From bugzilla at redhat.com Tue Feb 5 00:14:29 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Feb 2013 00:14:29 +0000 Subject: [RHSA-2013:0236-01] Critical: java-1.6.0-sun security update Message-ID: <201302050014.r150ETAE014113@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2013:0236-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0236.html Issue date: 2013-02-04 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 39. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0430.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1481.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREE7WXlSAg2UNWIIRAuWTAJ4g2iIk0XnUEpbIXz6nDgDjaHxz7ACbBcjy gqkoqFew2BZDYA/n817qYO8= =m5pJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 5 00:15:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Feb 2013 00:15:12 +0000 Subject: [RHSA-2013:0237-01] Critical: java-1.7.0-oracle security update Message-ID: <201302050015.r150FC1j022334@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0237-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0237.html Issue date: 2013-02-04 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0448 CVE-2013-0449 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1479 CVE-2013-1480 CVE-2013-1489 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1489) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 13 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906449 - CVE-2013-1489 Oracle JDK 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install) 906932 - CVE-2013-0449 Oracle JDK: unspecified vulnerability fixed in 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906934 - CVE-2013-0448 Oracle JDK: unspecified vulnerability fixed in 7u13 (Libraries) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907190 - CVE-2013-1479 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JavaFX) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907222 - CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0430.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0437.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0448.html https://www.redhat.com/security/data/cve/CVE-2013-0449.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1479.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1489.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREE70XlSAg2UNWIIRAl0aAJ9geHwpDX2Kb2LdBP3WSQxnPNr97gCgmyRY c2rbNUSIrrFwoG5d602o5QY= =Kt+4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 5 19:57:40 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Feb 2013 19:57:40 +0000 Subject: [RHSA-2013:0223-01] Moderate: kernel security and bug fix update Message-ID: <201302051957.r15JveJC000823@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:0223-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0223.html Issue date: 2013-02-05 CVE Names: CVE-2012-4398 CVE-2012-4461 CVE-2012-4530 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The "grep --color xsave /proc/cpuinfo" command can be used to verify if your system has the XSAVE CPU feature.) (CVE-2012-4461, Moderate) * A memory disclosure flaw was found in the way the load_script() function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts. (CVE-2012-4530, Low) Red Hat would like to thank Tetsuo Handa for reporting CVE-2012-4398, and Jon Howell for reporting CVE-2012-4461. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 853474 - CVE-2012-4398 kernel: request_module() OOM local DoS 862900 - CVE-2012-4461 kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set 865305 - fuse: backport scatter-gather direct IO [rhel-6.3.z] 868285 - CVE-2012-4530 kernel: stack disclosure in binfmt_script load_script() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-2.6.32-279.22.1.el6.i686.rpm kernel-debug-2.6.32-279.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm kernel-devel-2.6.32-279.22.1.el6.i686.rpm kernel-headers-2.6.32-279.22.1.el6.i686.rpm perf-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.22.1.el6.noarch.rpm kernel-firmware-2.6.32-279.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm kernel-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-headers-2.6.32-279.22.1.el6.x86_64.rpm perf-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm noarch: kernel-doc-2.6.32-279.22.1.el6.noarch.rpm kernel-firmware-2.6.32-279.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm kernel-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-headers-2.6.32-279.22.1.el6.x86_64.rpm perf-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-2.6.32-279.22.1.el6.i686.rpm kernel-debug-2.6.32-279.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm kernel-devel-2.6.32-279.22.1.el6.i686.rpm kernel-headers-2.6.32-279.22.1.el6.i686.rpm perf-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.22.1.el6.noarch.rpm kernel-firmware-2.6.32-279.22.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.22.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.22.1.el6.ppc64.rpm kernel-debug-2.6.32-279.22.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.22.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.22.1.el6.ppc64.rpm kernel-devel-2.6.32-279.22.1.el6.ppc64.rpm kernel-headers-2.6.32-279.22.1.el6.ppc64.rpm perf-2.6.32-279.22.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.22.1.el6.s390x.rpm kernel-debug-2.6.32-279.22.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.22.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.22.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.22.1.el6.s390x.rpm kernel-devel-2.6.32-279.22.1.el6.s390x.rpm kernel-headers-2.6.32-279.22.1.el6.s390x.rpm kernel-kdump-2.6.32-279.22.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.22.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.22.1.el6.s390x.rpm perf-2.6.32-279.22.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.22.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm kernel-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-headers-2.6.32-279.22.1.el6.x86_64.rpm perf-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.22.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm python-perf-2.6.32-279.22.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.22.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.22.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.22.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.22.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.22.1.el6.s390x.rpm python-perf-2.6.32-279.22.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-2.6.32-279.22.1.el6.i686.rpm kernel-debug-2.6.32-279.22.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm kernel-devel-2.6.32-279.22.1.el6.i686.rpm kernel-headers-2.6.32-279.22.1.el6.i686.rpm perf-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.22.1.el6.noarch.rpm kernel-firmware-2.6.32-279.22.1.el6.noarch.rpm x86_64: kernel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm kernel-devel-2.6.32-279.22.1.el6.x86_64.rpm kernel-headers-2.6.32-279.22.1.el6.x86_64.rpm perf-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.22.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm python-perf-2.6.32-279.22.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm python-perf-2.6.32-279.22.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4398.html https://www.redhat.com/security/data/cve/CVE-2012-4461.html https://www.redhat.com/security/data/cve/CVE-2012-4530.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2013-0223 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREWQcXlSAg2UNWIIRAoLbAJ9XdwSG25ch4sKbXVJg8k+qRHUAfQCfYDSk dzk+ElZerG9zjNr/TuOQXIo= =6tNU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 7 20:26:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Feb 2013 20:26:01 +0000 Subject: [RHSA-2013:0241-01] Moderate: xen security update Message-ID: <201302072026.r17KQ18m027359@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xen security update Advisory ID: RHSA-2013:0241-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0241.html Issue date: 2013-02-07 CVE Names: CVE-2012-4544 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged guest user in a para-virtualized guest (a DomU) could create a crafted kernel or ramdisk image that, when attempting to use it during guest start, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-4544) Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 870412 - CVE-2012-4544 xen: Xen domain builder Out-of-memory due to malicious kernel/ramdisk 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-142.el5_9.1.src.rpm i386: xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-libs-3.0.3-142.el5_9.1.i386.rpm x86_64: xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.x86_64.rpm xen-libs-3.0.3-142.el5_9.1.i386.rpm xen-libs-3.0.3-142.el5_9.1.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-142.el5_9.1.src.rpm i386: xen-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-devel-3.0.3-142.el5_9.1.i386.rpm x86_64: xen-3.0.3-142.el5_9.1.x86_64.rpm xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.x86_64.rpm xen-devel-3.0.3-142.el5_9.1.i386.rpm xen-devel-3.0.3-142.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-142.el5_9.1.src.rpm i386: xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-libs-3.0.3-142.el5_9.1.i386.rpm ia64: xen-debuginfo-3.0.3-142.el5_9.1.ia64.rpm xen-libs-3.0.3-142.el5_9.1.ia64.rpm x86_64: xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.x86_64.rpm xen-libs-3.0.3-142.el5_9.1.i386.rpm xen-libs-3.0.3-142.el5_9.1.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-142.el5_9.1.src.rpm i386: xen-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-devel-3.0.3-142.el5_9.1.i386.rpm ia64: xen-3.0.3-142.el5_9.1.ia64.rpm xen-debuginfo-3.0.3-142.el5_9.1.ia64.rpm xen-devel-3.0.3-142.el5_9.1.ia64.rpm x86_64: xen-3.0.3-142.el5_9.1.x86_64.rpm xen-debuginfo-3.0.3-142.el5_9.1.i386.rpm xen-debuginfo-3.0.3-142.el5_9.1.x86_64.rpm xen-devel-3.0.3-142.el5_9.1.i386.rpm xen-devel-3.0.3-142.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4544.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFA2PXlSAg2UNWIIRAkLrAJoCeRyHeDYgLU3VV/MK6+6h9egMMwCcDbTW QO62RyEVbSPeBlxgEFhKLEI= =/YVY -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 09:20:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Feb 2013 09:20:14 +0000 Subject: [RHSA-2013:0243-01] Critical: flash-plugin security update Message-ID: <201302080930.r189Utoe015656@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0243-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0243.html Issue date: 2013-02-08 CVE Names: CVE-2013-0633 CVE-2013-0634 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0633, CVE-2013-0634) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.262. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 908999 - CVE-2013-0633 CVE-2013-0634 flash-plugin: multiple code execution flaws (APSB13-04) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.262-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.262-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.262-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.262-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.262-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.262-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.262-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.262-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.262-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.262-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0633.html https://www.redhat.com/security/data/cve/CVE-2013-0634.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-04.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFMXIXlSAg2UNWIIRArzrAJ45m7DbkzW5ho3r2YqZgNgr5FmaGQCdFQzj fUIEkz0andYjE1AfOJzv2XA= =M752 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 19:44:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Feb 2013 19:44:11 +0000 Subject: [RHSA-2013:0245-01] Critical: java-1.6.0-openjdk security update Message-ID: <201302081944.r18JiBgU027739@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0245-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0245.html Issue date: 2013-02-08 CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFVVkXlSAg2UNWIIRAj6IAJ9pyNWKcES0d/HAkxu8/nazgM+tGgCgsH48 491W7PbYZVogid5QvYiYwv8= =d0CL -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 19:44:49 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Feb 2013 19:44:49 +0000 Subject: [RHSA-2013:0246-01] Important: java-1.6.0-openjdk security update Message-ID: <201302081944.r18Jiov5027852@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0246-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0246.html Issue date: 2013-02-08 CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFVWbXlSAg2UNWIIRAkZ1AKCNv3R634ckG40//MzcjQGI8Dl5tQCdFfpC RcgxElRRB2ZjvFAfj2TougE= =RPx0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 8 19:45:55 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Feb 2013 19:45:55 +0000 Subject: [RHSA-2013:0247-01] Important: java-1.7.0-openjdk security update Message-ID: <201302081945.r18JjtPQ003623@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0247-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0247.html Issue date: 2013-02-08 CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.5/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFVXMXlSAg2UNWIIRAvzmAJsEIinMVfUD8oFejiNBbKBOxDtgqwCePy0t WzOE5rFNiST5oFX5kr3mRQA= =+39R -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 11 18:16:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Feb 2013 18:16:35 +0000 Subject: [RHSA-2013:0250-01] Moderate: elinks security update Message-ID: <201302111816.r1BIGa5e027649@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: elinks security update Advisory ID: RHSA-2013:0250-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0250.html Issue date: 2013-02-11 CVE Names: CVE-2012-4545 ===================================================================== 1. Summary: An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 864566 - CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/elinks-0.11.1-8.el5_9.src.rpm i386: elinks-0.11.1-8.el5_9.i386.rpm elinks-debuginfo-0.11.1-8.el5_9.i386.rpm x86_64: elinks-0.11.1-8.el5_9.x86_64.rpm elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/elinks-0.11.1-8.el5_9.src.rpm i386: elinks-0.11.1-8.el5_9.i386.rpm elinks-debuginfo-0.11.1-8.el5_9.i386.rpm ia64: elinks-0.11.1-8.el5_9.ia64.rpm elinks-debuginfo-0.11.1-8.el5_9.ia64.rpm ppc: elinks-0.11.1-8.el5_9.ppc.rpm elinks-debuginfo-0.11.1-8.el5_9.ppc.rpm s390x: elinks-0.11.1-8.el5_9.s390x.rpm elinks-debuginfo-0.11.1-8.el5_9.s390x.rpm x86_64: elinks-0.11.1-8.el5_9.x86_64.rpm elinks-debuginfo-0.11.1-8.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/elinks-0.12-0.21.pre5.el6_3.src.rpm i386: elinks-0.12-0.21.pre5.el6_3.i686.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm x86_64: elinks-0.12-0.21.pre5.el6_3.x86_64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/elinks-0.12-0.21.pre5.el6_3.src.rpm x86_64: elinks-0.12-0.21.pre5.el6_3.x86_64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/elinks-0.12-0.21.pre5.el6_3.src.rpm i386: elinks-0.12-0.21.pre5.el6_3.i686.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm ppc64: elinks-0.12-0.21.pre5.el6_3.ppc64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.ppc64.rpm s390x: elinks-0.12-0.21.pre5.el6_3.s390x.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.s390x.rpm x86_64: elinks-0.12-0.21.pre5.el6_3.x86_64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/elinks-0.12-0.21.pre5.el6_3.src.rpm i386: elinks-0.12-0.21.pre5.el6_3.i686.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.i686.rpm x86_64: elinks-0.12-0.21.pre5.el6_3.x86_64.rpm elinks-debuginfo-0.12-0.21.pre5.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4545.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRGTVvXlSAg2UNWIIRAiwtAKC1ibbfsQBhbX0iOhj7/3Eu5bdUSACdGyIg 9nqD0pXT28YC2LKWLIQswVA= =rju5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 12 17:51:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Feb 2013 17:51:37 +0000 Subject: [RHSA-2013:0253-01] Moderate: openstack-keystone security and bug fix update Message-ID: <201302121751.r1CHpbRu019645@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security and bug fix update Advisory ID: RHSA-2013:0253-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0253.html Issue date: 2013-02-12 CVE Names: CVE-2013-0247 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and two bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that an excessive amount of information was logged when invalid tokens were requested, resulting in large log files. An attacker could use this flaw to consume an excessive amount of disk space by requesting a large number of invalid tokens. (CVE-2013-0247) The CVE-2013-0247 issue was discovered by Dan Prince of Red Hat. This update also fixes two bugs that could have caused 'keystone' commands (such as 'keystone endpoint-delete' and 'keystone service-get') to fail with a 'No handlers could be found for logger "keystoneclient.v2_0.client"' and 'Authorization Failed' error. (BZ#857290, BZ#888328) All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 857290 - Keystone catalog fails if not all URLs are defined in an endpoint 888328 - Unable to delete service endpoint in keystone 906171 - CVE-2013-0247 OpenStack Keystone: denial of service through invalid token requests 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.2.1-3.el6ost.src.rpm noarch: openstack-keystone-2012.2.1-3.el6ost.noarch.rpm openstack-keystone-doc-2012.2.1-3.el6ost.noarch.rpm python-keystone-2012.2.1-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0247.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRGoEZXlSAg2UNWIIRAicHAJ0c23Gs2EbuX+bRhBPPpDTUJ/IJGQCdGptJ taQdBpRk29FBaODvd6moioo= =oH5U -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 13 09:46:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Feb 2013 09:46:57 +0000 Subject: [RHSA-2013:0254-01] Critical: flash-plugin security update Message-ID: <201302130957.r1D9vl3o005081@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0254-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0254.html Issue date: 2013-02-13 CVE Names: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. (CVE-2013-0637) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.270. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910570 - flash-plugin: multiple code execution flaws (APSB13-05) 910571 - CVE-2013-0637 flash-plugin: information disclosure flaw (APSB13-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0637.html https://www.redhat.com/security/data/cve/CVE-2013-0638.html https://www.redhat.com/security/data/cve/CVE-2013-0639.html https://www.redhat.com/security/data/cve/CVE-2013-0642.html https://www.redhat.com/security/data/cve/CVE-2013-0644.html https://www.redhat.com/security/data/cve/CVE-2013-0645.html https://www.redhat.com/security/data/cve/CVE-2013-0647.html https://www.redhat.com/security/data/cve/CVE-2013-0649.html https://www.redhat.com/security/data/cve/CVE-2013-1365.html https://www.redhat.com/security/data/cve/CVE-2013-1366.html https://www.redhat.com/security/data/cve/CVE-2013-1367.html https://www.redhat.com/security/data/cve/CVE-2013-1368.html https://www.redhat.com/security/data/cve/CVE-2013-1369.html https://www.redhat.com/security/data/cve/CVE-2013-1370.html https://www.redhat.com/security/data/cve/CVE-2013-1372.html https://www.redhat.com/security/data/cve/CVE-2013-1373.html https://www.redhat.com/security/data/cve/CVE-2013-1374.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-05.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRG2NzXlSAg2UNWIIRAjGKAJ4lnleOpb7dBn8s/DCk7wAK9qbQJACgm3Vs pnyD10c/hdKGIm0b1Kjv3eY= =+cgh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 19 23:47:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Feb 2013 23:47:47 +0000 Subject: [RHSA-2013:0269-01] Moderate: axis security update Message-ID: <201302192347.r1JNllfB018831@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: axis security update Advisory ID: RHSA-2013:0269-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0269.html Issue date: 2013-02-19 CVE Names: CVE-2012-5784 ===================================================================== 1. Summary: Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873252 - CVE-2012-5784 axis: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-1.2.1-7.3.el6_3.noarch.rpm axis-javadoc-1.2.1-7.3.el6_3.noarch.rpm axis-manual-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-javadoc-1.2.1-7.3.el6_3.noarch.rpm axis-manual-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-javadoc-1.2.1-7.3.el6_3.noarch.rpm axis-manual-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-1.2.1-7.3.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/axis-1.2.1-7.3.el6_3.src.rpm noarch: axis-javadoc-1.2.1-7.3.el6_3.noarch.rpm axis-manual-1.2.1-7.3.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5784.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJA8NXlSAg2UNWIIRAjpcAKCjNBCWDRTgv0OVYz3ZTATWY1d/qgCdGg2P oKSZtOI/Vd4n/fQg0o6GdAc= =k+ga -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 19 23:49:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Feb 2013 23:49:15 +0000 Subject: [RHSA-2013:0270-01] Moderate: jakarta-commons-httpclient security update Message-ID: <201302192349.r1JNnGut019041@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: jakarta-commons-httpclient security update Advisory ID: RHSA-2013:0270-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0270.html Issue date: 2013-02-19 CVE Names: CVE-2012-5783 ===================================================================== 1. Summary: Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications (such as web browsers and web service clients). The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5783) All users of jakarta-commons-httpclient are advised to upgrade to these updated packages, which correct this issue. Applications using the Jakarta Commons HttpClient component must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873317 - CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/jakarta-commons-httpclient-3.0-7jpp.2.src.rpm i386: jakarta-commons-httpclient-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.i386.rpm x86_64: jakarta-commons-httpclient-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/jakarta-commons-httpclient-3.0-7jpp.2.src.rpm i386: jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.i386.rpm x86_64: jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/jakarta-commons-httpclient-3.0-7jpp.2.src.rpm i386: jakarta-commons-httpclient-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.i386.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.i386.rpm ia64: jakarta-commons-httpclient-3.0-7jpp.2.ia64.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.ia64.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.ia64.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.ia64.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.ia64.rpm ppc: jakarta-commons-httpclient-3.0-7jpp.2.ppc.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.ppc.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.ppc.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.ppc.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.ppc.rpm s390x: jakarta-commons-httpclient-3.0-7jpp.2.s390x.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.s390x.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.s390x.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.s390x.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.s390x.rpm x86_64: jakarta-commons-httpclient-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-demo-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.2.x86_64.rpm jakarta-commons-httpclient-manual-3.0-7jpp.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm x86_64: jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.i686.rpm x86_64: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm x86_64: jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm x86_64: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm ppc64: jakarta-commons-httpclient-3.1-0.7.el6_3.ppc64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.ppc64.rpm s390x: jakarta-commons-httpclient-3.1-0.7.el6_3.s390x.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.s390x.rpm x86_64: jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.i686.rpm ppc64: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.ppc64.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.ppc64.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.ppc64.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.ppc64.rpm s390x: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.s390x.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.s390x.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.s390x.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.s390x.rpm x86_64: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm x86_64: jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/jakarta-commons-httpclient-3.1-0.7.el6_3.src.rpm i386: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.i686.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.i686.rpm x86_64: jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-demo-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.x86_64.rpm jakarta-commons-httpclient-manual-3.1-0.7.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5783.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJA9fXlSAg2UNWIIRAsQ1AKCkuHaDELxc4oWJ8N3zkyqw8l1kUACgliOH FVcJP4CETrDazEdHeZsXoq8= =rtPB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 19 23:50:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Feb 2013 23:50:48 +0000 Subject: [RHSA-2013:0271-01] Critical: firefox security update Message-ID: <201302192350.r1JNonIe020044@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:0271-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0271.html Issue date: 2013-02-19 CVE Names: CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface: https://access.redhat.com/knowledge/solutions/294303 Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 911836 - CVE-2013-0783 Mozilla: Miscellaneous memory safety hazards (rv:17.0.3) (MFSA 2013-21) 911843 - CVE-2013-0775 Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26) 911844 - CVE-2013-0776 Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27) 911865 - CVE-2013-0780 CVE-2013-0782 Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-23.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.3-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.3-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-30.el5_9.src.rpm i386: devhelp-0.12-23.el5_9.i386.rpm devhelp-debuginfo-0.12-23.el5_9.i386.rpm firefox-17.0.3-1.el5_9.i386.rpm firefox-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-17.0.3-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm yelp-2.16.0-30.el5_9.i386.rpm yelp-debuginfo-2.16.0-30.el5_9.i386.rpm x86_64: devhelp-0.12-23.el5_9.i386.rpm devhelp-0.12-23.el5_9.x86_64.rpm devhelp-debuginfo-0.12-23.el5_9.i386.rpm devhelp-debuginfo-0.12-23.el5_9.x86_64.rpm firefox-17.0.3-1.el5_9.i386.rpm firefox-17.0.3-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.3-1.el5_9.i386.rpm firefox-debuginfo-17.0.3-1.el5_9.x86_64.rpm xulrunner-17.0.3-1.el5_9.i386.rpm xulrunner-17.0.3-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.x86_64.rpm yelp-2.16.0-30.el5_9.x86_64.rpm yelp-debuginfo-2.16.0-30.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-23.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.3-1.el5_9.src.rpm i386: devhelp-debuginfo-0.12-23.el5_9.i386.rpm devhelp-devel-0.12-23.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-devel-17.0.3-1.el5_9.i386.rpm x86_64: devhelp-debuginfo-0.12-23.el5_9.i386.rpm devhelp-debuginfo-0.12-23.el5_9.x86_64.rpm devhelp-devel-0.12-23.el5_9.i386.rpm devhelp-devel-0.12-23.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.x86_64.rpm xulrunner-devel-17.0.3-1.el5_9.i386.rpm xulrunner-devel-17.0.3-1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-23.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.3-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.3-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-30.el5_9.src.rpm i386: devhelp-0.12-23.el5_9.i386.rpm devhelp-debuginfo-0.12-23.el5_9.i386.rpm devhelp-devel-0.12-23.el5_9.i386.rpm firefox-17.0.3-1.el5_9.i386.rpm firefox-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-17.0.3-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-devel-17.0.3-1.el5_9.i386.rpm yelp-2.16.0-30.el5_9.i386.rpm yelp-debuginfo-2.16.0-30.el5_9.i386.rpm ia64: devhelp-0.12-23.el5_9.ia64.rpm devhelp-debuginfo-0.12-23.el5_9.ia64.rpm devhelp-devel-0.12-23.el5_9.ia64.rpm firefox-17.0.3-1.el5_9.ia64.rpm firefox-debuginfo-17.0.3-1.el5_9.ia64.rpm xulrunner-17.0.3-1.el5_9.ia64.rpm xulrunner-debuginfo-17.0.3-1.el5_9.ia64.rpm xulrunner-devel-17.0.3-1.el5_9.ia64.rpm yelp-2.16.0-30.el5_9.ia64.rpm yelp-debuginfo-2.16.0-30.el5_9.ia64.rpm ppc: devhelp-0.12-23.el5_9.ppc.rpm devhelp-debuginfo-0.12-23.el5_9.ppc.rpm devhelp-devel-0.12-23.el5_9.ppc.rpm firefox-17.0.3-1.el5_9.ppc.rpm firefox-debuginfo-17.0.3-1.el5_9.ppc.rpm xulrunner-17.0.3-1.el5_9.ppc.rpm xulrunner-17.0.3-1.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.3-1.el5_9.ppc.rpm xulrunner-debuginfo-17.0.3-1.el5_9.ppc64.rpm xulrunner-devel-17.0.3-1.el5_9.ppc.rpm xulrunner-devel-17.0.3-1.el5_9.ppc64.rpm yelp-2.16.0-30.el5_9.ppc.rpm yelp-debuginfo-2.16.0-30.el5_9.ppc.rpm s390x: devhelp-0.12-23.el5_9.s390.rpm devhelp-0.12-23.el5_9.s390x.rpm devhelp-debuginfo-0.12-23.el5_9.s390.rpm devhelp-debuginfo-0.12-23.el5_9.s390x.rpm devhelp-devel-0.12-23.el5_9.s390.rpm devhelp-devel-0.12-23.el5_9.s390x.rpm firefox-17.0.3-1.el5_9.s390.rpm firefox-17.0.3-1.el5_9.s390x.rpm firefox-debuginfo-17.0.3-1.el5_9.s390.rpm firefox-debuginfo-17.0.3-1.el5_9.s390x.rpm xulrunner-17.0.3-1.el5_9.s390.rpm xulrunner-17.0.3-1.el5_9.s390x.rpm xulrunner-debuginfo-17.0.3-1.el5_9.s390.rpm xulrunner-debuginfo-17.0.3-1.el5_9.s390x.rpm xulrunner-devel-17.0.3-1.el5_9.s390.rpm xulrunner-devel-17.0.3-1.el5_9.s390x.rpm yelp-2.16.0-30.el5_9.s390x.rpm yelp-debuginfo-2.16.0-30.el5_9.s390x.rpm x86_64: devhelp-0.12-23.el5_9.i386.rpm devhelp-0.12-23.el5_9.x86_64.rpm devhelp-debuginfo-0.12-23.el5_9.i386.rpm devhelp-debuginfo-0.12-23.el5_9.x86_64.rpm devhelp-devel-0.12-23.el5_9.i386.rpm devhelp-devel-0.12-23.el5_9.x86_64.rpm firefox-17.0.3-1.el5_9.i386.rpm firefox-17.0.3-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.3-1.el5_9.i386.rpm firefox-debuginfo-17.0.3-1.el5_9.x86_64.rpm xulrunner-17.0.3-1.el5_9.i386.rpm xulrunner-17.0.3-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-1.el5_9.x86_64.rpm xulrunner-devel-17.0.3-1.el5_9.i386.rpm xulrunner-devel-17.0.3-1.el5_9.x86_64.rpm yelp-2.16.0-30.el5_9.x86_64.rpm yelp-debuginfo-2.16.0-30.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/yelp-2.28.1-17.el6_3.src.rpm i386: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-bin-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-python-0.3.0-4.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm yelp-2.28.1-17.el6_3.i686.rpm yelp-debuginfo-2.28.1-17.el6_3.i686.rpm x86_64: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.x86_64.rpm libproxy-bin-0.3.0-4.el6_3.x86_64.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-python-0.3.0-4.el6_3.x86_64.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.x86_64.rpm xulrunner-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm yelp-2.28.1-17.el6_3.x86_64.rpm yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm i386: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-gnome-0.3.0-4.el6_3.i686.rpm libproxy-kde-0.3.0-4.el6_3.i686.rpm libproxy-mozjs-0.3.0-4.el6_3.i686.rpm libproxy-webkit-0.3.0-4.