From bugzilla at redhat.com Tue Jan 8 06:42:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:42:24 +0000 Subject: [RHSA-2013:0120-01] Low: quota security and bug fix update Message-ID: <201301080652.r086qDOJ013170@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: quota security and bug fix update Advisory ID: RHSA-2013:0120-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0120.html Issue date: 2013-01-08 CVE Names: CVE-2012-3417 ===================================================================== 1. Summary: An updated quota package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2012-3417) This issue was discovered by the Red Hat Security Response Team. This update also fixes the following bugs: * Prior to this update, values were not properly transported via the remote procedure call (RPC) and interpreted by the client when querying the quota usage or limits for network-mounted file systems if the quota values were 2^32 kilobytes or greater. As a consequence, the client reported mangled values. This update modifies the underlying code so that such values are correctly interpreted by the client. (BZ#667360) * Prior to this update, warnquota sent messages about exceeded quota limits from a valid domain name if the warnquota tool was enabled to send warning e-mails and the superuser did not change the default warnquota configuration. As a consequence, the recipient could reply to invalid addresses. This update modifies the default warnquota configuration to use the reserved example.com. domain. Now, warnings about exceeded quota limits are sent from the reserved domain that inform the superuser to change to the correct value. (BZ#680429) * Previously, quota utilities could not recognize the file system as having quotas enabled and refused to operate on it due to incorrect updating of /etc/mtab. This update prefers /proc/mounts to get a list of file systems with enabled quotas. Now, quota utilities recognize file systems with enabled quotas as expected. (BZ#689822) * Prior to this update, the setquota(8) tool on XFS file systems failed to set disk limits to values greater than 2^31 kilobytes. This update modifies the integer conversion in the setquota(8) tool to use a 64-bit variable big enough to store such values. (BZ#831520) All users of quota are advised to upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 566717 - CVE-2012-3417 quota: incorrect use of tcp_wrappers 667360 - rpc.rquotad can't handle quotas >4TB 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quota-3.13-8.el5.src.rpm i386: quota-3.13-8.el5.i386.rpm quota-debuginfo-3.13-8.el5.i386.rpm x86_64: quota-3.13-8.el5.x86_64.rpm quota-debuginfo-3.13-8.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/quota-3.13-8.el5.src.rpm i386: quota-3.13-8.el5.i386.rpm quota-debuginfo-3.13-8.el5.i386.rpm ia64: quota-3.13-8.el5.ia64.rpm quota-debuginfo-3.13-8.el5.ia64.rpm ppc: quota-3.13-8.el5.ppc.rpm quota-debuginfo-3.13-8.el5.ppc.rpm s390x: quota-3.13-8.el5.s390x.rpm quota-debuginfo-3.13-8.el5.s390x.rpm x86_64: quota-3.13-8.el5.x86_64.rpm quota-debuginfo-3.13-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3417.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68IYXlSAg2UNWIIRAkqSAKC+IUvF8E9OB8RonMuwzLplmOsygACfUOak s2CkRGJ4joxosW6kT58inMc= =X76p -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:43:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:43:18 +0000 Subject: [RHSA-2013:0121-01] Low: mysql security and bug fix update Message-ID: <201301080653.r086r75u031033@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: mysql security and bug fix update Advisory ID: RHSA-2013:0121-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0121.html Issue date: 2013-01-08 CVE Names: CVE-2012-4452 ===================================================================== 1. Summary: Updated mysql packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030. (CVE-2012-4452) Note: If the use of the DATA DIRECTORY and INDEX DIRECTORY directives were disabled as described in RHSA-2010:0109 (by adding "symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration file), users were not vulnerable to this issue. This issue was discovered by Karel Voln? of the Red Hat Quality Engineering team. This update also fixes the following bugs: * Prior to this update, the log file path in the logrotate script did not behave as expected. As a consequence, the logrotate function failed to rotate the "/var/log/mysqld.log" file. This update modifies the logrotate script to allow rotating the mysqld.log file. (BZ#647223) * Prior to this update, the mysqld daemon could fail when using the EXPLAIN flag in prepared statement mode. This update modifies the underlying code to handle the EXPLAIN flag as expected. (BZ#654000) * Prior to this update, the mysqld init script could wrongly report that mysql server startup failed when the server was actually started. This update modifies the init script to report the status of the mysqld server as expected. (BZ#703476) * Prior to this update, the "--enable-profiling" option was by default disabled. This update enables the profiling feature. (BZ#806365) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 526850 - MySQL 5.0.77 crashes on comparison of date & datetime types to NAME_CONST() 528512 - MySQL memory DoS 543730 - mysqld segfaults during SHOW CREATE TABLE 548685 - Extra characters appear in BLOB after mysqldump/import 654000 - Mysql bug 54488 - crash when using explain and prepared statements with subqueries 675906 - Restore / import of mysqldump fails on "Unknown command '\''" 806365 - mysql-server-5.0.95-1.el5_7.1 has Profiling disabled by default 860808 - CVE-2012-4452 mysql: regression of CVE-2009-4030 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.95-3.el5.src.rpm i386: mysql-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm x86_64: mysql-5.0.95-3.el5.i386.rpm mysql-5.0.95-3.el5.x86_64.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.95-3.el5.src.rpm i386: mysql-bench-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-devel-5.0.95-3.el5.i386.rpm mysql-server-5.0.95-3.el5.i386.rpm mysql-test-5.0.95-3.el5.i386.rpm x86_64: mysql-bench-5.0.95-3.el5.x86_64.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.x86_64.rpm mysql-devel-5.0.95-3.el5.i386.rpm mysql-devel-5.0.95-3.el5.x86_64.rpm mysql-server-5.0.95-3.el5.x86_64.rpm mysql-test-5.0.95-3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.95-3.el5.src.rpm i386: mysql-5.0.95-3.el5.i386.rpm mysql-bench-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-devel-5.0.95-3.el5.i386.rpm mysql-server-5.0.95-3.el5.i386.rpm mysql-test-5.0.95-3.el5.i386.rpm ia64: mysql-5.0.95-3.el5.i386.rpm mysql-5.0.95-3.el5.ia64.rpm mysql-bench-5.0.95-3.el5.ia64.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.ia64.rpm mysql-devel-5.0.95-3.el5.ia64.rpm mysql-server-5.0.95-3.el5.ia64.rpm mysql-test-5.0.95-3.el5.ia64.rpm ppc: mysql-5.0.95-3.el5.ppc.rpm mysql-5.0.95-3.el5.ppc64.rpm mysql-bench-5.0.95-3.el5.ppc.rpm mysql-debuginfo-5.0.95-3.el5.ppc.rpm mysql-debuginfo-5.0.95-3.el5.ppc64.rpm mysql-devel-5.0.95-3.el5.ppc.rpm mysql-devel-5.0.95-3.el5.ppc64.rpm mysql-server-5.0.95-3.el5.ppc.rpm mysql-server-5.0.95-3.el5.ppc64.rpm mysql-test-5.0.95-3.el5.ppc.rpm s390x: mysql-5.0.95-3.el5.s390.rpm mysql-5.0.95-3.el5.s390x.rpm mysql-bench-5.0.95-3.el5.s390x.rpm mysql-debuginfo-5.0.95-3.el5.s390.rpm mysql-debuginfo-5.0.95-3.el5.s390x.rpm mysql-devel-5.0.95-3.el5.s390.rpm mysql-devel-5.0.95-3.el5.s390x.rpm mysql-server-5.0.95-3.el5.s390x.rpm mysql-test-5.0.95-3.el5.s390x.rpm x86_64: mysql-5.0.95-3.el5.i386.rpm mysql-5.0.95-3.el5.x86_64.rpm mysql-bench-5.0.95-3.el5.x86_64.rpm mysql-debuginfo-5.0.95-3.el5.i386.rpm mysql-debuginfo-5.0.95-3.el5.x86_64.rpm mysql-devel-5.0.95-3.el5.i386.rpm mysql-devel-5.0.95-3.el5.x86_64.rpm mysql-server-5.0.95-3.el5.x86_64.rpm mysql-test-5.0.95-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4452.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHSA-2012-0127.html https://rhn.redhat.com/errata/RHSA-2010-0109.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68JPXlSAg2UNWIIRAsUMAJ0ZMiyYZBgeZ5L5dL+zPijQR9OMTgCdGz7b 5sT0eF5SCGyLA3SQngEn2NU= =aPsf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:44:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:44:01 +0000 Subject: [RHSA-2013:0122-01] Moderate: tcl security and bug fix update Message-ID: <201301080653.r086roAn026457@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tcl security and bug fix update Advisory ID: RHSA-2013:0122-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0122.html Issue date: 2013-01-08 CVE Names: CVE-2007-4772 CVE-2007-6067 ===================================================================== 1. Summary: Updated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug: * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 316511 - CVE-2007-4772 postgresql DoS via infinite loop in regex NFA optimization code 400931 - CVE-2007-6067 postgresql: tempory DoS caused by slow regex NFA cleanup 478961 - [RHEL5] tcl threads support implementation can cause scripts to hang 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tcl-8.4.13-6.el5.src.rpm i386: tcl-8.4.13-6.el5.i386.rpm tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-html-8.4.13-6.el5.i386.rpm x86_64: tcl-8.4.13-6.el5.i386.rpm tcl-8.4.13-6.el5.x86_64.rpm tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-debuginfo-8.4.13-6.el5.x86_64.rpm tcl-html-8.4.13-6.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tcl-8.4.13-6.el5.src.rpm i386: tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-devel-8.4.13-6.el5.i386.rpm x86_64: tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-debuginfo-8.4.13-6.el5.x86_64.rpm tcl-devel-8.4.13-6.el5.i386.rpm tcl-devel-8.4.13-6.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tcl-8.4.13-6.el5.src.rpm i386: tcl-8.4.13-6.el5.i386.rpm tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-devel-8.4.13-6.el5.i386.rpm tcl-html-8.4.13-6.el5.i386.rpm ia64: tcl-8.4.13-6.el5.ia64.rpm tcl-debuginfo-8.4.13-6.el5.ia64.rpm tcl-devel-8.4.13-6.el5.ia64.rpm tcl-html-8.4.13-6.el5.ia64.rpm ppc: tcl-8.4.13-6.el5.ppc.rpm tcl-8.4.13-6.el5.ppc64.rpm tcl-debuginfo-8.4.13-6.el5.ppc.rpm tcl-debuginfo-8.4.13-6.el5.ppc64.rpm tcl-devel-8.4.13-6.el5.ppc.rpm tcl-devel-8.4.13-6.el5.ppc64.rpm tcl-html-8.4.13-6.el5.ppc.rpm s390x: tcl-8.4.13-6.el5.s390.rpm tcl-8.4.13-6.el5.s390x.rpm tcl-debuginfo-8.4.13-6.el5.s390.rpm tcl-debuginfo-8.4.13-6.el5.s390x.rpm tcl-devel-8.4.13-6.el5.s390.rpm tcl-devel-8.4.13-6.el5.s390x.rpm tcl-html-8.4.13-6.el5.s390x.rpm x86_64: tcl-8.4.13-6.el5.i386.rpm tcl-8.4.13-6.el5.x86_64.rpm tcl-debuginfo-8.4.13-6.el5.i386.rpm tcl-debuginfo-8.4.13-6.el5.x86_64.rpm tcl-devel-8.4.13-6.el5.i386.rpm tcl-devel-8.4.13-6.el5.x86_64.rpm tcl-html-8.4.13-6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2007-4772.html https://www.redhat.com/security/data/cve/CVE-2007-6067.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68J7XlSAg2UNWIIRAkpLAKClOD2mxtWYJHEZFqmwyWE92q+7aQCeJjnr t8jUxGiuznsY1pcv6ahuaMM= =61uR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:44:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:44:31 +0000 Subject: [RHSA-2013:0123-01] Low: OpenIPMI security, bug fix, and enhancement update Message-ID: <201301080654.r086sLHG031264@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: OpenIPMI security, bug fix, and enhancement update Advisory ID: RHSA-2013:0123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0123.html Issue date: 2013-01-08 CVE Names: CVE-2011-4339 ===================================================================== 1. Summary: Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface (IPMI). System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. (CVE-2011-4339) Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5. This update also fixes the following bugs: * Prior to this update, the ipmitool utility first checked the IPMI hardware for Dell IPMI extensions and listed only supported commands when printing command usage like the option "ipmtool delloem help". On a non-Dell platform, the usage text was incomplete and misleading. This update lists all Dell OEM extensions in usage texts on all platforms, which allows users to check for command line arguments on non-Dell hardware. (BZ#658762) * Prior to this update, the ipmitool utility tried to retrieve the Sensor Data Records (SDR) from the IPMI bus instead of the Baseboard Management Controller (BMC) bus when IPMI-enabled devices reported SDR under a different owner than the BMC. As a consequence, the timeout setting for the SDR read attempt could significantly decrease the performance and no sensor data was shown. This update modifies ipmitool to read these SDR records from the BMC and shows the correct sensor data on these platforms. (BZ#671059, BZ#749796) * Prior to this update, the exit code of the "ipmitool -o list" option was not set correctly. As a consequence, "ipmitool -o list" always returned the value 1 instead of the expected value 0. This update modifies the underlying code to return the value 0 as expected. (BZ#740780) * Prior to this update, the "ipmi" service init script did not specify the full path to the "/sbin/lsmod" and "/sbin/modprobe" system utilities. As a consequence, the init script failed when it was executed if PATH did not point to /sbin, for example, when running "sudo /etc/init.d/ipmi". This update modifies the init script so that it now contains the full path to lsmod and modrpobe. Now, it can be executed with sudo. (BZ#829705) * Prior to this update, the ipmitool man page did not list the "-b", "-B", "-l" and "-T" options. In this update, these options are documented in the ipmitool man page. (BZ#846596) This update also adds the following enhancement: * Updates to the Dell-specific IPMI extension: A new vFlash command, which allows users to display information about extended SD cards; a new setled command, which allows users to display the backplane LED status; improved error descriptions; added support for new hardware; and updated documentation of the ipmitool delloem commands in the ipmitool manual page. (BZ#797050) All users of OpenIPMI are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 658762 - ipmitool delloem accesses IPMI before acting (e.g. listing help) 671059 - bad performance of ipmitool sdr by update to 2.0.16 740780 - ipmitool -o list return always 1 742837 - CVE-2011-4339 OpenIPMI: IPMI event daemon creates PID file with world writeable permissions 749796 - Bad performance for ipmitool sdr in verbose mode 829705 - initscript of ipmi contains incomplete path and cannot start by certain users 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/OpenIPMI-2.0.16-16.el5.src.rpm i386: OpenIPMI-2.0.16-16.el5.i386.rpm OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-gui-2.0.16-16.el5.i386.rpm OpenIPMI-libs-2.0.16-16.el5.i386.rpm OpenIPMI-perl-2.0.16-16.el5.i386.rpm OpenIPMI-python-2.0.16-16.el5.i386.rpm OpenIPMI-tools-2.0.16-16.el5.i386.rpm x86_64: OpenIPMI-2.0.16-16.el5.x86_64.rpm OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm OpenIPMI-gui-2.0.16-16.el5.x86_64.rpm OpenIPMI-libs-2.0.16-16.el5.i386.rpm OpenIPMI-libs-2.0.16-16.el5.x86_64.rpm OpenIPMI-perl-2.0.16-16.el5.x86_64.rpm OpenIPMI-python-2.0.16-16.el5.x86_64.rpm OpenIPMI-tools-2.0.16-16.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/OpenIPMI-2.0.16-16.el5.src.rpm i386: OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-devel-2.0.16-16.el5.i386.rpm x86_64: OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm OpenIPMI-devel-2.0.16-16.el5.i386.rpm OpenIPMI-devel-2.0.16-16.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/OpenIPMI-2.0.16-16.el5.src.rpm i386: OpenIPMI-2.0.16-16.el5.i386.rpm OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-devel-2.0.16-16.el5.i386.rpm OpenIPMI-gui-2.0.16-16.el5.i386.rpm OpenIPMI-libs-2.0.16-16.el5.i386.rpm OpenIPMI-perl-2.0.16-16.el5.i386.rpm OpenIPMI-python-2.0.16-16.el5.i386.rpm OpenIPMI-tools-2.0.16-16.el5.i386.rpm ia64: OpenIPMI-2.0.16-16.el5.ia64.rpm OpenIPMI-debuginfo-2.0.16-16.el5.ia64.rpm OpenIPMI-devel-2.0.16-16.el5.ia64.rpm OpenIPMI-gui-2.0.16-16.el5.ia64.rpm OpenIPMI-libs-2.0.16-16.el5.ia64.rpm OpenIPMI-perl-2.0.16-16.el5.ia64.rpm OpenIPMI-python-2.0.16-16.el5.ia64.rpm OpenIPMI-tools-2.0.16-16.el5.ia64.rpm ppc: OpenIPMI-2.0.16-16.el5.ppc.rpm OpenIPMI-debuginfo-2.0.16-16.el5.ppc.rpm OpenIPMI-debuginfo-2.0.16-16.el5.ppc64.rpm OpenIPMI-devel-2.0.16-16.el5.ppc.rpm OpenIPMI-devel-2.0.16-16.el5.ppc64.rpm OpenIPMI-gui-2.0.16-16.el5.ppc.rpm OpenIPMI-libs-2.0.16-16.el5.ppc.rpm OpenIPMI-libs-2.0.16-16.el5.ppc64.rpm OpenIPMI-perl-2.0.16-16.el5.ppc.rpm OpenIPMI-python-2.0.16-16.el5.ppc.rpm OpenIPMI-tools-2.0.16-16.el5.ppc.rpm s390x: OpenIPMI-2.0.16-16.el5.s390x.rpm OpenIPMI-debuginfo-2.0.16-16.el5.s390.rpm OpenIPMI-debuginfo-2.0.16-16.el5.s390x.rpm OpenIPMI-devel-2.0.16-16.el5.s390.rpm OpenIPMI-devel-2.0.16-16.el5.s390x.rpm OpenIPMI-gui-2.0.16-16.el5.s390x.rpm OpenIPMI-libs-2.0.16-16.el5.s390.rpm OpenIPMI-libs-2.0.16-16.el5.s390x.rpm OpenIPMI-perl-2.0.16-16.el5.s390x.rpm OpenIPMI-python-2.0.16-16.el5.s390x.rpm OpenIPMI-tools-2.0.16-16.el5.s390x.rpm x86_64: OpenIPMI-2.0.16-16.el5.x86_64.rpm OpenIPMI-debuginfo-2.0.16-16.el5.i386.rpm OpenIPMI-debuginfo-2.0.16-16.el5.x86_64.rpm OpenIPMI-devel-2.0.16-16.el5.i386.rpm OpenIPMI-devel-2.0.16-16.el5.x86_64.rpm OpenIPMI-gui-2.0.16-16.el5.x86_64.rpm OpenIPMI-libs-2.0.16-16.el5.i386.rpm OpenIPMI-libs-2.0.16-16.el5.x86_64.rpm OpenIPMI-perl-2.0.16-16.el5.x86_64.rpm OpenIPMI-python-2.0.16-16.el5.x86_64.rpm OpenIPMI-tools-2.0.16-16.