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm x86_64: openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-libs-1.3-10.el6_5.i686.rpm openjpeg-libs-1.3-10.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openjpeg-1.3-10.el6_5.src.rpm i386: openjpeg-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm x86_64: openjpeg-1.3-10.el6_5.x86_64.rpm openjpeg-debuginfo-1.3-10.el6_5.i686.rpm openjpeg-debuginfo-1.3-10.el6_5.x86_64.rpm openjpeg-devel-1.3-10.el6_5.i686.rpm openjpeg-devel-1.3-10.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1447.html https://www.redhat.com/security/data/cve/CVE-2013-6045.html https://www.redhat.com/security/data/cve/CVE-2013-6052.html https://www.redhat.com/security/data/cve/CVE-2013-6054.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSsJqQXlSAg2UNWIIRAiStAKClYV3Hh2DV3YxHAyFomosGyFxIdgCgq+K2 7xFo7PRgCQ2EmDKFqhEMxZA= =FCr5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 17 18:42:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Dec 2013 18:42:48 +0000 Subject: [RHSA-2013:1851-01] Moderate: Red Hat Enterprise MRG Grid 2.4 security update Message-ID: <201312171842.rBHIgnXO026705@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.4 security update Advisory ID: RHSA-2013:1851-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1851.html Issue date: 2013-12-17 CVE Names: CVE-2012-2125 CVE-2012-2126 CVE-2013-4287 CVE-2013-4404 CVE-2013-4405 CVE-2013-4414 CVE-2013-4461 ===================================================================== 1. Summary: Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid for RHEL 5 Server v.2 - noarch MRG Management for RHEL 5 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) A flaw was found in the way cumin enforced user roles, allowing an unprivileged cumin user to access a range of resources without having the appropriate role. A remote, authenticated attacker could use this flaw to access privileged information, and perform a variety of privileged operations. (CVE-2013-4404) It was found that multiple forms in the cumin web interface did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who is logged into the cumin web interface, into visiting a specially crafted URL, the attacker could perform actions in the context of the logged in user. (CVE-2013-4405) It was found that cumin did not properly escape input from the "Max allowance" field in the "Set limit" form of the cumin web interface. A remote attacker could use this flaw to perform cross-site scripting (XSS) attacks against victims by tricking them into visiting a specially crafted URL. (CVE-2013-4414) A flaw was found in the way cumin parsed POST request data. A remote attacker could potentially use this flaw to perform SQL injection attacks on cumin's database. (CVE-2013-4461) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter of CVE-2013-4287. The CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, and CVE-2013-4461 issues were discovered by Tom?? Nov??ik of the Red Hat MRG Quality Engineering team. All users of the Grid capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 814718 - CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 995038 - CVE-2013-4404 cumin: missing authorization checks in forms, charts, and csv export widgets 998561 - CVE-2013-4405 cumin: CSRF protection does not work 998606 - CVE-2013-4414 cumin: non-persistent XSS possible due to not escaping set limit form input 1002364 - CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability 1016263 - CVE-2013-4461 cumin: filtering table operator not checked, leads to potential SQLi 1029673 - Grid 2.4.2 RHEL5 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5787-4.el5.src.rpm noarch: cumin-0.1.5787-4.el5.noarch.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5787-4.el5.src.rpm noarch: cumin-0.1.5787-4.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2125.html https://www.redhat.com/security/data/cve/CVE-2012-2126.html https://www.redhat.com/security/data/cve/CVE-2013-4287.html https://www.redhat.com/security/data/cve/CVE-2013-4404.html https://www.redhat.com/security/data/cve/CVE-2013-4405.html https://www.redhat.com/security/data/cve/CVE-2013-4414.html https://www.redhat.com/security/data/cve/CVE-2013-4461.