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm x86_64: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.x86_64.rpm libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm libproxy-kde-0.3.0-4.el6_3.x86_64.rpm libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/yelp-2.28.1-17.el6_3.src.rpm x86_64: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.x86_64.rpm libproxy-bin-0.3.0-4.el6_3.x86_64.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.x86_64.rpm libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm libproxy-kde-0.3.0-4.el6_3.x86_64.rpm libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm libproxy-python-0.3.0-4.el6_3.x86_64.rpm libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm yelp-2.28.1-17.el6_3.x86_64.rpm yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/yelp-2.28.1-17.el6_3.src.rpm i386: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-bin-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-python-0.3.0-4.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm yelp-2.28.1-17.el6_3.i686.rpm yelp-debuginfo-2.28.1-17.el6_3.i686.rpm ppc64: firefox-17.0.3-1.el6_3.ppc.rpm firefox-17.0.3-1.el6_3.ppc.rpm firefox-17.0.3-1.el6_3.ppc64.rpm firefox-17.0.3-1.el6_3.ppc64.rpm firefox-debuginfo-17.0.3-1.el6_3.ppc.rpm firefox-debuginfo-17.0.3-1.el6_3.ppc.rpm firefox-debuginfo-17.0.3-1.el6_3.ppc64.rpm firefox-debuginfo-17.0.3-1.el6_3.ppc64.rpm libproxy-0.3.0-4.el6_3.ppc.rpm libproxy-0.3.0-4.el6_3.ppc64.rpm libproxy-bin-0.3.0-4.el6_3.ppc64.rpm libproxy-debuginfo-0.3.0-4.el6_3.ppc.rpm libproxy-debuginfo-0.3.0-4.el6_3.ppc64.rpm libproxy-python-0.3.0-4.el6_3.ppc64.rpm xulrunner-17.0.3-1.el6_3.ppc.rpm xulrunner-17.0.3-1.el6_3.ppc.rpm xulrunner-17.0.3-1.el6_3.ppc64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc64.rpm yelp-2.28.1-17.el6_3.ppc64.rpm yelp-debuginfo-2.28.1-17.el6_3.ppc64.rpm s390x: firefox-17.0.3-1.el6_3.s390.rpm firefox-17.0.3-1.el6_3.s390.rpm firefox-17.0.3-1.el6_3.s390x.rpm firefox-17.0.3-1.el6_3.s390x.rpm firefox-debuginfo-17.0.3-1.el6_3.s390.rpm firefox-debuginfo-17.0.3-1.el6_3.s390.rpm firefox-debuginfo-17.0.3-1.el6_3.s390x.rpm firefox-debuginfo-17.0.3-1.el6_3.s390x.rpm libproxy-0.3.0-4.el6_3.s390.rpm libproxy-0.3.0-4.el6_3.s390x.rpm libproxy-bin-0.3.0-4.el6_3.s390x.rpm libproxy-debuginfo-0.3.0-4.el6_3.s390.rpm libproxy-debuginfo-0.3.0-4.el6_3.s390x.rpm libproxy-python-0.3.0-4.el6_3.s390x.rpm xulrunner-17.0.3-1.el6_3.s390.rpm xulrunner-17.0.3-1.el6_3.s390x.rpm xulrunner-17.0.3-1.el6_3.s390x.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390x.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390x.rpm yelp-2.28.1-17.el6_3.s390x.rpm yelp-debuginfo-2.28.1-17.el6_3.s390x.rpm x86_64: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.x86_64.rpm libproxy-bin-0.3.0-4.el6_3.x86_64.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-python-0.3.0-4.el6_3.x86_64.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm yelp-2.28.1-17.el6_3.x86_64.rpm yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm i386: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-gnome-0.3.0-4.el6_3.i686.rpm libproxy-kde-0.3.0-4.el6_3.i686.rpm libproxy-mozjs-0.3.0-4.el6_3.i686.rpm libproxy-webkit-0.3.0-4.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm ppc64: libproxy-debuginfo-0.3.0-4.el6_3.ppc.rpm libproxy-debuginfo-0.3.0-4.el6_3.ppc64.rpm libproxy-devel-0.3.0-4.el6_3.ppc.rpm libproxy-devel-0.3.0-4.el6_3.ppc64.rpm libproxy-gnome-0.3.0-4.el6_3.ppc64.rpm libproxy-kde-0.3.0-4.el6_3.ppc64.rpm libproxy-mozjs-0.3.0-4.el6_3.ppc64.rpm libproxy-webkit-0.3.0-4.el6_3.ppc64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc.rpm xulrunner-debuginfo-17.0.3-1.el6_3.ppc64.rpm xulrunner-devel-17.0.3-1.el6_3.ppc.rpm xulrunner-devel-17.0.3-1.el6_3.ppc64.rpm s390x: libproxy-debuginfo-0.3.0-4.el6_3.s390.rpm libproxy-debuginfo-0.3.0-4.el6_3.s390x.rpm libproxy-devel-0.3.0-4.el6_3.s390.rpm libproxy-devel-0.3.0-4.el6_3.s390x.rpm libproxy-gnome-0.3.0-4.el6_3.s390x.rpm libproxy-kde-0.3.0-4.el6_3.s390x.rpm libproxy-mozjs-0.3.0-4.el6_3.s390x.rpm libproxy-webkit-0.3.0-4.el6_3.s390x.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390.rpm xulrunner-debuginfo-17.0.3-1.el6_3.s390x.rpm xulrunner-devel-17.0.3-1.el6_3.s390.rpm xulrunner-devel-17.0.3-1.el6_3.s390x.rpm x86_64: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.x86_64.rpm libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm libproxy-kde-0.3.0-4.el6_3.x86_64.rpm libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/yelp-2.28.1-17.el6_3.src.rpm i386: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-bin-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-python-0.3.0-4.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm yelp-2.28.1-17.el6_3.i686.rpm yelp-debuginfo-2.28.1-17.el6_3.i686.rpm x86_64: firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.i686.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.i686.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm libproxy-0.3.0-4.el6_3.i686.rpm libproxy-0.3.0-4.el6_3.x86_64.rpm libproxy-bin-0.3.0-4.el6_3.x86_64.rpm libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-python-0.3.0-4.el6_3.x86_64.rpm xulrunner-17.0.3-1.el6_3.i686.rpm xulrunner-17.0.3-1.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm yelp-2.28.1-17.el6_3.x86_64.rpm yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libproxy-0.3.0-4.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.3-1.el6_3.src.rpm i386: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-gnome-0.3.0-4.el6_3.i686.rpm libproxy-kde-0.3.0-4.el6_3.i686.rpm libproxy-mozjs-0.3.0-4.el6_3.i686.rpm libproxy-webkit-0.3.0-4.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm x86_64: libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm libproxy-devel-0.3.0-4.el6_3.i686.rpm libproxy-devel-0.3.0-4.el6_3.x86_64.rpm libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm libproxy-kde-0.3.0-4.el6_3.x86_64.rpm libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm xulrunner-devel-17.0.3-1.el6_3.i686.rpm xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0775.html https://www.redhat.com/security/data/cve/CVE-2013-0776.html https://www.redhat.com/security/data/cve/CVE-2013-0780.html https://www.redhat.com/security/data/cve/CVE-2013-0782.html https://www.redhat.com/security/data/cve/CVE-2013-0783.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://access.redhat.com/knowledge/solutions/294303 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJA+9XlSAg2UNWIIRAlIJAJ9vI3Z6kqKxaRvZ3BClZOxO2urnxwCgmrYp JB/KAoBNdYPUcAGZsC2hmno= =pNEU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 19 23:52:04 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Feb 2013 23:52:04 +0000 Subject: [RHSA-2013:0272-01] Critical: thunderbird security update Message-ID: <201302192352.r1JNq5ES032573@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2013:0272-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0272.html Issue date: 2013-02-19 CVE Names: CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. Note: All issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 911836 - CVE-2013-0783 Mozilla: Miscellaneous memory safety hazards (rv:17.0.3) (MFSA 2013-21) 911843 - CVE-2013-0775 Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26) 911844 - CVE-2013-0776 Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27) 911865 - CVE-2013-0780 CVE-2013-0782 Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-17.0.3-1.el5_9.src.rpm i386: thunderbird-17.0.3-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.3-1.el5_9.i386.rpm x86_64: thunderbird-17.0.3-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.3-1.el5_9.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-17.0.3-1.el5_9.src.rpm i386: thunderbird-17.0.3-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.3-1.el5_9.i386.rpm x86_64: thunderbird-17.0.3-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.3-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-17.0.3-1.el6_3.src.rpm i386: thunderbird-17.0.3-1.el6_3.i686.rpm thunderbird-debuginfo-17.0.3-1.el6_3.i686.rpm x86_64: thunderbird-17.0.3-1.el6_3.x86_64.rpm thunderbird-debuginfo-17.0.3-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-17.0.3-1.el6_3.src.rpm i386: thunderbird-17.0.3-1.el6_3.i686.rpm thunderbird-debuginfo-17.0.3-1.el6_3.i686.rpm ppc64: thunderbird-17.0.3-1.el6_3.ppc64.rpm thunderbird-debuginfo-17.0.3-1.el6_3.ppc64.rpm s390x: thunderbird-17.0.3-1.el6_3.s390x.rpm thunderbird-debuginfo-17.0.3-1.el6_3.s390x.rpm x86_64: thunderbird-17.0.3-1.el6_3.x86_64.rpm thunderbird-debuginfo-17.0.3-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-17.0.3-1.el6_3.src.rpm i386: thunderbird-17.0.3-1.el6_3.i686.rpm thunderbird-debuginfo-17.0.3-1.el6_3.i686.rpm x86_64: thunderbird-17.0.3-1.el6_3.x86_64.rpm thunderbird-debuginfo-17.0.3-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0775.html https://www.redhat.com/security/data/cve/CVE-2013-0776.html https://www.redhat.com/security/data/cve/CVE-2013-0780.html https://www.redhat.com/security/data/cve/CVE-2013-0782.html https://www.redhat.com/security/data/cve/CVE-2013-0783.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJBAPXlSAg2UNWIIRAowcAJ4sPDzXN/I7q1h9fiC5KfkYODrdzgCdElgY JrA2Fw1Sg9Sq2I8addrI3f8= =89vd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 20 11:03:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Feb 2013 11:03:22 +0000 Subject: [RHSA-2013:0273-01] Critical: java-1.6.0-openjdk security update Message-ID: <201302201114.r1KBEMDD024912@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0273-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0273.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1486 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.56.1.11.8.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.8/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJK/6XlSAg2UNWIIRArRXAKCAOeP86h6hKZ4vEPHKEBd6ZKV4kgCgjJZs Lh7zANdf4syBP8GhUYoodXs= =a4+t -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 20 11:03:54 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Feb 2013 11:03:54 +0000 Subject: [RHSA-2013:0274-01] Important: java-1.6.0-openjdk security update Message-ID: <201302201114.r1KBEsL8004592@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0274-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0274.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1486 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.8/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJLApXlSAg2UNWIIRAiPvAKCdAhExa/qFqb7fXFgF/sO9MFpaIACfTTqN bgKwNLj8dRzfBWBRb3M7MwQ= =3/un -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 20 11:35:44 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Feb 2013 11:35:44 +0000 Subject: [RHSA-2013:0275-01] Important: java-1.7.0-openjdk security update Message-ID: <201302201135.r1KBZjtC032519@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0275-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0275.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.7.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1484.html https://www.redhat.com/security/data/cve/CVE-2013-1485.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.7/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJLUAXlSAg2UNWIIRArwBAJ9fU/6regrUn6ZnBNchwPucsyaTVgCgi0Xg v1mA9gED59cPd+732rl4EK4= =40ir -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 20 21:48:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Feb 2013 21:48:09 +0000 Subject: [RHSA-2013:0531-01] Critical: java-1.6.0-sun security update Message-ID: <201302202148.r1KLm9xm030073@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2013:0531-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0531.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1486 CVE-2013-1487 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1486, CVE-2013-1487) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.41-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.41-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJUSJXlSAg2UNWIIRAqZqAJ9hvATJWqwSeMoSsrxGmt92LQwBIQCgtob6 /WIXayD/MZRyZEm2ZDUESrc= =2/wy -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 20 21:48:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Feb 2013 21:48:35 +0000 Subject: [RHSA-2013:0532-01] Critical: java-1.7.0-oracle security update Message-ID: <201302202148.r1KLmafK013840@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0532-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0532.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1484.html https://www.redhat.com/security/data/cve/CVE-2013-1485.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJUSoXlSAg2UNWIIRApnLAKDDCr8p4FK55sLdVz1eV6sGs3R+CQCfVOUb RLHyvntpIS7H+s7ynB2d1Yg= =AYgd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:08:51 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:08:51 +0000 Subject: [RHSA-2013:0276-02] Moderate: libvirt security, bug fix, and enhancement update Message-ID: <201302210619.r1L6Jrma016401@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security, bug fix, and enhancement update Advisory ID: RHSA-2013:0276-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0276.html Issue date: 2013-02-21 CVE Names: CVE-2012-3411 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq's command line options when setting up DNS masquerading for virtual machines, resulting in dnsmasq incorrectly processing network packets from network interfaces that were intended to be prohibited. This update includes the changes necessary to call dnsmasq with a new command line option, which was introduced to dnsmasq via RHSA-2013:0277. (CVE-2012-3411) In order for libvirt to be able to make use of the new command line option (--bind-dynamic), updated dnsmasq packages need to be installed. Refer to RHSA-2013:0277 for additional information. These updated libvirt packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of libvirt are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 695394 - default migration speed is too low for guests with heavy IO 713922 - virsh man page refers to unspecified "documentation" 724893 - RFE: better message when start the guest which CPU comprises flags that host doesn't support 770285 - cpu-compare fails inside virtualized hosts 770795 - blkioParameters doesn't work 770830 - --config doesn't work correctly for blkiotune option --device-weight 771424 - RFE: Resident Set Size (RSS) limits on qemu guests 772290 - RFE: Configurable VNC start port or ability to exclude use of specific ports 787906 - [python binding] migrateGetMaxSpeed did not work right with parameters 789327 - [RFE] Resume VM from s3 as a response for monitor/keyboard/mouse action 798467 - libvirt doesn't validate a manually specified MAC address for a KVM guest 799986 - libvirtd should explicitly check for existance of configured sanlock directory before trying to register lockspace 801772 - RFE: Use scsi-hd, scsi-cd instead of scsi-disk 803577 - virsh attach-disk should detect disk source file type when sourcetype is not specified 804601 - Controllers do not support virsh attach/detach-device --persistent 805071 - RFE : Dynamically change the host network/bridge that is attached to a vNIC 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections 805361 - RFE: privnet should work well with lxc 807545 - the programming continue to run when executing virsh snapshot-list with --roots and --from mutually exclusive options 807907 - Tunnelled migration sometimes report error when do scalability test 807996 - libvirtd may hang during tunneled migration 810799 - virsh list and "--managed-save " flag can't list the domains with managed save state 813191 - virt-xml-validate fail for pool, nodedev and capabilities 813735 - Non detection of qemu TCG mode support within a RHEL VM 813819 - Unable to disable sending keep-alive messages 815644 - There is no executable permission on default pool. 816448 - inaccurate display for status of stopped libvirt-guests service 816503 - [RFE] Ability to configure sound pass-through to appear as MIC as opposed to line-in 816609 - [libvirt] python bindings have inconsistent handling of float->int conversion 817219 - Don't allow to define multiple pools with the same target 817239 - dominfo outputs incorrectly for memory unit 817244 - Issues about virsh -h usage 818467 - Improve libvirt debug capability 818996 - [rfe] allow to disable usb & vga altogether 819401 - [LXC] virsh dominfo can't get a correct VCPU number 820173 - Libvirtd fails to initialize sanlock driver 821665 - unclear error message: qemu should report 'lsi' is not supported 822068 - libvirtd will crash when hotplug attah-disk to guest 822340 - There are some typos when virsh connect source guest server with ssh PermitRootLogin disabled 822373 - libvirtd will crash when tight loop of hotplug/unplug PCI device to guest without managed=yes 823362 - vol-create-as should fail when allocate a malformed size image 823765 - libvirt should raise an error when set network with special/invalid MAC address 823850 - find-storage-pool-sources/ find-storage-pool-sources-as can't return XML describing of netfs/iscsi pool 823857 - guest can't start with unable to set security context error if guests are unconfined 824253 - manpage: document limitations on identifying domains with numeric names 825068 - Start a guest with assigned usb device which is used by another guest will reset the label 825108 - unexpected result from virt-pki-validate 825600 - spice client could not disconnect after update graphics with connected='disconnect' 825699 - Can't start pool with uuid and other commands with uuid issue 825820 - Libvirt is missing important hooks 827234 - potential to deadlock libvirt on EPIPE 827380 - Minimum value for nodesuspend time duration need be given in virsh manual or help 827519 - "Unable to determine device index for network device" when attaching new network device to a guest that already has a netdev of type='hostdev' 828023 - [libvirt] Setting numa parameters causes guest xml error 828640 - valgrind defects some use-after-free errors - virsh console 828676 - virt-xml-validate validate fails when xml contains kernel/initrd/cmdline elements 828729 - CPU topology parsing bug on special NUMA platform 829107 - valgrind defects some use-after-free errors - virsh change-media 829246 - virsh detach-disk will be failed with special image name 829562 - virsh attach-disk --cache does not work 830051 - [Doc] virsh doc has error/omission on device commands and nodedev commands 830057 - man doc of vol-create-as format is lack of qed and vmdk 831044 - #libvirtd error messages should be fixed 831049 - Update libvirtd manpage to describe how --timeout works & its usage limitations 831099 - add the ability to set a wwn for SCSI disks 831149 - virt-manager causes iowait, due to rewriting XML files repeatable 832004 - vncdisplay can't output default ip address for the vnc display 832081 - Fix keepalive issues in libvirt 832156 - RFE: Support customizable actions when sanlock leases are lost 832302 - libvirt shouldn't delete an existing unregistered volume in vol-create 832309 - [Doc]Problems about manual and help of virsh desc command 832329 - [Doc]Problems about help of virsh domiftune command 832372 - [Doc]Problems about manual and help of virsh dompmsuspend command 833327 - [Doc]The abbreviation of domain name-id-uuid arguments are inconsistent in manual 833674 - Deactivate memory balloon with type of none get wrong error info 834365 - Improve error message when trying to change VM's processor count to 0 834927 - virConnectDomainEventRegisterAny won't register the same callback for the same event but for different domains 835782 - when create the netfs pool, virsh pool-create-as do not remount the target dir which is mounted for another device firstly. 836135 - spice migration: prevent race with libvirt 837466 - virsh report error when quit virsh connection 837470 - libvirtd crash when virsh find-storage-pool-sources 837485 - can not start vdsmd service after update the libvirt packages 837542 - [regression]can't undefine guest after guest saved. 837544 - snapshot-list return core dumped 837761 - [Doc] Inaccurate description about force option in change-media help 837884 - per-machine-type CPU models for safe migration 839537 - Error occurs when given hard_limit in memtune more than current swap_hard_limit 839557 - [Doc]Need to explain in manual that the output memory of memtune command may be rounded 839661 - libvirt: support QMP event for S4 839930 - There is no message if debug level number is out of scope when run a virsh command with -d option 842208 - "Segmentation fault" when use virsh command with vdsm installed 842272 - include-passwd option can't worked when using domdisplay. 842557 - libvirt doesn't check ABI compatibility of watchdog and channel fully 842966 - [snapshot] snapshot-info report unknow procedure error even snapshot-info works well 842979 - [Regression] lxc domain fail to start due to not exist cgroup dir 843324 - snapshot-edit will report error message but return 0 when do not update xml 843372 - disk-only snapshot create external file even if snapshot command failed 843560 - Add live migration support for USB 843716 - The libvirtd deamon was killed abnormally when i destroy a domain which was in creating process 844266 - Fail to modify the domain xml with saved file 844408 - after failed hotplug qemu keeps the file descriptor open 845448 - [blockcopy]sometimes Ctrl+C can't terminate blockcopy when use --wait with other options 845460 - exit console will crash libvirtd 845468 - snapshot-list --descendants --from will core dumped 845521 - Plug memory leak after escaping sequence for console 845523 - Use after free when escaping sequence for console 845635 - Return a specific error when qemu-ga is missing or unusable during a live snapshot (quiesce) 845893 - Double close of FD when failing to connect to a remote hypervisor 845958 - libvirt domain event handler can not catch domain pmsuspend and get error when pmwakeup 845966 - libvirt pmsuspend to disk will crash libvirtd 845968 - numatune command can't handle nodeset with '^' for excluding a node 846265 - virsh blkdeviotune fail 846629 - Failed to run cpu-stats when cpuacct.usage_percpu is too large 846639 - Should forbid suspend&resume operate when guest in pmsuspend status. 848648 - [Doc] Add annotation about how to enable stack traces in log messages 851391 - Throw out "DBus support" error in libvirtd.log when restart libvirtd 851395 - xml parse error occur after upgrade to the newest package 851397 - can not start guest in rhevm 851423 - virsh segmentation fault when using find-storage-pool-sources 851452 - unexpected result of virsh save when stop libvirtd 851491 - Libvirtd crash when set "security_default_confined = 0" in qemu.conf 851959 - cpuset can be set in two places. 851963 - Guest will be undefined if remove channel content 851981 - The migration with macvtap network was denied by the target when i set "setenforce 1" in the target 852260 - AFFECT_CURRENT flag does not work well in set_scheduler_parameters when domain is shutoff 852383 - libvirtd dead when start a domain with openvswitch interface 852592 - libvirtd will be crashed when run vcpupin more than once 852668 - libvirt got security label parse error with xml 852675 - [Graphical framebuffer] update device with connected parameter "fail", guest's xml changed 852984 - virsh start command will be hung with openvswitch network interface 853002 - [qemu-ga]shutdown guest by qemu-guest-agent will successful but report error 853043 - guest can't start with unable to set security context error if guests are unconfined 853342 - [doc]There are some typos in CPU Tuning part of the formatdomain.html 853567 - Request for taking fix for PF shutdown in 802.1Qbh 853821 - virsh reboot with 'agent' shutdown mode will hang 853925 - [configuration][doc] set security_driver in qemu.conf 853930 - It is failed to start guest when the number of vcpu is different between and 854133 - libvirt should check the range of emulator_period and emulator_quota when set them with --config 854135 - The libvirt domain event handler can't catch the disconnecting information when disconnected the guest 855218 - Problems on CPU tuning 855237 - [libvirt] Add a new boot parameter to set the delay time before rebooting 855783 - improve error message for secret-get-value 856247 - full RHEL 6.4 block-copy support 856489 - Modify target type of channel element from 'virtio' to 'guestfwd' will cause libvirtd crash 856528 - List option --state-shutoff should filter guest properly 856864 - Do live migration from rhel6.1.z release version to rhel6.4 newest version and back will get "error Unknown controller type 'usb'" 856950 - Deadlock on libvirt when playing with hotplug and add/remove vm 856951 - The value of label is wrong with static dac model in xml 857013 - Failed to run cpu-stats after vcpu hotplug 857341 - fail to start lxc domain 857367 - destroy default virtual network throw error in libvirtd.log 858204 - The libvirt augeas lens can't parse a libvirtd.conf file where host_uuid is present 859320 - libvirt auth.conf make virsh cmd Segmentation fault (core dumped) 859331 - Create new guest fail with usermode 859712 - [libvirt] Deadlock in libvirt after storage is blocked 860519 - security: support for names on DAC labels 860907 - It reported an error when checked the schedinfo of the lxc guest 860971 - There should be a comma between "kvmclock" and "kvm_pv_eoi" in qemu-kvm cmd generated by libvirt 861564 - fail to start lxc os container 863059 - Unable to migrate guest: internal error missing hostuuid element in migration data 863115 - libvirt calls 'qemu-kvm -help' too often 864097 - Cannot start domains with custom CPU model 864122 - virtualport parameter profileid in a or causes failure to initialize guest interface 864336 - [LXC] destroy domain will hang after restart libvirtd 864384 - virsh list get error msg when connect ESXi5.0 server 865670 - Warning messages "Found untested VI API major/minor version 5.1" show when connect to esx5.1 server 866288 - libvirtd crashes when both and are used in one domain XML 866364 - libvirtd crash when edit a net with some operation 866369 - libvirt: terminating vm on signal 15 when hibernate fails on ENOSPACE 866388 - libvirt: no event is sent to vdsm in case vm is terminated on signal 15 after hibernate failure 866508 - Fail to import libvirt python module due to 'undefined symbol: libssh2_agent_free' 866524 - use-after-free on virsh node-memory-tune 866999 - CPU topology is missing in capabilities XML when libvirt fails to detect host CPU model 867246 - [LXC] A running guest will be stopped after restarting libvirtd service 867372 - Can not change affinity of domain process with "cpuset "of element. 867412 - libvirt fails to clear async job when p2p migration fails early 867724 - Libvirt sometimes fails to wait on spice to migrate 867764 - default machine type is detected incorrectly 868389 - virsh net-update to do a live add of a static host to a network that previously had no static hosts, reports success, but doesn't take effect until network is restarted. 868483 - multiple default portgroups erroneously allowed in network definitions 868692 - Libvirt: Double dash in VM causes it to disappear - bad parsing of XML 869096 - Vcpuinfo don't return numa's CPU Affinity properly on mutiple numa node's machine 869100 - poor error message for virsh snapshot-list --roots --current 869508 - the option --flags of virsh nodesuspend command should be removed 869557 - Can't add more than 256 logical networks 870099 - virsh emulatorpin still can work when vcpu placement is "auto". 870273 - coding errors in virsh man page 871055 - libvirt should support both upstream and RHEL drive-mirror 871201 - If libvirt is restarted after updating dnsmasq or radvd packages, a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd processes 871312 - emulatorpin affinity isn't the same as Cpus_allowed_list of emulator ' thread when cpuset is specified 872104 - wrong description of net-update option(config, live and current) 872656 - virNodeGetMemoryParameters is broken on older kernels 873134 - setting current memory equal to max will end with domain start as current > max 873537 - virsh save will crash libvirtd sometimes 873538 - [Regression] Define domain failed in ESX5.1 873792 - libvirt: cancel migration is sent but migration continues 873934 - Failed to run Coverity on libvirt RHEL source rpm 874050 - virsh nodeinfo can't get the right info on AMD Bulldozer cpu 874171 - virsh should make external checkpoint creation easy 874330 - First autostarted guest has always id 1 874549 - libvirt_lxc segfaults when staring lxc through openstack 874702 - CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy 874860 - libvirt fails to start if storage pool contains image with missing backing file 876415 - virDomainGetVcpuPinInfo might fail to show right CPU affinity setting 876816 - libvirt should allow disk-only (external) snapshots of offline VMs 876817 - virsh should make it easier to filter snapshots by type 876828 - the qcow2 disk's major:minor number still exists in guest's devices.list after hot-unplug 876868 - virsh save guest with an no-exist xml should show error msg 877095 - libvirt doesn't clean up open files for device assignment 877303 - virsh snapshot-edit prints garbage with wrong parameters 878376 - Coverity scan founds some resource leaks and USE_AFTER_FREE 878400 - virsh pool-destroy should fail with error info when pool is in using 878779 - domdisplay with --include-password can't display VNC passwor 878862 - NULL pointer usage when starting guest with broken image chain 879130 - there is not error message when create external checkpoint with --memspec= (NULL) 879132 - create external checkpoint sometimes will crash libvirtd 879360 - Libvirt leaks libvirt_lxc processes on container shutdown 879473 - net-update may cause libvirtd crash when modify portgroup 879780 - vol-clone failed to clone LVM volumes 880064 - [LXC] libvirt_lxc segfaults when staring lxc guest 880919 - Libvirtd crashed while saving the guest to a nonexistent directory 881480 - virDomainUpdateDeviceFlags fails when interface type is 'network' 882915 - virsh doesn't report error if updated data argument for command "schedinfo" is invalid 883832 - Cannot start VMs after upgrade from 6.3 to libvirt-0.10.2-10 884650 - Add support for qemu-kvm's BALLOON_CHANGE event to avoid using monitor in virDomainGetXMLDesc 885081 - Invalid job handling while restarting CPUs when creating external snapshot 885727 - Libvirt won't parse dnsmasq capabilities when debug logs are enabled 885838 - improper errors logged when changing the bridge device used by a domain 886821 - libvirt-launched dnsmasq listens on localhost when it shouldn't 886933 - High disk usage when both libvirt and virt-manager are opened 887187 - [Doc] There are some typos in libvirt manual and formatdomain.html 888426 - block-copy pivot fails complaining that job is not active 889319 - support for IFLA_EXT_MASK and RTEXT_FILTER_VF needs to be added to lib 889407 - snapshot --redefine disk snapshot may cause libvirtd crash 891653 - Cgroups memory limit are causing the virt to be terminated unexpectedly 894085 - libvirt: vm pauses after live storage migration 896403 - delete snapshot which name contain '/' lead to libvirtd crash 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm i386: libvirt-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-python-0.10.2-18.el6.i686.rpm x86_64: libvirt-0.10.2-18.el6.x86_64.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-python-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm i386: libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.i686.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm x86_64: libvirt-0.10.2-18.el6.x86_64.