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4339.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68KZXlSAg2UNWIIRAhTUAKCijFkIEKV02pgq/J4KNB/n4t5cuwCbB+ti v3R5c2Nol+1v+cAx+u0IqC8= =h068 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:49:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:49:31 +0000 Subject: [RHSA-2013:0124-01] Moderate: net-snmp security and bug fix update Message-ID: <201301080659.r086xLLD014539@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security and bug fix update Advisory ID: RHSA-2013:0124-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0124.html Issue date: 2013-01-08 CVE Names: CVE-2012-2141 ===================================================================== 1. Summary: Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the "extend" directive (in "/etc/snmp/snmpd.conf") could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes: * Devices that used certain file systems were not reported in the "HOST-RESOURCES-MIB::hrStorageTable" table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the "HOST-RESOURCES-MIB::hrStorageTable" table. (BZ#754652, BZ#755958, BZ#822061) * The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the "-c" option. This update describes correctly that multiple configuration files must be separated by a comma. (BZ#760001) * Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892) * snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. (BZ#799699) * snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. (BZ#803585) * snmpd ignored the "-e" parameter of the "trapsess" option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring "trapsess" with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the "trapsess -e" parameter in the configuration file. (BZ#805689) * snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. (BZ#818259) * snmpd ignored the port number of the "clientaddr" option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the "clientaddr" option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. (BZ#828691) * snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the "monitor" option in the "/etc/snmp/snmpd.conf" configuration file. As a consequence, snmpd was not fully initialized and the error message "failed to run mteTrigger query" appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. (BZ#830042) Users of net-snmp should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 755958 - net-snmp ignores reiserfs formatted partitions 803585 - agentx counter64 snmpget problem 815813 - CVE-2012-2141 net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) 840861 - snmpd does not report error when clientaddr : cannot bind to the specified port 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.2.2-20.el5.src.rpm i386: net-snmp-5.3.2.2-20.el5.i386.rpm net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-libs-5.3.2.2-20.el5.i386.rpm net-snmp-perl-5.3.2.2-20.el5.i386.rpm net-snmp-utils-5.3.2.2-20.el5.i386.rpm x86_64: net-snmp-5.3.2.2-20.el5.x86_64.rpm net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-debuginfo-5.3.2.2-20.el5.x86_64.rpm net-snmp-libs-5.3.2.2-20.el5.i386.rpm net-snmp-libs-5.3.2.2-20.el5.x86_64.rpm net-snmp-perl-5.3.2.2-20.el5.x86_64.rpm net-snmp-utils-5.3.2.2-20.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.2.2-20.el5.src.rpm i386: net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-devel-5.3.2.2-20.el5.i386.rpm x86_64: net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-debuginfo-5.3.2.2-20.el5.x86_64.rpm net-snmp-devel-5.3.2.2-20.el5.i386.rpm net-snmp-devel-5.3.2.2-20.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/net-snmp-5.3.2.2-20.el5.src.rpm i386: net-snmp-5.3.2.2-20.el5.i386.rpm net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-devel-5.3.2.2-20.el5.i386.rpm net-snmp-libs-5.3.2.2-20.el5.i386.rpm net-snmp-perl-5.3.2.2-20.el5.i386.rpm net-snmp-utils-5.3.2.2-20.el5.i386.rpm ia64: net-snmp-5.3.2.2-20.el5.ia64.rpm net-snmp-debuginfo-5.3.2.2-20.el5.ia64.rpm net-snmp-devel-5.3.2.2-20.el5.ia64.rpm net-snmp-libs-5.3.2.2-20.el5.ia64.rpm net-snmp-perl-5.3.2.2-20.el5.ia64.rpm net-snmp-utils-5.3.2.2-20.el5.ia64.rpm ppc: net-snmp-5.3.2.2-20.el5.ppc.rpm net-snmp-debuginfo-5.3.2.2-20.el5.ppc.rpm net-snmp-debuginfo-5.3.2.2-20.el5.ppc64.rpm net-snmp-devel-5.3.2.2-20.el5.ppc.rpm net-snmp-devel-5.3.2.2-20.el5.ppc64.rpm net-snmp-libs-5.3.2.2-20.el5.ppc.rpm net-snmp-libs-5.3.2.2-20.el5.ppc64.rpm net-snmp-perl-5.3.2.2-20.el5.ppc.rpm net-snmp-utils-5.3.2.2-20.el5.ppc.rpm s390x: net-snmp-5.3.2.2-20.el5.s390x.rpm net-snmp-debuginfo-5.3.2.2-20.el5.s390.rpm net-snmp-debuginfo-5.3.2.2-20.el5.s390x.rpm net-snmp-devel-5.3.2.2-20.el5.s390.rpm net-snmp-devel-5.3.2.2-20.el5.s390x.rpm net-snmp-libs-5.3.2.2-20.el5.s390.rpm net-snmp-libs-5.3.2.2-20.el5.s390x.rpm net-snmp-perl-5.3.2.2-20.el5.s390x.rpm net-snmp-utils-5.3.2.2-20.el5.s390x.rpm x86_64: net-snmp-5.3.2.2-20.el5.x86_64.rpm net-snmp-debuginfo-5.3.2.2-20.el5.i386.rpm net-snmp-debuginfo-5.3.2.2-20.el5.x86_64.rpm net-snmp-devel-5.3.2.2-20.el5.i386.rpm net-snmp-devel-5.3.2.2-20.el5.x86_64.rpm net-snmp-libs-5.3.2.2-20.el5.i386.rpm net-snmp-libs-5.3.2.2-20.el5.x86_64.rpm net-snmp-perl-5.3.2.2-20.el5.x86_64.rpm net-snmp-utils-5.3.2.2-20.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2141.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68PEXlSAg2UNWIIRAjCiAJ9W/MBaqJqdzDYYAGmTv4kzqNkg8wCghMvJ 51oSTzzi76pyrX3XyxqAuv0= =MaWU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:49:53 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:49:53 +0000 Subject: [RHSA-2013:0125-01] Moderate: wireshark security, bug fix, and enhancement update Message-ID: <201301080659.r086xggb009840@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security, bug fix, and enhancement update Advisory ID: RHSA-2013:0125-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0125.html Issue date: 2013-01-08 CVE Names: CVE-2011-1958 CVE-2011-1959 CVE-2011-2175 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-4285 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 ===================================================================== 1. Summary: Updated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially-crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This update also fixes the following bugs: * When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The "Invalid capture filter" message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473) * Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693) * Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510) * Previously, the TShark "-s" (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the "-s" option is fixed and sizes lower than 68 bytes work as expected. (BZ#580513) This update also adds the following enhancement: * In this update, support for the "NetDump" protocol was added. (BZ#484999) All users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 438473 - wireshark via ssh -X on ipv6 link-local address fails to allow capture 484999 - add netdump dissector to wireshark 580510 - tshark returns exit code 0 in case of errors 580513 - tshark snaplen parameter does not work 710039 - CVE-2011-1959 wireshark: Stack-based buffer over-read from tvbuff buffer when reading snoop capture files 710109 - CVE-2011-2175 wireshark: Heap-based buffer over-read in Visual Networks dissector 710184 - CVE-2011-1958 wireshark (64bit): NULL pointer dereference by processing of a corrupted Diameter dictionary file 723215 - CVE-2011-2698 wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector 750648 - CVE-2011-4102 wireshark: buffer overflow in the ERF file reader 773726 - CVE-2012-0041 wireshark: multiple file parser vulnerabilities (wnpa-sec-2012-01) 773728 - CVE-2012-0042 wireshark: NULL pointer vulnerabilities (wnpa-sec-2012-02) 783360 - CVE-2012-0066 Wireshark: Dos via large buffer allocation request 783363 - CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser 848541 - CVE-2012-4285 wireshark: crash due to zero division in DCP ETSI dissector (wnpa-sec-2012-13) 848561 - CVE-2012-4289 wireshark: DoS via excessive CPU consumption in AFP dissector (wnpa-sec-2012-17) 848572 - CVE-2012-4291 wireshark: DoS via excessive system resource consumption in CIP dissector (wnpa-sec-2012-20) 848578 - CVE-2012-4290 wireshark: DoS via excessive CPU consumption in CTDB dissector (wnpa-sec-2012-23) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-5.el5.src.rpm i386: wireshark-1.0.15-5.el5.i386.rpm wireshark-debuginfo-1.0.15-5.el5.i386.rpm x86_64: wireshark-1.0.15-5.el5.x86_64.rpm wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.15-5.el5.src.rpm i386: wireshark-debuginfo-1.0.15-5.el5.i386.rpm wireshark-gnome-1.0.15-5.el5.i386.rpm x86_64: wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm wireshark-gnome-1.0.15-5.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-1.0.15-5.el5.src.rpm i386: wireshark-1.0.15-5.el5.i386.rpm wireshark-debuginfo-1.0.15-5.el5.i386.rpm wireshark-gnome-1.0.15-5.el5.i386.rpm ia64: wireshark-1.0.15-5.el5.ia64.rpm wireshark-debuginfo-1.0.15-5.el5.ia64.rpm wireshark-gnome-1.0.15-5.el5.ia64.rpm ppc: wireshark-1.0.15-5.el5.ppc.rpm wireshark-debuginfo-1.0.15-5.el5.ppc.rpm wireshark-gnome-1.0.15-5.el5.ppc.rpm s390x: wireshark-1.0.15-5.el5.s390x.rpm wireshark-debuginfo-1.0.15-5.el5.s390x.rpm wireshark-gnome-1.0.15-5.el5.s390x.rpm x86_64: wireshark-1.0.15-5.el5.x86_64.rpm wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm wireshark-gnome-1.0.15-5.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1958.html https://www.redhat.com/security/data/cve/CVE-2011-1959.html https://www.redhat.com/security/data/cve/CVE-2011-2175.html https://www.redhat.com/security/data/cve/CVE-2011-2698.html https://www.redhat.com/security/data/cve/CVE-2011-4102.html https://www.redhat.com/security/data/cve/CVE-2012-0041.html https://www.redhat.com/security/data/cve/CVE-2012-0042.html https://www.redhat.com/security/data/cve/CVE-2012-0066.html https://www.redhat.com/security/data/cve/CVE-2012-0067.html https://www.redhat.com/security/data/cve/CVE-2012-4285.html https://www.redhat.com/security/data/cve/CVE-2012-4289.html https://www.redhat.com/security/data/cve/CVE-2012-4290.html https://www.redhat.com/security/data/cve/CVE-2012-4291.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68PaXlSAg2UNWIIRAj7lAJ9+/2599n8ictAq4q84c8c7N7xRYQCfYDK9 luCrOpknTD3CW5PenX5RtoM= =5bn/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:50:44 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:50:44 +0000 Subject: [RHSA-2013:0126-01] Low: squirrelmail security and bug fix update Message-ID: <201301080700.r0870XK9010114@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: squirrelmail security and bug fix update Advisory ID: RHSA-2013:0126-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0126.html Issue date: 2013-01-08 CVE Names: CVE-2012-2124 ===================================================================== 1. Summary: An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server. (CVE-2012-2124) This update also fixes the following bugs: * Prior to this update, SquirrelMail could not decode multi-line subjects properly. Consequently, the decode header internationalization option did not properly handle new lines or tabs at the beginning of the lines. This bug has been fixed and SquirrelMail now works correctly in the described scenario. (BZ#241861) * Due to a bug, attachments written in HTML code on the Windows operating system were not displayed properly when accessed with SquirrelMail; the "!=null" string was trimmed to "!ull". This bug has been fixed and the attachments are now displayed correctly in such a case. (BZ#359791) * Previously, e-mail messages with a Unique Identifier (UID) larger than 2^31 bytes were unreadable when using the squirrelmail package. With this patch the squirrelmail package is able to read all messages regardless of the UIDs size. (BZ#450780) * Due to a bug, a PHP script did not assign the proper character set to requested variables. Consequently, SquirrelMail could not display any e-mails. The underlying source code has been modified and now the squirrelmail package assigns the correct character set. (BZ#475188) * Due to the incorrect internationalization option located at the i18n.php file, the squirrelmail package could not use the GB 2312 character set. The i18n.php file has been fixed and the GB 2312 character set works correctly in the described scenario. (BZ#508686) * Previously, the preg_split() function contained a misspelled constant, PREG_SPLIT_NI_EMPTY, which could cause SquirrelMail to produce error messages. The name of the constant has been corrected to PREG_SPLIT_NO_EMPTY, and SquirrelMail no longer produces error messages in this scenario. (BZ#528758) * Due to Security-Enhanced Linux (SELinux) settings, sending e-mails from the SquirrelMail web interface was blocked. This update adds a note to the SquirrelMail documentation that describes how to set the SELinux options to allow sending e-mails from the SquirrelMail web interface. (BZ#745380) * Previously, the squirrelmail package did not comply with the RFC 2822 specification about line length limits. Consequently, attachments with lines longer than 998 characters could not be forwarded using SquirrelMail. This patch modifies the underlying source code and now SquirrelMail complies with the RFC 2822 specification as expected. (BZ#745469) * Prior to this update, the squirrelmail package required the php-common script instead of the mod_php script during installation or upgrade of the package, which led to a dependency error. As a result, attempting to install or upgrade the squirrelmail package failed on systems using the php53 packages. With this update, the dependencies of the squirrelmail package were changed and the installation or upgrade now works correctly in the described scenario. (BZ#789353) All users of SquirrelMail are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 241861 - Bad decoding of multiple Subjects 450780 - Email messages with UIDs bigger than 2^31 are unreadable via SquirrelMail 475188 - PHP error: undefined variable charset in squirrelmail 508686 - Squirrelmail could not use GB2312 for incorrect charset at i18n.php 528758 - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message 669663 - Package squirrelmail fails to build in brew due to gettext update. 745380 - SELinux seems to block sending e-mails from the squirrelmail web interface 745469 - rfc2822 line length limits 789353 - squirrelmail should require mod_php not php 814671 - CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/squirrelmail-1.4.8-21.el5.src.rpm noarch: squirrelmail-1.4.8-21.el5.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/squirrelmail-1.4.8-21.el5.src.rpm noarch: squirrelmail-1.4.8-21.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2124.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHSA-2012-0103.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68PzXlSAg2UNWIIRAmZiAJ0ZwfHvpyzDvO3gVvBqyOiKLCyT0QCffPx0 hEMaidAAg1p2acCvZ64oL70= =qKzc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:51:42 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:51:42 +0000 Subject: [RHSA-2013:0127-01] Low: libvirt security and bug fix update Message-ID: <201301080701.r0871WKC029033@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: libvirt security and bug fix update Advisory ID: RHSA-2013:0127-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0127.html Issue date: 2013-01-08 CVE Names: CVE-2012-2693 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device. (CVE-2012-2693) This update also fixes the following bugs: * Previously, the libvirtd library failed to set the autostart flags for already defined QEMU domains. This bug has been fixed, and the domains can now be successfully marked as autostarted. (BZ#675319) * Prior to this update, the virFileAbsPath() function was not taking into account the slash ("/") directory separator when allocating memory for combining the cwd() function and a path. This behavior could lead to a memory corruption. With this update, a transformation to the virAsprintff() function has been introduced into virFileAbsPath(). As a result, the aforementioned behavior no longer occurs. (BZ#680289) * With this update, a man page of the virsh user interface has been enhanced with information on the "domxml-from-native" and "domxml-to-native" commands. A correct notation of the format argument has been clarified. As a result, confusion is avoided when setting the format argument in the described commands. (BZ#783001) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 675319 - qemu guests autostart problem 680289 - off-by-one in virFileAbsPath can lead to memory corruption [5.7] 772821 - Coverity scan revealed defects 772848 - Coverity scan founds some new resource leaks and NULL pointer dereference 783001 - Need to improve virsh domxml-*-native command docs 831164 - CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.8.2-29.el5.src.rpm i386: libvirt-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-python-0.8.2-29.el5.i386.rpm x86_64: libvirt-0.8.2-29.el5.i386.rpm libvirt-0.8.2-29.el5.x86_64.