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSsJsTXlSAg2UNWIIRAgbwAJ0QwzB+S6YYwZ2vWnpI/k+Li+oTnwCgvGvX CTpd1p2iUecHOWAiVp5azX4= =DQV+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 17 18:44:00 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Dec 2013 18:44:00 +0000 Subject: [RHSA-2013:1852-01] Moderate: Red Hat Enterprise MRG Grid 2.4 security update Message-ID: <201312171844.rBHIi0JK030255@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Grid 2.4 security update Advisory ID: RHSA-2013:1852-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1852.html Issue date: 2013-12-17 CVE Names: CVE-2012-2125 CVE-2012-2126 CVE-2013-4287 CVE-2013-4404 CVE-2013-4405 CVE-2013-4414 CVE-2013-4461 ===================================================================== 1. Summary: Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch MRG Grid for RHEL 6 Server v.2 - noarch MRG Management for RHEL 6 Server v.2 - noarch 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) A flaw was found in the way cumin enforced user roles, allowing an unprivileged cumin user to access a range of resources without having the appropriate role. A remote, authenticated attacker could use this flaw to access privileged information, and perform a variety of privileged operations. (CVE-2013-4404) It was found that multiple forms in the cumin web interface did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who is logged into the cumin web interface, into visiting a specially crafted URL, the attacker could perform actions in the context of the logged in user. (CVE-2013-4405) It was found that cumin did not properly escape input from the "Max allowance" field in the "Set limit" form of the cumin web interface. A remote attacker could use this flaw to perform cross-site scripting (XSS) attacks against victims by tricking them into visiting a specially crafted URL. (CVE-2013-4414) A flaw was found in the way cumin parsed POST request data. A remote attacker could potentially use this flaw to perform SQL injection attacks on cumin's database. (CVE-2013-4461) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter of CVE-2013-4287. The CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, and CVE-2013-4461 issues were discovered by Tom?? Nov??ik of the Red Hat MRG Quality Engineering team. All users of the Grid capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 814718 - CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 995038 - CVE-2013-4404 cumin: missing authorization checks in forms, charts, and csv export widgets 998561 - CVE-2013-4405 cumin: CSRF protection does not work 998606 - CVE-2013-4414 cumin: non-persistent XSS possible due to not escaping set limit form input 1002364 - CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability 1016263 - CVE-2013-4461 cumin: filtering table operator not checked, leads to potential SQLi 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/rubygems-1.8.23.2-1.el6.src.rpm noarch: rubygems-1.8.23.2-1.el6.noarch.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5787-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygems-1.8.23.2-1.el6.src.rpm noarch: cumin-0.1.5787-4.el6.noarch.rpm rubygems-1.8.23.2-1.el6.noarch.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5787-4.el6.src.rpm noarch: cumin-0.1.5787-4.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2125.html https://www.redhat.com/security/data/cve/CVE-2012-2126.html https://www.redhat.com/security/data/cve/CVE-2013-4287.html https://www.redhat.com/security/data/cve/CVE-2013-4404.html https://www.redhat.com/security/data/cve/CVE-2013-4405.html https://www.redhat.com/security/data/cve/CVE-2013-4414.html https://www.redhat.com/security/data/cve/CVE-2013-4461.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSsJszXlSAg2UNWIIRAn5wAJ9TkgmTCvdBmurOPUOGxB/IcL/zBwCfTHQQ knw3f700Poarw4o6N6/TLhY= =U7R2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 19 23:35:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Dec 2013 23:35:24 +0000 Subject: [RHSA-2013:1860-01] Moderate: kernel security and bug fix update Message-ID: <201312192335.rBJNZObr005404@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1860-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1860.html Issue date: 2013-12-19 CVE Names: CVE-2013-4299 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Fujitsu for reporting this issue. This update also fixes the following bugs: * A previous fix to the kernel did not contain a memory barrier in the percpu_up_write() function. Consequently, under certain