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-python-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm i386: libvirt-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-python-0.10.2-18.el6.i686.rpm ppc64: libvirt-0.10.2-18.el6.ppc64.rpm libvirt-client-0.10.2-18.el6.ppc.rpm libvirt-client-0.10.2-18.el6.ppc64.rpm libvirt-debuginfo-0.10.2-18.el6.ppc.rpm libvirt-debuginfo-0.10.2-18.el6.ppc64.rpm libvirt-devel-0.10.2-18.el6.ppc.rpm libvirt-devel-0.10.2-18.el6.ppc64.rpm libvirt-python-0.10.2-18.el6.ppc64.rpm s390x: libvirt-0.10.2-18.el6.s390x.rpm libvirt-client-0.10.2-18.el6.s390.rpm libvirt-client-0.10.2-18.el6.s390x.rpm libvirt-debuginfo-0.10.2-18.el6.s390.rpm libvirt-debuginfo-0.10.2-18.el6.s390x.rpm libvirt-devel-0.10.2-18.el6.s390.rpm libvirt-devel-0.10.2-18.el6.s390x.rpm libvirt-python-0.10.2-18.el6.s390x.rpm x86_64: libvirt-0.10.2-18.el6.x86_64.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.x86_64.rpm libvirt-python-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm i386: libvirt-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-python-0.10.2-18.el6.i686.rpm x86_64: libvirt-0.10.2-18.el6.x86_64.rpm libvirt-client-0.10.2-18.el6.i686.rpm libvirt-client-0.10.2-18.el6.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6.i686.rpm libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-devel-0.10.2-18.el6.i686.rpm libvirt-devel-0.10.2-18.el6.x86_64.rpm libvirt-python-0.10.2-18.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3411.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/libvirt.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbx3XlSAg2UNWIIRAiKTAJ9FKkHPiWI/K6yREHNG7bQG1nqUJwCgkG/z K90kHXbEIuBWXIfbDMTJ1Ng= =MDgg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:09:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:09:32 +0000 Subject: [RHSA-2013:0277-02] Moderate: dnsmasq security, bug fix and enhancement update Message-ID: <201302210620.r1L6KYxM024398@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dnsmasq security, bug fix and enhancement update Advisory ID: RHSA-2013:0277-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0277.html Issue date: 2013-02-21 CVE Names: CVE-2012-3411 ===================================================================== 1. Summary: Updated dnsmasq packages that fix one security issue, one bug, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411) In order to fully address this issue, libvirt package users are advised to install updated libvirt packages. Refer to RHSA-2013:0276 for additional information. This update also fixes the following bug: * Due to a regression, the lease change script was disabled. Consequently, the "dhcp-script" option in the /etc/dnsmasq.conf configuration file did not work. This update corrects the problem and the "dhcp-script" option now works as expected. (BZ#815819) This update also adds the following enhancements: * Prior to this update, dnsmasq did not validate that the tftp directory given actually existed and was a directory. Consequently, configuration errors were not immediately reported on startup. This update improves the code to validate the tftp root directory option. As a result, fault finding is simplified especially when dnsmasq is called by external processes such as libvirt. (BZ#824214) * The dnsmasq init script used an incorrect Process Identifier (PID) in the "stop", "restart", and "condrestart" commands. Consequently, if there were some dnsmasq instances running besides the system one started by the init script, then repeated calling of "service dnsmasq" with "stop" or "restart" would kill all running dnsmasq instances, including ones not started with the init script. The dnsmasq init script code has been corrected to obtain the correct PID when calling the "stop", "restart", and "condrestart" commands. As a result, if there are dnsmasq instances running in addition to the system one started by the init script, then by calling "service dnsmasq" with "stop" or "restart" only the system one is stopped or restarted. (BZ#850944) * When two or more dnsmasq processes were running with DHCP enabled on one interface, DHCP RELEASE packets were sometimes lost. Consequently, when two or more dnsmasq processes were running with DHCP enabled on one interface, releasing IP addresses sometimes failed. This update sets the SO_BINDTODEVICE socket option on DHCP sockets if running dnsmasq with DHCP enabled on one interface. As a result, when two or more dnsmasq processes are running with DHCP enabled on one interface, they can release IP addresses as expected. (BZ#887156) All users of dnsmasq are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 833033 - CVE-2012-3411 libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks 850944 - "service dnsmasq restart (or dnsmasq package update) kills all instances of dnsmasq on system, including those started by libvirtd 884957 - guest can not get NAT IP from dnsmasq-2.48-10 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm ppc64: dnsmasq-2.48-13.el6.ppc64.rpm dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm s390x: dnsmasq-2.48-13.el6.s390x.rpm dnsmasq-debuginfo-2.48-13.el6.s390x.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm ppc64: dnsmasq-debuginfo-2.48-13.el6.ppc64.rpm dnsmasq-utils-2.48-13.el6.ppc64.rpm s390x: dnsmasq-debuginfo-2.48-13.el6.s390x.rpm dnsmasq-utils-2.48-13.el6.s390x.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-2.48-13.el6.i686.rpm dnsmasq-debuginfo-2.48-13.el6.i686.rpm x86_64: dnsmasq-2.48-13.el6.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dnsmasq-2.48-13.el6.src.rpm i386: dnsmasq-debuginfo-2.48-13.el6.i686.rpm dnsmasq-utils-2.48-13.el6.i686.rpm x86_64: dnsmasq-debuginfo-2.48-13.el6.x86_64.rpm dnsmasq-utils-2.48-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3411.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0276.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbynXlSAg2UNWIIRAvO7AKC9DX720FbYDvxil9RlNiiZHmN2TQCglV5s c8EDGXAb588QM/PyzO8J+9A= =GXp0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:10:10 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:10:10 +0000 Subject: [RHSA-2013:0496-02] Important: Red Hat Enterprise Linux 6 kernel update Message-ID: <201302210621.r1L6LCrL017294@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 6 kernel update Advisory ID: RHSA-2013:0496-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0496.html Issue date: 2013-02-21 CVE Names: CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0309 CVE-2013-0310 CVE-2013-0311 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fourth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190, Moderate) * A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate) * A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508, and Andrew Cooper of Citrix for reporting CVE-2013-0190. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.4 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 664586 - ALSA - backport the recent USB audio driver from upstream (to fix low audio volume issue, new hw enablement) 700324 - RFE: add online discard support to XFS 734051 - rhel6.1 guest hang when unplug is using virtio disk from monitor 735768 - kernel BUG at fs/jbd2/commit.c:353 or fs/jbd/commit.c:319 hitting J_ASSERT(journal->j_running_transaction != NULL) in journal_commit_transaction 749273 - Failure to resume from suspend (nVidia Quadro NVS 400) 758202 - pNFS read crashes when mounting with rsize < 4096 767886 - ATS capability is disabled when NIC is assigned to a guest 784174 - SECINFO support in the NFS v4 client in RHEL 6 796352 - NFS mounts fail against Windows 8 servers 796992 - krb5p mounts fail against a Microsoft 8 server. 807503 - xfs contention problem 808112 - [nfsv4] open(O_CREAT) returns EEXISTS on symbolic link created on another system until stat()ed 813137 - [xfs/xfstests 273] heavy cp workload hang 813227 - Balloon value reported doesn't get updated after guest driver is removed and re-inserted. 816059 - can not Install guest(RHEL6.3 32) using scsi-hd and scsi-cd 816308 - kvm: 9480: cpu0 unimplemented perfctr wrmsr: 0x186 data 0x130079 816880 - ALSA: Update the snd-oxygen and snd-virtuoso (CMI87xx based) drivers for RHEL 6.4 816888 - kernel panic in qfq_dequeue 817243 - Guest failed to resume from S4 after migration with kvmclock 821060 - dlm: make dlm_recv single threaded 821463 - SEP CPU flag is disabled on Intel 64 bit when exec_shield is on 822075 - Console complain about "Unable to load target_core_stgt" 823018 - link of a delegated file fails (due to server returning NOENT instead of DELAY) 823625 - cifs: fix handling of scopeid in cifs_convert_address 823630 - cifs: simplify open code 823842 - cifs: Cleanup TCP_SERVER_Info 823843 - cifs: Fix oplock break handling 823878 - cifs: Simplify cache invalidation 823902 - cifs: Add rwpidforward mount option [kernel] 823934 - cifs: Cleanup cifs mount code. 824065 - cifs: Introduce code required for cifs idmap and ACL support 824964 - dlm: deadlock between dlm_send and dlm_controld 825009 - NFSv4.1: Add LAYOUTRETURN support 826067 - Use-after-free on CPU hotplug 826650 - pNFS: Page Infrastructure Upgrades. 827474 - [RHEL 6.4] Sync up perf tool with upstream 3.4 [perf-tool] 829031 - Fix KVM device assignment bridge test 830977 - [RHEL6 kernel] crypto: sha512 - Fix byte counter overflow in SHA-512 832252 - cifs_async_writev blocked by limited kmap on i386 with high-mem 832301 - windows 8 32bit can not be installed on qemu-kvm 832434 - nfs: rpciod is blocked in nfs_release_page waiting for nfs_commit_inode to complete 832486 - KVM: make GET_SUPPORTED_CPUID whitelist-based 834097 - Performance regression between kernels 2.6.32-131.0.15 and 2.6.32-220 836803 - RHEL6: Potential fix for leapsecond caused futex related load spikes 837871 - pNFS: General Client Infrastructure 839266 - Change network with netconsole loaded cause kernel panic 839984 - [PATCH sysfs] kernel cannot rename network interfaces 840458 - RFE - Virtio-scsi should support block_resize 841578 - Update wireless LAN subsystem 841604 - Add support for modern Ralink wireless devices (28xx/3xxx/53xx chips) 841622 - add virtio-scsi unlocked kick patches 841983 - VLAN configured on top of a bonded interface (active-backup) does not failover 842312 - nfs_attr_use_mounted_on_file() returns wrong value 842435 - NFSv4 Handle a bad or revoked delegation 844542 - virtio: Use ida to allocate virtio index 844579 - virtio-rng: 'cat' process hangs when ^C pressed when there's no input 844582 - virtio-rng: module removal doesn't succeed till input from host received 844583 - s3/s4 support for virtio-rng driver 845233 - XFS regularly truncating files after crash/reboot 846585 - [qemu-kvm] [hot-plug] qemu-process (RHEL6.3 guest) goes into D state during nic hot unplug (netdev_del hostnet1) 846702 - [RHEL 6.4] Sync up perf tool with upstream 3.5 [perf-tool] 847722 - backport: KVM: fix race with level interrupts 849223 - RHEL5 Xen SR-IOV VF PCI passthru does not work to RHEL6 HVM guest; no interrupts received on the guest VF 850642 - Fuse: backport FUSE_AUTO_INVAL_DATA flag support and related patches 851312 - pNFS client fails to select correct DS from multipath 854066 - [rhel6] lvs: issues with GRO / icmp fragmentation needed 854584 - mmu_notifier: updates for RHEL6.4 855436 - Spurious LVDS detected on HP T5740 855448 - DM RAID: Bad table argument could cause kernel panic 857555 - nfs: fix potential slabcache leaks when cache allocations fail 857792 - drm rebase bug for 6.4 857956 - hpsa: fix handling of protocol error 858292 - cciss: fix handling of protocol error 858850 - fuse: backport scatter-gather direct IO 859242 - [6.4] Backport upstream XFS fixes 859259 - parallel perf build fails 859355 - wireless: crash in crypto_destroy_tfm 860404 - [RHEL 6.4] Sync up perf tool with upstream latest 3.6 [perf-tool] 862025 - wl1251_sdio driver missed in RHEL6.4 863077 - Soft lockup on reboot with an active VG 863212 - SUNRPC: Patch inclusion request 865380 - Kernel oops/crash when running perf on a SandyBridge host 865666 - host boot fail and when system boots with kernel parameter intel_iommu=on 865929 - xfs: report projid32bit feature in geometry call 866271 - When browse option is used, failed mounts by AutoFS leave broken directories 866417 - iwlwifi rmmod crash after roaming 867169 - nouveau in optimus configuration oops on load 867688 - sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh Unknown sysctl binary path 868233 - [xfs/md] NULL pointer dereference - xfs_alloc_ioend_bio 869856 - [Arrandale] Text disappearing in Firefox and Terminal 869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure 870246 - LVM RAID: Images that are reintroduced into an array are not synced 870297 - storvsc: Account for in-transit packets in the RESET path 871350 - Add minimal hyper-v support to kvm in order to support relaxed timing feature 871630 - DM RAID: kernel panic when attempting to activate partial RAID LV (i.e. an array that has missing devices) 871968 - RPC tasks can deadlock during rpc_shutdown 872229 - export the symbol nfs_fs_type 872232 - export the symbol nfs_fhget 872799 - net: WARN if struct ip_options was allocated directly by kmalloc [rhel-6.4] 873226 - attaching a dummy interface to bonding device causes a crash 873462 - PCIe SRIOV VFs may not configure on PCIe port with no ARI support 873816 - NFSv4 referrals fail if NFS server returns hostnames rather than IP addresses (Kernel part) 874322 - [6.4] XFS log recovery failure leads to loss of data 874539 - [xfs] Bug on invaliding page that is not locked 875309 - An Hyper-V RHEL6.3 Guest is unreachable from the network after live migration 875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes 896038 - CVE-2013-0190 kernel: stack corruption in xen_failsafe_callback() 912898 - CVE-2013-0309 kernel: mm: thp: pmd_present and PROT_NONE local DoS 912900 - CVE-2013-0310 kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference 912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-2.6.32-358.el6.i686.rpm kernel-debug-2.6.32-358.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debug-devel-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm kernel-devel-2.6.32-358.el6.i686.rpm kernel-headers-2.6.32-358.el6.i686.rpm perf-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm noarch: kernel-doc-2.6.32-358.el6.noarch.rpm kernel-firmware-2.6.32-358.el6.noarch.rpm x86_64: kernel-2.6.32-358.el6.x86_64.rpm kernel-debug-2.6.32-358.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm kernel-devel-2.6.32-358.el6.x86_64.rpm kernel-headers-2.6.32-358.el6.x86_64.rpm perf-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm noarch: kernel-doc-2.6.32-358.el6.noarch.rpm kernel-firmware-2.6.32-358.el6.noarch.rpm x86_64: kernel-2.6.32-358.el6.x86_64.rpm kernel-debug-2.6.32-358.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm kernel-devel-2.6.32-358.el6.x86_64.rpm kernel-headers-2.6.32-358.el6.x86_64.rpm perf-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-2.6.32-358.el6.i686.rpm kernel-debug-2.6.32-358.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debug-devel-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm kernel-devel-2.6.32-358.el6.i686.rpm kernel-headers-2.6.32-358.el6.i686.rpm perf-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm noarch: kernel-doc-2.6.32-358.el6.noarch.rpm kernel-firmware-2.6.32-358.el6.noarch.rpm ppc64: kernel-2.6.32-358.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.el6.ppc64.rpm kernel-debug-2.6.32-358.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.el6.ppc64.rpm kernel-devel-2.6.32-358.el6.ppc64.rpm kernel-headers-2.6.32-358.el6.ppc64.rpm perf-2.6.32-358.el6.ppc64.rpm perf-debuginfo-2.6.32-358.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.el6.ppc64.rpm s390x: kernel-2.6.32-358.el6.s390x.rpm kernel-debug-2.6.32-358.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.el6.s390x.rpm kernel-debug-devel-2.6.32-358.el6.s390x.rpm kernel-debuginfo-2.6.32-358.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.el6.s390x.rpm kernel-devel-2.6.32-358.el6.s390x.rpm kernel-headers-2.6.32-358.el6.s390x.rpm kernel-kdump-2.6.32-358.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.el6.s390x.rpm perf-2.6.32-358.el6.s390x.rpm perf-debuginfo-2.6.32-358.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.el6.s390x.rpm x86_64: kernel-2.6.32-358.el6.x86_64.rpm kernel-debug-2.6.32-358.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm kernel-devel-2.6.32-358.el6.x86_64.rpm kernel-headers-2.6.32-358.el6.x86_64.rpm perf-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.el6.ppc64.rpm perf-debuginfo-2.6.32-358.el6.ppc64.rpm python-perf-2.6.32-358.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.el6.s390x.rpm kernel-debuginfo-2.6.32-358.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.el6.s390x.rpm perf-debuginfo-2.6.32-358.el6.s390x.rpm python-perf-2.6.32-358.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-2.6.32-358.el6.i686.rpm kernel-debug-2.6.32-358.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debug-devel-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm kernel-devel-2.6.32-358.el6.i686.rpm kernel-headers-2.6.32-358.el6.i686.rpm perf-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm noarch: kernel-doc-2.6.32-358.el6.noarch.rpm kernel-firmware-2.6.32-358.el6.noarch.rpm x86_64: kernel-2.6.32-358.el6.x86_64.rpm kernel-debug-2.6.32-358.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm kernel-devel-2.6.32-358.el6.x86_64.rpm kernel-headers-2.6.32-358.el6.x86_64.rpm perf-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4508.html https://www.redhat.com/security/data/cve/CVE-2012-4542.html https://www.redhat.com/security/data/cve/CVE-2013-0190.html https://www.redhat.com/security/data/cve/CVE-2013-0309.html https://www.redhat.com/security/data/cve/CVE-2013-0310.html https://www.redhat.com/security/data/cve/CVE-2013-0311.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.4_Release_Notes/index.html https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbzPXlSAg2UNWIIRAmX3AJ9DctrYSjJuZa+uuY9tw/foT40GUACfZrQF hkEOXd08QRr6xewsmMc1GfI= =KVbu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:10:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:10:37 +0000 Subject: [RHSA-2013:0499-02] Low: xinetd security and bug fix update Message-ID: <201302210621.r1L6LdPK018706@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: xinetd security and bug fix update Advisory ID: RHSA-2013:0499-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0499.html Issue date: 2013-02-21 CVE Names: CVE-2012-0862 ===================================================================== 1. Summary: An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 790036 - xinetd leaking file descriptors 790940 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xinetd-2.3.14-38.el6.src.rpm i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xinetd-2.3.14-38.el6.src.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xinetd-2.3.14-38.el6.src.rpm i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm ppc64: xinetd-2.3.14-38.el6.ppc64.rpm xinetd-debuginfo-2.3.14-38.el6.ppc64.rpm s390x: xinetd-2.3.14-38.el6.s390x.rpm xinetd-debuginfo-2.3.14-38.el6.s390x.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xinetd-2.3.14-38.el6.src.rpm i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0862.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbzuXlSAg2UNWIIRAiqwAKCIMTRNajpTwaGc8JVOXikLgC7/dwCff9B4 Hekn6Edp1r5FzlzMFj7pElQ= =8fGn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:11:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:11:01 +0000 Subject: [RHSA-2013:0500-02] Low: hplip security, bug fix and enhancement update Message-ID: <201302210622.r1L6M3rv015586@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: hplip security, bug fix and enhancement update Advisory ID: RHSA-2013:0500-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0500.html Issue date: 2013-02-21 CVE Names: CVE-2011-2722 CVE-2013-0200 ===================================================================== 1. Summary: Updated hplip packages that fix several security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP. (CVE-2013-0200, CVE-2011-2722) The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat. The hplip packages have been upgraded to upstream version 3.12.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#731900) This update also fixes the following bugs: * Previously, the hpijs package required the obsolete cupsddk-drivers package, which was provided by the cups package. Under certain circumstances, this dependency caused hpijs installation to fail. This bug has been fixed and hpijs no longer requires cupsddk-drivers. (BZ#829453) * The configuration of the Scanner Access Now Easy (SANE) back end is located in the /etc/sane.d/dll.d/ directory, however, the hp-check utility checked only the /etc/sane.d/dll.conf file. Consequently, hp-check checked for correct installation, but incorrectly reported a problem with the way the SANE back end was installed. With this update, hp-check properly checks for installation problems in both locations as expected. (BZ#683007) All users of hplip are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 683007 - hpaio is in /etc/sane.d/dll.d/hpaio 725830 - CVE-2011-2722 hplip: insecure temporary file handling 731900 - Update hplip to newer version for increased hardware support. 902163 - CVE-2013-0200 hplip: insecure temporary file handling flaws 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/hplip-3.12.4-4.el6.src.rpm i386: hpijs-3.12.4-4.el6.i686.rpm hplip-3.12.4-4.el6.i686.rpm hplip-common-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-gui-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.i686.rpm libsane-hpaio-3.12.4-4.el6.i686.rpm x86_64: hpijs-3.12.4-4.el6.x86_64.rpm hplip-3.12.4-4.el6.x86_64.rpm hplip-common-3.12.4-4.el6.x86_64.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.x86_64.rpm hplip-gui-3.12.4-4.el6.x86_64.rpm hplip-libs-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.x86_64.rpm libsane-hpaio-3.12.4-4.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/hplip-3.12.4-4.el6.src.rpm i386: hpijs-3.12.4-4.el6.i686.rpm hplip-3.12.4-4.el6.i686.rpm hplip-common-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-gui-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.i686.rpm libsane-hpaio-3.12.4-4.el6.i686.rpm ppc64: hpijs-3.12.4-4.el6.ppc64.rpm hplip-3.12.4-4.el6.ppc64.rpm hplip-common-3.12.4-4.el6.ppc64.rpm hplip-debuginfo-3.12.4-4.el6.ppc.rpm hplip-debuginfo-3.12.4-4.el6.ppc64.rpm hplip-gui-3.12.4-4.el6.ppc64.rpm hplip-libs-3.12.4-4.el6.ppc.rpm hplip-libs-3.12.4-4.el6.ppc64.rpm libsane-hpaio-3.12.4-4.el6.ppc64.rpm x86_64: hpijs-3.12.4-4.el6.x86_64.rpm hplip-3.12.4-4.el6.x86_64.rpm hplip-common-3.12.4-4.el6.x86_64.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.x86_64.rpm hplip-gui-3.12.4-4.el6.x86_64.rpm hplip-libs-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.x86_64.rpm libsane-hpaio-3.12.4-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/hplip-3.12.4-4.el6.src.rpm i386: hpijs-3.12.4-4.el6.i686.rpm hplip-3.12.4-4.el6.i686.rpm hplip-common-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-gui-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.i686.rpm libsane-hpaio-3.12.4-4.el6.i686.rpm x86_64: hpijs-3.12.4-4.el6.x86_64.rpm hplip-3.12.4-4.el6.x86_64.rpm hplip-common-3.12.4-4.el6.x86_64.rpm hplip-debuginfo-3.12.4-4.el6.i686.rpm hplip-debuginfo-3.12.4-4.el6.x86_64.rpm hplip-gui-3.12.4-4.el6.x86_64.rpm hplip-libs-3.12.4-4.el6.i686.rpm hplip-libs-3.12.4-4.el6.x86_64.rpm libsane-hpaio-3.12.4-4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2722.html https://www.redhat.com/security/data/cve/CVE-2013-0200.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb0GXlSAg2UNWIIRApI7AJ9FjpCk0L+F/O0YI7SMS0K1Ai6vbgCfXspf 7RLotHwnbXRbL3YqNKh70jo= =13XJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:20:54 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:20:54 +0000 Subject: [RHSA-2013:0502-02] Low: Core X11 clients security, bug fix, and enhancement update Message-ID: <201302210631.r1L6VuAY020448@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Core X11 clients security, bug fix, and enhancement update Advisory ID: RHSA-2013:0502-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0502.html Issue date: 2013-02-21 CVE Names: CVE-2011-2504 ===================================================================== 1. Summary: Updated core client packages for the X Window System that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System. It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. (CVE-2011-2504) Also with this update, the xorg-x11-utils and xorg-x11-server-utils packages have been upgraded to upstream version 7.5, and the xorg-x11-apps package to upstream version 7.6, which provides a number of bug fixes and enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281) All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 717672 - CVE-2011-2504 x11perfcomp has dot in its path 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-apps-7.6-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-utils-7.5-13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-utils-7.5-6.el6.src.rpm i386: xorg-x11-apps-7.6-6.el6.i686.rpm xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm xorg-x11-server-utils-7.5-13.el6.i686.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm xorg-x11-utils-7.5-6.el6.i686.rpm xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm x86_64: xorg-x11-apps-7.6-6.el6.x86_64.rpm xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm xorg-x11-server-utils-7.5-13.el6.x86_64.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm xorg-x11-utils-7.5-6.el6.x86_64.rpm xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-utils-7.5-13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-utils-7.5-6.el6.src.rpm x86_64: xorg-x11-server-utils-7.5-13.el6.x86_64.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm xorg-x11-utils-7.5-6.el6.x86_64.rpm xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-apps-7.6-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-utils-7.5-13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-utils-7.5-6.el6.src.rpm i386: xorg-x11-apps-7.6-6.el6.i686.rpm xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm xorg-x11-server-utils-7.5-13.el6.i686.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm xorg-x11-utils-7.5-6.el6.i686.rpm xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm ppc64: xorg-x11-apps-7.6-6.el6.ppc64.rpm xorg-x11-apps-debuginfo-7.6-6.el6.ppc64.rpm xorg-x11-server-utils-7.5-13.el6.ppc64.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.ppc64.rpm xorg-x11-utils-7.5-6.el6.ppc64.rpm xorg-x11-utils-debuginfo-7.5-6.el6.ppc64.rpm s390x: xorg-x11-apps-7.6-6.el6.s390x.rpm xorg-x11-apps-debuginfo-7.6-6.el6.s390x.rpm xorg-x11-server-utils-7.5-13.el6.s390x.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.s390x.rpm xorg-x11-utils-7.5-6.el6.s390x.rpm xorg-x11-utils-debuginfo-7.5-6.el6.s390x.rpm x86_64: xorg-x11-apps-7.6-6.el6.x86_64.rpm xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm xorg-x11-server-utils-7.5-13.el6.x86_64.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm xorg-x11-utils-7.5-6.el6.x86_64.rpm xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-apps-7.6-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-utils-7.5-13.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-utils-7.5-6.el6.src.rpm i386: xorg-x11-apps-7.6-6.el6.i686.rpm xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm xorg-x11-server-utils-7.5-13.el6.i686.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm xorg-x11-utils-7.5-6.el6.i686.rpm xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm x86_64: xorg-x11-apps-7.6-6.el6.x86_64.rpm xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm xorg-x11-server-utils-7.5-13.el6.x86_64.rpm xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm xorg-x11-utils-7.5-6.el6.x86_64.rpm xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2504.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb9PXlSAg2UNWIIRAgXxAKC1es9R4UpakYMELQBOwJDUyo3negCgoGQH elZVINzuhvGxZJSzCzBmd0c= =xxFP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:21:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:21:32 +0000 Subject: [RHSA-2013:0503-03] Moderate: 389-ds-base security, bug fix, and enhancement update Message-ID: <201302210632.r1L6WYwr020737@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security, bug fix, and enhancement update Advisory ID: RHSA-2013:0503-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0503.html Issue date: 2013-02-21 CVE Names: CVE-2012-4450 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue, numerous bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performing an LDAP modify relative distinguished name (modrdn) operation. After modrdn was used to move part of a tree, the ACLs defined on the moved (Distinguished Name) were not properly enforced until the server was restarted. This could allow LDAP users to access information that should be restricted by the defined ACLs. (CVE-2012-4450) This issue was discovered by Noriko Hosoi of Red Hat. These updated 389-ds-base packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of 389-ds-base are advised to upgrade to these updated packages, which correct this issue and provide numerous bug fixes and enhancements. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 742054 - SASL/PLAIN binds do not work 746642 - [RFE] define pam_passthru service per subtree 757836 - logconv.pl restarts count on conn=0 instead of conn=1 768084 - [RFE] Allow automember to work on entries that have already been added 782975 - krbExtraData is being null modified and replicated on each ssh login 800051 - Rebase 389-ds-base to 1.2.11 818762 - winsync should not delete entry that appears to be out of scope 830256 - Audit log - clear text password in user changes 830331 - ns-slapd exits/crashes if /var fills up 830335 - restore of replica ldif file on second master after deleting two records shows only 1 deletion 830336 - db deadlock return should not log error 830337 - usn + mmr = deletions are not replicated 830338 - Change DS to purge ticket from krb cache in case of authentication error 830340 - Make the CLEANALLRUV task one step 830343 - managed entry sometimes doesn't delete the managed entry 830344 - [RFE] Improve replication agreement status messages 830346 - ADD operations not in audit log 830347 - 389 DS does not support multiple paging controls on a single connection 830348 - Slow shutdown when you have 100+ replication agreements 830349 - cannot use & in a sasl map search filter 830353 - valgrind reported memleaks and mem errors 830355 - [RFE] improve cleanruv functionality 830356 - coverity 12625-12629 - leaks, dead code, unchecked return 832560 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) 833202 - transaction retries need to be cache aware 833218 - ldapmodify returns Operations error 833222 - memberOf attribute and plugin behaviour between sub-suffixes 834046 - [RFE] Add nsTLS1 attribute to schema and objectclass nsEncryptionConfig 834047 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails. 834049 - [RFE] Add schema for DNA plugin 834052 - [RFE] limiting Directory Manager (nsslapd-rootdn) bind access by source host (e.g. 127.0.0.1) 834053 - [RFE] Plugins - ability to control behavior of modifyTimestamp/modifiersName 834054 - Should only update modifyTimestamp/modifiersName on MODIFY ops 834056 - Automembership plugin fails in a MMR setup, if data and config area mixed in the plugin configuration 834057 - ldap-agent crashes on start with signal SIGSEGV 834058 - [RFE] logconv.pl : use of getopts to parse commandline options 834060 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions 834061 - [RFE] RHDS: Implement SO_KEEPALIVE in network calls. 