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.x86_64.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.x86_64.rpm libvirt-python-0.8.2-29.el5.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.8.2-29.el5.src.rpm i386: libvirt-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-python-0.8.2-29.el5.i386.rpm ia64: libvirt-0.8.2-29.el5.ia64.rpm libvirt-debuginfo-0.8.2-29.el5.ia64.rpm libvirt-devel-0.8.2-29.el5.ia64.rpm libvirt-python-0.8.2-29.el5.ia64.rpm x86_64: libvirt-0.8.2-29.el5.i386.rpm libvirt-0.8.2-29.el5.x86_64.rpm libvirt-debuginfo-0.8.2-29.el5.i386.rpm libvirt-debuginfo-0.8.2-29.el5.x86_64.rpm libvirt-devel-0.8.2-29.el5.i386.rpm libvirt-devel-0.8.2-29.el5.x86_64.rpm libvirt-python-0.8.2-29.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2693.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68RIXlSAg2UNWIIRAtH4AKCDoTsu3lrKu2OxW0/dYmUqCi/uZwCggq81 yPnvR/G9dcCjO5ULASFs7yU= =j6yY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:52:00 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:52:00 +0000 Subject: [RHSA-2013:0128-01] Low: conga security, bug fix, and enhancement update Message-ID: <201301080701.r0871nJN031882@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: conga security, bug fix, and enhancement update Advisory ID: RHSA-2013:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0128.html Issue date: 2013-01-08 CVE Names: CVE-2012-3359 ===================================================================== 1. Summary: Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. (CVE-2012-3359) Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue. This update also fixes the following bugs: * Prior to this update, luci did not allow the fence_apc_snmp agent to be configured. As a consequence, users could not configure or view an existing configuration for fence_apc_snmp. This update adds a new screen that allows fence_apc_snmp to be configured. (BZ#832181) * Prior to this update, luci did not allow the SSL operation of the fence_ilo fence agent to be enabled or disabled. As a consequence, users could not configure or view an existing configuration for the 'ssl' attribute for fence_ilo. This update adds a checkbox to show whether the SSL operation is enabled and allows users to edit that attribute. (BZ#832183) * Prior to this update, luci did not allow the "identity_file" attribute of the fence_ilo_mp fence agent to be viewed or edited. As a consequence, users could not configure or view an existing configuration for the "identity_file" attribute of the fence_ilo_mp fence agent. This update adds a text input box to show the current state of the "identity_file" attribute of fence_ilo_mp and allows users to edit that attribute. (BZ#832185) * Prior to this update, redundant files and directories remained on the file system at /var/lib/luci/var/pts and /usr/lib{,64}/luci/zope/var/pts when the luci package was uninstalled. This update removes these files and directories when the luci package is uninstalled. (BZ#835649) * Prior to this update, the "restart-disable" recovery policy was not displayed in the recovery policy list from which users could select when they configure a recovery policy for a failover domain. As a consequence, the "restart-disable" recovery policy could not be set with the luci GUI. This update adds the "restart-disable" recovery option to the recovery policy pulldown list. (BZ#839732) * Prior to this update, line breaks that were not anticipated in the "yum list" output could cause package upgrade and/or installation to fail when creating clusters or adding nodes to existing clusters. As a consequence, creating clusters and adding cluster nodes to existing clusters could fail. This update modifies the ricci daemon to be able to correctly handle line breaks in the "yum list" output. (BZ#842865) In addition, this update adds the following enhancements: * This update adds support for configuring the Intel iPDU fence agent to the luci package. (BZ#741986) * This update adds support for viewing and changing the state of the new 'nfsrestart' attribute to the FS and Cluster FS resource agent configuration screens. (BZ#822633) All users of conga are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. After installing this update, the luci and ricci services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 607179 - CVE-2012-3359 conga: insecure handling of luci web interface sessions 832181 - fence_apc_snmp is missing from luci 832183 - Luci is missing configuration of ssl for fence_ilo 832185 - Luci cannot configure the "identity_file" attribute for fence_ilo_mp 835649 - luci uninstall will leave /var/lib/luci/var/pts and /usr/lib*/luci/zope/var/pts behind 839732 - Conga Add a Service Screen is Missing Option for Restart-Disable Recovery Policy 6. Package List: RHEL Clustering (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/conga-0.12.2-64.el5.src.rpm i386: conga-debuginfo-0.12.2-64.el5.i386.rpm luci-0.12.2-64.el5.i386.rpm ricci-0.12.2-64.el5.i386.rpm ia64: conga-debuginfo-0.12.2-64.el5.ia64.rpm luci-0.12.2-64.el5.ia64.rpm ricci-0.12.2-64.el5.ia64.rpm ppc: conga-debuginfo-0.12.2-64.el5.ppc.rpm luci-0.12.2-64.el5.ppc.rpm ricci-0.12.2-64.el5.ppc.rpm x86_64: conga-debuginfo-0.12.2-64.el5.x86_64.rpm luci-0.12.2-64.el5.x86_64.rpm ricci-0.12.2-64.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3359.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68RZXlSAg2UNWIIRArUYAKCFK4E7iD9cw25nQMvdsg2Tpk2TSQCgv2Dg OE1RPK2GrQaOvw4mwcCr8DY= =bbf3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:52:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:52:31 +0000 Subject: [RHSA-2013:0129-01] Moderate: ruby security and bug fix update Message-ID: <201301080702.r0872LFe011266@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security and bug fix update Advisory ID: RHSA-2013:0129-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0129.html Issue date: 2013-01-08 CVE Names: CVE-2012-4481 CVE-2012-4522 ===================================================================== 1. Summary: Updated ruby packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. This update also fixes the following bug: * Prior to this update, the "rb_syck_mktime" option could, under certain circumstances, terminate with a segmentation fault when installing libraries with certain gems. This update modifies the underlying code so that Ruby gems can be installed as expected. (BZ#834381) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 863484 - CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects 865940 - CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-27.el5.src.rpm i386: ruby-1.8.5-27.el5.i386.rpm ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-docs-1.8.5-27.el5.i386.rpm ruby-irb-1.8.5-27.el5.i386.rpm ruby-libs-1.8.5-27.el5.i386.rpm ruby-rdoc-1.8.5-27.el5.i386.rpm ruby-ri-1.8.5-27.el5.i386.rpm ruby-tcltk-1.8.5-27.el5.i386.rpm x86_64: ruby-1.8.5-27.el5.x86_64.rpm ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-debuginfo-1.8.5-27.el5.x86_64.rpm ruby-docs-1.8.5-27.el5.x86_64.rpm ruby-irb-1.8.5-27.el5.x86_64.rpm ruby-libs-1.8.5-27.el5.i386.rpm ruby-libs-1.8.5-27.el5.x86_64.rpm ruby-rdoc-1.8.5-27.el5.x86_64.rpm ruby-ri-1.8.5-27.el5.x86_64.rpm ruby-tcltk-1.8.5-27.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-27.el5.src.rpm i386: ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-devel-1.8.5-27.el5.i386.rpm ruby-mode-1.8.5-27.el5.i386.rpm x86_64: ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-debuginfo-1.8.5-27.el5.x86_64.rpm ruby-devel-1.8.5-27.el5.i386.rpm ruby-devel-1.8.5-27.el5.x86_64.rpm ruby-mode-1.8.5-27.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-27.el5.src.rpm i386: ruby-1.8.5-27.el5.i386.rpm ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-devel-1.8.5-27.el5.i386.rpm ruby-docs-1.8.5-27.el5.i386.rpm ruby-irb-1.8.5-27.el5.i386.rpm ruby-libs-1.8.5-27.el5.i386.rpm ruby-mode-1.8.5-27.el5.i386.rpm ruby-rdoc-1.8.5-27.el5.i386.rpm ruby-ri-1.8.5-27.el5.i386.rpm ruby-tcltk-1.8.5-27.el5.i386.rpm ia64: ruby-1.8.5-27.el5.ia64.rpm ruby-debuginfo-1.8.5-27.el5.ia64.rpm ruby-devel-1.8.5-27.el5.ia64.rpm ruby-docs-1.8.5-27.el5.ia64.rpm ruby-irb-1.8.5-27.el5.ia64.rpm ruby-libs-1.8.5-27.el5.ia64.rpm ruby-mode-1.8.5-27.el5.ia64.rpm ruby-rdoc-1.8.5-27.el5.ia64.rpm ruby-ri-1.8.5-27.el5.ia64.rpm ruby-tcltk-1.8.5-27.el5.ia64.rpm ppc: ruby-1.8.5-27.el5.ppc.rpm ruby-debuginfo-1.8.5-27.el5.ppc.rpm ruby-debuginfo-1.8.5-27.el5.ppc64.rpm ruby-devel-1.8.5-27.el5.ppc.rpm ruby-devel-1.8.5-27.el5.ppc64.rpm ruby-docs-1.8.5-27.el5.ppc.rpm ruby-irb-1.8.5-27.el5.ppc.rpm ruby-libs-1.8.5-27.el5.ppc.rpm ruby-libs-1.8.5-27.el5.ppc64.rpm ruby-mode-1.8.5-27.el5.ppc.rpm ruby-rdoc-1.8.5-27.el5.ppc.rpm ruby-ri-1.8.5-27.el5.ppc.rpm ruby-tcltk-1.8.5-27.el5.ppc.rpm s390x: ruby-1.8.5-27.el5.s390x.rpm ruby-debuginfo-1.8.5-27.el5.s390.rpm ruby-debuginfo-1.8.5-27.el5.s390x.rpm ruby-devel-1.8.5-27.el5.s390.rpm ruby-devel-1.8.5-27.el5.s390x.rpm ruby-docs-1.8.5-27.el5.s390x.rpm ruby-irb-1.8.5-27.el5.s390x.rpm ruby-libs-1.8.5-27.el5.s390.rpm ruby-libs-1.8.5-27.el5.s390x.rpm ruby-mode-1.8.5-27.el5.s390x.rpm ruby-rdoc-1.8.5-27.el5.s390x.rpm ruby-ri-1.8.5-27.el5.s390x.rpm ruby-tcltk-1.8.5-27.el5.s390x.rpm x86_64: ruby-1.8.5-27.el5.x86_64.rpm ruby-debuginfo-1.8.5-27.el5.i386.rpm ruby-debuginfo-1.8.5-27.el5.x86_64.rpm ruby-devel-1.8.5-27.el5.i386.rpm ruby-devel-1.8.5-27.el5.x86_64.rpm ruby-docs-1.8.5-27.el5.x86_64.rpm ruby-irb-1.8.5-27.el5.x86_64.rpm ruby-libs-1.8.5-27.el5.i386.rpm ruby-libs-1.8.5-27.el5.x86_64.rpm ruby-mode-1.8.5-27.el5.x86_64.rpm ruby-rdoc-1.8.5-27.el5.x86_64.rpm ruby-ri-1.8.5-27.el5.x86_64.rpm ruby-tcltk-1.8.5-27.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4481.html https://www.redhat.com/security/data/cve/CVE-2012-4522.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-0909.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68R3XlSAg2UNWIIRAtuXAKCCm6WEmHPB/pKFK25sIoE2/8C71wCgp4xA /yFkohfxxndEnOWwvaJKkfU= =gxNh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:53:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:53:56 +0000 Subject: [RHSA-2013:0130-01] Low: httpd security, bug fix, and enhancement update Message-ID: <201301080703.r0873jln001507@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2013:0130-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html Issue date: 2013-01-08 CVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687) Bug fixes: * Previously, no check was made to see if the /etc/pki/tls/private/localhost.key file was a valid key prior to running the "%post" script for the "mod_ssl" package. Consequently, when /etc/pki/tls/certs/localhost.crt did not exist and "localhost.key" was present but invalid, upgrading the Apache HTTP Server daemon (httpd) with mod_ssl failed. The "%post" script has been fixed to test for an existing SSL key. As a result, upgrading httpd with mod_ssl now proceeds as expected. (BZ#752618) * The "mod_ssl" module did not support operation under FIPS mode. Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode enabled, httpd failed to start. An upstream patch has been applied to disable non-FIPS functionality if operating under FIPS mode and httpd now starts as expected. (BZ#773473) * Prior to this update, httpd exit status codes were not Linux Standard Base (LSB) compliant. When the command "service httpd reload" was run and httpd failed, the exit status code returned was "0" and not in the range 1 to 6 as expected. A patch has been applied to the init script and httpd now returns "1" as an exit status code. (BZ#783242) * Chunked Transfer Coding is described in RFC 2616. Previously, the Apache server did not correctly handle a chunked encoded POST request with a "chunk-size" or "chunk-extension" value of 32 bytes or more. Consequently, when such a POST request was made the server did not respond. An upstream patch has been applied and the problem no longer occurs. (BZ#840845) * Due to a regression, when mod_cache received a non-cacheable 304 response, the headers were served incorrectly. Consequently, compressed data could be returned to the client without the cached headers to indicate the data was compressed. An upstream patch has been applied to merge response and cached headers before data from the cache is served to the client. As a result, cached data is now correctly interpreted by the client. (BZ#845532) * In a proxy configuration, certain response-line strings were not handled correctly. If a response-line without a "description" string was received from the origin server, for a non-standard status code, such as the "450" status code, a "500 Internal Server Error" would be returned to the client. This bug has been fixed so that the original response line is returned to the client. (BZ#853128) Enhancements: * The configuration directive "LDAPReferrals" is now supported in addition to the previously introduced "LDAPChaseReferrals". (BZ#727342) * The AJP support module for "mod_proxy", "mod_proxy_ajp", now supports the "ProxyErrorOverride" directive. Consequently, it is now possible to configure customized error pages for web applications running on a backend server accessed via AJP. (BZ#767890) * The "%posttrans" scriptlet which automatically restarts the httpd service after a package upgrade can now be disabled. If the file /etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not restart the daemon. (BZ#833042) * The output of "httpd -S" now includes configured alias names for each virtual host. (BZ#833043) * New certificate variable names are now exposed by "mod_ssl" using the "_DN_userID" suffix, such as "SSL_CLIENT_S_DN_userID", which use the commonly used object identifier (OID) definition of "userID", OID 0.9.2342.19200300.100.1.1. (BZ#840036) All users of httpd are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 727342 - LDAPChaseReferrals should be LDAPReferrals 752618 - mod_ssl post install script can cause failures 767890 - The mod_proxy_ajp lacks the ErrorOverride 773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled 783242 - service httpd reload return 0 when it fails 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line 845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm x86_64: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm ia64: httpd-2.2.3-74.el5.ia64.rpm httpd-debuginfo-2.2.3-74.el5.ia64.rpm httpd-devel-2.2.3-74.el5.ia64.rpm httpd-manual-2.2.3-74.el5.ia64.rpm mod_ssl-2.2.3-74.el5.ia64.rpm ppc: httpd-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc64.rpm httpd-devel-2.2.3-74.el5.ppc.rpm httpd-devel-2.2.3-74.el5.ppc64.rpm httpd-manual-2.2.3-74.el5.ppc.rpm mod_ssl-2.2.3-74.el5.ppc.rpm s390x: httpd-2.2.3-74.el5.s390x.rpm httpd-debuginfo-2.2.3-74.el5.s390.rpm httpd-debuginfo-2.2.3-74.el5.s390x.rpm httpd-devel-2.2.3-74.el5.s390.rpm httpd-devel-2.2.3-74.el5.s390x.rpm httpd-manual-2.2.3-74.el5.s390x.rpm mod_ssl-2.2.3-74.el5.s390x.rpm x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-0455.html https://www.redhat.com/security/data/cve/CVE-2008-0456.html https://www.redhat.com/security/data/cve/CVE-2012-2687.