circumstances, a race condition could occur, leading to memory corruption and a subsequent kernel panic. This update introduces a new memory barrier pair, light_mb() and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw-semaphores) ensuring that the race condition can no longer occur. In addition, the read path performance of "percpu-rw-semaphores" has been improved. (BZ#884735) * Due to several related bugs in the be2net driver, the driver did not handle firmware manipulation of the network cards using the Emulex XE201 I/O controller properly. As a consequence, these NICs could not recover from an error successfully. A series of patches has been applied that fix the initialization sequence, and firmware download and activation for the XE201 controller. Error recovery now works as expected for the be2net NICs using the Emulex XE201 I/O controller. (BZ#1019892) * A bug in the be2net driver could cause packet corruption when handling VLAN-tagged packets with no assigned VLAN group. This happened because the be2net driver called a function responsible for VLAN tag reinsertion in a wrong order in the code. The code has been restructured and the be2net driver now calls the __vlan_put_tag() function correctly, thus avoiding the packet corruption. (BZ#1019893) * A previous patch to the kernel introduced the "VLAN tag re-insertion" workaround to resolve a problem with incorrectly handled VLAN-tagged packets with no assigned VLAN group while the be2net driver was in promiscuous mode. However, this solution led to packet corruption and a subsequent kernel oops if such a processed packet was a GRO packet. Therefore, a patch has been applied to restrict VLAN tag re-insertion only to non-GRO packets. The be2net driver now processes VLAN-tagged packets with no assigned VLAN group correctly in this situation. (BZ#1023347) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1004233 - CVE-2013-4299 kernel: dm: dm-snapshot data leak 6. Package List: Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.21.1.el5.src.rpm i386: kernel-2.6.18-348.21.1.el5.i686.rpm kernel-PAE-2.6.18-348.21.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.21.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.21.1.el5.i686.rpm kernel-debug-2.6.18-348.21.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.21.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.21.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.21.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.21.1.el5.i686.rpm kernel-devel-2.6.18-348.21.1.el5.i686.rpm kernel-headers-2.6.18-348.21.1.el5.i386.rpm kernel-xen-2.6.18-348.21.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.21.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.21.1.el5.i686.rpm ia64: kernel-2.6.18-348.21.1.el5.ia64.rpm kernel-debug-2.6.18-348.21.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.21.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.21.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.21.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.21.1.el5.ia64.rpm kernel-devel-2.6.18-348.21.1.el5.ia64.rpm kernel-headers-2.6.18-348.21.1.el5.ia64.rpm kernel-xen-2.6.18-348.21.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.21.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.21.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.21.1.el5.noarch.rpm ppc: kernel-2.6.18-348.21.1.el5.ppc64.rpm kernel-debug-2.6.18-348.21.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.21.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.21.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.21.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.21.1.el5.ppc64.rpm kernel-devel-2.6.18-348.21.1.el5.ppc64.rpm kernel-headers-2.6.18-348.21.1.el5.ppc.rpm kernel-headers-2.6.18-348.21.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.21.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.21.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.21.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.21.1.el5.s390x.rpm kernel-debug-2.6.18-348.21.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.21.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.21.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.21.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.21.1.el5.s390x.rpm kernel-devel-2.6.18-348.21.1.el5.s390x.rpm kernel-headers-2.6.18-348.21.1.el5.s390x.rpm kernel-kdump-2.6.18-348.21.