834063 - [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store 834064 - dnaNextValue gets incremented even if the user addition fails 834065 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied 834074 - [RFE] Disable replication agreements 834075 - logconv.pl reporting unindexed search with different search base than shown in access logs 835238 - Account Usability Control Not Working 836386 - slapi_ldap_bind() doesn't check bind results 838706 - referint modrdn not working if case is different 840153 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled 841600 - Referential integrity plug-in does not work when update interval is not zero 842437 - dna memleak reported by valgrind 842438 - Report during startup if nsslapd-cachememsize is too small 842440 - memberof performance enhancement 842441 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs 847868 - [RFE] support posix schema for user and group sync 850683 - nsds5ReplicaEnabled can be set with any invalid values. 852087 - [RFE] add attribute nsslapd-readonly so we can reference it in acis 852088 - server to server ssl client auth broken with latest openldap 852202 - Ipa master system initiated more than a dozen simultaneous replication sessions, shut itself down and wiped out its db 852839 - variable dn should not be used in ldbm_back_delete 855438 - CLEANALLRUV task gets stuck on winsync replication agreement 860603 - CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) 860772 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl 863576 - Dirsrv deadlock locking up IPA 864594 - anonymous limits are being applied to directory manager 868841 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error 868853 - Winsync: DS error logs report wrong version of Windows AD when winsync is configured. 870158 - slapd entered to infinite loop during new index addition 870162 - Cannot abandon simple paged result search 875862 - crash in DNA if no dnamagicregen is specified 876694 - RedHat Directory Server crashes (segfaults) when moving ldap entry 878111 - ns-slapd segfaults if it cannot rename the logs 880305 - spec file missing dependencies for x86_64 6ComputeNode 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64 889083 - For modifiersName/internalModifiersName feature, internalModifiersname is not working for DNA plugin 891930 - DNA plugin no longer reports additional info when range is depleted 896256 - updating package touches configuration files 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm i386: 389-ds-base-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm x86_64: 389-ds-base-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm x86_64: 389-ds-base-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm i386: 389-ds-base-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm x86_64: 389-ds-base-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm i386: 389-ds-base-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm x86_64: 389-ds-base-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-libs-1.2.11.15-11.el6.i686.rpm 389-ds-base-libs-1.2.11.15-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-11.el6.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-11.el6.i686.rpm 389-ds-base-debuginfo-1.2.11.15-11.el6.x86_64.rpm 389-ds-base-devel-1.2.11.15-11.el6.i686.rpm 389-ds-base-devel-1.2.11.15-11.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4450.html https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/pkg-389-ds-base.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb9wXlSAg2UNWIIRAkz7AJ94maizfWfNoheueWxwd+xNb1P7fwCfWohG kr7Rk9Yh8AetFdSPH8k+AH0= =gywk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:22:05 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:22:05 +0000 Subject: [RHSA-2013:0504-02] Low: dhcp security and bug fix update Message-ID: <201302210633.r1L6X7MY022552@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: dhcp security and bug fix update Advisory ID: RHSA-2013:0504-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0504.html Issue date: 2013-02-21 CVE Names: CVE-2012-3955 ===================================================================== 1. Summary: Updated dhcp packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP) that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs: * Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. (BZ#803540) * Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to "no" before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. (BZ#824622) All users of DHCP are advised to upgrade to these updated packages, which fix these issues. After installing this update, all DHCP servers will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 803540 - DHCP server fails to start if the subnet is not the primary subnet for a device 824622 - dhclient-script should honor PEERDNS on quit 856766 - CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhclient-4.1.1-34.P1.el6.i686.rpm dhcp-common-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm x86_64: dhclient-4.1.1-34.P1.el6.x86_64.rpm dhcp-common-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhcp-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm x86_64: dhcp-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm x86_64: dhclient-4.1.1-34.P1.el6.x86_64.rpm dhcp-common-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm x86_64: dhcp-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhclient-4.1.1-34.P1.el6.i686.rpm dhcp-4.1.1-34.P1.el6.i686.rpm dhcp-common-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm ppc64: dhclient-4.1.1-34.P1.el6.ppc64.rpm dhcp-4.1.1-34.P1.el6.ppc64.rpm dhcp-common-4.1.1-34.P1.el6.ppc64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.ppc64.rpm s390x: dhclient-4.1.1-34.P1.el6.s390x.rpm dhcp-4.1.1-34.P1.el6.s390x.rpm dhcp-common-4.1.1-34.P1.el6.s390x.rpm dhcp-debuginfo-4.1.1-34.P1.el6.s390x.rpm x86_64: dhclient-4.1.1-34.P1.el6.x86_64.rpm dhcp-4.1.1-34.P1.el6.x86_64.rpm dhcp-common-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm ppc64: dhcp-debuginfo-4.1.1-34.P1.el6.ppc.rpm dhcp-debuginfo-4.1.1-34.P1.el6.ppc64.rpm dhcp-devel-4.1.1-34.P1.el6.ppc.rpm dhcp-devel-4.1.1-34.P1.el6.ppc64.rpm s390x: dhcp-debuginfo-4.1.1-34.P1.el6.s390.rpm dhcp-debuginfo-4.1.1-34.P1.el6.s390x.rpm dhcp-devel-4.1.1-34.P1.el6.s390.rpm dhcp-devel-4.1.1-34.P1.el6.s390x.rpm x86_64: dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhclient-4.1.1-34.P1.el6.i686.rpm dhcp-4.1.1-34.P1.el6.i686.rpm dhcp-common-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm x86_64: dhclient-4.1.1-34.P1.el6.x86_64.rpm dhcp-4.1.1-34.P1.el6.x86_64.rpm dhcp-common-4.1.1-34.P1.el6.x86_64.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dhcp-4.1.1-34.P1.el6.src.rpm i386: dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm x86_64: dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm dhcp-devel-4.1.1-34.P1.el6.i686.rpm dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3955.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb+eXlSAg2UNWIIRAhG8AJwOy8FdPNqEBszeImlxyXqcDbeSFwCfejGR eoxa7u+oUCxlUHM/rRLVnbU= =FqlR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:22:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:22:31 +0000 Subject: [RHSA-2013:0505-02] Moderate: squid security and bug fix update Message-ID: <201302210633.r1L6XXcB024256@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: squid security and bug fix update Advisory ID: RHSA-2013:0505-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0505.html Issue date: 2013-02-21 CVE Names: CVE-2012-5643 ===================================================================== 1. Summary: Updated squid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to cause Squid to consume an excessive amount of memory. (CVE-2012-5643) This update also fixes the following bugs: * Due to a bug in the ConnStateData::noteMoreBodySpaceAvailable() function, child processes of Squid terminated upon encountering a failed assertion. An upstream patch has been provided and Squid child processes no longer terminate. (BZ#805879) * Due to an upstream patch, which renamed the HTTP header controlling persistent connections from "Proxy-Connection" to "Connection", the NTLM pass-through authentication does not work, thus preventing login. This update adds the new "http10" option to the squid.conf file, which can be used to enable the change in the patch. This option is set to "off" by default. When set to "on", the NTLM pass-through authentication works properly, thus allowing login attempts to succeed. (BZ#844723) * When the IPv6 protocol was disabled and Squid tried to handle an HTTP GET request containing an IPv6 address, the Squid child process terminated due to signal 6. This bug has been fixed and such requests are now handled as expected. (BZ#832484) * The old "stale if hit" logic did not account for cases where the stored stale response became fresh due to a successful re-validation with the origin server. Consequently, incorrect warning messages were returned. Now, Squid no longer marks elements as stale in the described scenario. (BZ#847056) * When squid packages were installed before samba-winbind, the wbpriv group did not include Squid. Consequently, NTLM authentication calls failed. Now, Squid correctly adds itself into the wbpriv group if samba-winbind is installed before Squid, thus fixing this bug. (BZ#797571) * In FIPS mode, Squid was using private MD5 hash functions for user authentication and network access. As MD5 is incompatible with FIPS mode, Squid could fail to start. This update limits the use of the private MD5 functions to local disk file hash identifiers, thus allowing Squid to work in FIPS mode. (BZ#833086) * Under high system load, the squid process could terminate unexpectedly with a segmentation fault during reboot. This update provides better memory handling during reboot, thus fixing this bug. (BZ#782732) * Squid incorrectly set the timeout limit for client HTTP connections with the value for server-side connections, which is much higher, thus creating unnecessary delays. With this update, Squid uses a proper value for the client timeout limit. (BZ#798090) * Squid did not properly release allocated memory when generating error page contents, which caused memory leaks. Consequently, the Squid proxy server consumed a lot of memory within a short time period. This update fixes this memory leak. (BZ#758861) * Squid did not pass the ident value to a URL rewriter that was configured using the "url_rewrite_program" directive. Consequently, the URL rewriter received the dash character ("?") as the user value instead of the correct user name. Now, the URL rewriter receives the correct user name in the described scenario. (BZ#797884) * Squid, used as a transparent proxy, can only handle the HTTP protocol. Previously, it was possible to define a URL in which the access protocol contained the asterisk character (*) or an unknown protocol namespace URI. Consequently, an "Invalid URL" error message was logged to access.log during reload. This update ensures that "http://" is always used in transparent proxy URLs, and the error message is no longer logged in this scenario. (BZ#720504) All users of squid are advised to upgrade to these updated packages, which fix these issues. After installing this update, the squid service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 797571 - squid userid not added to wbpriv group 798090 - client timeout uses server-side "read_timeout", not "request_timeout" 832484 - Squid exits due to signal 6 when IPv6 is disabled and HTTP GET request contains IPv6 address 833086 - squid uses a private md5 hash function for user auth, bypassing FIPS 140-2 restrictions 844723 - The NTLM pass-through authentication doesn't work via squid-3.1.10 847056 - squid incorrectly marks elements as stale when the client uses If-Modified-Since and If-None-Match headers 887962 - CVE-2012-5643 squid: cachemgr.cgi memory usage DoS and memory leaks 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/squid-3.1.10-16.el6.src.rpm i386: squid-3.1.10-16.el6.i686.rpm squid-debuginfo-3.1.10-16.el6.i686.rpm ppc64: squid-3.1.10-16.el6.ppc64.rpm squid-debuginfo-3.1.10-16.el6.ppc64.rpm s390x: squid-3.1.10-16.el6.s390x.rpm squid-debuginfo-3.1.10-16.el6.s390x.rpm x86_64: squid-3.1.10-16.el6.x86_64.rpm squid-debuginfo-3.1.10-16.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/squid-3.1.10-16.el6.src.rpm i386: squid-3.1.10-16.el6.i686.rpm squid-debuginfo-3.1.10-16.el6.i686.rpm x86_64: squid-3.1.10-16.el6.x86_64.rpm squid-debuginfo-3.1.10-16.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5643.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/squid.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb+xXlSAg2UNWIIRAoEzAKCDKnVlg/rlFH8fBhtvvkWH8RSHyQCgs0c8 HqpgR9/jJryGudXFpDlDc0Q= =weAl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:23:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:23:01 +0000 Subject: [RHSA-2013:0506-02] Moderate: samba4 security, bug fix and enhancement update Message-ID: <201302210634.r1L6Y3HX021521@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security, bug fix and enhancement update Advisory ID: RHSA-2013:0506-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0506.html Issue date: 2013-02-21 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182) The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC). The Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages. Additionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, "Samba4 Package Support" in the Release Notes, linked to from the References. (BZ#766333, BZ#882188) This update also fixes the following bug: * Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by "wbinfo -n" or "wbinfo -s" commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted. (BZ#878564) All users of samba4 are advised to upgrade to these updated packages, which fix these issues and add these enhancements. Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named "samba4" to avoid conflicts during the upgrade. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 766333 - Rebase Samba4 libraries to pick up functionality required for IdM 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 861892 - samba4's wbclient/smbclient provides need to be filtered to avoid confusion with samba's wbclient/smbclient provides 864889 - Configure winbind_krb5_locator.so via alternatives to allow IPA AD trusts use 867317 - pam_winbind.conf is not packaged in samba-winbind-clients where the module is packaged. 867854 - auth_builtin auth_domain auth_sam and auth_winbind are built as shared modules. 868248 - samba-winbind package wants /var/log/samba 868419 - samba4 smb and winbind init scripts missing export KRB5CCNAME 877085 - Wrong sysconfig filename 878564 - IPA trust cannot always lookup AD users with wbinfo 882188 - samba4-libs: yyin symbol collision 885089 - Samba netlogon AES support incorrect 886157 - samba4 should use the same winbind pipes as samba 895718 - Incomplete rpm provides filters causes issues with the samba4-libs package on certain architectures 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba4-4.0.0-55.el6.rc4.src.rpm i386: samba4-4.0.0-55.el6.rc4.i686.rpm samba4-client-4.0.0-55.el6.rc4.i686.rpm samba4-common-4.0.0-55.el6.rc4.i686.rpm samba4-dc-4.0.0-55.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-55.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-55.el6.rc4.i686.rpm samba4-devel-4.0.0-55.el6.rc4.i686.rpm samba4-libs-4.0.0-55.el6.rc4.i686.rpm samba4-pidl-4.0.0-55.el6.rc4.i686.rpm samba4-python-4.0.0-55.el6.rc4.i686.rpm samba4-swat-4.0.0-55.el6.rc4.i686.rpm samba4-test-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.i686.rpm x86_64: samba4-4.0.0-55.el6.rc4.x86_64.rpm samba4-client-4.0.0-55.el6.rc4.x86_64.rpm samba4-common-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-55.el6.rc4.x86_64.rpm samba4-devel-4.0.0-55.el6.rc4.x86_64.rpm samba4-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-55.el6.rc4.x86_64.rpm samba4-python-4.0.0-55.el6.rc4.x86_64.rpm samba4-swat-4.0.0-55.el6.rc4.x86_64.rpm samba4-test-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba4-4.0.0-55.el6.rc4.src.rpm x86_64: samba4-4.0.0-55.el6.rc4.x86_64.rpm samba4-client-4.0.0-55.el6.rc4.x86_64.rpm samba4-common-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-55.el6.rc4.x86_64.rpm samba4-devel-4.0.0-55.el6.rc4.x86_64.rpm samba4-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-55.el6.rc4.x86_64.rpm samba4-python-4.0.0-55.el6.rc4.x86_64.rpm samba4-swat-4.0.0-55.el6.rc4.x86_64.rpm samba4-test-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba4-4.0.0-55.el6.rc4.src.rpm i386: samba4-4.0.0-55.el6.rc4.i686.rpm samba4-client-4.0.0-55.el6.rc4.i686.rpm samba4-common-4.0.0-55.el6.rc4.i686.rpm samba4-dc-4.0.0-55.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-55.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-55.el6.rc4.i686.rpm samba4-devel-4.0.0-55.el6.rc4.i686.rpm samba4-libs-4.0.0-55.el6.rc4.i686.rpm samba4-pidl-4.0.0-55.el6.rc4.i686.rpm samba4-python-4.0.0-55.el6.rc4.i686.rpm samba4-swat-4.0.0-55.el6.rc4.i686.rpm samba4-test-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.i686.rpm ppc64: samba4-4.0.0-55.el6.rc4.ppc64.rpm samba4-client-4.0.0-55.el6.rc4.ppc64.rpm samba4-common-4.0.0-55.el6.rc4.ppc64.rpm samba4-dc-4.0.0-55.el6.rc4.ppc64.rpm samba4-dc-libs-4.0.0-55.el6.rc4.ppc64.rpm samba4-debuginfo-4.0.0-55.el6.rc4.ppc64.rpm samba4-devel-4.0.0-55.el6.rc4.ppc64.rpm samba4-libs-4.0.0-55.el6.rc4.ppc64.rpm samba4-pidl-4.0.0-55.el6.rc4.ppc64.rpm samba4-python-4.0.0-55.el6.rc4.ppc64.rpm samba4-swat-4.0.0-55.el6.rc4.ppc64.rpm samba4-test-4.0.0-55.el6.rc4.ppc64.rpm samba4-winbind-4.0.0-55.el6.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.ppc64.rpm s390x: samba4-4.0.0-55.el6.rc4.s390x.rpm samba4-client-4.0.0-55.el6.rc4.s390x.rpm samba4-common-4.0.0-55.el6.rc4.s390x.rpm samba4-dc-4.0.0-55.el6.rc4.s390x.rpm samba4-dc-libs-4.0.0-55.el6.rc4.s390x.rpm samba4-debuginfo-4.0.0-55.el6.rc4.s390x.rpm samba4-devel-4.0.0-55.el6.rc4.s390x.rpm samba4-libs-4.0.0-55.el6.rc4.s390x.rpm samba4-pidl-4.0.0-55.el6.rc4.s390x.rpm samba4-python-4.0.0-55.el6.rc4.s390x.rpm samba4-swat-4.0.0-55.el6.rc4.s390x.rpm samba4-test-4.0.0-55.el6.rc4.s390x.rpm samba4-winbind-4.0.0-55.el6.rc4.s390x.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.s390x.rpm x86_64: samba4-4.0.0-55.el6.rc4.x86_64.rpm samba4-client-4.0.0-55.el6.rc4.x86_64.rpm samba4-common-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-55.el6.rc4.x86_64.rpm samba4-devel-4.0.0-55.el6.rc4.x86_64.rpm samba4-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-55.el6.rc4.x86_64.rpm samba4-python-4.0.0-55.el6.rc4.x86_64.rpm samba4-swat-4.0.0-55.el6.rc4.x86_64.rpm samba4-test-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba4-4.0.0-55.el6.rc4.src.rpm i386: samba4-4.0.0-55.el6.rc4.i686.rpm samba4-client-4.0.0-55.el6.rc4.i686.rpm samba4-common-4.0.0-55.el6.rc4.i686.rpm samba4-dc-4.0.0-55.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-55.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-55.el6.rc4.i686.rpm samba4-devel-4.0.0-55.el6.rc4.i686.rpm samba4-libs-4.0.0-55.el6.rc4.i686.rpm samba4-pidl-4.0.0-55.el6.rc4.i686.rpm samba4-python-4.0.0-55.el6.rc4.i686.rpm samba4-swat-4.0.0-55.el6.rc4.i686.rpm samba4-test-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.i686.rpm x86_64: samba4-4.0.0-55.el6.rc4.x86_64.rpm samba4-client-4.0.0-55.el6.rc4.x86_64.rpm samba4-common-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-4.0.0-55.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-55.el6.rc4.x86_64.rpm samba4-devel-4.0.0-55.el6.rc4.x86_64.rpm samba4-libs-4.0.0-55.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-55.el6.rc4.x86_64.rpm samba4-python-4.0.0-55.el6.rc4.x86_64.rpm samba4-swat-4.0.0-55.el6.rc4.x86_64.rpm samba4-test-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-55.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-55.el6.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJb/SXlSAg2UNWIIRAu9pAJ0bXOSJ3SN3aR3fw5MGSEkMJi3lMgCdGerb Ylk6a0Ez2DTp2M59lbdEswI= =joFH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:27:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:27:23 +0000 Subject: [RHSA-2013:0508-02] Low: sssd security, bug fix and enhancement update Message-ID: <201302210638.r1L6cPXd026625@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix and enhancement update Advisory ID: RHSA-2013:0508-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0508.html Issue date: 2013-02-21 CVE Names: CVE-2013-0219 CVE-2013-0220 ===================================================================== 1. Summary: Updated sssd packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) Multiple out-of-bounds memory read flaws were found in the way the autofs and SSH service responders parsed certain SSSD packets. An attacker could spend a specially-crafted packet that, when processed by the autofs or SSH service responders, would cause SSSD to crash. This issue only caused a temporary denial of service, as SSSD was automatically restarted by the monitor process after the crash. (CVE-2013-0220) The CVE-2013-0219 and CVE-2013-0220 issues were discovered by Florian Weimer of the Red Hat Product Security Team. These updated sssd packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All SSSD users are advised to upgrade to these updated packages, which upgrade SSSD to upstream version 1.9 to correct these issues, fix these bugs and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 743505 - [RFE] Implement "AD friendly" schema mapping 761573 - [RFE] Integrate with SUDO utility 766000 - [RFE]Add support for central management of the SELinux user mappings 768165 - [RFE] Support range retrievals 768168 - [RFE] Allow Constructing uid from Active Directory objectSid 789470 - [RFE] Introduce the concept of a Primary Server in SSSD 789507 - [RFE] SSSD should provide fast in memory cache to provide similar functionality as NSCD currently provides 790105 - Filter out inappropriate IP addresses from IPA dynamic DNS update 790107 - Document sss_tools better 799009 - Warn to syslog when dereference requests fail 799928 - [RFE] Hash the hostname/port information in the known_hosts file. 801431 - [RFE] sudo: send username and uid while requesting default options 801719 - "Error looking up public keys" while ssh to replica using IP address. 802718 - Unable to lookup user aliases with proxy provider. 805920 - [RFE] Introduce concept of Ghost User instead of using Fake User 805921 - Document the expectations about ghost users showing in the lookups 808307 - No info in sssd manpages for "ldap_sasl_minssf" 811987 - autofs: maximum key name must be PATH_MAX 813327 - [RFE] support looking up autofs maps via SSSD 814249 - [RFE] for faster SSSD startup 822404 - sssd does not provide maps for automounter when custom schema is being used 824244 - sssd does not warn into sssd.log for broken configurations 827036 - Add support for terminating idle connections in sssd_nss 829740 - Init script reports complete before sssd is actually working 832103 - [RFE] Optimize memberOf search criteria with AD 832120 - [RFE] Add AD provider 845251 - sssd does not try another server when unable to resolve hostname 845253 - Fail over does not work correctly when IPA server is establishing a GSSAPI-encrypted LDAP connection 848547 - [TECH PREVIEW] Support DIR: credential caches for multiple TGT support 852948 - ldap_chpass_update_last_change is not included in the manual page 854619 - SSSD cannot cope with empty naming context coming from Novell eDirectory 854997 - Add details about TGT validation to sssd-krb5 man page 857047 - [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by signal 6 (SIGABRT) 860667 - [man sssd-ldap] 'ldap_access_filter' description needs to be updated 861075 - SSSD_NSS failure to gracefully restart after sbus failure 861076 - Flip the default value of ldap_initgroups_use_matching_rule_in_chain 861079 - Collect Krb5 Trace on High Debug Levels 861082 - Manpage has ldap_autofs_search_base as experimental feature 861091 - pam_sss report System Error on wrong password 863131 - sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU 866542 - sssd_be crashes while looking up users 867932 - Selinuxusermap rule is not honoured 867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running 869013 - Sudo smart refresh doesn't occur on time 869071 - Password authentication for users from trusted domains does not work 869150 - ldap_child crashes on using invalid keytab during gssapi connection 869443 - The sssd_nss process grows the memory consumption over time 869678 - sssd not granting access for AD trusted user in HBAC rule 870039 - sss_cache says 'Wrong DB version' 870045 - always reread the master map from LDAP 870060 - SSH host keys are not being removed from the cache 870238 - IPA client cannot change AD Trusted User password 870278 - ipa client setup should configure host properly in a trust is in place 870280 - ipa reconfigure functionality needed for fixing clients to support trusts 870505 - sss_cache: Multiple domains not handled properly 871160 - sudo failing for ad trusted user in IPA environment 871576 - sssd does not resolve group names from AD 871843 - Nested groups are not retrieved appropriately from cache 872110 - User appears twice on looking up a nested group 872180 - subdomains: Invalid sub-domain request type. 872324 - pam: fd leak when writing the selinux login file in the pam responder 872683 - sssd_be segfaults with enumeration enabled and anonymous LDAP access disabled 873032 - Move sss_cache to the main subpackage 873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section 874579 - sssd caching not working as expected for selinux usermap contexts 874616 - Silence the DEBUG messages when ID mapping code skips a built-in group 874618 - sss_cache: fqdn not accepted 874673 - user id lookup fails using proxy provider 875677 - password expiry warning message doesn't appear during auth 875738 - offline authentication failure always returns System Error 875740 - "defaults" entry ignored 875851 - sysdb upgrade failed converting db to 0.11 876531 - sss_cache does not work for automount maps 877126 - subdomains code does not save the proper user/group name 877130 - LDAP provider fails to save empty groups 877354 - ldap_connection_expire_timeout doesn't expire ldap connections 877972 - ldap_sasl_authid no longer accepts full principal 877974 - updating top-level group does not reflect ghost members correctly 878262 - ipa password auth failing for user principal name when shorter than IPA Realm name 878419 - sss_userdel doesn't remove entries from in-memory cache 878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set 878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent 880140 - sssd hangs at startup with broken configurations 880159 - delete operation is not implemented for ghost users 880176 - memberUid required for primary groups to match sudo rule 880546 - krb5_kpasswd failover doesn't work 880956 - Primary server status is not always reset after failover to backup server happened 881773 - mmap cache needs update after db changes 882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update 882221 - Offline sudo denies access with expired entry_cache_timeout 882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds 882923 - Negative cache timeout is not working for proxy provider 883336 - sssd crashes during start if id_provider is not mentioned 883408 - Make it clear that ldap_sudo_include_regexp can only handle wildcards 884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees 884480 - user is not removed from group membership during initgroups 884600 - ldap_chpass_uri failover fails on using same hostname 884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders 884666 - sudo: if first full refresh fails, schedule another first full refresh 885078 - sssd_nss crashes during enumeration if the enumeration is taking too long 885105 - sudo denies access with disabled ldap_sudo_use_host_filter 886038 - sssd components seem to mishandle sighup 886091 - Disallow root SSH public key authentication 886848 - user id lookup fails for case sensitive users using proxy provider 887961 - AD provider: getgrgid removes nested group memberships 888614 - Failure in memberof can lead to failed database update 888800 - MEmory leak in new memcache initgr cleanup function 889168 - krb5 ticket renewal does not read the renewable tickets from cache 889182 - crash in memory cache 890520 - Failover to krb5_backup_kpasswd doesn't work 891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP 892197 - Incorrect principal searched for in keytab 894302 - sssd fails to update to changes on autofs maps 894381 - memory cache is not updated after user is deleted from ldb cache 894428 - wrong filter for autofs maps in sss_cache 894738 - Failover to ldap_chpass_backup_uri doesn't work 894997 - sssd_be crashes looking up members with groups outside the nesting limit 895132 - Modifications using sss_usermod tool are not reflected in memory cache 895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform 896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute. 902436 - possible segfault when backend callback is removed 902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-1.9.2-82.el6.ppc.rpm libipa_hbac-1.9.2-82.el6.ppc64.rpm libipa_hbac-python-1.9.2-82.el6.ppc64.rpm libsss_autofs-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc64.rpm libsss_sudo-1.9.2-82.el6.ppc64.rpm sssd-1.9.2-82.el6.ppc64.rpm sssd-client-1.9.2-82.el6.ppc.rpm sssd-client-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-1.9.2-82.el6.s390.rpm libipa_hbac-1.9.2-82.el6.s390x.rpm libipa_hbac-python-1.9.2-82.el6.s390x.rpm libsss_autofs-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390x.rpm libsss_sudo-1.9.2-82.el6.s390x.rpm sssd-1.9.2-82.el6.s390x.rpm sssd-client-1.9.2-82.el6.s390.rpm sssd-client-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-devel-1.9.2-82.el6.ppc.rpm libipa_hbac-devel-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc64.rpm libsss_sudo-devel-1.9.2-82.el6.ppc.rpm libsss_sudo-devel-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm sssd-tools-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-devel-1.9.2-82.el6.s390.rpm libipa_hbac-devel-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390x.rpm libsss_sudo-devel-1.9.2-82.el6.s390.rpm libsss_sudo-devel-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm sssd-tools-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.el6.src.rpm i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0220.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/sssd.