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh /xD6DzmFPZw8MhY2CC19xag= =mexo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:54:17 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:54:17 +0000 Subject: [RHSA-2013:0131-01] Low: gnome-vfs2 security and bug fix update Message-ID: <201301080704.r08746Yd016356@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: gnome-vfs2 security and bug fix update Advisory ID: RHSA-2013:0131-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0131.html Issue date: 2013-01-08 CVE Names: CVE-2009-2473 ===================================================================== 1. Summary: Updated gnome-vfs2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. Visiting a malicious DAV server with an application using gnome-vfs2 (such as Nautilus) could possibly cause the application to consume an excessive amount of CPU and memory. (CVE-2009-2473) This update also fixes the following bugs: * When extracted from the Uniform Resource Identifier (URI), gnome-vfs2 returned escaped file paths. If a path, as stored in the URI, contained non-ASCII characters or ASCII characters which are parsed as something other than a file path (for example, spaces), the escaped path was inaccurate. Consequently, files with the described type of URI could not be processed. With this update, gnome-vfs2 properly unescapes paths that are required for a system call. As a result, these paths are parsed properly. (BZ#580855) * In certain cases, the trash info file was populated by foreign entries, pointing to live data. Emptying the trash caused an accidental deletion of valuable data. With this update, a workaround has been applied in order to prevent the deletion. As a result, the accidental data loss is prevented, however further information is still gathered to fully fix this problem. (BZ#586015) * Due to a wrong test checking for a destination file system, the Nautilus file manager failed to delete a symbolic link to a folder which was residing in another file system. With this update, a special test has been added. As a result, a symbolic link pointing to another file system can be trashed or deleted properly. (BZ#621394) * Prior to this update, when directories without a read permission were marked for copy, the Nautilus file manager skipped these unreadable directories without notification. With this update, Nautilus displays an error message and properly informs the user about the aforementioned problem. (BZ#772307) * Previously, gnome-vfs2 used the stat() function calls for every file on the MultiVersion File System (MVFS), used for example by IBM Rational ClearCase. This behavior significantly slowed down file operations. With this update, the unnecessary stat() operations have been limited. As a result, gnome-vfs2 user interfaces, such as Nautilus, are more responsive. (BZ#822817) All gnome-vfs2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 518215 - CVE-2009-2473 neon: billion laughs DoS attack 580855 - Cannot delete folder contents if the name of the folder contains spaces 621394 - can't delete symlink to other filesystem 822817 - Fix Gnome VFS components to not stat every file on an ClearCase mvfs filesystem 848822 - Problem while loading OAFIID: GNOME_Panel_TrashApplet 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnome-vfs2-2.16.2-10.el5.src.rpm i386: gnome-vfs2-2.16.2-10.el5.i386.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-smb-2.16.2-10.el5.i386.rpm x86_64: gnome-vfs2-2.16.2-10.el5.i386.rpm gnome-vfs2-2.16.2-10.el5.x86_64.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.x86_64.rpm gnome-vfs2-smb-2.16.2-10.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnome-vfs2-2.16.2-10.el5.src.rpm i386: gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-devel-2.16.2-10.el5.i386.rpm x86_64: gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.x86_64.rpm gnome-vfs2-devel-2.16.2-10.el5.i386.rpm gnome-vfs2-devel-2.16.2-10.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnome-vfs2-2.16.2-10.el5.src.rpm i386: gnome-vfs2-2.16.2-10.el5.i386.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-devel-2.16.2-10.el5.i386.rpm gnome-vfs2-smb-2.16.2-10.el5.i386.rpm ia64: gnome-vfs2-2.16.2-10.el5.ia64.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.ia64.rpm gnome-vfs2-devel-2.16.2-10.el5.ia64.rpm gnome-vfs2-smb-2.16.2-10.el5.ia64.rpm ppc: gnome-vfs2-2.16.2-10.el5.ppc.rpm gnome-vfs2-2.16.2-10.el5.ppc64.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.ppc.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.ppc64.rpm gnome-vfs2-devel-2.16.2-10.el5.ppc.rpm gnome-vfs2-devel-2.16.2-10.el5.ppc64.rpm gnome-vfs2-smb-2.16.2-10.el5.ppc.rpm gnome-vfs2-smb-2.16.2-10.el5.ppc64.rpm s390x: gnome-vfs2-2.16.2-10.el5.s390.rpm gnome-vfs2-2.16.2-10.el5.s390x.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.s390.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.s390x.rpm gnome-vfs2-devel-2.16.2-10.el5.s390.rpm gnome-vfs2-devel-2.16.2-10.el5.s390x.rpm gnome-vfs2-smb-2.16.2-10.el5.s390x.rpm x86_64: gnome-vfs2-2.16.2-10.el5.i386.rpm gnome-vfs2-2.16.2-10.el5.x86_64.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm gnome-vfs2-debuginfo-2.16.2-10.el5.x86_64.rpm gnome-vfs2-devel-2.16.2-10.el5.i386.rpm gnome-vfs2-devel-2.16.2-10.el5.x86_64.rpm gnome-vfs2-smb-2.16.2-10.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2473.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68TiXlSAg2UNWIIRAqZoAJ97ED4YrwQDGGwRp0+hnbUJRQCGnACfVKyt vr5BSs6N6KiDVMPz4Y8KL7k= =APMX -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:54:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:54:37 +0000 Subject: [RHSA-2013:0132-01] Low: autofs security, bug fix, and enhancement update Message-ID: <201301080704.r0874QlQ029742@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: autofs security, bug fix, and enhancement update Advisory ID: RHSA-2013:0132-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0132.html Issue date: 2013-01-08 CVE Names: CVE-2012-2697 ===================================================================== 1. Summary: An updated autofs package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing mounts (except for preventing mount expiration). (CVE-2012-2697) Red Hat would like to thank Ray Rocker for reporting this issue. This update also fixes the following bugs: * The autofs init script sometimes timed out waiting for the automount daemon to exit and returned a shutdown failure if the daemon failed to exit in time. To resolve this problem, the amount of time that the init script waits for the daemon has been increased to allow for cases where servers are slow to respond or there are many active mounts. (BZ#585058) * Due to an omission when backporting a change, autofs attempted to download the entire LDAP map at startup. This mistake has now been corrected. (BZ#767428) * A function to check the validity of a mount location was meant to check only for a small subset of map location errors. A recent modification in error reporting inverted a logic test in this validating function. Consequently, the scope of the test was widened, which caused the automount daemon to report false positive failures. With this update, the faulty logic test has been corrected and false positive failures no longer occur. (BZ#798448) * When there were many attempts to access invalid or non-existent keys, the automount daemon used excessive CPU resources. As a consequence, systems sometimes became unresponsive. The code has been improved so that automount checks for invalid keys earlier in the process which has eliminated a significant amount of the processing overhead. (BZ#847101) * The auto.master(5) man page did not document the "-t, --timeout" option in the FORMAT options section. This update adds this information to the man page. (BZ#859890) This update also adds the following enhancement: * Previously, it was not possible to configure separate timeout values for individual direct map entries in the autofs master map. This update adds this functionality. (BZ#690404) All users of autofs are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 585058 - autofs5 init script times out before automount exits and incorrectly shows that autofs5 stop failed 643142 - "/net -hosts -fstype=nfs4" does not work while "/home /etc/auto.nfs4" works. 690404 - RFE: timeout option cannot be configured individually with multiple direct map entries 831772 - CVE-2012-2697 autofs: denial of service when using an LDAP-based automount map 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/autofs-5.0.1-0.rc2.177.el5.src.rpm i386: autofs-5.0.1-0.rc2.177.el5.i386.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.i386.rpm x86_64: autofs-5.0.1-0.rc2.177.el5.x86_64.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/autofs-5.0.1-0.rc2.177.el5.src.rpm i386: autofs-5.0.1-0.rc2.177.el5.i386.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.i386.rpm ia64: autofs-5.0.1-0.rc2.177.el5.ia64.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.ia64.rpm ppc: autofs-5.0.1-0.rc2.177.el5.ppc.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.ppc.rpm s390x: autofs-5.0.1-0.rc2.177.el5.s390x.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.s390x.rpm x86_64: autofs-5.0.1-0.rc2.177.el5.x86_64.rpm autofs-debuginfo-5.0.1-0.rc2.177.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2697.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHBA-2012-0264.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68T1XlSAg2UNWIIRAs5RAKDENuZbtGmojWqgCR6YGwmZv8KdCACgispJ DX66cYLD33Lwva6Aq9YRLqY= =lr+T -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:55:54 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:55:54 +0000 Subject: [RHSA-2013:0133-01] Low: hplip3 security and bug fix update Message-ID: <201301080705.r0875hfO000333@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: hplip3 security and bug fix update Advisory ID: RHSA-2013:0133-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0133.html Issue date: 2013-01-08 CVE Names: CVE-2011-2722 ===================================================================== 1. Summary: Updated hplip3 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard (HP) printers and multifunction peripherals. It was found that the HP CUPS (Common UNIX Printing System) fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter (such as the hp3-sendfax tool). (CVE-2011-2722) This update also fixes the following bug: * Previous modifications of the hplip3 package to allow it to be installed alongside the original hplip package introduced several problems to fax support; for example, the hp-sendfax utility could become unresponsive. These problems have been fixed with this update. (BZ#501834) All users of hplip3 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 501834 - hplip hp-sendfax PyQt combination is broken 725830 - CVE-2011-2722 hplip: insecure temporary file handling 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip3-3.9.8-15.el5.src.rpm i386: hpijs3-3.9.8-15.el5.i386.rpm hplip3-3.9.8-15.el5.i386.rpm hplip3-common-3.9.8-15.el5.i386.rpm hplip3-debuginfo-3.9.8-15.el5.i386.rpm hplip3-gui-3.9.8-15.el5.i386.rpm hplip3-libs-3.9.8-15.el5.i386.rpm libsane-hpaio3-3.9.8-15.el5.i386.rpm x86_64: hpijs3-3.9.8-15.el5.x86_64.rpm hplip3-3.9.8-15.el5.x86_64.rpm hplip3-common-3.9.8-15.el5.x86_64.rpm hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm hplip3-gui-3.9.8-15.el5.x86_64.rpm hplip3-libs-3.9.8-15.el5.x86_64.rpm libsane-hpaio3-3.9.8-15.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip3-3.9.8-15.el5.src.rpm i386: hpijs3-3.9.8-15.el5.i386.rpm hplip3-3.9.8-15.el5.i386.rpm hplip3-common-3.9.8-15.el5.i386.rpm hplip3-debuginfo-3.9.8-15.el5.i386.rpm hplip3-gui-3.9.8-15.el5.i386.rpm hplip3-libs-3.9.8-15.el5.i386.rpm libsane-hpaio3-3.9.8-15.el5.i386.rpm ia64: hpijs3-3.9.8-15.el5.ia64.rpm hplip3-3.9.8-15.el5.ia64.rpm hplip3-common-3.9.8-15.el5.ia64.rpm hplip3-debuginfo-3.9.8-15.el5.ia64.rpm hplip3-gui-3.9.8-15.el5.ia64.rpm hplip3-libs-3.9.8-15.el5.ia64.rpm libsane-hpaio3-3.9.8-15.el5.ia64.rpm ppc: hpijs3-3.9.8-15.el5.ppc.rpm hplip3-3.9.8-15.el5.ppc.rpm hplip3-common-3.9.8-15.el5.ppc.rpm hplip3-debuginfo-3.9.8-15.el5.ppc.rpm hplip3-gui-3.9.8-15.el5.ppc.rpm hplip3-libs-3.9.8-15.el5.ppc.rpm libsane-hpaio3-3.9.8-15.el5.ppc.rpm x86_64: hpijs3-3.9.8-15.el5.x86_64.rpm hplip3-3.9.8-15.el5.x86_64.rpm hplip3-common-3.9.8-15.el5.x86_64.rpm hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm hplip3-gui-3.9.8-15.el5.x86_64.rpm hplip3-libs-3.9.8-15.el5.x86_64.rpm libsane-hpaio3-3.9.8-15.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2722.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68U8XlSAg2UNWIIRAnAQAKC+xtYRBFr16JBKOtgt7Ww3Q1K79wCgqVjL 50X2lzUxfNuytlAV9iIiprs= =mpNo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:56:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:56:32 +0000 Subject: [RHSA-2013:0134-01] Low: freeradius2 security and bug fix update Message-ID: <201301080706.r0876LdI011711@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: freeradius2 security and bug fix update Advisory ID: RHSA-2013:0134-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0134.html Issue date: 2013-01-08 CVE Names: CVE-2011-4966 ===================================================================== 1. Summary: Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: FreeRADIUS is an open-source Remote Authentication Dial-In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied. (CVE-2011-4966) This update also fixes the following bugs: * After log rotation, the freeradius logrotate script failed to reload the radiusd daemon and log messages were lost. This update has added a command to the freeradius logrotate script to reload the radiusd daemon and the radiusd daemon re-initializes and reopens its log files after log rotation as expected. (BZ#787111) * The radtest script with the "eap-md5" option failed because it passed the IP family argument when invoking the radeapclient utility and the radeapclient utility did not recognize the IP family. The radeapclient utility now recognizes the IP family argument and radtest now works with eap-md5 as expected. (BZ#846476) * Previously, freeradius was compiled without the "--with-udpfromto" option. Consequently, with a multihomed server and explicitly specifying the IP address, freeradius sent the reply with the wrong IP source address. With this update, freeradius has been built with the "--with-udpfromto" configuration option and the RADIUS reply is always sourced from the IP address the request was sent to. (BZ#846471) * Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS PostgreSQL tables failed to be created. With this update, the syntax has been adjusted and the tables are created as expected. (BZ#818885) * FreeRADIUS has a thread pool that dynamically grows based on load. If multiple threads using the "rlm_perl()" function are spawned in quick succession, the FreeRADIUS server sometimes terminated unexpectedly with a segmentation fault due to parallel calls to the "rlm_perl_clone()" function. With this update, a mutex for the threads has been added and the problem no longer occurs. (BZ#846475) * The man page for "rlm_dbm_parser" was incorrectly installed as "rlm_dbm_parse", omitting the trailing "r". The man page now correctly appears as rlm_dbm_parser. (BZ#781877) All users of freeradius2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. They are also advised to check for RPM backup files ending in ".rpmnew" or ".rpmsave" under the /etc/raddb/ directory after the update because the FreeRADIUS server will attempt to load every file it finds in its configuration directory. The extra files will often cause the wrong configuration values to be applied resulting in either unpredictable behavior or the failure of the server to initialize and run. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 Users are also advised to check for RPM backup files ending in ".rpmnew" or ".rpmsave" under the /etc/raddb/ directory after the update because the FreeRADIUS server will attempt to load every file it finds in its configuration directory. The extra files will often cause the wrong configuration values to be applied resulting in either unpredictable behavior or the failure of the server to initialize and run. 5. Bugs fixed (http://bugzilla.redhat.com/): 781877 - rlm_dbm_parser has man pages in rlm_dbm_parse.8.gz 787111 - freeradius logrotate script does not reload running daemon, causing log files not written after logrotate 818885 - possible errors in /etc/raddb/sql/postgresql/admin.sql template 846471 - freeradius not compiled with --with-udpfromto 846474 - shadow password expiration does not work in freeradius 2.1.10 846475 - Segfault with freeradius-perl threading 846476 - radtest script is not working with eap-md5 option 879045 - CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freeradius2-2.1.12-5.el5.src.rpm i386: freeradius2-2.1.12-5.el5.i386.rpm freeradius2-debuginfo-2.1.12-5.el5.i386.rpm freeradius2-krb5-2.1.12-5.el5.i386.rpm freeradius2-ldap-2.1.12-5.el5.i386.rpm freeradius2-mysql-2.1.12-5.el5.i386.rpm freeradius2-perl-2.1.12-5.el5.i386.rpm freeradius2-postgresql-2.1.12-5.el5.i386.rpm freeradius2-python-2.1.12-5.el5.i386.rpm freeradius2-unixODBC-2.1.12-5.el5.i386.rpm freeradius2-utils-2.1.12-5.el5.i386.rpm x86_64: freeradius2-2.1.12-5.el5.x86_64.rpm freeradius2-debuginfo-2.1.12-5.el5.x86_64.rpm freeradius2-krb5-2.1.12-5.el5.x86_64.rpm freeradius2-ldap-2.1.12-5.el5.x86_64.rpm freeradius2-mysql-2.1.12-5.el5.x86_64.rpm freeradius2-perl-2.1.12-5.el5.x86_64.rpm freeradius2-postgresql-2.1.12-5.el5.x86_64.rpm freeradius2-python-2.1.12-5.el5.x86_64.rpm freeradius2-unixODBC-2.1.12-5.el5.x86_64.rpm freeradius2-utils-2.1.12-5.