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.21.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.21.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.21.1.el5.x86_64.rpm kernel-debug-2.6.18-348.21.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.21.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.21.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.21.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.21.1.el5.x86_64.rpm kernel-devel-2.6.18-348.21.1.el5.x86_64.rpm kernel-headers-2.6.18-348.21.1.el5.x86_64.rpm kernel-xen-2.6.18-348.21.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.21.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.21.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4299.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs4KLXlSAg2UNWIIRAgnhAKC05eLIcdl2D8GcicF8s0hEhD6X0ACfUFw4 Lx4jXa1C/0kyF4w1Hd2gjJE= =r0DB -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 19 23:38:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Dec 2013 23:38:28 +0000 Subject: [RHSA-2013:1861-01] Moderate: nss security update Message-ID: <201312192338.rBJNcSLI006582@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss security update Advisory ID: RHSA-2013:1861-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1861.html Issue date: 2013-12-19 ===================================================================== 1. Summary: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. (BZ#1038894) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. All NSS users should upgrade to these updated packages, which correct this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1038894 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.15.3-4.el5_10.src.rpm i386: nss-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-tools-3.15.3-4.el5_10.i386.rpm x86_64: nss-3.15.3-4.el5_10.i386.rpm nss-3.15.3-4.el5_10.x86_64.rpm nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.x86_64.rpm nss-tools-3.15.3-4.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.15.3-4.el5_10.src.rpm i386: nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-devel-3.15.3-4.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-4.el5_10.i386.rpm x86_64: nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.x86_64.rpm nss-devel-3.15.3-4.el5_10.i386.rpm nss-devel-3.15.3-4.el5_10.x86_64.rpm nss-pkcs11-devel-3.15.3-4.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-4.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.15.3-4.el5_10.src.rpm i386: nss-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-devel-3.15.3-4.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-4.el5_10.i386.rpm nss-tools-3.15.3-4.el5_10.i386.rpm ia64: nss-3.15.3-4.el5_10.i386.rpm nss-3.15.3-4.el5_10.ia64.rpm nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.ia64.rpm nss-devel-3.15.3-4.el5_10.ia64.rpm nss-pkcs11-devel-3.15.3-4.el5_10.ia64.rpm nss-tools-3.15.3-4.el5_10.ia64.rpm ppc: nss-3.15.3-4.el5_10.ppc.rpm nss-3.15.3-4.el5_10.ppc64.rpm nss-debuginfo-3.15.3-4.el5_10.ppc.rpm nss-debuginfo-3.15.3-4.el5_10.ppc64.rpm nss-devel-3.15.3-4.el5_10.ppc.rpm nss-devel-3.15.3-4.el5_10.ppc64.rpm nss-pkcs11-devel-3.15.3-4.el5_10.ppc.rpm nss-pkcs11-devel-3.15.3-4.el5_10.ppc64.rpm nss-tools-3.15.3-4.el5_10.ppc.rpm s390x: nss-3.15.3-4.el5_10.s390.rpm nss-3.15.3-4.el5_10.s390x.rpm nss-debuginfo-3.15.3-4.el5_10.s390.rpm nss-debuginfo-3.15.3-4.el5_10.s390x.rpm nss-devel-3.15.3-4.el5_10.s390.rpm nss-devel-3.15.3-4.el5_10.s390x.rpm nss-pkcs11-devel-3.15.3-4.el5_10.s390.rpm nss-pkcs11-devel-3.15.3-4.el5_10.s390x.rpm nss-tools-3.15.3-4.el5_10.s390x.rpm x86_64: nss-3.15.3-4.el5_10.i386.rpm nss-3.15.3-4.el5_10.x86_64.rpm nss-debuginfo-3.15.3-4.el5_10.i386.rpm nss-debuginfo-3.15.3-4.el5_10.x86_64.rpm nss-devel-3.15.3-4.el5_10.i386.rpm nss-devel-3.15.3-4.el5_10.x86_64.rpm nss-pkcs11-devel-3.15.3-4.el5_10.i386.rpm nss-pkcs11-devel-3.15.3-4.el5_10.x86_64.rpm nss-tools-3.15.3-4.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-sysinit-3.15.3-3.el6_5.i686.rpm nss-tools-3.15.3-3.el6_5.i686.rpm x86_64: nss-3.15.3-3.el6_5.i686.rpm nss-3.15.3-3.el6_5.x86_64.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-sysinit-3.15.3-3.el6_5.x86_64.rpm nss-tools-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm x86_64: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm x86_64: nss-3.15.3-3.el6_5.i686.rpm nss-3.15.3-3.el6_5.x86_64.