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcDZXlSAg2UNWIIRAhnEAJ9XdwmO6Lj3pGoiRkr7pvnys8bNngCgjIdk YqzxidbE7UcfmsItAyPQUNY= =+H1I -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:28:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:28:12 +0000 Subject: [RHSA-2013:0509-02] Low: rdma security, bug fix and enhancement update Message-ID: <201302210639.r1L6dEcf026917@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: rdma security, bug fix and enhancement update Advisory ID: RHSA-2013:0509-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0509.html Issue date: 2013-02-21 CVE Names: CVE-2012-4517 CVE-2012-4518 ===================================================================== 1. Summary: Updated RDMA packages that fix multiple security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An attacker could send specially-crafted multicast packets that would cause the ibacm daemon to crash. (CVE-2012-4517) It was found that the ibacm daemon created some files with world-writable permissions. A local attacker could use this flaw to overwrite the contents of the ibacm.log or ibacm.port file, allowing them to mask certain actions from the log or cause ibacm to run on a non-default port. (CVE-2012-4518) CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team. The InfiniBand/iWARP/RDMA stack components have been upgraded to more recent upstream versions. This update also fixes the following bugs: * Previously, the "ibnodes -h" command did not show a proper usage message. With this update the problem is fixed and "ibnodes -h" now shows the correct usage message. (BZ#818606) * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3 hardware's physical state as invalid even when the device was working. For iWARP hardware, the phys_state field has no meaning. This update patches the utility to not print out anything for this field when the hardware is iWARP hardware. (BZ#822781) * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created the InfiniBand device files in the wrong place and a udev rules file was used to force the devices to be created in the proper place. With the update to 6.3, the kernel was fixed to create the InfiniBand device files in the proper place, and so the udev rules file was removed as no longer being necessary. However, a bug in the kernel device creation meant that, although the devices were now being created in the right place, they had incorrect permissions. Consequently, when users attempted to run an RDMA application as a non-root user, the application failed to get the necessary permissions to use the RDMA device and the application terminated. This update puts a new udev rules file in place. It no longer attempts to create the InfiniBand devices since they already exist, but it does correct the device permissions on the files. (BZ#834428) * Previously, using the "perfquery -C" command with a host name caused the perfquery utility to become unresponsive. The list of controllers to process was never cleared and the process looped infinitely on a single controller. A patch has been applied to make sure that in the case where the user passes in the -C option, the controller list is cleared out once that controller has been processed. As a result, perfquery now works as expected in the scenario described. (BZ#847129) * The OpenSM init script did not handle the case where there were no configuration files under "/etc/rdma/opensm.conf.*". With this update, the script as been patched and the InfiniBand Subnet Manager, OpenSM, now starts as expected in the scenario described. (BZ#862857) This update also adds the following enhancement: * This update provides an updated mlx4_ib Mellanox driver which includes Single Root I/O Virtualization (SR-IOV) support. (BZ#869737) All users of RDMA are advised to upgrade to these updated packages, which fix these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 865492 - CVE-2012-4517 ibacm: DoS (ibacm deamon crash) by joining responses for multicast destinations 865499 - CVE-2012-4518 ibacm: ibacm service files created with world writable permissions (DoS) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm i386: libibverbs-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm x86_64: infinipath-psm-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-1.1.6-5.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rdma-3.6-1.el6.src.rpm i386: ibacm-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-static-1.3.9-1.el6.i686.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-static-1.3.8-1.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-devel-static-1.1.6-5.el6.i686.rpm libibverbs-utils-1.1.6-5.el6.i686.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-static-1.0.4-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.i686.rpm opensm-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.i686.rpm opensm-static-3.3.15-1.el6.i686.rpm noarch: rdma-3.6-1.el6.noarch.rpm x86_64: ibacm-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-1.3.9-1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.x86_64.rpm libibmad-static-1.3.9-1.el6.x86_64.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-1.3.8-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.x86_64.rpm libibumad-static-1.3.8-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.x86_64.rpm libibverbs-devel-static-1.1.6-5.el6.x86_64.rpm libibverbs-utils-1.1.6-5.el6.x86_64.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-1.0.4-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm libmlx4-static-1.0.4-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-3.3.15-1.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.x86_64.rpm opensm-libs-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.x86_64.rpm opensm-static-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibsim-0.5-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rdma-3.6-1.el6.src.rpm noarch: rdma-3.6-1.el6.noarch.rpm x86_64: ibacm-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibsim-0.5-7.el6.x86_64.rpm ibsim-debuginfo-0.5-7.el6.x86_64.rpm ibutils-1.5.7-7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-libs-1.5.7-7.el6.i686.rpm ibutils-libs-1.5.7-7.el6.x86_64.rpm infiniband-diags-1.5.12-5.el6.i686.rpm infiniband-diags-1.5.12-5.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-1.3.9-1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-1.3.8-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.x86_64.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-1.1.6-5.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.x86_64.rpm libibverbs-utils-1.1.6-5.el6.x86_64.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-1.0.4-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-3.3.15-1.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-libs-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm x86_64: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-devel-1.5.7-7.el6.i686.rpm ibutils-devel-1.5.7-7.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-1.5.12-5.el6.i686.rpm infiniband-diags-devel-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-static-1.5.12-5.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.x86_64.rpm libibmad-static-1.3.9-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-static-1.3.8-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-static-1.1.6-5.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm libmlx4-static-1.0.4-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.x86_64.rpm opensm-static-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibsim-0.5-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rdma-3.6-1.el6.src.rpm i386: ibacm-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibsim-0.5-7.el6.i686.rpm ibsim-debuginfo-0.5-7.el6.i686.rpm ibutils-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-libs-1.5.7-7.el6.i686.rpm infiniband-diags-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-utils-1.1.6-5.el6.i686.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.i686.rpm opensm-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.i686.rpm noarch: rdma-3.6-1.el6.noarch.rpm ppc64: ibacm-1.0.8-0.git7a3adb7.el6.ppc64.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.ppc64.rpm ibsim-0.5-7.el6.ppc64.rpm ibsim-debuginfo-0.5-7.el6.ppc64.rpm ibutils-1.5.7-7.el6.ppc64.rpm ibutils-debuginfo-1.5.7-7.el6.ppc.rpm ibutils-debuginfo-1.5.7-7.el6.ppc64.rpm ibutils-libs-1.5.7-7.el6.ppc.rpm ibutils-libs-1.5.7-7.el6.ppc64.rpm infiniband-diags-1.5.12-5.el6.ppc.rpm infiniband-diags-1.5.12-5.el6.ppc64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.ppc.rpm infiniband-diags-debuginfo-1.5.12-5.el6.ppc64.rpm libibmad-1.3.9-1.el6.ppc.rpm libibmad-1.3.9-1.el6.ppc64.rpm libibmad-debuginfo-1.3.9-1.el6.ppc.rpm libibmad-debuginfo-1.3.9-1.el6.ppc64.rpm libibumad-1.3.8-1.el6.ppc.rpm libibumad-1.3.8-1.el6.ppc64.rpm libibumad-debuginfo-1.3.8-1.el6.ppc.rpm libibumad-debuginfo-1.3.8-1.el6.ppc64.rpm libibverbs-1.1.6-5.el6.ppc.rpm libibverbs-1.1.6-5.el6.ppc64.rpm libibverbs-debuginfo-1.1.6-5.el6.ppc.rpm libibverbs-debuginfo-1.1.6-5.el6.ppc64.rpm libibverbs-devel-1.1.6-5.el6.ppc.rpm libibverbs-devel-1.1.6-5.el6.ppc64.rpm libibverbs-utils-1.1.6-5.el6.ppc64.rpm libmlx4-1.0.4-1.el6.ppc.rpm libmlx4-1.0.4-1.el6.ppc64.rpm libmlx4-debuginfo-1.0.4-1.el6.ppc.rpm libmlx4-debuginfo-1.0.4-1.el6.ppc64.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.ppc.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.ppc64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.ppc.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.ppc64.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.ppc64.rpm opensm-3.3.15-1.el6.ppc64.rpm opensm-debuginfo-3.3.15-1.el6.ppc.rpm opensm-debuginfo-3.3.15-1.el6.ppc64.rpm opensm-libs-3.3.15-1.el6.ppc.rpm opensm-libs-3.3.15-1.el6.ppc64.rpm x86_64: ibacm-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibsim-0.5-7.el6.x86_64.rpm ibsim-debuginfo-0.5-7.el6.x86_64.rpm ibutils-1.5.7-7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-libs-1.5.7-7.el6.i686.rpm ibutils-libs-1.5.7-7.el6.x86_64.rpm infiniband-diags-1.5.12-5.el6.i686.rpm infiniband-diags-1.5.12-5.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-1.3.9-1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-1.3.8-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.x86_64.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-1.1.6-5.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.x86_64.rpm libibverbs-utils-1.1.6-5.el6.x86_64.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-1.0.4-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-3.3.15-1.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-libs-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm i386: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-devel-1.5.7-7.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-devel-1.5.12-5.el6.i686.rpm infiniband-diags-devel-static-1.5.12-5.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-static-1.3.9-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-static-1.3.8-1.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-devel-static-1.1.6-5.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-static-1.0.4-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-static-3.3.15-1.el6.i686.rpm ppc64: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.ppc.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.ppc64.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.ppc.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.ppc64.rpm ibutils-debuginfo-1.5.7-7.el6.ppc.rpm ibutils-debuginfo-1.5.7-7.el6.ppc64.rpm ibutils-devel-1.5.7-7.el6.ppc.rpm ibutils-devel-1.5.7-7.el6.ppc64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.ppc.rpm infiniband-diags-debuginfo-1.5.12-5.el6.ppc64.rpm infiniband-diags-devel-1.5.12-5.el6.ppc.rpm infiniband-diags-devel-1.5.12-5.el6.ppc64.rpm infiniband-diags-devel-static-1.5.12-5.el6.ppc64.rpm libibmad-debuginfo-1.3.9-1.el6.ppc.rpm libibmad-debuginfo-1.3.9-1.el6.ppc64.rpm libibmad-devel-1.3.9-1.el6.ppc.rpm libibmad-devel-1.3.9-1.el6.ppc64.rpm libibmad-static-1.3.9-1.el6.ppc64.rpm libibumad-debuginfo-1.3.8-1.el6.ppc.rpm libibumad-debuginfo-1.3.8-1.el6.ppc64.rpm libibumad-devel-1.3.8-1.el6.ppc.rpm libibumad-devel-1.3.8-1.el6.ppc64.rpm libibumad-static-1.3.8-1.el6.ppc64.rpm libibverbs-debuginfo-1.1.6-5.el6.ppc64.rpm libibverbs-devel-static-1.1.6-5.el6.ppc64.rpm libmlx4-debuginfo-1.0.4-1.el6.ppc64.rpm libmlx4-static-1.0.4-1.el6.ppc64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.ppc.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.ppc64.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.ppc.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.ppc64.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.ppc64.rpm opensm-debuginfo-3.3.15-1.el6.ppc.rpm opensm-debuginfo-3.3.15-1.el6.ppc64.rpm opensm-devel-3.3.15-1.el6.ppc.rpm opensm-devel-3.3.15-1.el6.ppc64.rpm opensm-static-3.3.15-1.el6.ppc64.rpm x86_64: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-devel-1.5.7-7.el6.i686.rpm ibutils-devel-1.5.7-7.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-1.5.12-5.el6.i686.rpm infiniband-diags-devel-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-static-1.5.12-5.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.x86_64.rpm libibmad-static-1.3.9-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-static-1.3.8-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-static-1.1.6-5.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm libmlx4-static-1.0.4-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.x86_64.rpm opensm-static-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibsim-0.5-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rdma-3.6-1.el6.src.rpm i386: ibacm-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibsim-0.5-7.el6.i686.rpm ibsim-debuginfo-0.5-7.el6.i686.rpm ibutils-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-libs-1.5.7-7.el6.i686.rpm infiniband-diags-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-utils-1.1.6-5.el6.i686.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.i686.rpm opensm-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.i686.rpm noarch: rdma-3.6-1.el6.noarch.rpm x86_64: ibacm-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibsim-0.5-7.el6.x86_64.rpm ibsim-debuginfo-0.5-7.el6.x86_64.rpm ibutils-1.5.7-7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-libs-1.5.7-7.el6.i686.rpm ibutils-libs-1.5.7-7.el6.x86_64.rpm infiniband-diags-1.5.12-5.el6.i686.rpm infiniband-diags-1.5.12-5.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-1.3.9-1.el6.i686.rpm libibmad-1.3.9-1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibumad-1.3.8-1.el6.i686.rpm libibumad-1.3.8-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.x86_64.rpm libibverbs-1.1.6-5.el6.i686.rpm libibverbs-1.1.6-5.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-1.1.6-5.el6.i686.rpm libibverbs-devel-1.1.6-5.el6.x86_64.rpm libibverbs-utils-1.1.6-5.el6.x86_64.rpm libmlx4-1.0.4-1.el6.i686.rpm libmlx4-1.0.4-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-utils-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-3.3.15-1.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-libs-3.3.15-1.el6.i686.rpm opensm-libs-3.3.15-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibacm-1.0.8-0.git7a3adb7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibutils-1.5.7-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infiniband-diags-1.5.12-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibmad-1.3.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibumad-1.3.8-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibverbs-1.1.6-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libmlx4-1.0.4-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/librdmacm-1.0.17-0.git4b5c1aa.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/opensm-3.3.15-1.el6.src.rpm i386: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-devel-1.5.7-7.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-devel-1.5.12-5.el6.i686.rpm infiniband-diags-devel-static-1.5.12-5.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-static-1.3.9-1.el6.i686.rpm libibumad-debuginfo-1.3.8-1.el6.i686.rpm libibumad-devel-1.3.8-1.el6.i686.rpm libibumad-static-1.3.8-1.el6.i686.rpm libibverbs-debuginfo-1.1.6-5.el6.i686.rpm libibverbs-devel-static-1.1.6-5.el6.i686.rpm libmlx4-debuginfo-1.0.4-1.el6.i686.rpm libmlx4-static-1.0.4-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-devel-1.0.17-0.git4b5c1aa.el6.i686.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-static-3.3.15-1.el6.i686.rpm x86_64: ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-debuginfo-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.i686.rpm ibacm-devel-1.0.8-0.git7a3adb7.el6.x86_64.rpm ibutils-debuginfo-1.5.7-7.el6.i686.rpm ibutils-debuginfo-1.5.7-7.el6.x86_64.rpm ibutils-devel-1.5.7-7.el6.i686.rpm ibutils-devel-1.5.7-7.el6.x86_64.rpm infiniband-diags-debuginfo-1.5.12-5.el6.i686.rpm infiniband-diags-debuginfo-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-1.5.12-5.el6.i686.rpm infiniband-diags-devel-1.5.12-5.el6.x86_64.rpm infiniband-diags-devel-static-1.5.12-5.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.1.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.1.el6.x86_64.rpm libibmad-debuginfo-1.3.9-1.el6.i686.rpm libibmad-debuginfo-1.3.9-1.el6.x86_64.rpm libibmad-devel-1.3.9-1.el6.i686.rpm libibmad-devel-1.3.9-1.el6.x86_64.rpm libibmad-static-1.3.9-1.el6.x86_64.rpm libibumad-debuginfo-1.3.8-1.el6.x86_64.rpm libibumad-static-1.3.8-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.6-5.el6.x86_64.rpm libibverbs-devel-static-1.1.6-5.el6.x86_64.rpm libmlx4-debuginfo-1.0.4-1.el6.x86_64.rpm libmlx4-static-1.0.4-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-0.git4b5c1aa.el6.x86_64.rpm librdmacm-static-1.0.17-0.git4b5c1aa.el6.x86_64.rpm opensm-debuginfo-3.3.15-1.el6.i686.rpm opensm-debuginfo-3.3.15-1.el6.x86_64.rpm opensm-devel-3.3.15-1.el6.i686.rpm opensm-devel-3.3.15-1.el6.x86_64.rpm opensm-static-3.3.15-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4517.html https://www.redhat.com/security/data/cve/CVE-2012-4518.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcEJXlSAg2UNWIIRAjk2AKCnx+GpxY0xlomVgLuuQrw1Ljg61wCfRsjv mI4Lrds6YI1Pkf/afbQoV4Q= =AR59 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:28:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:28:37 +0000 Subject: [RHSA-2013:0511-02] Moderate: pki-core security, bug fix and enhancement update Message-ID: <201302210639.r1L6dd9n023875@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pki-core security, bug fix and enhancement update Advisory ID: RHSA-2013:0511-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0511.html Issue date: 2013-02-21 CVE Names: CVE-2012-4543 ===================================================================== 1. Summary: Updated pki-core packages that fix multiple security issues, two bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem. Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux. Multiple cross-site scripting flaws were discovered in Certificate System. An attacker could use these flaws to perform a cross-site scripting (XSS) attack against victims using Certificate System's web interface. (CVE-2012-4543) This update also fixes the following bugs: * Previously, due to incorrect conversion of large integers while generating a new serial number, some of the most significant bits in the serial number were truncated. Consequently, the serial number generated for certificates was sometimes smaller than expected and this incorrect conversion in turn led to a collision if a certificate with the smaller number already existed in the database. This update removes the incorrect integer conversion so that no serial numbers are truncated. As a result, the installation wizard proceeds as expected. (BZ#841663) * The certificate authority used a different profile for issuing the audit certificate than it used for renewing it. The issuing profile was for two years, and the renewal was for six months. They should both be for two years. This update sets the default and constraint parameters in the caSignedLogCert.cfg audit certificate renewal profile to two years. (BZ#844459) This update also adds the following enhancements: * IPA (Identity, Policy and Audit) now provides an improved way to determine that PKI is up and ready to service requests. Checking the service status was not sufficient. This update creates a mechanism for clients to determine that the PKI subsystem is up using the getStatus() function to query the cs.startup_state in CS.cfg. (BZ#858864) * This update increases the default root CA validity period from eight years to twenty years. (BZ#891985) All users of pki-core are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 858864 - create/ identify a mechanism for clients to determine that the pki subsystem is up 864397 - CVE-2012-4543 Certificate System: Multiple cross-site scripting flaws by displaying CRL or processing profile 867640 - ipa-replica-install Configuration of CA failed 891985 - Increase FreeIPA root CA validity 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm i386: pki-core-debuginfo-9.0.3-30.el6.i686.rpm pki-native-tools-9.0.3-30.el6.i686.rpm pki-symkey-9.0.3-30.el6.i686.rpm noarch: pki-ca-9.0.3-30.el6.noarch.rpm pki-common-9.0.3-30.el6.noarch.rpm pki-common-javadoc-9.0.3-30.el6.noarch.rpm pki-java-tools-9.0.3-30.el6.noarch.rpm pki-java-tools-javadoc-9.0.3-30.el6.noarch.rpm pki-selinux-9.0.3-30.el6.noarch.rpm pki-setup-9.0.3-30.el6.noarch.rpm pki-silent-9.0.3-30.el6.noarch.rpm pki-util-9.0.3-30.el6.noarch.rpm pki-util-javadoc-9.0.3-30.el6.noarch.rpm x86_64: pki-core-debuginfo-9.0.3-30.el6.x86_64.rpm pki-native-tools-9.0.3-30.el6.x86_64.rpm pki-symkey-9.0.3-30.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm noarch: pki-ca-9.0.3-30.el6.noarch.rpm pki-common-9.0.3-30.el6.noarch.rpm pki-common-javadoc-9.0.3-30.el6.noarch.rpm pki-java-tools-9.0.3-30.el6.noarch.rpm pki-java-tools-javadoc-9.0.3-30.el6.noarch.rpm pki-selinux-9.0.3-30.el6.noarch.rpm pki-setup-9.0.3-30.el6.noarch.rpm pki-silent-9.0.3-30.el6.noarch.rpm pki-util-9.0.3-30.el6.noarch.rpm pki-util-javadoc-9.0.3-30.el6.noarch.rpm x86_64: pki-core-debuginfo-9.0.3-30.el6.x86_64.rpm pki-native-tools-9.0.3-30.el6.x86_64.rpm pki-symkey-9.0.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm i386: pki-core-debuginfo-9.0.3-30.el6.i686.rpm pki-native-tools-9.0.3-30.el6.i686.rpm pki-symkey-9.0.3-30.el6.i686.rpm noarch: pki-ca-9.0.3-30.el6.noarch.rpm pki-common-9.0.3-30.el6.noarch.rpm pki-java-tools-9.0.3-30.el6.noarch.rpm pki-selinux-9.0.3-30.el6.noarch.rpm pki-setup-9.0.3-30.el6.noarch.rpm pki-silent-9.0.3-30.el6.noarch.rpm pki-util-9.0.3-30.el6.noarch.rpm x86_64: pki-core-debuginfo-9.0.3-30.el6.x86_64.rpm pki-native-tools-9.0.3-30.el6.x86_64.rpm pki-symkey-9.0.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm noarch: pki-common-javadoc-9.0.3-30.el6.noarch.rpm pki-java-tools-javadoc-9.0.3-30.el6.noarch.rpm pki-util-javadoc-9.0.3-30.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm i386: pki-core-debuginfo-9.0.3-30.el6.i686.rpm pki-native-tools-9.0.3-30.el6.i686.rpm pki-symkey-9.0.3-30.el6.i686.rpm noarch: pki-ca-9.0.3-30.el6.noarch.rpm pki-common-9.0.3-30.el6.noarch.rpm pki-java-tools-9.0.3-30.el6.noarch.rpm pki-selinux-9.0.3-30.el6.noarch.rpm pki-setup-9.0.3-30.el6.noarch.rpm pki-silent-9.0.3-30.el6.noarch.rpm pki-util-9.0.3-30.el6.noarch.rpm x86_64: pki-core-debuginfo-9.0.3-30.el6.x86_64.rpm pki-native-tools-9.0.3-30.el6.x86_64.rpm pki-symkey-9.0.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pki-core-9.0.3-30.el6.src.rpm noarch: pki-common-javadoc-9.0.3-30.el6.noarch.rpm pki-java-tools-javadoc-9.0.3-30.el6.noarch.rpm pki-util-javadoc-9.0.3-30.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4543.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcElXlSAg2UNWIIRAtioAKCwnNJ2UAPrgqYdjoE4KEH+LfwDwQCgqSZk uKwxniSO3k11OCNqdlmJSGU= =lDzu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:29:00 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:29:00 +0000 Subject: [RHSA-2013:0512-02] Low: httpd security, bug fix, and enhancement update Message-ID: <201302210640.r1L6e2Mn024009@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2013:0512-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0512.html Issue date: 2013-02-21 CVE Names: CVE-2008-0455 CVE-2012-2687 CVE-2012-4557 ===================================================================== 1. Summary: Updated httpd packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. (CVE-2008-0455, CVE-2012-2687) It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP (Apache JServ Protocol) CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2012-4557) These updated httpd packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of httpd are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 757735 - [RFE] httpd's rotatelogs needs a way to rotate files into a custom location 757739 - [RFE] rotatelogs needs to create files even if they are empty 805720 - Only a single interface is available for SSL 805810 - init script for htcacheclean is missing 828896 - mod_authnz_ldap unable to set environment variables for authorize only 829689 - mod_ldap: fix occasional 500 Internal Server Error 842376 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line 848954 - Putting private key first in SSLProxyMachineCertificateFile causes segfault 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 867745 - mod_ssl post install script can cause failures 868283 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data 871685 - CVE-2012-4557 httpd: mod_proxy_ajp worker moved to error state when timeout exceeded 876923 - "if" condition always true - detected by Coverity 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm i386: httpd-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-tools-2.2.15-26.el6.i686.rpm x86_64: httpd-2.2.15-26.el6.x86_64.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-tools-2.2.15-26.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm i386: httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.i686.rpm mod_ssl-2.2.15-26.el6.i686.rpm noarch: httpd-manual-2.2.15-26.el6.noarch.rpm x86_64: httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.x86_64.rpm mod_ssl-2.2.15-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm x86_64: httpd-2.2.15-26.el6.x86_64.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-tools-2.2.15-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm noarch: httpd-manual-2.2.15-26.el6.noarch.rpm x86_64: httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.x86_64.rpm mod_ssl-2.2.15-26.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm i386: httpd-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-tools-2.2.15-26.el6.i686.rpm mod_ssl-2.2.15-26.el6.i686.rpm noarch: httpd-manual-2.2.15-26.el6.noarch.rpm ppc64: httpd-2.2.15-26.el6.ppc64.rpm httpd-debuginfo-2.2.15-26.el6.ppc.rpm httpd-debuginfo-2.2.15-26.el6.ppc64.rpm httpd-devel-2.2.15-26.el6.ppc.rpm httpd-devel-2.2.15-26.el6.ppc64.rpm httpd-tools-2.2.15-26.el6.ppc64.rpm mod_ssl-2.2.15-26.el6.ppc64.rpm s390x: httpd-2.2.15-26.el6.s390x.rpm httpd-debuginfo-2.2.15-26.el6.s390.rpm httpd-debuginfo-2.2.15-26.el6.s390x.rpm httpd-devel-2.2.15-26.el6.s390.rpm httpd-devel-2.2.15-26.el6.s390x.rpm httpd-tools-2.2.15-26.el6.s390x.rpm mod_ssl-2.2.15-26.el6.s390x.rpm x86_64: httpd-2.2.15-26.el6.x86_64.rpm httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.x86_64.rpm httpd-tools-2.2.15-26.el6.x86_64.rpm mod_ssl-2.2.15-26.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-26.el6.src.rpm i386: httpd-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-tools-2.2.15-26.el6.i686.rpm mod_ssl-2.2.15-26.el6.i686.rpm noarch: httpd-manual-2.2.15-26.el6.noarch.rpm x86_64: httpd-2.2.15-26.el6.x86_64.rpm httpd-debuginfo-2.2.15-26.el6.i686.rpm httpd-debuginfo-2.2.15-26.el6.x86_64.rpm httpd-devel-2.2.15-26.el6.i686.rpm httpd-devel-2.2.15-26.el6.x86_64.rpm httpd-tools-2.2.15-26.el6.x86_64.rpm mod_ssl-2.2.15-26.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-0455.html https://www.redhat.com/security/data/cve/CVE-2012-2687.html https://www.redhat.com/security/data/cve/CVE-2012-4557.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/httpd.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcE+XlSAg2UNWIIRAoNXAJ9Qbs6sjSxIvxUA07FLF81s6HQPcwCfa+1u ZznlWR6vPD61ro9Zh905uH8= =8OLO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:29:46 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:29:46 +0000 Subject: [RHSA-2013:0514-02] Moderate: php security, bug fix and enhancement update Message-ID: <201302210640.r1L6emeR027881@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security, bug fix and enhancement update Advisory ID: RHSA-2013:0514-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0514.html Issue date: 2013-02-21 CVE Names: CVE-2011-1398 CVE-2012-0831 CVE-2012-2688 ===================================================================== 1. Summary: Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 771738 - var_export on negative array indexes returns unsigned index id 789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown 812819 - setDate, setISODate, setTime works wrong when DateTime created from timestamp 824199 - PDOStatement execute segfaults for pdo_mysql driver 824293 - Include php-fpm in php build 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 833545 - dependencies on php-common are not arch-specific. 