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freeradius2-2.1.12-5.el5.src.rpm i386: freeradius2-2.1.12-5.el5.i386.rpm freeradius2-debuginfo-2.1.12-5.el5.i386.rpm freeradius2-krb5-2.1.12-5.el5.i386.rpm freeradius2-ldap-2.1.12-5.el5.i386.rpm freeradius2-mysql-2.1.12-5.el5.i386.rpm freeradius2-perl-2.1.12-5.el5.i386.rpm freeradius2-postgresql-2.1.12-5.el5.i386.rpm freeradius2-python-2.1.12-5.el5.i386.rpm freeradius2-unixODBC-2.1.12-5.el5.i386.rpm freeradius2-utils-2.1.12-5.el5.i386.rpm ia64: freeradius2-2.1.12-5.el5.ia64.rpm freeradius2-debuginfo-2.1.12-5.el5.ia64.rpm freeradius2-krb5-2.1.12-5.el5.ia64.rpm freeradius2-ldap-2.1.12-5.el5.ia64.rpm freeradius2-mysql-2.1.12-5.el5.ia64.rpm freeradius2-perl-2.1.12-5.el5.ia64.rpm freeradius2-postgresql-2.1.12-5.el5.ia64.rpm freeradius2-python-2.1.12-5.el5.ia64.rpm freeradius2-unixODBC-2.1.12-5.el5.ia64.rpm freeradius2-utils-2.1.12-5.el5.ia64.rpm ppc: freeradius2-2.1.12-5.el5.ppc.rpm freeradius2-debuginfo-2.1.12-5.el5.ppc.rpm freeradius2-krb5-2.1.12-5.el5.ppc.rpm freeradius2-ldap-2.1.12-5.el5.ppc.rpm freeradius2-mysql-2.1.12-5.el5.ppc.rpm freeradius2-perl-2.1.12-5.el5.ppc.rpm freeradius2-postgresql-2.1.12-5.el5.ppc.rpm freeradius2-python-2.1.12-5.el5.ppc.rpm freeradius2-unixODBC-2.1.12-5.el5.ppc.rpm freeradius2-utils-2.1.12-5.el5.ppc.rpm s390x: freeradius2-2.1.12-5.el5.s390x.rpm freeradius2-debuginfo-2.1.12-5.el5.s390x.rpm freeradius2-krb5-2.1.12-5.el5.s390x.rpm freeradius2-ldap-2.1.12-5.el5.s390x.rpm freeradius2-mysql-2.1.12-5.el5.s390x.rpm freeradius2-perl-2.1.12-5.el5.s390x.rpm freeradius2-postgresql-2.1.12-5.el5.s390x.rpm freeradius2-python-2.1.12-5.el5.s390x.rpm freeradius2-unixODBC-2.1.12-5.el5.s390x.rpm freeradius2-utils-2.1.12-5.el5.s390x.rpm x86_64: freeradius2-2.1.12-5.el5.x86_64.rpm freeradius2-debuginfo-2.1.12-5.el5.x86_64.rpm freeradius2-krb5-2.1.12-5.el5.x86_64.rpm freeradius2-ldap-2.1.12-5.el5.x86_64.rpm freeradius2-mysql-2.1.12-5.el5.x86_64.rpm freeradius2-perl-2.1.12-5.el5.x86_64.rpm freeradius2-postgresql-2.1.12-5.el5.x86_64.rpm freeradius2-python-2.1.12-5.el5.x86_64.rpm freeradius2-unixODBC-2.1.12-5.el5.x86_64.rpm freeradius2-utils-2.1.12-5.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4966.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68VYXlSAg2UNWIIRAq6WAJ4mewJWeAUzKItA7OK+7c422jrApgCcDEat zkwlDK+p9hul6WpKVajIe0Q= =7Lpm -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 06:57:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 06:57:09 +0000 Subject: [RHSA-2013:0135-01] Low: gtk2 security and bug fix update Message-ID: <201301080706.r0876wdE011837@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: gtk2 security and bug fix update Advisory ID: RHSA-2013:0135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0135.html Issue date: 2013-01-08 CVE Names: CVE-2012-2370 ===================================================================== 1. Summary: Updated gtk2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: GIMP Toolkit (GTK+) is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap (XBM) image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ (such as Nautilus), would cause the application to crash. (CVE-2012-2370) This update also fixes the following bugs: * Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 (zh_TW.Big-5) locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly. (BZ#487630) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not open the file. With this update, the initially selected file is opened regardless of the visibility of the Location field. (BZ#518483) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not change into the directory. With this update, the dialog changes into the initially selected directory regardless of the visibility of the Location field. (BZ#523657) * Previously, the GTK Print dialog did not reflect the user-defined printer preferences stored in the ~/.cups/lpoptions file, such as those set in the Default Printer preferences panel. Consequently, the first device in the printer list was always set as a default printer. With this update, the underlying source code has been enhanced to parse the option file. As a result, the default values in the print dialog are set to those previously specified by the user. (BZ#603809) * The GTK+ file chooser did not properly handle saving of nameless files. Consequently, attempting to save a file without specifying a file name caused GTK+ to become unresponsive. With this update, an explicit test for this condition has been added into the underlying source code. As a result, GTK+ no longer hangs in the described scenario. (BZ#702342) * When using certain graphics tablets, the GTK+ library incorrectly translated the input coordinates. Consequently, an offset occurred between the position of the pen and the content drawn on the screen. This issue was limited to the following configuration: a Wacom tablet with input coordinates bound to a single monitor in a dual head configuration, drawing with a pen with the pressure sensitivity option enabled. With this update, the coordinate translation method has been changed, and the offset is no longer present in the described configuration. (BZ#743658) * Previously, performing drag and drop operations on tabs in applications using the GtkNotebook widget could lead to releasing the same resource twice. Eventually, this behavior caused the applications to terminate with a segmentation fault. This bug has been fixed, and the applications using GtkNotebook no longer terminate in the aforementioned scenario. (BZ#830901) All users of GTK+ are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 487630 - [zh_CN.Big-5] gdm imcontext crash 518483 - file chooser does not open the default selected file if the Location field is visible 603809 - GtkPrintUnixDialog (OpenOffice.org|evince) fails to use a user configured default cups printer (~/.cups/lpoptions) 822468 - CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gtk2-2.10.4-29.el5.src.rpm i386: gtk2-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm x86_64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.x86_64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gtk2-2.10.4-29.el5.src.rpm i386: gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.i386.rpm x86_64: gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm gtk2-devel-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gtk2-2.10.4-29.el5.src.rpm i386: gtk2-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.i386.rpm ia64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.ia64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.ia64.rpm gtk2-devel-2.10.4-29.el5.ia64.rpm ppc: gtk2-2.10.4-29.el5.ppc.rpm gtk2-2.10.4-29.el5.ppc64.rpm gtk2-debuginfo-2.10.4-29.el5.ppc.rpm gtk2-debuginfo-2.10.4-29.el5.ppc64.rpm gtk2-devel-2.10.4-29.el5.ppc.rpm gtk2-devel-2.10.4-29.el5.ppc64.rpm s390x: gtk2-2.10.4-29.el5.s390.rpm gtk2-2.10.4-29.el5.s390x.rpm gtk2-debuginfo-2.10.4-29.el5.s390.rpm gtk2-debuginfo-2.10.4-29.el5.s390x.rpm gtk2-devel-2.10.4-29.el5.s390.rpm gtk2-devel-2.10.4-29.el5.s390x.rpm x86_64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.x86_64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm gtk2-devel-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2370.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68WCXlSAg2UNWIIRAhfoAKCpQrb8Kmu0e6yo3GMpkOTKaF0twwCbBpi5 tPmbgWQ7AHYm670Q3xv+RUk= =49Hw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 21:45:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 21:45:43 +0000 Subject: [RHSA-2013:0144-01] Critical: firefox security update Message-ID: <201301082145.r08LjhDe024719@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:0144-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0144.html Issue date: 2013-01-08 CVE Names: CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 891811 - CVE-2013-0769 Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01) 891821 - CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02) 891824 - CVE-2013-0759 Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04) 891825 - CVE-2013-0744 Mozilla: Use-after-free when displaying table with many columns and column groups (MFSA 2013-05) 892142 - CVE-2013-0746 Mozilla: Compartment mismatch with quickstubs returned values (MFSA 2013-09) 892144 - CVE-2013-0748 Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11) 892145 - CVE-2013-0750 Mozilla: Buffer overflow in Javascript string concatenation (MFSA 2013-12) 892148 - CVE-2013-0758 Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15) 892149 - CVE-2013-0753 Mozilla: Use-after-free in serializeToStream (MFSA 2013-16) 892150 - CVE-2013-0754 Mozilla: Use-after-free in ListenerManager (MFSA 2013-17) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.12-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.12-1.el5_9.src.rpm i386: firefox-10.0.12-1.el5_9.i386.rpm firefox-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-10.0.12-1.el5_9.i386.rpm xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm x86_64: firefox-10.0.12-1.el5_9.i386.rpm firefox-10.0.12-1.el5_9.x86_64.rpm firefox-debuginfo-10.0.12-1.el5_9.i386.rpm firefox-debuginfo-10.0.12-1.el5_9.x86_64.rpm xulrunner-10.0.12-1.el5_9.i386.rpm xulrunner-10.0.12-1.el5_9.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-debuginfo-10.0.12-1.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client-Workstation/en/os/SRPMS/xulrunner-10.0.12-1.el5_9.src.rpm i386: xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-devel-10.0.12-1.el5_9.i386.rpm x86_64: xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-debuginfo-10.0.12-1.el5_9.x86_64.rpm xulrunner-devel-10.0.12-1.el5_9.i386.rpm xulrunner-devel-10.0.12-1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.12-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.12-1.el5_9.src.rpm i386: firefox-10.0.12-1.el5_9.i386.rpm firefox-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-10.0.12-1.el5_9.i386.rpm xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-devel-10.0.12-1.el5_9.i386.rpm ia64: firefox-10.0.12-1.el5_9.ia64.rpm firefox-debuginfo-10.0.12-1.el5_9.ia64.rpm xulrunner-10.0.12-1.el5_9.ia64.rpm xulrunner-debuginfo-10.0.12-1.el5_9.ia64.rpm xulrunner-devel-10.0.12-1.el5_9.ia64.rpm ppc: firefox-10.0.12-1.el5_9.ppc.rpm firefox-debuginfo-10.0.12-1.el5_9.ppc.rpm xulrunner-10.0.12-1.el5_9.ppc.rpm xulrunner-10.0.12-1.el5_9.ppc64.rpm xulrunner-debuginfo-10.0.12-1.el5_9.ppc.rpm xulrunner-debuginfo-10.0.12-1.el5_9.ppc64.rpm xulrunner-devel-10.0.12-1.el5_9.ppc.rpm xulrunner-devel-10.0.12-1.el5_9.ppc64.rpm s390x: firefox-10.0.12-1.el5_9.s390.rpm firefox-10.0.12-1.el5_9.s390x.rpm firefox-debuginfo-10.0.12-1.el5_9.s390.rpm firefox-debuginfo-10.0.12-1.el5_9.s390x.rpm xulrunner-10.0.12-1.el5_9.s390.rpm xulrunner-10.0.12-1.el5_9.s390x.rpm xulrunner-debuginfo-10.0.12-1.el5_9.s390.rpm xulrunner-debuginfo-10.0.12-1.el5_9.s390x.rpm xulrunner-devel-10.0.12-1.el5_9.s390.rpm xulrunner-devel-10.0.12-1.el5_9.s390x.rpm x86_64: firefox-10.0.12-1.el5_9.i386.rpm firefox-10.0.12-1.el5_9.x86_64.rpm firefox-debuginfo-10.0.12-1.el5_9.i386.rpm firefox-debuginfo-10.0.12-1.el5_9.x86_64.rpm xulrunner-10.0.12-1.el5_9.i386.rpm xulrunner-10.0.12-1.el5_9.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el5_9.i386.rpm xulrunner-debuginfo-10.0.12-1.el5_9.x86_64.rpm xulrunner-devel-10.0.12-1.el5_9.i386.rpm xulrunner-devel-10.0.12-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.12-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: firefox-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm x86_64: firefox-10.0.12-1.el6_3.i686.rpm firefox-10.0.12-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.12-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm x86_64: firefox-10.0.12-1.el6_3.i686.rpm firefox-10.0.12-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.12-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: firefox-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm ppc64: firefox-10.0.12-1.el6_3.ppc.rpm firefox-10.0.12-1.el6_3.ppc64.rpm firefox-debuginfo-10.0.12-1.el6_3.ppc.rpm firefox-debuginfo-10.0.12-1.el6_3.ppc64.rpm xulrunner-10.0.12-1.el6_3.ppc.rpm xulrunner-10.0.12-1.el6_3.ppc64.rpm xulrunner-debuginfo-10.0.12-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.12-1.el6_3.ppc64.rpm s390x: firefox-10.0.12-1.el6_3.s390.rpm firefox-10.0.12-1.el6_3.s390x.rpm firefox-debuginfo-10.0.12-1.el6_3.s390.rpm firefox-debuginfo-10.0.12-1.el6_3.s390x.rpm xulrunner-10.0.12-1.el6_3.s390.rpm xulrunner-10.0.12-1.el6_3.s390x.rpm xulrunner-debuginfo-10.0.12-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.12-1.el6_3.s390x.rpm x86_64: firefox-10.0.12-1.el6_3.i686.rpm firefox-10.0.12-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm ppc64: xulrunner-debuginfo-10.0.12-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.12-1.el6_3.ppc64.rpm xulrunner-devel-10.0.12-1.el6_3.ppc.rpm xulrunner-devel-10.0.12-1.el6_3.ppc64.rpm s390x: xulrunner-debuginfo-10.0.12-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.12-1.el6_3.s390x.rpm xulrunner-devel-10.0.12-1.el6_3.s390.rpm xulrunner-devel-10.0.12-1.el6_3.s390x.rpm x86_64: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.12-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: firefox-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm x86_64: firefox-10.0.12-1.el6_3.i686.rpm firefox-10.0.12-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.12-1.el6_3.i686.rpm firefox-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-10.0.12-1.el6_3.i686.rpm xulrunner-10.0.12-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.12-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.12-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.12-1.el6_3.x86_64.rpm xulrunner-devel-10.0.12-1.el6_3.i686.rpm xulrunner-devel-10.0.12-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0744.html https://www.redhat.com/security/data/cve/CVE-2013-0746.html https://www.redhat.com/security/data/cve/CVE-2013-0748.html https://www.redhat.com/security/data/cve/CVE-2013-0750.html https://www.redhat.com/security/data/cve/CVE-2013-0753.html https://www.redhat.com/security/data/cve/CVE-2013-0754.html https://www.redhat.com/security/data/cve/CVE-2013-0758.html https://www.redhat.com/security/data/cve/CVE-2013-0759.html https://www.redhat.com/security/data/cve/CVE-2013-0762.html https://www.redhat.com/security/data/cve/CVE-2013-0766.html https://www.redhat.com/security/data/cve/CVE-2013-0767.html https://www.redhat.com/security/data/cve/CVE-2013-0769.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7JNeXlSAg2UNWIIRAltaAKCBzfnqtXwYag3mMtIEz/OPrp28AwCeKp3q 79ijS9eHVMgfb2MwzBLtSGM= =KpGz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 21:46:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 21:46:38 +0000 Subject: [RHSA-2013:0145-01] Critical: thunderbird security update Message-ID: <201301082146.r08Lkcu6030091@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2013:0145-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0145.html Issue date: 2013-01-08 CVE Names: CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 891811 - CVE-2013-0769 Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01) 891821 - CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02) 891824 - CVE-2013-0759 Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04) 891825 - CVE-2013-0744 Mozilla: Use-after-free when displaying table with many columns and column groups (MFSA 2013-05) 892142 - CVE-2013-0746 Mozilla: Compartment mismatch with quickstubs returned values (MFSA 2013-09) 892144 - CVE-2013-0748 Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11) 892145 - CVE-2013-0750 Mozilla: Buffer overflow in Javascript string concatenation (MFSA 2013-12) 892148 - CVE-2013-0758 Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15) 892149 - CVE-2013-0753 Mozilla: Use-after-free in serializeToStream (MFSA 2013-16) 892150 - CVE-2013-0754 Mozilla: Use-after-free in ListenerManager (MFSA 2013-17) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-10.0.12-3.el5_9.src.rpm i386: thunderbird-10.0.12-3.el5_9.i386.rpm thunderbird-debuginfo-10.0.12-3.el5_9.i386.rpm x86_64: thunderbird-10.0.12-3.el5_9.x86_64.rpm thunderbird-debuginfo-10.0.12-3.el5_9.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server-DPAS/en/os/SRPMS/thunderbird-10.0.12-3.el5_9.src.rpm i386: thunderbird-10.0.12-3.el5_9.i386.rpm thunderbird-debuginfo-10.0.12-3.el5_9.i386.rpm x86_64: thunderbird-10.0.12-3.el5_9.x86_64.rpm thunderbird-debuginfo-10.0.12-3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-10.0.12-3.el6_3.src.rpm i386: thunderbird-10.0.12-3.el6_3.i686.rpm thunderbird-debuginfo-10.0.12-3.el6_3.i686.rpm x86_64: thunderbird-10.0.12-3.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.12-3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-10.0.12-3.el6_3.src.rpm i386: thunderbird-10.0.12-3.el6_3.i686.rpm thunderbird-debuginfo-10.0.12-3.el6_3.i686.rpm ppc64: thunderbird-10.0.12-3.el6_3.ppc64.rpm thunderbird-debuginfo-10.0.12-3.el6_3.ppc64.rpm s390x: thunderbird-10.0.12-3.el6_3.s390x.rpm thunderbird-debuginfo-10.0.12-3.el6_3.s390x.rpm x86_64: thunderbird-10.0.12-3.