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-sysinit-3.15.3-3.el6_5.x86_64.rpm nss-tools-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm x86_64: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-sysinit-3.15.3-3.el6_5.i686.rpm nss-tools-3.15.3-3.el6_5.i686.rpm ppc64: nss-3.15.3-3.el6_5.ppc.rpm nss-3.15.3-3.el6_5.ppc64.rpm nss-debuginfo-3.15.3-3.el6_5.ppc.rpm nss-debuginfo-3.15.3-3.el6_5.ppc64.rpm nss-devel-3.15.3-3.el6_5.ppc.rpm nss-devel-3.15.3-3.el6_5.ppc64.rpm nss-sysinit-3.15.3-3.el6_5.ppc64.rpm nss-tools-3.15.3-3.el6_5.ppc64.rpm s390x: nss-3.15.3-3.el6_5.s390.rpm nss-3.15.3-3.el6_5.s390x.rpm nss-debuginfo-3.15.3-3.el6_5.s390.rpm nss-debuginfo-3.15.3-3.el6_5.s390x.rpm nss-devel-3.15.3-3.el6_5.s390.rpm nss-devel-3.15.3-3.el6_5.s390x.rpm nss-sysinit-3.15.3-3.el6_5.s390x.rpm nss-tools-3.15.3-3.el6_5.s390x.rpm x86_64: nss-3.15.3-3.el6_5.i686.rpm nss-3.15.3-3.el6_5.x86_64.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.x86_64.rpm nss-sysinit-3.15.3-3.el6_5.x86_64.rpm nss-tools-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm ppc64: nss-debuginfo-3.15.3-3.el6_5.ppc.rpm nss-debuginfo-3.15.3-3.el6_5.ppc64.rpm nss-pkcs11-devel-3.15.3-3.el6_5.ppc.rpm nss-pkcs11-devel-3.15.3-3.el6_5.ppc64.rpm s390x: nss-debuginfo-3.15.3-3.el6_5.s390.rpm nss-debuginfo-3.15.3-3.el6_5.s390x.rpm nss-pkcs11-devel-3.15.3-3.el6_5.s390.rpm nss-pkcs11-devel-3.15.3-3.el6_5.s390x.rpm x86_64: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-sysinit-3.15.3-3.el6_5.i686.rpm nss-tools-3.15.3-3.el6_5.i686.rpm x86_64: nss-3.15.3-3.el6_5.i686.rpm nss-3.15.3-3.el6_5.x86_64.rpm nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-devel-3.15.3-3.el6_5.i686.rpm nss-devel-3.15.3-3.el6_5.x86_64.rpm nss-sysinit-3.15.3-3.el6_5.x86_64.rpm nss-tools-3.15.3-3.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.15.3-3.el6_5.src.rpm i386: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm x86_64: nss-debuginfo-3.15.3-3.el6_5.i686.rpm nss-debuginfo-3.15.3-3.el6_5.x86_64.rpm nss-pkcs11-devel-3.15.3-3.el6_5.i686.rpm nss-pkcs11-devel-3.15.3-3.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#moderate http://www.mozilla.org/security/announce/2013/mfsa2013-117.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs4LoXlSAg2UNWIIRAoWGAJ96IMAkLhCMgRw/JWdzFdNhVQGlzgCgr6Iw Uu05mq2vtGOwfvwNa8uQx+Y= =aRUW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 19 23:44:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Dec 2013 23:44:11 +0000 Subject: [RHSA-2013:1864-01] Low: Red Hat Enterprise Linux 6.3 Extended Update Support 6-Month Notice Message-ID: <201312192344.rBJNiBYR008865@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.3 Extended Update Support 6-Month Notice Advisory ID: RHSA-2013:1864-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1864.html Issue date: 2013-12-19 ===================================================================== 1. Summary: This is the 6-Month notification for the retirement of Red Hat Enterprise Linux 6.3 Extended Update Support (EUS). 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after June 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.3. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.3 to a more recent version of Red Hat Enterprise Linux 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release (6.4 or 6.5, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package, that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.3): Source: redhat-release-server-6Server-6.3.0.5.el6_3.src.rpm i386: redhat-release-server-6Server-6.3.0.5.el6_3.i686.rpm ppc64: redhat-release-server-6Server-6.3.0.5.el6_3.ppc64.rpm s390x: redhat-release-server-6Server-6.3.0.5.el6_3.s390x.rpm x86_64: redhat-release-server-6Server-6.3.0.5.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs4ShXlSAg2UNWIIRAuXAAJ9LY7tR9C2raG+hCZYBhmw8oLP/IQCgm+A0 7dE3VV0A0NoqVrbcC3BLCv0= =OELh -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 19 23:44:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Dec 2013 23:44:48 +0000 Subject: [RHSA-2013:1865-01] Low: Red Hat Enterprise Linux 3 Extended Lifecycle Support 1-month Notice Message-ID: <201312192344.rBJNimRv030755@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 Extended Lifecycle Support 1-month Notice Advisory ID: RHSA-2013:1865-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1865.html Issue date: 2013-12-19 ===================================================================== 1. Summary: This is the 1-month notification for the retirement of Red Hat Enterprise Linux 3 Extended Lifecycle Support (ELS). 