837042 - add php(language) virtual provide 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 858653 - fileinfo extension: use stat function from stream wrapper 868375 - $this becomes a non-object 874987 - Missing provides in php-xml 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-22.el6.src.rpm i386: php-5.3.3-22.el6.i686.rpm php-bcmath-5.3.3-22.el6.i686.rpm php-cli-5.3.3-22.el6.i686.rpm php-common-5.3.3-22.el6.i686.rpm php-dba-5.3.3-22.el6.i686.rpm php-debuginfo-5.3.3-22.el6.i686.rpm php-devel-5.3.3-22.el6.i686.rpm php-embedded-5.3.3-22.el6.i686.rpm php-enchant-5.3.3-22.el6.i686.rpm php-fpm-5.3.3-22.el6.i686.rpm php-gd-5.3.3-22.el6.i686.rpm php-imap-5.3.3-22.el6.i686.rpm php-intl-5.3.3-22.el6.i686.rpm php-ldap-5.3.3-22.el6.i686.rpm php-mbstring-5.3.3-22.el6.i686.rpm php-mysql-5.3.3-22.el6.i686.rpm php-odbc-5.3.3-22.el6.i686.rpm php-pdo-5.3.3-22.el6.i686.rpm php-pgsql-5.3.3-22.el6.i686.rpm php-process-5.3.3-22.el6.i686.rpm php-pspell-5.3.3-22.el6.i686.rpm php-recode-5.3.3-22.el6.i686.rpm php-snmp-5.3.3-22.el6.i686.rpm php-soap-5.3.3-22.el6.i686.rpm php-tidy-5.3.3-22.el6.i686.rpm php-xml-5.3.3-22.el6.i686.rpm php-xmlrpc-5.3.3-22.el6.i686.rpm php-zts-5.3.3-22.el6.i686.rpm x86_64: php-5.3.3-22.el6.x86_64.rpm php-bcmath-5.3.3-22.el6.x86_64.rpm php-cli-5.3.3-22.el6.x86_64.rpm php-common-5.3.3-22.el6.x86_64.rpm php-dba-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-devel-5.3.3-22.el6.x86_64.rpm php-embedded-5.3.3-22.el6.x86_64.rpm php-enchant-5.3.3-22.el6.x86_64.rpm php-fpm-5.3.3-22.el6.x86_64.rpm php-gd-5.3.3-22.el6.x86_64.rpm php-imap-5.3.3-22.el6.x86_64.rpm php-intl-5.3.3-22.el6.x86_64.rpm php-ldap-5.3.3-22.el6.x86_64.rpm php-mbstring-5.3.3-22.el6.x86_64.rpm php-mysql-5.3.3-22.el6.x86_64.rpm php-odbc-5.3.3-22.el6.x86_64.rpm php-pdo-5.3.3-22.el6.x86_64.rpm php-pgsql-5.3.3-22.el6.x86_64.rpm php-process-5.3.3-22.el6.x86_64.rpm php-pspell-5.3.3-22.el6.x86_64.rpm php-recode-5.3.3-22.el6.x86_64.rpm php-snmp-5.3.3-22.el6.x86_64.rpm php-soap-5.3.3-22.el6.x86_64.rpm php-tidy-5.3.3-22.el6.x86_64.rpm php-xml-5.3.3-22.el6.x86_64.rpm php-xmlrpc-5.3.3-22.el6.x86_64.rpm php-zts-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-22.el6.src.rpm x86_64: php-cli-5.3.3-22.el6.x86_64.rpm php-common-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-22.el6.src.rpm x86_64: php-5.3.3-22.el6.x86_64.rpm php-bcmath-5.3.3-22.el6.x86_64.rpm php-dba-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-devel-5.3.3-22.el6.x86_64.rpm php-embedded-5.3.3-22.el6.x86_64.rpm php-enchant-5.3.3-22.el6.x86_64.rpm php-fpm-5.3.3-22.el6.x86_64.rpm php-gd-5.3.3-22.el6.x86_64.rpm php-imap-5.3.3-22.el6.x86_64.rpm php-intl-5.3.3-22.el6.x86_64.rpm php-ldap-5.3.3-22.el6.x86_64.rpm php-mbstring-5.3.3-22.el6.x86_64.rpm php-mysql-5.3.3-22.el6.x86_64.rpm php-odbc-5.3.3-22.el6.x86_64.rpm php-pdo-5.3.3-22.el6.x86_64.rpm php-pgsql-5.3.3-22.el6.x86_64.rpm php-process-5.3.3-22.el6.x86_64.rpm php-pspell-5.3.3-22.el6.x86_64.rpm php-recode-5.3.3-22.el6.x86_64.rpm php-snmp-5.3.3-22.el6.x86_64.rpm php-soap-5.3.3-22.el6.x86_64.rpm php-tidy-5.3.3-22.el6.x86_64.rpm php-xml-5.3.3-22.el6.x86_64.rpm php-xmlrpc-5.3.3-22.el6.x86_64.rpm php-zts-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-22.el6.src.rpm i386: php-5.3.3-22.el6.i686.rpm php-cli-5.3.3-22.el6.i686.rpm php-common-5.3.3-22.el6.i686.rpm php-debuginfo-5.3.3-22.el6.i686.rpm php-gd-5.3.3-22.el6.i686.rpm php-ldap-5.3.3-22.el6.i686.rpm php-mysql-5.3.3-22.el6.i686.rpm php-odbc-5.3.3-22.el6.i686.rpm php-pdo-5.3.3-22.el6.i686.rpm php-pgsql-5.3.3-22.el6.i686.rpm php-soap-5.3.3-22.el6.i686.rpm php-xml-5.3.3-22.el6.i686.rpm php-xmlrpc-5.3.3-22.el6.i686.rpm ppc64: php-5.3.3-22.el6.ppc64.rpm php-cli-5.3.3-22.el6.ppc64.rpm php-common-5.3.3-22.el6.ppc64.rpm php-debuginfo-5.3.3-22.el6.ppc64.rpm php-gd-5.3.3-22.el6.ppc64.rpm php-ldap-5.3.3-22.el6.ppc64.rpm php-mysql-5.3.3-22.el6.ppc64.rpm php-odbc-5.3.3-22.el6.ppc64.rpm php-pdo-5.3.3-22.el6.ppc64.rpm php-pgsql-5.3.3-22.el6.ppc64.rpm php-soap-5.3.3-22.el6.ppc64.rpm php-xml-5.3.3-22.el6.ppc64.rpm php-xmlrpc-5.3.3-22.el6.ppc64.rpm s390x: php-5.3.3-22.el6.s390x.rpm php-cli-5.3.3-22.el6.s390x.rpm php-common-5.3.3-22.el6.s390x.rpm php-debuginfo-5.3.3-22.el6.s390x.rpm php-gd-5.3.3-22.el6.s390x.rpm php-ldap-5.3.3-22.el6.s390x.rpm php-mysql-5.3.3-22.el6.s390x.rpm php-odbc-5.3.3-22.el6.s390x.rpm php-pdo-5.3.3-22.el6.s390x.rpm php-pgsql-5.3.3-22.el6.s390x.rpm php-soap-5.3.3-22.el6.s390x.rpm php-xml-5.3.3-22.el6.s390x.rpm php-xmlrpc-5.3.3-22.el6.s390x.rpm x86_64: php-5.3.3-22.el6.x86_64.rpm php-cli-5.3.3-22.el6.x86_64.rpm php-common-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-gd-5.3.3-22.el6.x86_64.rpm php-ldap-5.3.3-22.el6.x86_64.rpm php-mysql-5.3.3-22.el6.x86_64.rpm php-odbc-5.3.3-22.el6.x86_64.rpm php-pdo-5.3.3-22.el6.x86_64.rpm php-pgsql-5.3.3-22.el6.x86_64.rpm php-soap-5.3.3-22.el6.x86_64.rpm php-xml-5.3.3-22.el6.x86_64.rpm php-xmlrpc-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-22.el6.src.rpm i386: php-bcmath-5.3.3-22.el6.i686.rpm php-dba-5.3.3-22.el6.i686.rpm php-debuginfo-5.3.3-22.el6.i686.rpm php-devel-5.3.3-22.el6.i686.rpm php-embedded-5.3.3-22.el6.i686.rpm php-enchant-5.3.3-22.el6.i686.rpm php-fpm-5.3.3-22.el6.i686.rpm php-imap-5.3.3-22.el6.i686.rpm php-intl-5.3.3-22.el6.i686.rpm php-mbstring-5.3.3-22.el6.i686.rpm php-process-5.3.3-22.el6.i686.rpm php-pspell-5.3.3-22.el6.i686.rpm php-recode-5.3.3-22.el6.i686.rpm php-snmp-5.3.3-22.el6.i686.rpm php-tidy-5.3.3-22.el6.i686.rpm php-zts-5.3.3-22.el6.i686.rpm ppc64: php-bcmath-5.3.3-22.el6.ppc64.rpm php-dba-5.3.3-22.el6.ppc64.rpm php-debuginfo-5.3.3-22.el6.ppc64.rpm php-devel-5.3.3-22.el6.ppc64.rpm php-embedded-5.3.3-22.el6.ppc64.rpm php-enchant-5.3.3-22.el6.ppc64.rpm php-fpm-5.3.3-22.el6.ppc64.rpm php-imap-5.3.3-22.el6.ppc64.rpm php-intl-5.3.3-22.el6.ppc64.rpm php-mbstring-5.3.3-22.el6.ppc64.rpm php-process-5.3.3-22.el6.ppc64.rpm php-pspell-5.3.3-22.el6.ppc64.rpm php-recode-5.3.3-22.el6.ppc64.rpm php-snmp-5.3.3-22.el6.ppc64.rpm php-tidy-5.3.3-22.el6.ppc64.rpm php-zts-5.3.3-22.el6.ppc64.rpm s390x: php-bcmath-5.3.3-22.el6.s390x.rpm php-dba-5.3.3-22.el6.s390x.rpm php-debuginfo-5.3.3-22.el6.s390x.rpm php-devel-5.3.3-22.el6.s390x.rpm php-embedded-5.3.3-22.el6.s390x.rpm php-enchant-5.3.3-22.el6.s390x.rpm php-fpm-5.3.3-22.el6.s390x.rpm php-imap-5.3.3-22.el6.s390x.rpm php-intl-5.3.3-22.el6.s390x.rpm php-mbstring-5.3.3-22.el6.s390x.rpm php-process-5.3.3-22.el6.s390x.rpm php-pspell-5.3.3-22.el6.s390x.rpm php-recode-5.3.3-22.el6.s390x.rpm php-snmp-5.3.3-22.el6.s390x.rpm php-tidy-5.3.3-22.el6.s390x.rpm php-zts-5.3.3-22.el6.s390x.rpm x86_64: php-bcmath-5.3.3-22.el6.x86_64.rpm php-dba-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-devel-5.3.3-22.el6.x86_64.rpm php-embedded-5.3.3-22.el6.x86_64.rpm php-enchant-5.3.3-22.el6.x86_64.rpm php-fpm-5.3.3-22.el6.x86_64.rpm php-imap-5.3.3-22.el6.x86_64.rpm php-intl-5.3.3-22.el6.x86_64.rpm php-mbstring-5.3.3-22.el6.x86_64.rpm php-process-5.3.3-22.el6.x86_64.rpm php-pspell-5.3.3-22.el6.x86_64.rpm php-recode-5.3.3-22.el6.x86_64.rpm php-snmp-5.3.3-22.el6.x86_64.rpm php-tidy-5.3.3-22.el6.x86_64.rpm php-zts-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-22.el6.src.rpm i386: php-5.3.3-22.el6.i686.rpm php-cli-5.3.3-22.el6.i686.rpm php-common-5.3.3-22.el6.i686.rpm php-debuginfo-5.3.3-22.el6.i686.rpm php-gd-5.3.3-22.el6.i686.rpm php-ldap-5.3.3-22.el6.i686.rpm php-mysql-5.3.3-22.el6.i686.rpm php-odbc-5.3.3-22.el6.i686.rpm php-pdo-5.3.3-22.el6.i686.rpm php-pgsql-5.3.3-22.el6.i686.rpm php-soap-5.3.3-22.el6.i686.rpm php-xml-5.3.3-22.el6.i686.rpm php-xmlrpc-5.3.3-22.el6.i686.rpm x86_64: php-5.3.3-22.el6.x86_64.rpm php-cli-5.3.3-22.el6.x86_64.rpm php-common-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-gd-5.3.3-22.el6.x86_64.rpm php-ldap-5.3.3-22.el6.x86_64.rpm php-mysql-5.3.3-22.el6.x86_64.rpm php-odbc-5.3.3-22.el6.x86_64.rpm php-pdo-5.3.3-22.el6.x86_64.rpm php-pgsql-5.3.3-22.el6.x86_64.rpm php-soap-5.3.3-22.el6.x86_64.rpm php-xml-5.3.3-22.el6.x86_64.rpm php-xmlrpc-5.3.3-22.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-22.el6.src.rpm i386: php-bcmath-5.3.3-22.el6.i686.rpm php-dba-5.3.3-22.el6.i686.rpm php-debuginfo-5.3.3-22.el6.i686.rpm php-devel-5.3.3-22.el6.i686.rpm php-embedded-5.3.3-22.el6.i686.rpm php-enchant-5.3.3-22.el6.i686.rpm php-fpm-5.3.3-22.el6.i686.rpm php-imap-5.3.3-22.el6.i686.rpm php-intl-5.3.3-22.el6.i686.rpm php-mbstring-5.3.3-22.el6.i686.rpm php-process-5.3.3-22.el6.i686.rpm php-pspell-5.3.3-22.el6.i686.rpm php-recode-5.3.3-22.el6.i686.rpm php-snmp-5.3.3-22.el6.i686.rpm php-tidy-5.3.3-22.el6.i686.rpm php-zts-5.3.3-22.el6.i686.rpm x86_64: php-bcmath-5.3.3-22.el6.x86_64.rpm php-dba-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-devel-5.3.3-22.el6.x86_64.rpm php-embedded-5.3.3-22.el6.x86_64.rpm php-enchant-5.3.3-22.el6.x86_64.rpm php-fpm-5.3.3-22.el6.x86_64.rpm php-imap-5.3.3-22.el6.x86_64.rpm php-intl-5.3.3-22.el6.x86_64.rpm php-mbstring-5.3.3-22.el6.x86_64.rpm php-process-5.3.3-22.el6.x86_64.rpm php-pspell-5.3.3-22.el6.x86_64.rpm php-recode-5.3.3-22.el6.x86_64.rpm php-snmp-5.3.3-22.el6.x86_64.rpm php-tidy-5.3.3-22.el6.x86_64.rpm php-zts-5.3.3-22.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1398.html https://www.redhat.com/security/data/cve/CVE-2012-0831.html https://www.redhat.com/security/data/cve/CVE-2012-2688.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/php.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcFqXlSAg2UNWIIRAlARAJ4lNUzK+Ob9fBt1nTCs/ciQY1HF/ACePdIf lPql027HCpjESlPdZVlvCSM= =h7Cb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:34:26 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:34:26 +0000 Subject: [RHSA-2013:0515-02] Moderate: openchange security, bug fix and enhancement update Message-ID: <201302210645.r1L6jShY003009@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openchange security, bug fix and enhancement update Advisory ID: RHSA-2013:0515-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0515.html Issue date: 2013-02-21 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182) The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes. (BZ#767672, BZ#767678) This update also fixes the following bugs: * When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function. Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution-data-server no longer crashes in the described scenario. (BZ#680061) * Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications. (BZ#870405) All users of openchange are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 680061 - evolution-data-server crashes in memcpy 685034 - [PATCH] (SIGABRT) FindGoodServer, OpenUserMailbox, exchange_mapi_set_flags 767672 - Rebase openchange libraries 767678 - Patch evolution-mapi to handle new openchange API 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 870405 - Cannot send mail with large message body 903241 - Double-free on message copy/move 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-mapi-0.28.3-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openchange-1.0-4.el6.src.rpm i386: evolution-mapi-0.28.3-12.el6.i686.rpm evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm openchange-1.0-4.el6.i686.rpm openchange-debuginfo-1.0-4.el6.i686.rpm x86_64: evolution-mapi-0.28.3-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm openchange-1.0-4.el6.x86_64.rpm openchange-debuginfo-1.0-4.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-mapi-0.28.3-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openchange-1.0-4.el6.src.rpm i386: evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm evolution-mapi-devel-0.28.3-12.el6.i686.rpm openchange-client-1.0-4.el6.i686.rpm openchange-debuginfo-1.0-4.el6.i686.rpm openchange-devel-1.0-4.el6.i686.rpm openchange-devel-docs-1.0-4.el6.i686.rpm x86_64: evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm openchange-client-1.0-4.el6.x86_64.rpm openchange-debuginfo-1.0-4.el6.x86_64.rpm openchange-devel-1.0-4.el6.x86_64.rpm openchange-devel-docs-1.0-4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-mapi-0.28.3-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openchange-1.0-4.el6.src.rpm i386: evolution-mapi-0.28.3-12.el6.i686.rpm evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm evolution-mapi-devel-0.28.3-12.el6.i686.rpm openchange-1.0-4.el6.i686.rpm openchange-client-1.0-4.el6.i686.rpm openchange-debuginfo-1.0-4.el6.i686.rpm openchange-devel-1.0-4.el6.i686.rpm openchange-devel-docs-1.0-4.el6.i686.rpm ppc64: evolution-mapi-0.28.3-12.el6.ppc64.rpm evolution-mapi-debuginfo-0.28.3-12.el6.ppc64.rpm evolution-mapi-devel-0.28.3-12.el6.ppc64.rpm openchange-1.0-4.el6.ppc64.rpm openchange-client-1.0-4.el6.ppc64.rpm openchange-debuginfo-1.0-4.el6.ppc64.rpm openchange-devel-1.0-4.el6.ppc64.rpm openchange-devel-docs-1.0-4.el6.ppc64.rpm x86_64: evolution-mapi-0.28.3-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm openchange-1.0-4.el6.x86_64.rpm openchange-client-1.0-4.el6.x86_64.rpm openchange-debuginfo-1.0-4.el6.x86_64.rpm openchange-devel-1.0-4.el6.x86_64.rpm openchange-devel-docs-1.0-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-mapi-0.28.3-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openchange-1.0-4.el6.src.rpm i386: evolution-mapi-0.28.3-12.el6.i686.rpm evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm openchange-1.0-4.el6.i686.rpm openchange-debuginfo-1.0-4.el6.i686.rpm x86_64: evolution-mapi-0.28.3-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm openchange-1.0-4.el6.x86_64.rpm openchange-debuginfo-1.0-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-mapi-0.28.3-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openchange-1.0-4.el6.src.rpm i386: evolution-mapi-debuginfo-0.28.3-12.el6.i686.rpm evolution-mapi-devel-0.28.3-12.el6.i686.rpm openchange-client-1.0-4.el6.i686.rpm openchange-debuginfo-1.0-4.el6.i686.rpm openchange-devel-1.0-4.el6.i686.rpm openchange-devel-docs-1.0-4.el6.i686.rpm x86_64: evolution-mapi-debuginfo-0.28.3-12.el6.x86_64.rpm evolution-mapi-devel-0.28.3-12.el6.x86_64.rpm openchange-client-1.0-4.el6.x86_64.rpm openchange-debuginfo-1.0-4.el6.x86_64.rpm openchange-devel-1.0-4.el6.x86_64.rpm openchange-devel-docs-1.0-4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcJ4XlSAg2UNWIIRAhibAKC0tICte1dbIL/z+k7DC7jncrZ6BwCfTJDU c+sy05TnY4AQf74NMfVWqcs= =hset -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:34:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:34:52 +0000 Subject: [RHSA-2013:0516-02] Low: evolution security and bug fix update Message-ID: <201302210645.r1L6jsYo029616@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: evolution security and bug fix update Advisory ID: RHSA-2013:0516-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0516.html Issue date: 2013-02-21 CVE Names: CVE-2011-3201 ===================================================================== 1. Summary: Updated evolution packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Evolution is the GNOME mailer, calendar, contact manager and communication tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. The way Evolution handled mailto URLs allowed any file to be attached to the new message. This could lead to information disclosure if the user did not notice the attached file before sending the message. With this update, mailto URLs cannot be used to attach certain files, such as hidden files or files in hidden directories, files in the /etc/ directory, or files specified using a path containing "..". (CVE-2011-3201) Red Hat would like to thank Matt McCutchen for reporting this issue. This update also fixes the following bugs: * Creating a contact list with contact names encoded in UTF-8 caused these names to be displayed in the contact list editor in the ASCII encoding instead of UTF-8. This bug has been fixed and the contact list editor now displays the names in the correct format. (BZ#707526) * Due to a bug in the evolution-alarm-notify process, calendar appointment alarms did not appear in some types of calendars. The underlying source code has been modified and calendar notifications work as expected. (BZ#805239) * An attempt to print a calendar month view as a PDF file caused Evolution to terminate unexpectedly. This update applies a patch to fix this bug and Evolution no longer crashes in this situation. (BZ#890642) All evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 733504 - CVE-2011-3201 evolution: mailto URL scheme attachment header improper input validation 805239 - Alarms don't work for CalDAV 890642 - Evolution has implicit declarations (unknown functions) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-2.28.3-30.el6.src.rpm i386: evolution-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm noarch: evolution-help-2.28.3-30.el6.noarch.rpm x86_64: evolution-2.28.3-30.el6.i686.rpm evolution-2.28.3-30.el6.x86_64.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-2.28.3-30.el6.src.rpm i386: evolution-conduits-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-perl-2.28.3-30.el6.i686.rpm evolution-pst-2.28.3-30.el6.i686.rpm evolution-spamassassin-2.28.3-30.el6.i686.rpm x86_64: evolution-conduits-2.28.3-30.el6.i686.rpm evolution-conduits-2.28.3-30.el6.x86_64.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.x86_64.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.x86_64.rpm evolution-perl-2.28.3-30.el6.x86_64.rpm evolution-pst-2.28.3-30.el6.x86_64.rpm evolution-spamassassin-2.28.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-2.28.3-30.el6.src.rpm i386: evolution-2.28.3-30.el6.i686.rpm evolution-conduits-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-perl-2.28.3-30.el6.i686.rpm evolution-pst-2.28.3-30.el6.i686.rpm evolution-spamassassin-2.28.3-30.el6.i686.rpm noarch: evolution-help-2.28.3-30.el6.noarch.rpm ppc64: evolution-2.28.3-30.el6.ppc.rpm evolution-2.28.3-30.el6.ppc64.rpm evolution-conduits-2.28.3-30.el6.ppc.rpm evolution-conduits-2.28.3-30.el6.ppc64.rpm evolution-debuginfo-2.28.3-30.el6.ppc.rpm evolution-debuginfo-2.28.3-30.el6.ppc64.rpm evolution-devel-2.28.3-30.el6.ppc.rpm evolution-devel-2.28.3-30.el6.ppc64.rpm evolution-perl-2.28.3-30.el6.ppc64.rpm evolution-pst-2.28.3-30.el6.ppc64.rpm evolution-spamassassin-2.28.3-30.el6.ppc64.rpm x86_64: evolution-2.28.3-30.el6.i686.rpm evolution-2.28.3-30.el6.x86_64.rpm evolution-conduits-2.28.3-30.el6.i686.rpm evolution-conduits-2.28.3-30.el6.x86_64.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.x86_64.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.x86_64.rpm evolution-perl-2.28.3-30.el6.x86_64.rpm evolution-pst-2.28.3-30.el6.x86_64.rpm evolution-spamassassin-2.28.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-2.28.3-30.el6.src.rpm i386: evolution-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm noarch: evolution-help-2.28.3-30.el6.noarch.rpm x86_64: evolution-2.28.3-30.el6.i686.rpm evolution-2.28.3-30.el6.x86_64.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-2.28.3-30.el6.src.rpm i386: evolution-conduits-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-perl-2.28.3-30.el6.i686.rpm evolution-pst-2.28.3-30.el6.i686.rpm evolution-spamassassin-2.28.3-30.el6.i686.rpm x86_64: evolution-conduits-2.28.3-30.el6.i686.rpm evolution-conduits-2.28.3-30.el6.x86_64.rpm evolution-debuginfo-2.28.3-30.el6.i686.rpm evolution-debuginfo-2.28.3-30.el6.x86_64.rpm evolution-devel-2.28.3-30.el6.i686.rpm evolution-devel-2.28.3-30.el6.x86_64.rpm evolution-perl-2.28.3-30.el6.x86_64.rpm evolution-pst-2.28.3-30.el6.x86_64.rpm evolution-spamassassin-2.28.3-30.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3201.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcKeXlSAg2UNWIIRAqv+AJwPysYEKtMjL15q/Trr/08OHbHFBwCfTtcZ uAOmI8dVOysk38hApB+yBmk= =dD60 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:35:29 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:35:29 +0000 Subject: [RHSA-2013:0517-02] Low: util-linux-ng security, bug fix and enhancement update Message-ID: <201302210646.r1L6kVS9003739@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: util-linux-ng security, bug fix and enhancement update Advisory ID: RHSA-2013:0517-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0517.html Issue date: 2013-02-21 CVE Names: CVE-2013-0157 ===================================================================== 1. Summary: Updated util-linux-ng packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. (CVE-2013-0157) These updated util-linux-ng packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 679833 - [RFE] tailf should support `-n 0` 783514 - Documentation for default barrier setting for EXT3 filesystems in mount manpage is wrong 790728 - blkid ignores swap UUIDs if the first byte is a zero byte 818621 - lsblk should not open device it prints info about 839281 - manpage: mount option inode_readahead for ext4 should be inode_readahead_blks 892330 - CVE-2013-0157 util-linux: mount folder existence information disclosure 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm i386: libblkid-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm uuidd-2.17.2-12.9.el6.i686.rpm x86_64: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-2.17.2-12.9.el6.x86_64.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm uuidd-2.17.2-12.9.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm i386: libblkid-devel-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm x86_64: libblkid-devel-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.x86_64.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm x86_64: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-2.17.2-12.9.el6.x86_64.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm uuidd-2.17.2-12.9.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm x86_64: libblkid-devel-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.x86_64.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm i386: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm uuidd-2.17.2-12.9.el6.i686.rpm ppc64: libblkid-2.17.2-12.9.el6.ppc.rpm libblkid-2.17.2-12.9.el6.ppc64.rpm libblkid-devel-2.17.2-12.9.el6.ppc.rpm libblkid-devel-2.17.2-12.9.el6.ppc64.rpm libuuid-2.17.2-12.9.el6.ppc.rpm libuuid-2.17.2-12.9.el6.ppc64.rpm libuuid-devel-2.17.2-12.9.el6.ppc.rpm libuuid-devel-2.17.2-12.9.el6.ppc64.rpm util-linux-ng-2.17.2-12.9.el6.ppc.rpm util-linux-ng-2.17.2-12.9.el6.ppc64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.ppc.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.ppc64.rpm uuidd-2.17.2-12.9.el6.ppc64.rpm s390x: libblkid-2.17.2-12.9.el6.s390.rpm libblkid-2.17.2-12.9.el6.s390x.rpm libblkid-devel-2.17.2-12.9.el6.s390.rpm libblkid-devel-2.17.2-12.9.el6.s390x.rpm libuuid-2.17.2-12.9.el6.s390.rpm libuuid-2.17.2-12.9.el6.s390x.rpm libuuid-devel-2.17.2-12.9.el6.s390.rpm libuuid-devel-2.17.2-12.9.el6.s390x.rpm util-linux-ng-2.17.2-12.9.el6.s390.rpm util-linux-ng-2.17.2-12.9.el6.s390x.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.s390.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.s390x.rpm uuidd-2.17.2-12.9.el6.s390x.rpm x86_64: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-2.17.2-12.9.el6.x86_64.rpm libblkid-devel-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.x86_64.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.x86_64.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm uuidd-2.17.2-12.9.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/util-linux-ng-2.17.2-12.9.el6.src.rpm i386: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm uuidd-2.17.2-12.9.el6.i686.rpm x86_64: libblkid-2.17.2-12.9.el6.i686.rpm libblkid-2.17.2-12.9.el6.x86_64.rpm libblkid-devel-2.17.2-12.9.el6.i686.rpm libblkid-devel-2.17.2-12.9.el6.x86_64.rpm libuuid-2.17.2-12.9.el6.i686.rpm libuuid-2.17.2-12.9.el6.x86_64.rpm libuuid-devel-2.17.2-12.9.el6.i686.rpm libuuid-devel-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-2.17.2-12.9.el6.i686.rpm util-linux-ng-2.17.2-12.9.el6.x86_64.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.i686.rpm util-linux-ng-debuginfo-2.17.2-12.9.el6.x86_64.rpm uuidd-2.17.2-12.9.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0157.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/util-linux-ng.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcLAXlSAg2UNWIIRApVzAJ0fshYq0oeOrw3dl/TjqHLja4TRRwCgpnRW +V9KMgzKYmeGx/nj9jYsM7Q= =ghEC -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:36:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:36:01 +0000 Subject: [RHSA-2013:0519-02] Moderate: openssh security, bug fix and enhancement update Message-ID: <201302210647.r1L6l3oR028657@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix and enhancement update Advisory ID: RHSA-2013:0519-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0519.html Issue date: 2013-02-21 CVE Names: CVE-2012-5536 ===================================================================== 1. Summary: Updated openssh packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code. (CVE-2012-5536) Note that the pam_ssh_agent_auth module is not used in Red Hat Enterprise Linux 6 by default. This update also fixes the following bugs: * All possible options for the new RequiredAuthentications directive were not documented in the sshd_config man page. This update improves the man page to document all the possible options. (BZ#821641) * When stopping one instance of the SSH daemon (sshd), the sshd init script (/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID of the processes. This update improves the init script so that it only kills processes with the relevant PID. As a result, the init script now works more reliably in a multi-instance environment. (BZ#826720) * Due to a regression, the ssh-copy-id command returned an exit status code of zero even if there was an error in copying the key to a remote host. With this update, a patch has been applied and ssh-copy-id now returns a non-zero exit code if there is an error in copying the SSH certificate to a remote host. (BZ#836650) * When SELinux was disabled on the system, no on-disk policy was installed, a user account was used for a connection, and no "~/.ssh" configuration was present in that user's home directory, the SSH client terminated unexpectedly with a segmentation fault when attempting to connect to another system. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#836655) * The "HOWTO" document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys incorrectly documented the use of the AuthorizedKeysCommand directive. This update corrects the document. (BZ#857760) This update also adds the following enhancements: * When attempting to enable SSH for use with a Common Access Card (CAC), the ssh-agent utility read all the certificates in the card even though only the ID certificate was needed. Consequently, if a user entered their PIN incorrectly, then the CAC was locked, as a match for the PIN was attempted against all three certificates. With this update, ssh-add does not try the same PIN for every certificate if the PIN fails for the first one. As a result, the CAC will not be disabled if a user enters their PIN incorrectly. (BZ#782912) * This update adds a "netcat mode" to SSH. The "ssh -W host:port ..." command connects standard input and output (stdio) on a client to a single port on a server. As a result, SSH can be used to route connections via intermediate servers. (BZ#860809) * Due to a bug, arguments for the RequiredAuthentications2 directive were not stored in a Match block. Consequently, parsing of the config file was not in accordance with the man sshd_config documentation. This update fixes the bug and users can now use the required authentication feature to specify a list of authentication methods as expected according to the man page. (BZ#869903) All users of openssh are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 821641 - Document possible options to RequiredAuthentications1/2 826720 - sshd initscript clobbers other sshd processes. 834618 - CVE-2012-5536 pam_ssh_agent_auth: symbol crash leading to glibc error() called incorrectly 836650 - ssh-copy-id returns 0 even if the actual operation fails. 857760 - Error/typo in openssh-ldap HOWTO file 869903 - RequiredAuthentications2 does not work in Match blocks as documented. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-5.3p1-84.1.el6.i686.rpm openssh-askpass-5.3p1-84.1.el6.i686.rpm openssh-clients-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-server-5.3p1-84.1.el6.i686.rpm x86_64: openssh-5.3p1-84.1.el6.x86_64.rpm openssh-askpass-5.3p1-84.1.el6.x86_64.rpm openssh-clients-5.3p1-84.1.el6.x86_64.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-server-5.3p1-84.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-ldap-5.3p1-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-ldap-5.3p1-84.1.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm x86_64: openssh-5.3p1-84.1.el6.x86_64.rpm openssh-clients-5.3p1-84.1.el6.x86_64.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-server-5.3p1-84.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm x86_64: openssh-askpass-5.3p1-84.1.el6.x86_64.rpm openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-ldap-5.3p1-84.1.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-5.3p1-84.1.el6.i686.rpm openssh-askpass-5.3p1-84.1.el6.i686.rpm openssh-clients-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-server-5.3p1-84.1.el6.i686.rpm ppc64: openssh-5.3p1-84.1.el6.ppc64.rpm openssh-askpass-5.3p1-84.1.el6.ppc64.rpm openssh-clients-5.3p1-84.1.el6.ppc64.rpm openssh-debuginfo-5.3p1-84.1.el6.ppc64.rpm openssh-server-5.3p1-84.1.el6.ppc64.rpm s390x: openssh-5.3p1-84.1.el6.s390x.rpm openssh-askpass-5.3p1-84.1.el6.s390x.rpm openssh-clients-5.3p1-84.1.el6.s390x.rpm openssh-debuginfo-5.3p1-84.1.el6.s390x.rpm openssh-server-5.3p1-84.1.el6.s390x.rpm x86_64: openssh-5.3p1-84.1.el6.x86_64.rpm openssh-askpass-5.3p1-84.1.el6.x86_64.rpm openssh-clients-5.3p1-84.1.el6.x86_64.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-server-5.3p1-84.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-ldap-5.3p1-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-84.1.el6.ppc.rpm openssh-debuginfo-5.3p1-84.1.el6.ppc64.rpm openssh-ldap-5.3p1-84.1.el6.ppc64.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.ppc.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-84.1.el6.s390.rpm openssh-debuginfo-5.3p1-84.1.el6.s390x.rpm openssh-ldap-5.3p1-84.1.el6.s390x.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.s390.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-ldap-5.3p1-84.1.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-5.3p1-84.1.el6.i686.rpm openssh-askpass-5.3p1-84.1.el6.i686.rpm openssh-clients-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-server-5.3p1-84.1.el6.i686.rpm x86_64: openssh-5.3p1-84.1.el6.x86_64.rpm openssh-askpass-5.3p1-84.1.el6.x86_64.rpm openssh-clients-5.3p1-84.1.el6.x86_64.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-server-5.3p1-84.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-84.1.el6.src.rpm i386: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-ldap-5.3p1-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-84.1.el6.i686.rpm openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm openssh-ldap-5.3p1-84.1.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm pam_ssh_agent_auth-0.9.3-84.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5536.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcLeXlSAg2UNWIIRAgh1AKCZaxrdla8xGH6eIUCHrBE7MACftgCeO6hL j+JTC8NKAk7/8MVzHeAZPlU= =AM3w -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:36:41 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:36:41 +0000 Subject: [RHSA-2013:0520-02] Low: dovecot security and bug fix update Message-ID: <201302210647.r1L6lhsH030586@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: dovecot security and bug fix update Advisory ID: RHSA-2013:0520-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0520.html Issue date: 2013-02-21 CVE Names: CVE-2011-2166 CVE-2011-2167 CVE-2011-4318 ===================================================================== 1. Summary: Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts. (CVE-2011-2166, CVE-2011-2167) A flaw was found in the way Dovecot performed remote server identity verification, when it was configured to proxy IMAP and POP3 connections to remote hosts using TLS/SSL protocols. A remote attacker could use this flaw to conduct man-in-the-middle attacks using an X.509 certificate issued by a trusted Certificate Authority (for a different name). (CVE-2011-4318) This update also fixes the following bug: * When a new user first accessed their IMAP inbox, Dovecot was, under some circumstances, unable to change the group ownership of the inbox directory in the user's Maildir location to match that of the user's mail spool (/var/mail/$USER). This correctly generated an "Internal error occurred" message. However, with a subsequent attempt to access the inbox, Dovecot saw that the directory already existed and proceeded with its operation, leaving the directory with incorrectly set permissions. This update corrects the underlying permissions setting error. When a new user now accesses their inbox for the first time, and it is not possible to set group ownership, Dovecot removes the created directory and generates an error message instead of keeping the directory with incorrect group ownership. (BZ#697620) Users of dovecot are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the dovecot service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 709095 - CVE-2011-2166 dovecot: authenticated remote bypass of intended access restrictions 709097 - CVE-2011-2167 dovecot: directory traversal due to not obeying chroot directive 754980 - CVE-2011-4318 dovecot: proxy destination host name not checked against SSL certificate name 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-5.el6.src.rpm i386: dovecot-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-mysql-2.0.9-5.el6.i686.rpm dovecot-pgsql-2.0.9-5.el6.i686.rpm dovecot-pigeonhole-2.0.9-5.el6.i686.rpm ppc64: dovecot-2.0.9-5.el6.ppc.rpm dovecot-2.0.9-5.el6.ppc64.rpm dovecot-debuginfo-2.0.9-5.el6.ppc.rpm dovecot-debuginfo-2.0.9-5.el6.ppc64.rpm dovecot-mysql-2.0.9-5.el6.ppc64.rpm dovecot-pgsql-2.0.9-5.el6.ppc64.rpm dovecot-pigeonhole-2.0.9-5.el6.ppc64.rpm s390x: dovecot-2.0.9-5.el6.s390.rpm dovecot-2.0.9-5.el6.s390x.rpm dovecot-debuginfo-2.0.9-5.el6.s390.rpm dovecot-debuginfo-2.0.9-5.el6.s390x.rpm dovecot-mysql-2.0.9-5.el6.s390x.rpm dovecot-pgsql-2.0.9-5.el6.s390x.rpm dovecot-pigeonhole-2.0.9-5.el6.s390x.rpm x86_64: dovecot-2.0.9-5.el6.i686.rpm dovecot-2.0.9-5.el6.x86_64.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.x86_64.rpm dovecot-mysql-2.0.9-5.el6.x86_64.rpm dovecot-pgsql-2.0.9-5.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dovecot-2.0.9-5.el6.src.rpm i386: dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-devel-2.0.9-5.el6.i686.rpm ppc64: dovecot-debuginfo-2.0.9-5.el6.ppc64.rpm dovecot-devel-2.0.9-5.el6.ppc64.rpm s390x: dovecot-debuginfo-2.0.9-5.el6.s390x.rpm dovecot-devel-2.0.9-5.el6.s390x.rpm x86_64: dovecot-debuginfo-2.0.9-5.el6.x86_64.rpm dovecot-devel-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-5.el6.src.rpm i386: dovecot-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-mysql-2.0.9-5.el6.i686.rpm dovecot-pgsql-2.0.9-5.el6.i686.rpm dovecot-pigeonhole-2.0.9-5.el6.i686.rpm x86_64: dovecot-2.0.9-5.el6.i686.rpm dovecot-2.0.9-5.el6.x86_64.rpm dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-debuginfo-2.0.9-5.el6.x86_64.rpm dovecot-mysql-2.0.9-5.el6.x86_64.rpm dovecot-pgsql-2.0.9-5.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dovecot-2.0.9-5.el6.src.rpm i386: dovecot-debuginfo-2.0.9-5.el6.i686.rpm dovecot-devel-2.0.9-5.el6.i686.rpm x86_64: dovecot-debuginfo-2.0.9-5.el6.x86_64.rpm dovecot-devel-2.0.9-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2166.html https://www.redhat.com/security/data/cve/CVE-2011-2167.html https://www.redhat.com/security/data/cve/CVE-2011-4318.