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.12-3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-10.0.12-3.el6_3.src.rpm i386: thunderbird-10.0.12-3.el6_3.i686.rpm thunderbird-debuginfo-10.0.12-3.el6_3.i686.rpm x86_64: thunderbird-10.0.12-3.el6_3.x86_64.rpm thunderbird-debuginfo-10.0.12-3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0744.html https://www.redhat.com/security/data/cve/CVE-2013-0746.html https://www.redhat.com/security/data/cve/CVE-2013-0748.html https://www.redhat.com/security/data/cve/CVE-2013-0750.html https://www.redhat.com/security/data/cve/CVE-2013-0753.html https://www.redhat.com/security/data/cve/CVE-2013-0754.html https://www.redhat.com/security/data/cve/CVE-2013-0758.html https://www.redhat.com/security/data/cve/CVE-2013-0759.html https://www.redhat.com/security/data/cve/CVE-2013-0762.html https://www.redhat.com/security/data/cve/CVE-2013-0766.html https://www.redhat.com/security/data/cve/CVE-2013-0767.html https://www.redhat.com/security/data/cve/CVE-2013-0769.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7JOXXlSAg2UNWIIRAhMOAJ0cdRVAP2IVzpKDsIdOZnks06dc9ACgjdkc NVNltOFO2XqkH2gRfFQ+XO4= =5gnB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 8 21:48:40 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Jan 2013 21:48:40 +0000 Subject: [RHSA-2013:0148-01] Moderate: openshift-origin-node-util security update Message-ID: <201301082148.r08LmeWB006997@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openshift-origin-node-util security update Advisory ID: RHSA-2013:0148-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0148.html Issue date: 2013-01-08 CVE Names: CVE-2012-5646 CVE-2012-5647 ===================================================================== 1. Summary: An updated openshift-origin-node-util package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RedHat OpenShift Enterprise Node - noarch 3. Description: The openshift-origin-node-util package provides a set of utility scripts for a node. Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. A flaw was found in the way the administrative web interface for restoring applications (restorer.php) processed options passed to it. A remote attacker could send a specially-crafted request to restorer.php that would result in the query string being parsed as command line options and arguments. This could lead to arbitrary code execution with the privileges of an arbitrary application. (CVE-2012-5646) An open redirect flaw was found in restorer.php. A remote attacker able to trick a victim into opening the restorer.php page using a specially-crafted link could redirect the victim to an arbitrary page. (CVE-2012-5647) These issues were discovered by Michael Scherer of the Red Hat Regional IT team. All users of Red Hat OpenShift Enterprise are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 888518 - CVE-2012-5646 OpenShift Origin: restorer.php preg_match shell code injection 888523 - CVE-2012-5647 OpenShift Origin: restorer.php arbitrary URL redirection 6. Package List: RedHat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-node-util-1.0.5-3.el6op.src.rpm noarch: openshift-origin-node-util-1.0.5-3.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5646.html https://www.redhat.com/security/data/cve/CVE-2012-5647.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7JQSXlSAg2UNWIIRAkjAAKCARJ6riffdvvTjFCQCWbdjKVDY6ACeKniE Iqgr8oJzAEr64ZG/aotA1h8= =mvdY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 9 10:33:46 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Jan 2013 10:33:46 +0000 Subject: [RHSA-2013:0149-01] Critical: flash-plugin security update Message-ID: <201301091043.r09AhboK020396@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0149-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0149.html Issue date: 2013-01-09 CVE Names: CVE-2013-0630 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-01, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0630) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.261. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 893223 - CVE-2013-0630 flash-plugin: buffer overflow flaw that can lead to arbitrary code execution (APSB13-01) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.261-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.261-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.261-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.261-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0630.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-01.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7UnNXlSAg2UNWIIRAoG6AKDDqTMMobAcxWJzy8F/Vk35630sKQCfea4O 09fBfKdT3bZ3AYLA8xe1Ls0= =Pmm1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 10 01:51:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Jan 2013 01:51:47 +0000 Subject: [RHSA-2013:0150-01] Critical: acroread security update Message-ID: <201301100201.r0A21fCI031900@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2013:0150-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0150.html Issue date: 2013-01-10 CVE Names: CVE-2012-1530 CVE-2013-0601 CVE-2013-0602 CVE-2013-0603 CVE-2013-0604 CVE-2013-0605 CVE-2013-0606 CVE-2013-0607 CVE-2013-0608 CVE-2013-0609 CVE-2013-0610 CVE-2013-0611 CVE-2013-0612 CVE-2013-0613 CVE-2013-0614 CVE-2013-0615 CVE-2013-0616 CVE-2013-0617 CVE-2013-0618 CVE-2013-0619 CVE-2013-0620 CVE-2013-0621 CVE-2013-0623 CVE-2013-0626 ===================================================================== 1. Summary: Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes several security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-02, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0623, CVE-2013-0626) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.3, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 893235 - acroread: multiple code execution flaws (APSB13-02) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.5.3-1.el5_9.i386.rpm acroread-plugin-9.5.3-1.el5_9.i386.rpm x86_64: acroread-9.5.3-1.el5_9.i386.rpm acroread-plugin-9.5.3-1.el5_9.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.5.3-1.el5_9.i386.rpm acroread-plugin-9.5.3-1.el5_9.i386.rpm x86_64: acroread-9.5.3-1.el5_9.i386.rpm acroread-plugin-9.5.3-1.el5_9.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm x86_64: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm x86_64: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm x86_64: acroread-9.5.3-1.el6_3.i686.rpm acroread-plugin-9.5.3-1.el6_3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1530.html https://www.redhat.com/security/data/cve/CVE-2013-0601.html https://www.redhat.com/security/data/cve/CVE-2013-0602.html https://www.redhat.com/security/data/cve/CVE-2013-0603.html https://www.redhat.com/security/data/cve/CVE-2013-0604.html https://www.redhat.com/security/data/cve/CVE-2013-0605.html https://www.redhat.com/security/data/cve/CVE-2013-0606.html https://www.redhat.com/security/data/cve/CVE-2013-0607.html https://www.redhat.com/security/data/cve/CVE-2013-0608.html https://www.redhat.com/security/data/cve/CVE-2013-0609.html https://www.redhat.com/security/data/cve/CVE-2013-0610.html https://www.redhat.com/security/data/cve/CVE-2013-0611.html https://www.redhat.com/security/data/cve/CVE-2013-0612.html https://www.redhat.com/security/data/cve/CVE-2013-0613.html https://www.redhat.com/security/data/cve/CVE-2013-0614.html https://www.redhat.com/security/data/cve/CVE-2013-0615.html https://www.redhat.com/security/data/cve/CVE-2013-0616.html https://www.redhat.com/security/data/cve/CVE-2013-0617.html https://www.redhat.com/security/data/cve/CVE-2013-0618.html https://www.redhat.com/security/data/cve/CVE-2013-0619.html https://www.redhat.com/security/data/cve/CVE-2013-0620.html https://www.redhat.com/security/data/cve/CVE-2013-0621.html https://www.redhat.com/security/data/cve/CVE-2013-0623.html https://www.redhat.com/security/data/cve/CVE-2013-0626.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-02.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7iD5XlSAg2UNWIIRAri3AJ4/o8LBO3LqI/BP87Mby22fsMHsjQCfc5Lu Et8kiY85fmBej1hBVrHH43w= =v+Oo -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 10 20:45:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Jan 2013 20:45:14 +0000 Subject: [RHSA-2013:0153-01] Critical: Ruby on Rails security update Message-ID: <201301102045.r0AKjEej030773@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Ruby on Rails security update Advisory ID: RHSA-2013:0153-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0153.html Issue date: 2013-01-10 CVE Names: CVE-2013-0156 ===================================================================== 1. Summary: Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RedHat OpenShift Enterprise Infrastructure - noarch RedHat OpenShift Enterprise Node - noarch 3. Description: Ruby on Rails is a model?view?controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request. (CVE-2013-0156) Red Hat is aware that a public exploit for the CVE-2013-0156 issues is available that allows remote code execution in applications using Ruby on Rails. All users of Red Hat OpenShift Enterprise are advised to upgrade to these updated packages, which correct these issues. For Red Hat OpenShift Enterprise administrators, the openshift-broker and openshift-console services must be restarted for this update to take effect. Users of OpenShift are advised to update their own applications that are running Ruby on Rails. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 892870 - CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack 6. Package List: RedHat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activesupport-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-actionpack-3.0.13-2.1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activesupport-3.0.13-2.el6op.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-2.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-3.el6.noarch.rpm rubygem-actionpack-3.0.13-2.1.el6op.noarch.rpm rubygem-activesupport-3.0.13-2.el6op.noarch.rpm RedHat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-actionpack-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activesupport-3.2.8-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activesupport-3.0.13-2.el6op.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-2.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activesupport-3.2.8-3.el6.noarch.rpm rubygem-activesupport-3.0.13-2.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0156.html https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/knowledge/solutions/290903 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7yhFXlSAg2UNWIIRAprFAKC3aQV+Ch3EFY4Vd4bmxIZ/wpqXGACeJTQi El8HsN0npWuWaoI9q/mDkhc= =nIRO -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 14 21:04:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Jan 2013 21:04:38 +0000 Subject: [RHSA-2013:0156-01] Critical: java-1.7.0-oracle security update Message-ID: <201301142104.r0EL4c6X015811@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0156-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0156.html Issue date: 2013-01-14 CVE Names: CVE-2012-3174 CVE-2013-0422 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. (CVE-2012-3174, CVE-2013-0422) Red Hat is aware that a public exploit for CVE-2013-0422 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 11 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 894172 - CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017) 894934 - CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3174.html https://www.redhat.com/security/data/cve/CVE-2013-0422.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ9HLUXlSAg2UNWIIRAkWpAJ9Tl0dsAJ6yYLM8seRIUZVYybAx1wCeK3iy 7FRLT/onIm69eomjW+1v26o= =66mP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 16 18:30:33 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Jan 2013 18:30:33 +0000 Subject: [RHSA-2013:0165-01] Important: java-1.7.0-openjdk security update Message-ID: <201301161830.r0GIUXnu014673@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0165-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0165.html Issue date: 2013-01-16 CVE Names: CVE-2012-3174 CVE-2013-0422 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 894172 - CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017) 894934 - CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3174.html https://www.redhat.com/security/data/cve/CVE-2013-0422.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.4/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ9vGaXlSAg2UNWIIRAvHRAJ4x8h7+wYb/ImUclASGBfRuTHPGfQCgvnWp X7nydIij7IgJgT8oxeEtvQk= =lWn8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 21 22:41:55 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 Jan 2013 22:41:55 +0000 Subject: [RHSA-2013:0169-01] Moderate: vino security update Message-ID: <201301212241.r0LMfuYm007761@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vino security update Advisory ID: RHSA-2013:0169-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0169.html Issue date: 2013-01-21 CVE Names: CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 CVE-2011-1165 CVE-2012-4429 ===================================================================== 1. Summary: An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. (CVE-2012-4429) Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash. (CVE-2011-0904, CVE-2011-0905) In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. (CVE-2011-1164) There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent. (CVE-2011-1165) All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 553477 - CVE-2011-1164 vino: vino-preferences incorrectly indicates that computer is only reachable over local network 678846 - CVE-2011-1165 vino-preferences does not warn about UPnP especially with no password and no confirmation. 694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests 694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests 857250 - CVE-2012-4429 vino: information leak and authentication bypass 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/vino-2.28.1-8.el6_3.src.rpm i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/vino-2.28.1-8.el6_3.src.rpm i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm ppc64: vino-2.28.1-8.el6_3.ppc64.rpm vino-debuginfo-2.28.1-8.el6_3.ppc64.rpm s390x: vino-2.28.1-8.el6_3.s390x.rpm vino-debuginfo-2.28.1-8.el6_3.s390x.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/vino-2.28.1-8.el6_3.src.rpm i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0904.html https://www.redhat.com/security/data/cve/CVE-2011-0905.html https://www.redhat.com/security/data/cve/CVE-2011-1164.html https://www.redhat.com/security/data/cve/CVE-2011-1165.html https://www.redhat.com/security/data/cve/CVE-2012-4429.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ/cQCXlSAg2UNWIIRAiBQAJ44hwOjZL72v7GmJ77EZFa2XyO27gCaAnqs vZl0XkPZPdvK3IQhWrFSdFI= =sso5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 22 19:57:37 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Jan 2013 19:57:37 +0000 Subject: [RHSA-2013:0168-01] Moderate: kernel security and bug fix update Message-ID: <201301221957.r0MJvbRk024135@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:0168-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0168.html Issue date: 2013-01-22 CVE Names: CVE-2012-1568 CVE-2012-4444 CVE-2012-5515 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service (Xen hypervisor hang). (CVE-2012-5515, Moderate) * It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank the Xen project for reporting CVE-2012-5515, and Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. This update also fixes several bugs. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 5.9 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 804947 - CVE-2012-1568 kernel: execshield: predictable ascii armour base address 874835 - CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments 877397 - CVE-2012-5515 kernel: xen: Several memory hypercall operations allow invalid extent order values 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.1.1.el5.src.rpm i386: kernel-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.1.1.el5.i686.rpm kernel-debug-2.6.18-348.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.i686.rpm kernel-devel-2.6.18-348.1.1.el5.i686.rpm kernel-headers-2.6.18-348.1.1.el5.i386.rpm kernel-xen-2.6.18-348.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.1.1.el5.i686.rpm noarch: kernel-doc-2.6.18-348.1.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.x86_64.rpm kernel-devel-2.6.18-348.1.1.el5.x86_64.rpm kernel-headers-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.1.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.1.1.el5.src.rpm i386: kernel-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.1.1.el5.i686.rpm kernel-debug-2.6.18-348.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.i686.rpm kernel-devel-2.6.18-348.1.1.el5.i686.rpm kernel-headers-2.6.18-348.1.1.el5.i386.rpm kernel-xen-2.6.18-348.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.1.1.el5.i686.rpm ia64: kernel-2.6.18-348.1.1.el5.ia64.rpm kernel-debug-2.6.18-348.1.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.1.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.1.