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support (ELS) for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support (ELS) channel for Red Hat Enterprise Linux 3. We encourage customers to plan their migration from Red Hat Enterprise Linux 3 to a more recent version of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release or Red Hat Enterprise Linux 6 release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: redhat-release-3AS-13.9.17.src.rpm i386: redhat-release-3AS-13.9.17.i386.rpm redhat-release-debuginfo-3AS-13.9.17.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: redhat-release-3ES-13.9.17.src.rpm i386: redhat-release-3ES-13.9.17.i386.rpm redhat-release-debuginfo-3ES-13.9.17.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs4TXXlSAg2UNWIIRAhCAAJ49fdhjWomBTatEOabdtI/LEe4x+wCbB64S ayjaruQQLRMSONTZqH/WeQ0= =nn3e -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 20 00:55:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Dec 2013 00:55:11 +0000 Subject: [RHSA-2013:1866-01] Moderate: ca-certificates security update Message-ID: <201312200055.rBK0tBfl029263@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ca-certificates security update Advisory ID: RHSA-2013:1866-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1866.html Issue date: 2013-12-20 ===================================================================== 1. Summary: An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI). It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. (BZ#1038894) All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1038894 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ca-certificates-2013.1.95-65.1.el6_5.src.rpm noarch: ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ca-certificates-2013.1.95-65.1.el6_5.src.rpm noarch: ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ca-certificates-2013.1.95-65.1.el6_5.src.rpm noarch: ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ca-certificates-2013.1.95-65.1.el6_5.src.rpm noarch: ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#moderate http://www.mozilla.org/security/announce/2013/mfsa2013-117.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs5VaXlSAg2UNWIIRAuiBAJ9KWxnIH5Rx20HQTJ/TTknYkhJy+ACfQXKA 3yxQ7UVkLbl+yDpUlKev+W0= =0cp6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 20 11:05:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Dec 2013 11:05:37 +0000 Subject: [RHSA-2013:1868-01] Important: xorg-x11-server security update Message-ID: <201312201101.rBKB1adP025431@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xorg-x11-server security update Advisory ID: RHSA-2013:1868-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1868.html Issue date: 2013-12-20 CVE Names: CVE-2013-6424 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-6424) All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1037984 - CVE-2013-6424 xorg-x11-server: integer underflow when handling trapezoids 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.101.el5_10.2.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.i386.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.101.el5_10.2.src.rpm i386: xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.i386.rpm x86_64: xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xorg-x11-server-1.1.1-48.101.el5_10.2.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.i386.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.i386.rpm ia64: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.ia64.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.ia64.rpm ppc: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.ppc.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.ppc.rpm s390x: xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.s390x.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.s390x.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.s390x.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.s390x.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.101.el5_10.2.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.101.el5_10.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.1.el6_5.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm noarch: xorg-x11-server-source-1.13.0-23.1.el6_5.