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcMBXlSAg2UNWIIRAsLkAKCVzudrg6y2jNbVu8TARQH65FPliACgpPzA 3cvEfHEUoK/fdUBZNDEuZqU= =9rAE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:39:42 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:39:42 +0000 Subject: [RHSA-2013:0521-02] Moderate: pam security, bug fix, and enhancement update Message-ID: <201302210650.r1L6oim1028333@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pam security, bug fix, and enhancement update Advisory ID: RHSA-2013:0521-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0521.html Issue date: 2013-02-21 CVE Names: CVE-2011-3148 CVE-2011-3149 ===================================================================== 1. Summary: Updated pam packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' "~/.pam_environment" files. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148) A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149) Red Hat would like to thank Kees Cook of the Google ChromeOS Team for reporting the CVE-2011-3148 and CVE-2011-3149 issues. These updated pam packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All pam users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 588893 - pam does not enforce password complexity restrictions on root 673398 - request for additional pam_cracklib checks 723297 - limits.conf should mention limits.d directory 746619 - CVE-2011-3148 pam (pam_env): Stack-based buffer overflow by parsing user's pam_environment file 746620 - CVE-2011-3149 pam (pam_env): Infinite loop by expanding certain arguments 750601 - pam_namespace cannot verify status of SELinux in MLS 811168 - fix pam_get_authtok_verify() to respect the authtok_type= option 811243 - pam_cracklib: difignore is no-op in the current package - needs man page update 815516 - pam remember can check wrong username if it is a substring of another username 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm i386: pam-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm x86_64: pam-1.1.1-13.el6.i686.rpm pam-1.1.1-13.el6.x86_64.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm i386: pam-debuginfo-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.i686.rpm x86_64: pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm pam-devel-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm x86_64: pam-1.1.1-13.el6.i686.rpm pam-1.1.1-13.el6.x86_64.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm x86_64: pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm pam-devel-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm i386: pam-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.i686.rpm ppc64: pam-1.1.1-13.el6.ppc.rpm pam-1.1.1-13.el6.ppc64.rpm pam-debuginfo-1.1.1-13.el6.ppc.rpm pam-debuginfo-1.1.1-13.el6.ppc64.rpm pam-devel-1.1.1-13.el6.ppc.rpm pam-devel-1.1.1-13.el6.ppc64.rpm s390x: pam-1.1.1-13.el6.s390.rpm pam-1.1.1-13.el6.s390x.rpm pam-debuginfo-1.1.1-13.el6.s390.rpm pam-debuginfo-1.1.1-13.el6.s390x.rpm pam-devel-1.1.1-13.el6.s390.rpm pam-devel-1.1.1-13.el6.s390x.rpm x86_64: pam-1.1.1-13.el6.i686.rpm pam-1.1.1-13.el6.x86_64.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm pam-devel-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pam-1.1.1-13.el6.src.rpm i386: pam-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.i686.rpm x86_64: pam-1.1.1-13.el6.i686.rpm pam-1.1.1-13.el6.x86_64.rpm pam-debuginfo-1.1.1-13.el6.i686.rpm pam-debuginfo-1.1.1-13.el6.x86_64.rpm pam-devel-1.1.1-13.el6.i686.rpm pam-devel-1.1.1-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3148.html https://www.redhat.com/security/data/cve/CVE-2011-3149.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/pam.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcOdXlSAg2UNWIIRAlkwAJ9EJGkxoj0PcQwQ5xZkoCDg5jPOpACgtH9g utUfUaSiFJiz27JlJWe1gbg= =B82c -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:40:05 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:40:05 +0000 Subject: [RHSA-2013:0522-02] Moderate: gdb security and bug fix update Message-ID: <201302210651.r1L6p76w030069@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gdb security and bug fix update Advisory ID: RHSA-2013:0522-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0522.html Issue date: 2013-02-21 CVE Names: CVE-2011-4355 ===================================================================== 1. Summary: Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the "show auto-load safe-path" and "set auto-load safe-path" GDB commands. Refer to the GDB manual, linked to in the References, for further information. This update also fixes the following bugs: * When a struct member was at an offset greater than 256 MB, the resulting bit position within the struct overflowed and caused an invalid memory access by GDB. With this update, the code has been modified to ensure that GDB can access such positions. (BZ#795424) * When a thread list of the core file became corrupted, GDB did not print this list but displayed the "Cannot find new threads: generic error" error message instead. With this update, GDB has been modified and it now prints the thread list of the core file as expected. (BZ#811648) * GDB did not properly handle debugging of multiple binaries with the same build ID. This update modifies GDB to use symbolic links created for particular binaries so that debugging of binaries that share a build ID now proceeds as expected. Debugging of live programs and core files is now more user-friendly. (BZ#836966) All users of gdb are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 703238 - CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input validation 811648 - Cannot find new threads: generic error 836966 - Backport gdb fix to handle identical binaries via additional build-id symlinks 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gdb-7.2-60.el6.src.rpm i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gdb-7.2-60.el6.src.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gdb-7.2-60.el6.src.rpm i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm ppc64: gdb-7.2-60.el6.ppc64.rpm gdb-debuginfo-7.2-60.el6.ppc64.rpm gdb-gdbserver-7.2-60.el6.ppc64.rpm s390x: gdb-7.2-60.el6.s390x.rpm gdb-debuginfo-7.2-60.el6.s390x.rpm gdb-gdbserver-7.2-60.el6.s390x.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gdb-7.2-60.el6.src.rpm i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4355.html https://access.redhat.com/security/updates/classification/#moderate http://sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading-safe-path.html#Auto_002dloading-safe-path http://sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading.html#Auto_002dloading 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcPUXlSAg2UNWIIRAgyhAJ9hsfRVdjlhr+KJf1ZMiqlG4DcbpACgoHVo KCUZsj3fAHT1LEqkylrcPkc= =1RCc -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:40:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:40:32 +0000 Subject: [RHSA-2013:0523-02] Low: ccid security and bug fix update Message-ID: <201302210651.r1L6pYkk005884@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: ccid security and bug fix update Advisory ID: RHSA-2013:0523-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0523.html Issue date: 2013-02-21 CVE Names: CVE-2010-4530 ===================================================================== 1. Summary: An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4530) This update also fixes the following bug: * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 664986 - CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ccid-1.3.9-6.el6.src.rpm i386: ccid-1.3.9-6.el6.i686.rpm ccid-debuginfo-1.3.9-6.el6.i686.rpm x86_64: ccid-1.3.9-6.el6.x86_64.rpm ccid-debuginfo-1.3.9-6.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ccid-1.3.9-6.el6.src.rpm x86_64: ccid-1.3.9-6.el6.x86_64.rpm ccid-debuginfo-1.3.9-6.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ccid-1.3.9-6.el6.src.rpm i386: ccid-1.3.9-6.el6.i686.rpm ccid-debuginfo-1.3.9-6.el6.i686.rpm ppc64: ccid-1.3.9-6.el6.ppc64.rpm ccid-debuginfo-1.3.9-6.el6.ppc64.rpm x86_64: ccid-1.3.9-6.el6.x86_64.rpm ccid-debuginfo-1.3.9-6.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ccid-1.3.9-6.el6.src.rpm i386: ccid-1.3.9-6.el6.i686.rpm ccid-debuginfo-1.3.9-6.el6.i686.rpm x86_64: ccid-1.3.9-6.el6.x86_64.rpm ccid-debuginfo-1.3.9-6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4530.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcPwXlSAg2UNWIIRAodxAKCRdQ54TB4ziCl4tsM8EJd+YycfPACfSS72 4Yfrr24YtoQwavSEM3qx8sg= =B2bg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:41:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:41:15 +0000 Subject: [RHSA-2013:0525-02] Moderate: pcsc-lite security and bug fix update Message-ID: <201302210652.r1L6qHTN030686@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pcsc-lite security and bug fix update Advisory ID: RHSA-2013:0525-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0525.html Issue date: 2013-02-21 CVE Names: CVE-2010-4531 ===================================================================== 1. Summary: Updated pcsc-lite packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset (ATR) messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4531) This update also fixes the following bugs: * Due to an error in the init script, the chkconfig utility did not automatically place the pcscd init script after the start of the HAL daemon. Consequently, the pcscd service did not start automatically at boot time. With this update, the pcscd init script has been changed to explicitly start only after HAL is up, thus fixing this bug. (BZ#788474, BZ#814549) * Because the chkconfig settings and the startup files in the /etc/rc.d/ directory were not changed during the update described in the RHBA-2012:0990 advisory, the user had to update the chkconfig settings manually to fix the problem. Now, the chkconfig settings and the startup files in the /etc/rc.d/ directory are automatically updated as expected. (BZ#834803) * Previously, the SCardGetAttrib() function did not work properly and always returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of the actual buffer size. This update applies a patch to fix this bug and the SCardGetAttrib() function now works as expected. (BZ#891852) All users of pcsc-lite are advised to upgrade to these updated packages, which fix these issues. After installing this update, the pcscd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder 834803 - Update of pcsc-lite does not fix problems addressed in BUG 812469 891852 - pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm x86_64: pcsc-lite-1.5.2-11.el6.x86_64.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-doc-1.5.2-11.el6.i686.rpm x86_64: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm x86_64: pcsc-lite-1.5.2-11.el6.x86_64.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm ppc64: pcsc-lite-1.5.2-11.el6.ppc64.rpm pcsc-lite-debuginfo-1.5.2-11.el6.ppc.rpm pcsc-lite-debuginfo-1.5.2-11.el6.ppc64.rpm pcsc-lite-libs-1.5.2-11.el6.ppc.rpm pcsc-lite-libs-1.5.2-11.el6.ppc64.rpm s390x: pcsc-lite-1.5.2-11.el6.s390x.rpm pcsc-lite-debuginfo-1.5.2-11.el6.s390.rpm pcsc-lite-debuginfo-1.5.2-11.el6.s390x.rpm pcsc-lite-libs-1.5.2-11.el6.s390.rpm pcsc-lite-libs-1.5.2-11.el6.s390x.rpm x86_64: pcsc-lite-1.5.2-11.el6.x86_64.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-doc-1.5.2-11.el6.i686.rpm ppc64: pcsc-lite-debuginfo-1.5.2-11.el6.ppc.rpm pcsc-lite-debuginfo-1.5.2-11.el6.ppc64.rpm pcsc-lite-devel-1.5.2-11.el6.ppc.rpm pcsc-lite-devel-1.5.2-11.el6.ppc64.rpm pcsc-lite-doc-1.5.2-11.el6.ppc64.rpm s390x: pcsc-lite-debuginfo-1.5.2-11.el6.s390.rpm pcsc-lite-debuginfo-1.5.2-11.el6.s390x.rpm pcsc-lite-devel-1.5.2-11.el6.s390.rpm pcsc-lite-devel-1.5.2-11.el6.s390x.rpm pcsc-lite-doc-1.5.2-11.el6.s390x.rpm x86_64: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm x86_64: pcsc-lite-1.5.2-11.el6.x86_64.rpm pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-libs-1.5.2-11.el6.i686.rpm pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pcsc-lite-1.5.2-11.el6.src.rpm i386: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-doc-1.5.2-11.el6.i686.rpm x86_64: pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm pcsc-lite-devel-1.5.2-11.el6.i686.rpm pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4531.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcQdXlSAg2UNWIIRAhrdAJ9qoaSgTfY2GPTVbBXxKWjuEcrzcACfUHuy zZAX1DrqQb5TOtv+6PIYQUw= =uh3T -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:41:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:41:43 +0000 Subject: [RHSA-2013:0526-02] Low: automake security update Message-ID: <201302210652.r1L6qjAF006504@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2013:0526-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0526.html Issue date: 2013-02-21 CVE Names: CVE-2012-3386 ===================================================================== 1. Summary: An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. Users of automake are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 838286 - CVE-2012-3386 automake: locally exploitable "make distcheck" bug 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/automake-1.11.1-4.el6.src.rpm noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/automake-1.11.1-4.el6.src.rpm noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/automake-1.11.1-4.el6.src.rpm noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/automake-1.11.1-4.el6.src.rpm noarch: automake-1.11.1-4.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3386.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcQyXlSAg2UNWIIRAgnyAJ9dD5zbPo7pHCs3XhEzRDKQ3T96oACeNDGZ CSOzHRnJmVwwby3KFf7C99k= =wCjX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 06:42:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 06:42:08 +0000 Subject: [RHSA-2013:0528-02] Low: ipa security, bug fix and enhancement update Message-ID: <201302210653.r1L6rAhL032655@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: ipa security, bug fix and enhancement update Advisory ID: RHSA-2013:0528-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0528.html Issue date: 2013-02-21 CVE Names: CVE-2012-4546 ===================================================================== 1. Summary: Updated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 748987 - If master has leftover replica agreement from a previous failed attempt, next replica install can fail 766095 - [RFE] UI for SELinux user mapping 767723 - [RFE] Implement ipa web GUI to create trusts 768510 - migrate-ds : misleading error message when invalid objectclass defined 773490 - dns discovery domain needs to be added to sssd.conf 781208 - ipa user-find --manager does not find matches 782847 - ipa permission-mod prompts for all parameters 782981 - [RFE] Form based auth page needs to support password changes too 783274 - [RFE] Create NIS map for ethers table 784378 - Run CLEANRUV task when completely deleting a replica 784621 - [ipa webui] Reset password link is enabled for a user without permission to change it 785251 - ipa permisison-find --name brings back all permissions 785254 - ipa permission-find --subtree brings back all permissions 785257 - ipa permission-find --sizelimit is disregarded 786199 - [RFE] CLI session support (Store session cookie in ccache for cli users) 796390 - ipa netgroup-add with both --desc and --addattr=description returns internal error 798355 - Fill DNS update policy by default 798363 - [RFE] add in UI of "create password policy" measurement unit examples 798365 - defect: add in UI of "policy" -> "kerberos ticket policy" measurement unit examples 798493 - adding reverse zones in gui fails to create correct zone 801931 - [RFE] Expand current 'update dns entries' permission to be per-domain level? 804619 - DNS zone serial number is not updated 805203 - set ipa_hostname for sssd.conf 805233 - [RFE] Prevent deletion of the last admin 805430 - IPA dnszone-add does not accept the utmost valid serial number. 807018 - ipa config-mod should not be allowed to modify certificate subject base 809562 - Constraints for CNAME records are not enforced 809565 - Cannot change DNS name without recreating it 811207 - [ipa webui] When permission Type is updated, attributes should reflect new Type 811211 - [ipa webui] Refresh issue with re-adding objects with same name as deleted objects 811295 - Installation fails when CN is set in certificate subject base 813325 - ipa netgroup-mod addattr and setattr allow invalid characters for externalHost 813402 - [RFE] Warn users in UI when password is going to expire in n days 814785 - [ipa webui] Update Unsaved Changes for Netgroups 815364 - [ipa webui] DNS permissions not listed and are in lowercase 815481 - hostgroup and netgroup names with one letter not allowed 815494 - [ipa webui] Netgroups page does not have members listed as links 815830 - [WebUI] Unsaved changes dialog appers more than once in some cases 815849 - ipa-server-install unhandled exception with unclear error messages (inside DNS check) 816574 - ipa permission-add throws internal server error when --addattr or --setattr is blank 816624 - ipa privilege-remove-permission with blank permission throws internal error 817075 - ipa-server-install: s/calculated/determined/ 817080 - ipa-server-install --uninstall doesn't clear certmonger dirs, which leads to install failing 817407 - [Web UI] Password policies are not sorted properly 817412 - there is no permission/privilege for modifying automount keys 817413 - validate that domain name uses only valid characters 817821 - ipa config-mod --delattr misleading invalid error messages 817831 - ipa config-mod --delattr user and group search fields returns internal server error 817865 - we should not influence ip address family selection (traceback when IPv6 disabled) 817869 - Clean keytabs before installing new keys into them 817885 - Internal error : ipa config-mod addattr on user and group objectclasses 818665 - [ipa webui] Unprovisioning keytab does not have cancel option 818714 - [ipa webui] Instructions to generate cert should include specifying size of private key 818836 - ipa pwpolicy-find displays incorrect max and min lifetime. 819629 - Enable persistent search in bind-dyndb-ldap during IPA upgrade 819635 - Fix help string for DNS zone --forwarder option 820983 - Nested search facets have wrong tab name 821448 - RFE: Browser config javascript should check to see if sending Referer is enabled 822608 - Passwords cannot be migrated 823657 - ipa-replica-manage connect fails with GSSAPI error after delete if using previous kerberos ticket 824074 - Create ipaserver-upgrade.log on upgrades 824488 - Add 'disable_last_success' and 'disable_lockout' to the ipadb.so dblibrary 824490 - WinSync users who have First.Last casing creates users who can have their password set 824492 - Cannot re-connect replica to previously disconnected master 826152 - zonemgr is set to default for reverse zone even with --zonemgr 826677 - IPA cannot remove disconnected replica data to reconnect 827162 - ipa-client uninstall causes a crash after installing using --preserve-sssd 827321 - ipa-server-install does not fill the default value for --subject option and it crashes later. 827392 - Host OTP :: Random password characters should be limited. 827583 - [ipa webui] DNS Zones - Add - on IE does not open a Add window, and instead writes on top on existing page 828687 - Unable to update dns when deleting host 829070 - ipa-server-install --uninstall does not remove /var/lib/sss/pubconf/kdcinfo.$REALM 829746 - [ipa webui] IE - Add members dialog box cannot be resized 829899 - [ipa webui] IE - Attribute listing when adding permission or delegation is not displayed same as FF 830598 - ipa-server-install --uninstall not stopping sssd and seeing ipa-replica-conncheck kinit errors 830817 - [ipa webui] IE - Add permission of type Subtree, has a smaller textarea for subtree than FF 831010 - [RFE] ipa-client-install always adds _srv_ entry to sssd.conf even when server specified. 831227 - [ipa webui] IE - Unable to Edit Service, and intermittently add service fails 831299 - [ipa webui] IE -Scrollbar jumps back when checkbox'ing an object 831313 - ipa-replica-install enable GSSAPI for replication list index out of range failure 831661 - ipa-replica-manage re-initialize update failed due to named ldap timeout 832243 - Sporadic JSON errors under MSIE 833505 - ipa-client-install crashes when --hostname is given 833515 - permissions of replica files should be 0600 833516 - Ipactl exception not handled well in ipactl 833517 - [RFE] [Web UI] Add support for DNS per-domain permissions 835642 - mail attribute not automatically populated 837357 - Attributelevelrights differs in permission-show and permission-mod for the same permission 837358 - Don't display: Logged in as: user at FREEIPA.ORG 837365 - CLEANALLRUV must deal with offline replicas and older replicas 837380 - Add group external member support to Web UI 839008 - Indirect roles not checked for in WebUI 839638 - ipa-replica-manage allows disconnect of last connection for a single replica 840657 - sshpubkey not accepting ssh keys in the right format for user 845405 - ipa-replica-install httpd restart failed 845691 - ipa-client-install Failed to obtain host TGT 846309 - Prevent disabling last admin 852480 - automountkey is not indexed 854321 - Password policies are sorted lexicographically instead of numerically 854325 - Time synchronization is disabled in ipa-client-install 855278 - I'm getting jQuery error when adding command includes "??" into the sudo commands field in IPA web interface. 856282 - [Web UI] Improve instructions to generate certificate 856293 - Nameserver does not have a corresponding A/AAAA record while creating new dns zone 856294 - Instructions to uninstall are unclear 859968 - IPA browser configuration won't work on Firefox >= 15 860683 - group-mod should not be allowed to rename or modify admins account 864533 - Forbidden access to IPA published CRL 866572 - ipa-adtrust-install checks for /usr/bin/smbpasswd, which is not required 866966 - httpd needs restart post ipa-adtrust-install 866977 - Inform user when ipa-upgradeconfig reports errors 866978 - ipa-server-install --setup-dns always installs reverse zone 867447 - ipa-adtrust-install does not reset all information when re-run 867676 - extdom plugin does not handle Posix UID and GID request 868956 - Adding dnsone using name-server and ipaddress, adds zone with incorrect data 869279 - Bad link to Web UI config page after session is expired 869616 - Issues when adding AD user as member of external group 869656 - Improve information on passsync user in man page, command help 869658 - It is not possible to disable forwarding on per-zone basics 869741 - Re-adding an existing entry in trust, does not throw exception. 870053 - Default SELinuxusermaporder needs to mapped with default selinux users list 870234 - CVE-2012-4546 ipa: servers do not publish correct CRLs 870446 - multi operations with attribute manipulation not returning error 872707 - ipa-server dependency on krb5-server is not adequate 874935 - ipa-server installation fails to find A/AAAA record for IPA hostname 875261 - IPA WebUI login for AD Trusted User fails 877324 - Missing Option to add SSH Public Key in Web UI after upgrade 877434 - not exact error message show up when adding an AD member to an external type group while the time difference between ad and ipa is too great 878288 - IPA users are not available after ipa-server-install because sssd not running 878462 - Special case NFS related ticket to avoid attaching MS-PACs 878480 - Lookup user SIDs in external groups 878485 - ipa trust-add prints misleading information about required DNS setting 878969 - Write replacement for python-crypto 880655 - Regression in default value of group type in user group adder dialog 888124 - ipa install does not enable sssd start on boot 888524 - ipa delegation-find --group option returns internal error 888915 - cookie library does not parse nor generate expires attribute correctly when locale is not english 888956 - Cannot install an IPA Replica server with PKI-CA/Dogtag from a master with a large CRL 889583 - ipa server install failing when realm differs from domain 891980 - Make the root CA lifetime at least 15 years 893187 - Installing IPA with a single realm component sometimes fails 893722 - ipa-server upgrade ERROR Cannot move CRL file to new directory 893827 - ipa permission-find using valid targetgroup throws internal error 894090 - Internal Server Error during ldap Migration 894131 - ipa-replica-install fails to add idnssoaserial for a new zone 894143 - ipa-replica-prepare fails when reverse zone does not have SOA serial data 895298 - IPA upgrade error restarting named when dirsrv off before upgrade 895561 - IPA install in pure IPv6 environment fails with "Can't contact LDAP server" error 903758 - upgrading IPA from 2.2 to 3.0 sees certmonger errors 905594 - Unable to install ipa-server-trust-ad pkg on 32-bit platform 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm i386: ipa-client-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-python-3.0.0-25.el6.i686.rpm x86_64: ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm i386: ipa-admintools-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-server-3.0.0-25.el6.i686.rpm ipa-server-selinux-3.0.0-25.el6.i686.rpm ipa-server-trust-ad-3.0.0-25.el6.i686.rpm x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm x86_64: ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm i386: ipa-admintools-3.0.0-25.el6.i686.rpm ipa-client-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-python-3.0.0-25.el6.i686.rpm ipa-server-3.0.0-25.el6.i686.rpm ipa-server-selinux-3.0.0-25.el6.i686.rpm ipa-server-trust-ad-3.0.0-25.el6.i686.rpm ppc64: ipa-admintools-3.0.0-25.el6.ppc64.rpm ipa-client-3.0.0-25.el6.ppc64.rpm ipa-debuginfo-3.0.0-25.el6.ppc64.rpm ipa-python-3.0.0-25.el6.ppc64.rpm s390x: ipa-admintools-3.0.0-25.el6.s390x.rpm ipa-client-3.0.0-25.el6.s390x.rpm ipa-debuginfo-3.0.0-25.el6.s390x.rpm ipa-python-3.0.0-25.el6.s390x.rpm x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ipa-3.0.0-25.el6.src.rpm i386: ipa-admintools-3.0.0-25.el6.i686.rpm ipa-client-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-python-3.0.0-25.el6.i686.rpm ipa-server-3.0.0-25.el6.i686.rpm ipa-server-selinux-3.0.0-25.el6.i686.rpm ipa-server-trust-ad-3.0.0-25.el6.i686.rpm x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4546.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/solutions/295843 https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/ipa.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcRRXlSAg2UNWIIRAm4oAKCsm/WirW2ZH2MW2pmRr0OgmMK4uwCgpeo8 bRWdqug5mCZ26EHFE3PuYMY= =Aoyw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 19:28:40 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 19:28:40 +0000 Subject: [RHSA-2013:0550-01] Moderate: bind security and enhancement update Message-ID: <201302211928.r1LJSevw010823@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security and enhancement update Advisory ID: RHSA-2013:0550-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0550.html Issue date: 2013-02-21 CVE Names: CVE-2012-5689 ===================================================================== 1. Summary: Updated bind packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. (CVE-2012-5689) This update also adds the following enhancement: * Previously, it was impossible to configure the the maximum number of responses sent per second to one client. This allowed remote attackers to conduct traffic amplification attacks using DNS queries with spoofed source IP addresses. With this update, it is possible to use the new "rate-limit" configuration option in named.conf and configure the maximum number of queries which the server responds to. Refer to the BIND documentation for more details about the "rate-limit" option. (BZ#906312) All bind users are advised to upgrade to these updated packages, which contain patches to correct this issue and add this enhancement. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 903417 - CVE-2012-5689 bind: denial of service when processing queries and with both DNS64 and RPZ enabled 906312 - bind: Backport Response Rate Limiting (DNS RRL) patch into Red Hat Enterprise Linux 6 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-9.8.2-0.17.rc1.el6.3.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-9.8.2-0.17.rc1.el6.3.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm ppc64: bind-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6.3.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6.3.ppc64.rpm s390x: bind-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6.3.s390.rpm bind-libs-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6.3.s390x.rpm x86_64: bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6.3.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6.3.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6.3.s390.rpm bind-devel-9.8.2-0.17.rc1.el6.3.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-9.8.2-0.17.rc1.el6.3.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5689.html https://access.redhat.com/security/updates/classification/#moderate http://www.isc.org/software/bind/advisories/cve-2012-5689 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJnU0XlSAg2UNWIIRAqmKAJ9aw1xBPz0zvjWoO1dx8iwrf3KvTwCgh+FG AQqiP7kshwm4ZGsABl1I61k= =gqtc -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 21 19:29:44 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Feb 2013 19:29:44 +0000 Subject: [RHSA-2013:0551-01] Critical: acroread security update Message-ID: <201302211929.r1LJTicV011093@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2013:0551-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0551.html Issue date: 2013-02-21 CVE Names: CVE-2013-0640 CVE-2013-0641 ===================================================================== 1. Summary: Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes two security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-07, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2013-0640, CVE-2013-0641) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 911099 - CVE-2013-0640 CVE-2013-0641 acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.5.4-1.el5_9.i386.rpm acroread-plugin-9.5.4-1.el5_9.i386.rpm x86_64: acroread-9.5.4-1.el5_9.i386.rpm acroread-plugin-9.5.4-1.el5_9.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.5.4-1.el5_9.i386.rpm acroread-plugin-9.5.4-1.el5_9.i386.rpm x86_64: acroread-9.5.4-1.el5_9.i386.rpm acroread-plugin-9.5.4-1.el5_9.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm x86_64: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm x86_64: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm x86_64: acroread-9.5.4-1.el6.i686.rpm acroread-plugin-9.5.4-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0640.html https://www.redhat.com/security/data/cve/CVE-2013-0641.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-07.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJnWHXlSAg2UNWIIRAvwiAJ9cUkD0srVCYv8NBg6LbQfP8XVshgCcDIcg FNI0kkkH7W+YbIRDxQL9pgY= =28x7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 26 19:45:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Feb 2013 19:45:24 +0000 Subject: [RHSA-2013:0567-01] Important: kernel security update Message-ID: <201302261945.r1QJjOHO009287@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2013:0567-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0567.html Issue date: 2013-02-26 CVE Names: CVE-2013-0871 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 911937 - CVE-2013-0871 kernel: race condition with PTRACE_SETREGS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-2.6.32-358.0.1.el6.i686.rpm kernel-debug-2.6.32-358.0.