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm ppc64: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.s390x.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.s390x.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.1.el6_5.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.ppc.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.ppc64.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.ppc.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.s390x.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.s390x.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.s390x.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-common-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.13.0-23.1.el6_5.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.1.el6_5.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.1.el6_5.x86_64.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.i686.rpm xorg-x11-server-devel-1.13.0-23.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6424.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFStCNzXlSAg2UNWIIRAuYnAKCeR9pmAFsyN718dwrm3IDhIZ98aACeO8OJ HLStM5LPm/A4zwhfTIYE1yo= =p0do -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 20 11:06:34 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Dec 2013 11:06:34 +0000 Subject: [RHSA-2013:1869-01] Important: pixman security update Message-ID: <201312201102.rBKB2Y2h013278@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: pixman security update Advisory ID: RHSA-2013:1869-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1869.html Issue date: 2013-12-20 CVE Names: CVE-2013-6425 ===================================================================== 1. Summary: Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1037975 - CVE-2013-6425 pixman: integer underflow when handling trapezoids 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pixman-0.22.0-2.2.el5_10.src.rpm i386: pixman-0.22.0-2.2.el5_10.i386.rpm pixman-debuginfo-0.22.0-2.2.el5_10.i386.rpm pixman-devel-0.22.0-2.2.el5_10.i386.rpm x86_64: pixman-0.22.0-2.2.el5_10.i386.rpm pixman-0.22.0-2.2.el5_10.x86_64.rpm pixman-debuginfo-0.22.0-2.2.el5_10.i386.rpm pixman-debuginfo-0.22.0-2.2.el5_10.x86_64.rpm pixman-devel-0.22.0-2.2.el5_10.i386.rpm pixman-devel-0.22.0-2.2.el5_10.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pixman-0.22.0-2.2.el5_10.src.rpm i386: pixman-0.22.0-2.2.el5_10.i386.rpm pixman-debuginfo-0.22.0-2.2.el5_10.i386.rpm pixman-devel-0.22.0-2.2.el5_10.i386.rpm x86_64: pixman-0.22.0-2.2.el5_10.x86_64.rpm pixman-debuginfo-0.22.0-2.2.el5_10.x86_64.rpm pixman-devel-0.22.0-2.2.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm i386: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm x86_64: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-0.26.2-5.1.el6_5.x86_64.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm i386: pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm x86_64: pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm x86_64: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-0.26.2-5.1.el6_5.x86_64.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm x86_64: pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm i386: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm ppc64: pixman-0.26.2-5.1.el6_5.ppc.rpm pixman-0.26.2-5.1.el6_5.ppc64.rpm pixman-debuginfo-0.26.2-5.1.el6_5.ppc.rpm pixman-debuginfo-0.26.2-5.1.el6_5.ppc64.rpm pixman-devel-0.26.2-5.1.el6_5.ppc.rpm pixman-devel-0.26.2-5.1.el6_5.ppc64.rpm s390x: pixman-0.26.2-5.1.el6_5.s390.rpm pixman-0.26.2-5.1.el6_5.s390x.rpm pixman-debuginfo-0.26.2-5.1.el6_5.s390.rpm pixman-debuginfo-0.26.2-5.1.el6_5.s390x.rpm pixman-devel-0.26.2-5.1.el6_5.s390.rpm pixman-devel-0.26.2-5.1.el6_5.s390x.rpm x86_64: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-0.26.2-5.1.el6_5.x86_64.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pixman-0.26.2-5.1.el6_5.src.rpm i386: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm x86_64: pixman-0.26.2-5.1.el6_5.i686.rpm pixman-0.26.2-5.1.el6_5.x86_64.rpm pixman-debuginfo-0.26.2-5.1.el6_5.i686.rpm pixman-debuginfo-0.26.2-5.1.el6_5.x86_64.rpm pixman-devel-0.26.2-5.1.el6_5.i686.rpm pixman-devel-0.26.2-5.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6425.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFStCPEXlSAg2UNWIIRAlYpAJ9hN4V+agOvTY+75siBtu6uNi0HCwCgv+L1 8QSSo4RpST89Pv6MkZO7eZs= =PL6x -----END PGP SIGNATURE-----