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm kernel-devel-2.6.32-358.0.1.el6.i686.rpm kernel-headers-2.6.32-358.0.1.el6.i686.rpm perf-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.0.1.el6.noarch.rpm kernel-firmware-2.6.32-358.0.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm kernel-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-headers-2.6.32-358.0.1.el6.x86_64.rpm perf-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.0.1.el6.noarch.rpm kernel-firmware-2.6.32-358.0.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm kernel-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-headers-2.6.32-358.0.1.el6.x86_64.rpm perf-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-2.6.32-358.0.1.el6.i686.rpm kernel-debug-2.6.32-358.0.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm kernel-devel-2.6.32-358.0.1.el6.i686.rpm kernel-headers-2.6.32-358.0.1.el6.i686.rpm perf-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.0.1.el6.noarch.rpm kernel-firmware-2.6.32-358.0.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.0.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.0.1.el6.ppc64.rpm kernel-debug-2.6.32-358.0.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.0.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.0.1.el6.ppc64.rpm kernel-devel-2.6.32-358.0.1.el6.ppc64.rpm kernel-headers-2.6.32-358.0.1.el6.ppc64.rpm perf-2.6.32-358.0.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.0.1.el6.s390x.rpm kernel-debug-2.6.32-358.0.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.0.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.0.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.0.1.el6.s390x.rpm kernel-devel-2.6.32-358.0.1.el6.s390x.rpm kernel-headers-2.6.32-358.0.1.el6.s390x.rpm kernel-kdump-2.6.32-358.0.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.0.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.0.1.el6.s390x.rpm perf-2.6.32-358.0.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.0.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm kernel-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-headers-2.6.32-358.0.1.el6.x86_64.rpm perf-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.0.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm python-perf-2.6.32-358.0.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.0.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.0.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.0.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.0.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.0.1.el6.s390x.rpm python-perf-2.6.32-358.0.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-2.6.32-358.0.1.el6.i686.rpm kernel-debug-2.6.32-358.0.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm kernel-devel-2.6.32-358.0.1.el6.i686.rpm kernel-headers-2.6.32-358.0.1.el6.i686.rpm perf-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.0.1.el6.noarch.rpm kernel-firmware-2.6.32-358.0.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm kernel-devel-2.6.32-358.0.1.el6.x86_64.rpm kernel-headers-2.6.32-358.0.1.el6.x86_64.rpm perf-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.0.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.0.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.0.1.el6.i686.rpm perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm python-perf-2.6.32-358.0.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.0.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm python-perf-2.6.32-358.0.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.0.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRLRC2XlSAg2UNWIIRAgXdAKCPsri/KKxOFpGkS0vJjTm544XNgwCfSwOg Gs0lPzV8jaDOvv/8mo7cDWQ= =UGED -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 26 19:46:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Feb 2013 19:46:31 +0000 Subject: [RHSA-2013:0568-01] Important: dbus-glib security update Message-ID: <201302261946.r1QJkWiW010670@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: dbus-glib security update Advisory ID: RHSA-2013:0568-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0568.html Issue date: 2013-02-26 CVE Names: CVE-2013-0292 ===================================================================== 1. Summary: Updated dbus-glib packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292) All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 911658 - CVE-2013-0292 dbus-glib: Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-glib-0.73-11.el5_9.src.rpm i386: dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm x86_64: dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-0.73-11.el5_9.x86_64.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/dbus-glib-0.73-11.el5_9.src.rpm i386: dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm x86_64: dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.x86_64.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/dbus-glib-0.73-11.el5_9.src.rpm i386: dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm ia64: dbus-glib-0.73-11.el5_9.ia64.rpm dbus-glib-debuginfo-0.73-11.el5_9.ia64.rpm dbus-glib-devel-0.73-11.el5_9.ia64.rpm ppc: dbus-glib-0.73-11.el5_9.ppc.rpm dbus-glib-0.73-11.el5_9.ppc64.rpm dbus-glib-debuginfo-0.73-11.el5_9.ppc.rpm dbus-glib-debuginfo-0.73-11.el5_9.ppc64.rpm dbus-glib-devel-0.73-11.el5_9.ppc.rpm dbus-glib-devel-0.73-11.el5_9.ppc64.rpm s390x: dbus-glib-0.73-11.el5_9.s390.rpm dbus-glib-0.73-11.el5_9.s390x.rpm dbus-glib-debuginfo-0.73-11.el5_9.s390.rpm dbus-glib-debuginfo-0.73-11.el5_9.s390x.rpm dbus-glib-devel-0.73-11.el5_9.s390.rpm dbus-glib-devel-0.73-11.el5_9.s390x.rpm x86_64: dbus-glib-0.73-11.el5_9.i386.rpm dbus-glib-0.73-11.el5_9.x86_64.rpm dbus-glib-debuginfo-0.73-11.el5_9.i386.rpm dbus-glib-debuginfo-0.73-11.el5_9.x86_64.rpm dbus-glib-devel-0.73-11.el5_9.i386.rpm dbus-glib-devel-0.73-11.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm i386: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm x86_64: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-0.86-6.el6_4.x86_64.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm i386: dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm x86_64: dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm x86_64: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-0.86-6.el6_4.x86_64.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm x86_64: dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm i386: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm ppc64: dbus-glib-0.86-6.el6_4.ppc.rpm dbus-glib-0.86-6.el6_4.ppc64.rpm dbus-glib-debuginfo-0.86-6.el6_4.ppc.rpm dbus-glib-debuginfo-0.86-6.el6_4.ppc64.rpm dbus-glib-devel-0.86-6.el6_4.ppc.rpm dbus-glib-devel-0.86-6.el6_4.ppc64.rpm s390x: dbus-glib-0.86-6.el6_4.s390.rpm dbus-glib-0.86-6.el6_4.s390x.rpm dbus-glib-debuginfo-0.86-6.el6_4.s390.rpm dbus-glib-debuginfo-0.86-6.el6_4.s390x.rpm dbus-glib-devel-0.86-6.el6_4.s390.rpm dbus-glib-devel-0.86-6.el6_4.s390x.rpm x86_64: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-0.86-6.el6_4.x86_64.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dbus-glib-0.86-6.el6_4.src.rpm i386: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm x86_64: dbus-glib-0.86-6.el6_4.i686.rpm dbus-glib-0.86-6.el6_4.x86_64.rpm dbus-glib-debuginfo-0.86-6.el6_4.i686.rpm dbus-glib-debuginfo-0.86-6.el6_4.x86_64.rpm dbus-glib-devel-0.86-6.el6_4.i686.rpm dbus-glib-devel-0.86-6.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0292.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRLREFXlSAg2UNWIIRAqRtAJ9OPHnoiA90tKWCP06vvhS1/beTlwCeIrUz Wig/fkylxUDnmMhfXFaAusQ= =RC8L -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 26 21:25:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Feb 2013 21:25:03 +0000 Subject: [RHSA-2013:0570-01] Low: Oracle Java SE 6 - notification of end of public updates Message-ID: <201302262125.r1QLP3hf032512@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Oracle Java SE 6 - notification of end of public updates Advisory ID: RHSA-2013:0570-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0570.html Issue date: 2013-02-26 ===================================================================== 1. Summary: Oracle Java SE 6 will no longer receive updates after February 28, 2013. The java-1.6.0-sun packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary Red Hat Network (RHN) channels are affected. 2. Description: Oracle Java SE 6 will no longer receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Red Hat Network (RHN) channels will continue to be available after February 28, 2013. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to these packages after this date. 3. Solution: Red Hat recommends that customers using Oracle Java SE 6 choose one of the following alternative Java implementations: * OpenJDK 6, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 6, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels through September 2017. * OpenJDK 7, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 7, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. * Oracle Java SE 7, which is available today on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. In the near future, Red Hat will provide updated packages for these alternative Java implementations and detailed instructions describing how to configure a new default Java runtime environment. 4. References: https://access.redhat.com/security/updates/classification/#low http://www.ibm.com/developerworks/java/jdk/lifecycle/index.html 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRLSgQXlSAg2UNWIIRAh1eAKCJvwhFTILOC0EvqwRCDvjQ5IvPLwCgncuX xPNoNxvUq7wARAuAfk1XWAE= =PXIW -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 27 21:44:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Feb 2013 21:44:37 +0000 Subject: [RHSA-2013:0574-01] Critical: flash-plugin security update Message-ID: <201302272144.r1RLibdJ004349@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0574-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0574.html Issue date: 2013-02-27 CVE Names: CVE-2013-0504 CVE-2013-0643 CVE-2013-0648 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-08, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0504, CVE-2013-0648) This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox. (CVE-2013-0643) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.273. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 915961 - CVE-2013-0504 CVE-2013-0648 flash-plugin: multiple code execution flaws (APSB13-08) 915964 - CVE-2013-0643 flash-plugin: Firefox sandbox permissions issue (APSB13-08) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.273-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.273-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.273-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.273-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.273-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.273-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.273-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.273-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.273-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.273-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0504.html https://www.redhat.com/security/data/cve/CVE-2013-0643.html https://www.redhat.com/security/data/cve/CVE-2013-0648.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-08.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRLn41XlSAg2UNWIIRAnzdAKCaJI07/I1LimaWJ6whuxtlqVukEwCeJrCH 4j7n45GWDCgkUE8CNNpu/6c= =Knv1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 19:09:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2013 19:09:11 +0000 Subject: [RHSA-2013:0578-01] Low: Red Hat Enterprise Linux Extended Update Support 5.6 5-Month EOL Notice Message-ID: <201302281909.r1SJ9B9J002727@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Extended Update Support 5.6 5-Month EOL Notice Advisory ID: RHSA-2013:0578-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0578.html Issue date: 2013-02-28 ===================================================================== 1. Summary: This is the 5-Month notification for the conclusion of Red Hat Enterprise Linux 5.6 Extended Update Support (EUS) Add-on offering. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support Add-On for Red Hat Enterprise Linux 5.6 will conclude on July 31, 2013. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat?s Global Support Services will no longer be provided for this Add-on. Note: This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.6. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.6 to a more recent version of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release (5.9, for which EUS is available) or Red Hat Enterprise Linux 6 release (6.2, 6.3, or 6.4, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://www.redhat.com/security/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: redhat-release-5Server-5.6.0.4.src.rpm i386: redhat-release-5Server-5.6.0.4.i386.rpm ia64: redhat-release-5Server-5.6.0.4.ia64.rpm ppc: redhat-release-5Server-5.6.0.4.ppc.rpm s390x: redhat-release-5Server-5.6.0.4.s390x.rpm x86_64: redhat-release-5Server-5.6.0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://www.redhat.com/security/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6s9XlSAg2UNWIIRAliRAJ0R6/xHKt4ur2OCROu4Jl/wknMoKwCglVAJ P8Hut5qfqvczWr1Gvj7Rc0Y= =lAiM -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 19:12:13 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2013 19:12:13 +0000 Subject: [RHSA-2013:0580-01] Moderate: cups security update Message-ID: <201302281912.r1SJCDRu001129@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2013:0580-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0580.html Issue date: 2013-02-28 CVE Names: CVE-2012-5519 ===================================================================== 1. Summary: Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges. (CVE-2012-5519) After installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely. Refer to Red Hat Bugzilla bug 875898 for more details and the list of restricted directives. All users of cups are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 875898 - CVE-2012-5519 cups: privilege escalation for users of the CUPS SystemGroup group 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm ia64: cups-1.3.7-30.el5_9.3.ia64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.ia64.rpm cups-devel-1.3.7-30.el5_9.3.ia64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.ia64.rpm cups-lpd-1.3.7-30.el5_9.3.ia64.rpm ppc: cups-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc64.rpm cups-devel-1.3.7-30.el5_9.3.ppc.rpm cups-devel-1.3.7-30.el5_9.3.ppc64.rpm cups-libs-1.3.7-30.el5_9.3.ppc.rpm cups-libs-1.3.7-30.el5_9.3.ppc64.rpm cups-lpd-1.3.7-30.el5_9.3.ppc.rpm s390x: cups-1.3.7-30.el5_9.3.s390x.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390x.rpm cups-devel-1.3.7-30.el5_9.3.s390.rpm cups-devel-1.3.7-30.el5_9.3.s390x.rpm cups-libs-1.3.7-30.el5_9.3.s390.rpm cups-libs-1.3.7-30.el5_9.3.s390x.rpm cups-lpd-1.3.7-30.el5_9.3.s390x.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-1.4.2-50.el6_4.4.ppc64.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-devel-1.4.2-50.el6_4.4.ppc.rpm cups-devel-1.4.2-50.el6_4.4.ppc64.rpm cups-libs-1.4.2-50.el6_4.4.ppc.rpm cups-libs-1.4.2-50.el6_4.4.ppc64.rpm cups-lpd-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-1.4.2-50.el6_4.4.s390x.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-devel-1.4.2-50.el6_4.4.s390.rpm cups-devel-1.4.2-50.el6_4.4.s390x.rpm cups-libs-1.4.2-50.el6_4.4.s390.rpm cups-libs-1.4.2-50.el6_4.4.s390x.rpm cups-lpd-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-php-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-php-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5519.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6vPXlSAg2UNWIIRAgfRAJ45P5PpTxCh/Af2ihj7wuSv7ACeBQCfcg2V +0Zi945sHm5HZZBwd0qo6UM= =EmrA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 19:13:16 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2013 19:13:16 +0000 Subject: [RHSA-2013:0581-01] Moderate: libxml2 security update Message-ID: <201302281913.r1SJDGOI009400@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2013:0581-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0581.html Issue date: 2013-02-28 CVE Names: CVE-2013-0338 ===================================================================== 1. Summary: Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 912400 - CVE-2013-0338 libxml2: CPU consumption DoS when performing string substitutions during entities expansion 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.21.el5_9.1.src.rpm i386: libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.i386.rpm x86_64: libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.21.el5_9.1.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.21.el5_9.1.src.rpm i386: libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.i386.rpm ia64: libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-2.6.26-2.1.21.el5_9.1.ia64.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.ia64.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.ia64.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.ia64.rpm ppc: libxml2-2.6.26-2.1.21.el5_9.1.ppc.rpm libxml2-2.6.26-2.1.21.el5_9.1.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.ppc.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.ppc64.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.ppc.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.ppc64.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.ppc.rpm s390x: libxml2-2.6.26-2.1.21.el5_9.1.s390.rpm libxml2-2.6.26-2.1.21.el5_9.1.s390x.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.s390.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.s390x.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.s390.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.s390x.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.s390x.rpm x86_64: libxml2-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-debuginfo-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.i386.rpm libxml2-devel-2.6.26-2.1.21.el5_9.1.x86_64.rpm libxml2-python-2.6.26-2.1.21.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-python-2.7.6-12.el6_4.1.i686.rpm x86_64: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-2.7.6-12.el6_4.1.x86_64.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-python-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-static-2.7.6-12.el6_4.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.x86_64.rpm libxml2-static-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm x86_64: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-2.7.6-12.el6_4.1.x86_64.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-python-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm x86_64: libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.x86_64.rpm libxml2-static-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-python-2.7.6-12.el6_4.1.i686.rpm ppc64: libxml2-2.7.6-12.el6_4.1.ppc.rpm libxml2-2.7.6-12.el6_4.1.ppc64.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.ppc.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.ppc64.rpm libxml2-devel-2.7.6-12.el6_4.1.ppc.rpm libxml2-devel-2.7.6-12.el6_4.1.ppc64.rpm libxml2-python-2.7.6-12.el6_4.1.ppc64.rpm s390x: libxml2-2.7.6-12.el6_4.1.s390.rpm libxml2-2.7.6-12.el6_4.1.s390x.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.s390.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.s390x.rpm libxml2-devel-2.7.6-12.el6_4.1.s390.rpm libxml2-devel-2.7.6-12.el6_4.1.s390x.rpm libxml2-python-2.7.6-12.el6_4.1.s390x.rpm x86_64: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-2.7.6-12.el6_4.1.x86_64.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.x86_64.rpm libxml2-python-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-static-2.7.6-12.el6_4.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-12.el6_4.1.ppc64.rpm libxml2-static-2.7.6-12.el6_4.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-12.el6_4.1.s390x.rpm libxml2-static-2.7.6-12.el6_4.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-static-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-python-2.7.6-12.el6_4.1.i686.rpm x86_64: libxml2-2.7.6-12.el6_4.1.i686.rpm libxml2-2.7.6-12.el6_4.1.x86_64.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-devel-2.7.6-12.el6_4.1.i686.rpm libxml2-devel-2.7.6-12.el6_4.1.x86_64.rpm libxml2-python-2.7.6-12.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-12.el6_4.1.src.rpm i386: libxml2-debuginfo-2.7.6-12.el6_4.1.i686.rpm libxml2-static-2.7.6-12.el6_4.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-12.el6_4.1.x86_64.rpm libxml2-static-2.7.6-12.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0338.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6wwXlSAg2UNWIIRAo/TAKC7w8AChqFfz+wKwZgYEgUVwHF40wCgojnM xTusi2J3cKtf13Rnf5Zs8Rc= =zVDg -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 28 19:14:39 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Feb 2013 19:14:39 +0000 Subject: [RHSA-2013:0582-01] Moderate: Red Hat OpenShift Enterprise 1.1.1 update Message-ID: <201302281914.r1SJEdNo005372@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 1.1.1 update Advisory ID: RHSA-2013:0582-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0582.html Issue date: 2013-02-28 CVE Names: CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 CVE-2012-3424 CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2012-4464 CVE-2012-4466 CVE-2012-4522 CVE-2012-5371 CVE-2013-0155 CVE-2013-0162 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Infrastructure - noarch, x86_64 Red Hat OpenShift Enterprise JBoss EAP add-on - noarch Red Hat OpenShift Enterprise Node - noarch, x86_64 3. Description: OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system. For further information about this release, refer to the OpenShift Enterprise 1.1.1 Technical Notes, available shortly from https://access.redhat.com/knowledge/docs/ This update also fixes the following security issues: Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, a new, more collision resistant algorithm has been used to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-5371) Input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155) Input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) A flaw was found in the handling of strings in Ruby safe level 4. A remote attacker can use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified. (CVE-2012-4466) A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4464) It was found that ruby_parser from rubygem-ruby_parser created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to the application using ruby_parser. (CVE-2013-0162) The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat Regional IT team. Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 827353 - CVE-2012-2660 rubygem-actionpack: Unsafe query generation 827363 - CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters 831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) 831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) 843711 - CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest 847196 - CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt 847199 - CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability 847200 - CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags 862598 - CVE-2012-4464 ruby 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics 862614 - CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str() 865940 - CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character 875236 - CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001) 887353 - [Cartridge] Removing a cartridge leaves its info directory in place 889426 - The "scale your application" page for scalable app displayed not well 892806 - CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage 892866 - CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails 895347 - Should delete all the mongodb cartridge pages and the links about mongodb 895355 - Lack of a dot in domain create and update page 902412 - Warning message is seen when update rubygem-openshift-origin-auth-remote-user package. 902630 - Failed to reload openshift-broker service 903526 - Display overlaps when adding sshkey using long name in IE 9 903546 - Links to ruby-lang.org redirects to wrong url 905021 - Can not get environment variables from scalable php local gear. 905656 - [broker-util] oo-accept-broker doesn't summarize errors and set return code 906227 - The "Follow these steps to install the client" link on get started page of application will redirect to a page which has no expected content. 906845 - create default resource settings for AS/EAP/EWS carts 6. Package List: Red Hat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/graphviz-2.26.0-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-console-0.0.16-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-1.0.11-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-util-1.0.15-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-ruby-1.9.3.327-25.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activemodel-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-railties-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-actionpack-3.0.13-4.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activemodel-3.0.13-3.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activerecord-3.0.13-5.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-bson-1.8.1-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-mongo-1.8.1-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-console-1.0.10-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-controller-1.0.12-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-ruby_parser-2.0.4-6.el6op.src.rpm noarch: openshift-console-0.0.16-1.el6op.noarch.rpm openshift-origin-broker-1.0.11-1.el6op.noarch.rpm openshift-origin-broker-util-1.0.15-1.el6op.noarch.rpm ruby193-ruby-irb-1.9.3.327-25.el6.noarch.rpm ruby193-rubygem-actionpack-3.2.8-3.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-3.el6.noarch.rpm ruby193-rubygem-activemodel-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activemodel-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-3.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-3.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-25.el6.noarch.rpm ruby193-rubygem-railties-3.2.8-2.el6.noarch.rpm ruby193-rubygem-railties-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-25.el6.noarch.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6op.noarch.rpm ruby193-rubygems-1.8.23-25.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-25.el6.noarch.rpm rubygem-actionpack-3.0.13-4.el6op.noarch.rpm rubygem-activemodel-3.0.13-3.el6op.noarch.rpm rubygem-activemodel-doc-3.0.13-3.el6op.noarch.rpm rubygem-activerecord-3.0.13-5.el6op.noarch.rpm rubygem-bson-1.8.1-2.el6op.noarch.rpm rubygem-mongo-1.8.1-2.el6op.noarch.rpm rubygem-mongo-doc-1.8.1-2.el6op.noarch.rpm rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6op.noarch.rpm rubygem-openshift-origin-console-1.0.10-1.el6op.noarch.rpm rubygem-openshift-origin-console-doc-1.0.10-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.0.12-1.el6op.noarch.rpm rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm rubygem-ruby_parser-doc-2.0.4-6.el6op.noarch.rpm x86_64: graphviz-2.26.0-10.el6.x86_64.rpm graphviz-debuginfo-2.26.0-10.el6.x86_64.rpm graphviz-devel-2.26.0-10.el6.x86_64.rpm graphviz-doc-2.26.0-10.el6.x86_64.rpm graphviz-gd-2.26.0-10.el6.x86_64.rpm graphviz-ruby-2.26.0-10.el6.x86_64.rpm ruby193-ruby-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.327-25.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-25.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-25.el6.x86_64.rpm ruby193-rubygem-json-1.5.4-25.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.4-25.el6.x86_64.rpm Red Hat OpenShift Enterprise JBoss EAP add-on: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.src.rpm noarch: openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6op.noarch.rpm Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-msg-node-mcollective-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/php-5.3.3-22.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-ruby-1.9.3.327-25.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activemodel-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-railties-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activemodel-3.0.13-3.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-bson-1.8.1-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-node-1.0.11-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-ruby_parser-2.0.4-6.el6op.src.rpm noarch: openshift-origin-cartridge-cron-1.4-1.0.3-1.el6op.noarch.rpm openshift-origin-cartridge-diy-0.1-1.0.3-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6op.noarch.rpm openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6op.noarch.rpm openshift-origin-cartridge-perl-5.10-1.0.3-1.el6op.noarch.rpm openshift-origin-cartridge-php-5.3-1.0.5-1.el6op.noarch.rpm openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.0.3-1.el6op.noarch.rpm ruby193-ruby-irb-1.9.3.327-25.el6.noarch.rpm ruby193-rubygem-actionpack-3.2.8-3.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-3.el6.noarch.rpm ruby193-rubygem-activemodel-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activemodel-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activerecord-3.2.8-3.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-3.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-25.el6.noarch.rpm ruby193-rubygem-railties-3.2.8-2.el6.noarch.rpm ruby193-rubygem-railties-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-25.el6.noarch.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6op.noarch.rpm ruby193-rubygems-1.8.23-25.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-25.el6.noarch.rpm rubygem-activemodel-3.0.13-3.el6op.noarch.rpm rubygem-activemodel-doc-3.0.13-3.el6op.noarch.rpm rubygem-bson-1.8.1-2.el6op.noarch.rpm rubygem-openshift-origin-node-1.0.11-1.el6op.noarch.rpm rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm rubygem-ruby_parser-doc-2.0.4-6.el6op.noarch.rpm x86_64: php-bcmath-5.3.3-22.el6.x86_64.rpm php-debuginfo-5.3.3-22.el6.x86_64.rpm php-devel-5.3.3-22.el6.x86_64.rpm php-imap-5.3.3-22.el6.x86_64.rpm php-mbstring-5.3.3-22.el6.x86_64.rpm php-process-5.3.3-22.el6.x86_64.rpm ruby193-ruby-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.327-25.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.327-25.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-25.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-25.el6.x86_64.rpm ruby193-rubygem-json-1.5.4-25.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.4-25.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2660.html https://www.redhat.com/security/data/cve/CVE-2012-2661.html https://www.redhat.com/security/data/cve/CVE-2012-2694.html https://www.redhat.com/security/data/cve/CVE-2012-2695.html https://www.redhat.com/security/data/cve/CVE-2012-3424.html https://www.redhat.com/security/data/cve/CVE-2012-3463.html https://www.redhat.com/security/data/cve/CVE-2012-3464.html https://www.redhat.com/security/data/cve/CVE-2012-3465.html https://www.redhat.com/security/data/cve/CVE-2012-4464.html https://www.redhat.com/security/data/cve/CVE-2012-4466.html https://www.redhat.com/security/data/cve/CVE-2012-4522.html https://www.redhat.com/security/data/cve/CVE-2012-5371.html https://www.redhat.com/security/data/cve/CVE-2013-0155.html https://www.redhat.com/security/data/cve/CVE-2013-0162.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6xiXlSAg2UNWIIRAlVbAKCigkNkfk2yzOLF5xlEoTc8ZcNkEACeOed6 Rti8t8cYCZRqOc9fSRHReJc= =kVS7 -----END PGP SIGNATURE-----