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.ia64.rpm kernel-devel-2.6.18-348.1.1.el5.ia64.rpm kernel-headers-2.6.18-348.1.1.el5.ia64.rpm kernel-xen-2.6.18-348.1.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.1.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.1.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.1.1.el5.noarch.rpm ppc: kernel-2.6.18-348.1.1.el5.ppc64.rpm kernel-debug-2.6.18-348.1.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.1.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.1.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.ppc64.rpm kernel-devel-2.6.18-348.1.1.el5.ppc64.rpm kernel-headers-2.6.18-348.1.1.el5.ppc.rpm kernel-headers-2.6.18-348.1.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.1.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.1.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.1.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.1.1.el5.s390x.rpm kernel-debug-2.6.18-348.1.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.1.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.1.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.s390x.rpm kernel-devel-2.6.18-348.1.1.el5.s390x.rpm kernel-headers-2.6.18-348.1.1.el5.s390x.rpm kernel-kdump-2.6.18-348.1.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.1.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.1.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.1.1.el5.x86_64.rpm kernel-devel-2.6.18-348.1.1.el5.x86_64.rpm kernel-headers-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.1.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1568.html https://www.redhat.com/security/data/cve/CVE-2012-4444.html https://www.redhat.com/security/data/cve/CVE-2012-5515.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.9_Technical_Notes/kernel.html#RHSA-2013-0168 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFQ/u8hXlSAg2UNWIIRApEXAJ0b2CjrKygVjA0hPpPDhH9uMUMMRACXc6Fv QrIwgNIlVkxL5UEujHZ/+A== =Tgfp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 22 19:58:13 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 22 Jan 2013 19:58:13 +0000 Subject: [RHSA-2013:0180-01] Important: mysql security update Message-ID: <201301221958.r0MJwEDP028929@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2013:0180-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0180.html Issue date: 2013-01-22 CVE Names: CVE-2012-2749 CVE-2012-5611 ===================================================================== 1. Summary: Updated mysql packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. (BZ#814605) All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 814605 - CVE-2012-2122 mysql: incorrect type cast in check_scramble() leading to authentication bypass 833737 - CVE-2012-2749 mysql: crash caused by wrong calculation of key length for sort order index 881064 - CVE-2012-5611 mysql: acl_get() stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.95-5.el5_9.src.rpm i386: mysql-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm x86_64: mysql-5.0.95-5.el5_9.i386.rpm mysql-5.0.95-5.el5_9.x86_64.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client-Workstation/en/os/SRPMS/mysql-5.0.95-5.el5_9.src.rpm i386: mysql-bench-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-devel-5.0.95-5.el5_9.i386.rpm mysql-server-5.0.95-5.el5_9.i386.rpm mysql-test-5.0.95-5.el5_9.i386.rpm x86_64: mysql-bench-5.0.95-5.el5_9.x86_64.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.x86_64.rpm mysql-devel-5.0.95-5.el5_9.i386.rpm mysql-devel-5.0.95-5.el5_9.x86_64.rpm mysql-server-5.0.95-5.el5_9.x86_64.rpm mysql-test-5.0.95-5.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.95-5.el5_9.src.rpm i386: mysql-5.0.95-5.el5_9.i386.rpm mysql-bench-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-devel-5.0.95-5.el5_9.i386.rpm mysql-server-5.0.95-5.el5_9.i386.rpm mysql-test-5.0.95-5.el5_9.i386.rpm ia64: mysql-5.0.95-5.el5_9.i386.rpm mysql-5.0.95-5.el5_9.ia64.rpm mysql-bench-5.0.95-5.el5_9.ia64.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.ia64.rpm mysql-devel-5.0.95-5.el5_9.ia64.rpm mysql-server-5.0.95-5.el5_9.ia64.rpm mysql-test-5.0.95-5.el5_9.ia64.rpm ppc: mysql-5.0.95-5.el5_9.ppc.rpm mysql-5.0.95-5.el5_9.ppc64.rpm mysql-bench-5.0.95-5.el5_9.ppc.rpm mysql-debuginfo-5.0.95-5.el5_9.ppc.rpm mysql-debuginfo-5.0.95-5.el5_9.ppc64.rpm mysql-devel-5.0.95-5.el5_9.ppc.rpm mysql-devel-5.0.95-5.el5_9.ppc64.rpm mysql-server-5.0.95-5.el5_9.ppc.rpm mysql-server-5.0.95-5.el5_9.ppc64.rpm mysql-test-5.0.95-5.el5_9.ppc.rpm s390x: mysql-5.0.95-5.el5_9.s390.rpm mysql-5.0.95-5.el5_9.s390x.rpm mysql-bench-5.0.95-5.el5_9.s390x.rpm mysql-debuginfo-5.0.95-5.el5_9.s390.rpm mysql-debuginfo-5.0.95-5.el5_9.s390x.rpm mysql-devel-5.0.95-5.el5_9.s390.rpm mysql-devel-5.0.95-5.el5_9.s390x.rpm mysql-server-5.0.95-5.el5_9.s390x.rpm mysql-test-5.0.95-5.el5_9.s390x.rpm x86_64: mysql-5.0.95-5.el5_9.i386.rpm mysql-5.0.95-5.el5_9.x86_64.rpm mysql-bench-5.0.95-5.el5_9.x86_64.rpm mysql-debuginfo-5.0.95-5.el5_9.i386.rpm mysql-debuginfo-5.0.95-5.el5_9.x86_64.rpm mysql-devel-5.0.95-5.el5_9.i386.rpm mysql-devel-5.0.95-5.el5_9.x86_64.rpm mysql-server-5.0.95-5.el5_9.x86_64.rpm mysql-test-5.0.95-5.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2749.html https://www.redhat.com/security/data/cve/CVE-2012-5611.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ/u9KXlSAg2UNWIIRAkZYAKDD2ZXtDIWDYrmcX/bjYxgb+O6cqwCgrilk lg8mg0xVB9DV5VZIJ0fMd7Y= =cxdU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 23 21:51:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Jan 2013 21:51:50 +0000 Subject: [RHSA-2013:0188-01] Important: ipa security update Message-ID: <201301232151.r0NLponH001002@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ipa security update Advisory ID: RHSA-2013:0188-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0188.html Issue date: 2013-01-23 CVE Names: CVE-2012-5484 ===================================================================== 1. Summary: Updated ipa packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator's credentials. (CVE-2012-5484) Note: This weakness was only exposed during the initial client join to the realm, because the IPA client did not yet have the CA certificate of the server. Once an IPA client has joined the realm and has obtained the CA certificate of the IPA server, all further communication is secure. If a client were using the OTP (one-time password) method to join to the realm, an attacker could only obtain unprivileged access to the server (enough to only join the realm). Red Hat would like to thank Petr Men??k for reporting this issue. This update must be installed on both the IPA client and IPA server. When this update has been applied to the client but not the server, ipa-client-install, in unattended mode, will fail if you do not have the correct CA certificate locally, noting that you must use the "--force" option to insecurely obtain the certificate. In interactive mode, the certificate will try to be obtained securely from LDAP. If this fails, you will be prompted to insecurely download the certificate via HTTP. In the same situation when using OTP, LDAP will not be queried and you will be prompted to insecurely download the certificate via HTTP. Users of ipa are advised to upgrade to these updated packages, which correct this issue. After installing the update, changes in LDAP are handled by ipa-ldap-updater automatically and are effective immediately. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 876307 - CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm i386: ipa-client-2.2.0-17.el6_3.1.i686.rpm ipa-debuginfo-2.2.0-17.el6_3.1.i686.rpm ipa-python-2.2.0-17.el6_3.1.i686.rpm x86_64: ipa-client-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-python-2.2.0-17.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm i386: ipa-admintools-2.2.0-17.el6_3.1.i686.rpm ipa-debuginfo-2.2.0-17.el6_3.1.i686.rpm ipa-server-2.2.0-17.el6_3.1.i686.rpm ipa-server-selinux-2.2.0-17.el6_3.1.i686.rpm x86_64: ipa-admintools-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-selinux-2.2.0-17.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm x86_64: ipa-client-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-python-2.2.0-17.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm x86_64: ipa-admintools-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-selinux-2.2.0-17.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm i386: ipa-admintools-2.2.0-17.el6_3.1.i686.rpm ipa-client-2.2.0-17.el6_3.1.i686.rpm ipa-debuginfo-2.2.0-17.el6_3.1.i686.rpm ipa-python-2.2.0-17.el6_3.1.i686.rpm ipa-server-2.2.0-17.el6_3.1.i686.rpm ipa-server-selinux-2.2.0-17.el6_3.1.i686.rpm ppc64: ipa-admintools-2.2.0-17.el6_3.1.ppc64.rpm ipa-client-2.2.0-17.el6_3.1.ppc64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.ppc64.rpm ipa-python-2.2.0-17.el6_3.1.ppc64.rpm s390x: ipa-admintools-2.2.0-17.el6_3.1.s390x.rpm ipa-client-2.2.0-17.el6_3.1.s390x.rpm ipa-debuginfo-2.2.0-17.el6_3.1.s390x.rpm ipa-python-2.2.0-17.el6_3.1.s390x.rpm x86_64: ipa-admintools-2.2.0-17.el6_3.1.x86_64.rpm ipa-client-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-python-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-selinux-2.2.0-17.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ipa-2.2.0-17.el6_3.1.src.rpm i386: ipa-admintools-2.2.0-17.el6_3.1.i686.rpm ipa-client-2.2.0-17.el6_3.1.i686.rpm ipa-debuginfo-2.2.0-17.el6_3.1.i686.rpm ipa-python-2.2.0-17.el6_3.1.i686.rpm ipa-server-2.2.0-17.el6_3.1.i686.rpm ipa-server-selinux-2.2.0-17.el6_3.1.i686.rpm x86_64: ipa-admintools-2.2.0-17.el6_3.1.x86_64.rpm ipa-client-2.2.0-17.el6_3.1.x86_64.rpm ipa-debuginfo-2.2.0-17.el6_3.1.x86_64.rpm ipa-python-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-2.2.0-17.el6_3.1.x86_64.rpm ipa-server-selinux-2.2.0-17.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5484.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRAFtoXlSAg2UNWIIRAhb6AKC8pKI8sFczd4SAk0l4m/+XV8OQSwCeMU9S 5ISYbcazBwT6wNNRKn07Mh4= =Fnq3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 23 21:52:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Jan 2013 21:52:22 +0000 Subject: [RHSA-2013:0189-01] Important: ipa-client security update Message-ID: <201301232152.r0NLqMnf015815@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ipa-client security update Advisory ID: RHSA-2013:0189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0189.html Issue date: 2013-01-23 CVE Names: CVE-2012-5484 ===================================================================== 1. Summary: An updated ipa-client package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator's credentials. (CVE-2012-5484) Note: This weakness was only exposed during the initial client join to the realm, because the IPA client did not yet have the CA certificate of the server. Once an IPA client has joined the realm and has obtained the CA certificate of the IPA server, all further communication is secure. If a client were using the OTP (one-time password) method to join to the realm, an attacker could only obtain unprivileged access to the server (enough to only join the realm). Red Hat would like to thank Petr Men??k for reporting this issue. When a fix for this flaw has been applied to the client but not yet the server, ipa-client-install, in unattended mode, will fail if you do not have the correct CA certificate locally, noting that you must use the "--force" option to insecurely obtain the certificate. In interactive mode, the certificate will try to be obtained securely from LDAP. If this fails, you will be prompted to insecurely download the certificate via HTTP. In the same situation when using OTP, LDAP will not be queried and you will be prompted to insecurely download the certificate via HTTP. Users of ipa-client are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 876307 - CVE-2012-5484 ipa: weakness when initiating join from IPA client can potentially compromise IPA domain 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ipa-client-2.1.3-5.el5_9.2.src.rpm i386: ipa-client-2.1.3-5.el5_9.2.i386.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.i386.rpm x86_64: ipa-client-2.1.3-5.el5_9.2.x86_64.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ipa-client-2.1.3-5.el5_9.2.src.rpm i386: ipa-client-2.1.3-5.el5_9.2.i386.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.i386.rpm ia64: ipa-client-2.1.3-5.el5_9.2.ia64.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.ia64.rpm ppc: ipa-client-2.1.3-5.el5_9.2.ppc.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.ppc.rpm s390x: ipa-client-2.1.3-5.el5_9.2.s390x.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.s390x.rpm x86_64: ipa-client-2.1.3-5.el5_9.2.x86_64.rpm ipa-client-debuginfo-2.1.3-5.el5_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5484.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRAFuFXlSAg2UNWIIRAjmnAKCsetHcNL5fwNChLVPlQ+Y9gaocKwCeMjWv k1LZd1B9AXIbeNokcsw9F9k= =wbi1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 28 19:23:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Jan 2013 19:23:12 +0000 Subject: [RHSA-2013:0199-01] Important: libvirt security update Message-ID: <201301281923.r0SJNCGZ008331@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security update Advisory ID: RHSA-2013:0199-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0199.html Issue date: 2013-01-28 CVE Names: CVE-2013-0170 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) This issue was discovered by Tingting Zheng of Red Hat. All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 893450 - CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm i386: libvirt-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-python-0.9.10-21.el6_3.8.i686.rpm x86_64: libvirt-0.9.10-21.el6_3.8.x86_64.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm i386: libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm x86_64: libvirt-0.9.10-21.el6_3.8.x86_64.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm i386: libvirt-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-python-0.9.10-21.el6_3.8.i686.rpm ppc64: libvirt-0.9.10-21.el6_3.8.ppc64.rpm libvirt-client-0.9.10-21.el6_3.8.ppc.rpm libvirt-client-0.9.10-21.el6_3.8.ppc64.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.ppc.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.ppc64.rpm libvirt-devel-0.9.10-21.el6_3.8.ppc.rpm libvirt-devel-0.9.10-21.el6_3.8.ppc64.rpm libvirt-python-0.9.10-21.el6_3.8.ppc64.rpm s390x: libvirt-0.9.10-21.el6_3.8.s390x.rpm libvirt-client-0.9.10-21.el6_3.8.s390.rpm libvirt-client-0.9.10-21.el6_3.8.s390x.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.s390.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.s390x.rpm libvirt-devel-0.9.10-21.el6_3.8.s390.rpm libvirt-devel-0.9.10-21.el6_3.8.s390x.rpm libvirt-python-0.9.10-21.el6_3.8.s390x.rpm x86_64: libvirt-0.9.10-21.el6_3.8.x86_64.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm i386: libvirt-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-python-0.9.10-21.el6_3.8.i686.rpm x86_64: libvirt-0.9.10-21.el6_3.8.x86_64.rpm libvirt-client-0.9.10-21.el6_3.8.i686.rpm libvirt-client-0.9.10-21.el6_3.8.x86_64.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.i686.rpm libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-devel-0.9.10-21.el6_3.8.i686.rpm libvirt-devel-0.9.10-21.el6_3.8.x86_64.rpm libvirt-python-0.9.10-21.el6_3.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.9.10-21.el6_3.8.src.rpm x86_64: libvirt-debuginfo-0.9.10-21.el6_3.8.x86_64.rpm libvirt-lock-sanlock-0.9.10-21.el6_3.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0170.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRBtAEXlSAg2UNWIIRAsAmAKCcbJgg6VS7phhkjcvRXau1TYULRACgncgM UN99sjjZkdhGa9h8BVrLqvI= =GBmR -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jan 28 23:17:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 Jan 2013 23:17:01 +0000 Subject: [RHSA-2013:0202-01] Critical: rubygem-activesupport security update Message-ID: <201301282317.r0SNH2Wx032193@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: rubygem-activesupport security update Advisory ID: RHSA-2013:0202-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0202.html Issue date: 2013-01-28 CVE Names: CVE-2013-0333 ===================================================================== 1. Summary: An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Infrastructure - noarch Red Hat OpenShift Enterprise Node - noarch 3. Description: Ruby on Rails is a model?view?controller (MVC) framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request. (CVE-2013-0333) Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Lawrence Pit of Mirror42 as the original reporter. All users of Red Hat OpenShift Enterprise are advised to upgrade to this updated package, which resolves this issue. For Red Hat OpenShift Enterprise administrators, the openshift-broker and openshift-console services must be restarted for this update to take effect. Users of OpenShift are advised to update their own applications that are running Ruby on Rails. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 903440 - CVE-2013-0333 rubygem-activesupport: json to yaml parsing 6. Package List: Red Hat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activesupport-3.0.13-4.el6op.src.rpm noarch: rubygem-activesupport-3.0.13-4.el6op.noarch.rpm Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activesupport-3.0.13-4.el6op.src.rpm noarch: rubygem-activesupport-3.0.13-4.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0333.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRBwbZXlSAg2UNWIIRAlVgAJ9JFGOagXA5+UPDjLxlgJ9FEeF0egCcDad+ 7ZgiW9N03GkBkrLJ6ECE2ME= =GAfG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 30 21:08:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Jan 2013 21:08:43 +0000 Subject: [RHSA-2013:0208-01] Important: openstack-nova security and bug fix update Message-ID: <201301302108.r0UL8hHp018934@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security and bug fix update Advisory ID: RHSA-2013:0208-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0208.html Issue date: 2013-01-30 CVE Names: CVE-2012-5625 CVE-2013-0208 ===================================================================== 1. Summary: Updated openstack-nova packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-nova packages provide OpenStack Compute (code name Nova), a cloud computing fabric controller. The openstack-nova packages have been upgraded to upstream version 2012.2.2, which provides a number of bug fixes over the previous version. This update also fixes the following security issues: It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them to boot images they would otherwise not have access to, exposing data stored in other users' images. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack. (CVE-2013-0208) When OpenStack Nova was configured to provide guest instances with libvirt and said guests used LVM-backed ephemeral storage ("libvirt_images_type=lvm" in "/etc/nova/nova.conf"), the contents of the physical volume were not wiped before the volume was returned to the system for use by a different guest instance. This could lead to a new instance being able to access files and data from a previous instance. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack. (CVE-2012-5625) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Phil Day as the original reporter of CVE-2013-0208, and Eric Windisch as the original reporter of CVE-2012-5625. All users of openstack-nova are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Nova running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856263 - Fix libvirt auth callback to allow for use of libvirt client auth config files 881810 - When Installing openstack-nova, The package python-keystone should be installed by dependency. 884293 - CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances 887303 - Change default networking type to virtio 902629 - CVE-2013-0208 openstack-nova: Boot from volume allows access to random volumes 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-nova-2012.2.2-8.el6ost.src.rpm noarch: openstack-nova-2012.2.2-8.el6ost.noarch.rpm openstack-nova-api-2012.2.2-8.el6ost.noarch.rpm openstack-nova-cert-2012.2.2-8.el6ost.noarch.rpm openstack-nova-common-2012.2.2-8.el6ost.noarch.rpm openstack-nova-compute-2012.2.2-8.el6ost.noarch.rpm openstack-nova-console-2012.2.2-8.el6ost.noarch.rpm openstack-nova-doc-2012.2.2-8.el6ost.noarch.rpm openstack-nova-network-2012.2.2-8.el6ost.noarch.rpm openstack-nova-objectstore-2012.2.2-8.el6ost.noarch.rpm openstack-nova-scheduler-2012.2.2-8.el6ost.noarch.rpm openstack-nova-volume-2012.2.2-8.el6ost.noarch.rpm python-nova-2012.2.2-8.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5625.html https://www.redhat.com/security/data/cve/CVE-2013-0208.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCYuhXlSAg2UNWIIRAmvzAJ0b0A7cJmqsWIi23N9zxppXrT0P+wCgm1l0 mIWuqenp3KeBilnkqg+8Los= =r3zA -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 30 21:09:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Jan 2013 21:09:12 +0000 Subject: [RHSA-2013:0209-01] Important: openstack-glance security update Message-ID: <201301302109.r0UL9CgA011946@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-glance security update Advisory ID: RHSA-2013:0209-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0209.html Issue date: 2013-01-30 CVE Names: CVE-2013-0212 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: These packages provide a service (code name Glance) that acts as a registry for virtual machine images. It was found that when the OpenStack Glance front-end communicated with an OpenStack Swift endpoint, the operator credentials could be logged in plain text when certain errors occurred during new image creation. An authenticated user could use this flaw to gain administrative access to an OpenStack Swift endpoint. (CVE-2013-0212) This issue was discovered by Dan Prince of Red Hat. All users of openstack-glance are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 902964 - CVE-2013-0212 openstack-glance: Backend password leak in Glance error message 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-glance-2012.2.1-4.el6ost.src.rpm noarch: openstack-glance-2012.2.1-4.el6ost.noarch.rpm openstack-glance-doc-2012.2.1-4.el6ost.noarch.rpm python-glance-2012.2.1-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0212.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCYvkXlSAg2UNWIIRAnTHAJwIrOaynBQ+3TQOfXMl9dL8YhPTdQCgtF+G yKXYcSun7C1o3Wccbd9IA+s= =melS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 30 21:10:49 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 Jan 2013 21:10:49 +0000 Subject: [RHSA-2013:0210-01] Low: Red Hat Enterprise Linux 3 - 1-Year End Of Support Notice Message-ID: <201301302110.r0ULAop4031464@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 - 1-Year End Of Support Notice Advisory ID: RHSA-2013:0210-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0210.html Issue date: 2013-01-30 ===================================================================== 1. Summary: This is the one-year notification for the end of support services provided for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Red Hat will discontinue the extended subscription services provided through the Extended Lifecycle Support (ELS) Add-On for Red Hat Enterprise Linux 3 on January 30, 2014. After that date, critical impact security fixes and urgent-priority bug fixes will no longer be available for the following products: * Red Hat Enterprise Linux AS 3 * Red Hat Enterprise Linux ES 3 After January 30, 2014, technical support through Red Hat?s Global Support Services will no longer be provided for these products. This date also marks the end of the Extended Life Phase for Red Hat Enterprise Linux 3. We encourage customers to plan their migration from Red Hat Enterprise Linux 3 to Red Hat Enterprise Linux 5 or 6, both of which are currently supported within their active, production phase life cycle. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on the currently supported Red Hat Enterprise Linux 5 or 6 releases. For more information on the Red Hat Extended Lifecycle Support (ELS) Add-On, contact your Red Hat sales representative or channel partner. Additionally, you can find more information here: http://www.redhat.com/rhel/server/extended_lifecycle_support/ Details of the Red Hat Enterprise Linux life cycle can be found here: http://www.redhat.com/security/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of support notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: redhat-release-3AS-13.9.14.src.rpm i386: redhat-release-3AS-13.9.14.i386.rpm redhat-release-debuginfo-3AS-13.9.14.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: redhat-release-3ES-13.9.14.src.rpm i386: redhat-release-3ES-13.9.14.i386.rpm redhat-release-debuginfo-3ES-13.9.14.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low http://www.redhat.com/rhel/server/extended_lifecycle_support/ http://www.redhat.com/security/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCYwDXlSAg2UNWIIRAlULAKCOw+VRUTGu8fVW4iYQvDMeVRhTPwCgqZ/Z yw0vBFn8aKqbIY35xfRMY00= =o2sK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:52:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:52:48 +0000 Subject: [RHSA-2013:0213-01] Important: nss, nss-util, and nspr security, bug fix, and enhancement update Message-ID: <201301312152.r0VLqmLx005032@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss, nss-util, and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2013:0213-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0213.html Issue date: 2013-01-31 ===================================================================== 1. Summary: Updated nss, nss-util, and nspr packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#890605) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. In addition, the nss package has been upgraded to upstream version 3.13.6, the nss-util package has been upgraded to upstream version 3.13.6, and the nspr package has been upgraded to upstream version 4.9.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#891663, BZ#891670, BZ#891661) Users of NSS, NSPR, and nss-util are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 890605 - nss: Dis-trust TURKTRUST mis-issued *.google.com certificate 891661 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR 891663 - [RFE] Rebase to NSS >= 3.13.6 891670 - [RFE] Rebase to NSS-UTIL >= 3.13.6 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm i386: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nss-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-sysinit-3.13.6-2.el6_3.i686.rpm nss-tools-3.13.6-2.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm x86_64: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-4.9.2-0.el6_3.1.x86_64.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nss-3.13.6-2.el6_3.i686.rpm nss-3.13.6-2.el6_3.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-sysinit-3.13.6-2.el6_3.x86_64.rpm nss-tools-3.13.6-2.el6_3.x86_64.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm i386: nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm x86_64: nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm x86_64: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-4.9.2-0.el6_3.1.x86_64.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nss-3.13.6-2.el6_3.i686.rpm nss-3.13.6-2.el6_3.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-sysinit-3.13.6-2.el6_3.x86_64.rpm nss-tools-3.13.6-2.el6_3.x86_64.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm x86_64: nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm i386: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nss-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-sysinit-3.13.6-2.el6_3.i686.rpm nss-tools-3.13.6-2.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm ppc64: nspr-4.9.2-0.el6_3.1.ppc.rpm nspr-4.9.2-0.el6_3.1.ppc64.rpm nspr-debuginfo-4.9.2-0.el6_3.1.ppc.rpm nspr-debuginfo-4.9.2-0.el6_3.1.ppc64.rpm nspr-devel-4.9.2-0.el6_3.1.ppc.rpm nspr-devel-4.9.2-0.el6_3.1.ppc64.rpm nss-3.13.6-2.el6_3.ppc.rpm nss-3.13.6-2.el6_3.ppc64.rpm nss-debuginfo-3.13.6-2.el6_3.ppc.rpm nss-debuginfo-3.13.6-2.el6_3.ppc64.rpm nss-devel-3.13.6-2.el6_3.ppc.rpm nss-devel-3.13.6-2.el6_3.ppc64.rpm nss-sysinit-3.13.6-2.el6_3.ppc64.rpm nss-tools-3.13.6-2.el6_3.ppc64.rpm nss-util-3.13.6-1.el6_3.ppc.rpm nss-util-3.13.6-1.el6_3.ppc64.rpm nss-util-debuginfo-3.13.6-1.el6_3.ppc.rpm nss-util-debuginfo-3.13.6-1.el6_3.ppc64.rpm nss-util-devel-3.13.6-1.el6_3.ppc.rpm nss-util-devel-3.13.6-1.el6_3.ppc64.rpm s390x: nspr-4.9.2-0.el6_3.1.s390.rpm nspr-4.9.2-0.el6_3.1.s390x.rpm nspr-debuginfo-4.9.2-0.el6_3.1.s390.rpm nspr-debuginfo-4.9.2-0.el6_3.1.s390x.rpm nspr-devel-4.9.2-0.el6_3.1.s390.rpm nspr-devel-4.9.2-0.el6_3.1.s390x.rpm nss-3.13.6-2.el6_3.s390.rpm nss-3.13.6-2.el6_3.s390x.rpm nss-debuginfo-3.13.6-2.el6_3.s390.rpm nss-debuginfo-3.13.6-2.el6_3.s390x.rpm nss-devel-3.13.6-2.el6_3.s390.rpm nss-devel-3.13.6-2.el6_3.s390x.rpm nss-sysinit-3.13.6-2.el6_3.s390x.rpm nss-tools-3.13.6-2.el6_3.s390x.rpm nss-util-3.13.6-1.el6_3.s390.rpm nss-util-3.13.6-1.el6_3.s390x.rpm nss-util-debuginfo-3.13.6-1.el6_3.s390.rpm nss-util-debuginfo-3.13.6-1.el6_3.s390x.rpm nss-util-devel-3.13.6-1.el6_3.s390.rpm nss-util-devel-3.13.6-1.el6_3.s390x.rpm x86_64: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-4.9.2-0.el6_3.1.x86_64.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm nss-3.13.6-2.el6_3.i686.rpm nss-3.13.6-2.el6_3.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.x86_64.rpm nss-sysinit-3.13.6-2.el6_3.x86_64.rpm nss-tools-3.13.6-2.el6_3.x86_64.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm i386: nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm ppc64: nss-debuginfo-3.13.6-2.el6_3.ppc.rpm nss-debuginfo-3.13.6-2.el6_3.ppc64.rpm nss-pkcs11-devel-3.13.6-2.el6_3.ppc.rpm nss-pkcs11-devel-3.13.6-2.el6_3.ppc64.rpm s390x: nss-debuginfo-3.13.6-2.el6_3.s390.rpm nss-debuginfo-3.13.6-2.el6_3.s390x.rpm nss-pkcs11-devel-3.13.6-2.el6_3.s390.rpm nss-pkcs11-devel-3.13.6-2.el6_3.s390x.rpm x86_64: nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9.2-0.el6_3.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.13.6-1.el6_3.src.rpm i386: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nss-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-sysinit-3.13.6-2.el6_3.i686.rpm nss-tools-3.13.6-2.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm x86_64: nspr-4.9.2-0.el6_3.1.i686.rpm nspr-4.9.2-0.el6_3.1.x86_64.rpm nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm nspr-devel-4.9.2-0.el6_3.1.i686.rpm nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm nss-3.13.6-2.el6_3.i686.rpm nss-3.13.6-2.el6_3.x86_64.rpm nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-devel-3.13.6-2.el6_3.i686.rpm nss-devel-3.13.6-2.el6_3.x86_64.rpm nss-sysinit-3.13.6-2.el6_3.x86_64.rpm nss-tools-3.13.6-2.el6_3.x86_64.rpm nss-util-3.13.6-1.el6_3.i686.rpm nss-util-3.13.6-1.el6_3.x86_64.rpm nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm nss-util-devel-3.13.6-1.el6_3.i686.rpm nss-util-devel-3.13.6-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.13.6-2.el6_3.src.rpm i386: nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm x86_64: nss-debuginfo-3.13.6-2.el6_3.i686.rpm nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important http://www.mozilla.org/security/announce/2013/mfsa2013-20.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCuegXlSAg2UNWIIRAj4uAJoD6m7ua4RFwzlik85a1yCLWaIk2wCdGReO lTvmB+VnS0Vf5Jkzfs5/z3g= =fhlU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:53:53 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:53:53 +0000 Subject: [RHSA-2013:0214-01] Important: nss and nspr security, bug fix, and enhancement update Message-ID: <201301312153.r0VLrskH016549@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2013:0214-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0214.html Issue date: 2013-01-31 ===================================================================== 1. Summary: Updated nss and nspr packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#890605) In addition, the nss package has been upgraded to upstream version 3.13.6, and the nspr package has been upgraded to upstream version 4.9.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#893371, BZ#893372) All NSS and NSPR users should upgrade to these updated packages, which correct these issues and add these enhancements. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 890605 - nss: Dis-trust TURKTRUST mis-issued *.google.com certificate 893371 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 893372 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.9.2-2.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.13.6-3.el5_9.src.rpm i386: nspr-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nss-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-tools-3.13.6-3.el5_9.i386.rpm x86_64: nspr-4.9.2-2.el5_9.i386.rpm nspr-4.9.2-2.el5_9.x86_64.rpm nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.x86_64.rpm nss-3.13.6-3.el5_9.i386.rpm nss-3.13.6-3.el5_9.x86_64.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.x86_64.rpm nss-tools-3.13.6-3.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nspr-4.9.2-2.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nss-3.13.6-3.el5_9.src.rpm i386: nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-devel-4.9.2-2.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-devel-3.13.6-3.el5_9.i386.rpm nss-pkcs11-devel-3.13.6-3.el5_9.i386.rpm x86_64: nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.x86_64.rpm nspr-devel-4.9.2-2.el5_9.i386.rpm nspr-devel-4.9.2-2.el5_9.x86_64.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.x86_64.rpm nss-devel-3.13.6-3.el5_9.i386.rpm nss-devel-3.13.6-3.el5_9.x86_64.rpm nss-pkcs11-devel-3.13.6-3.el5_9.i386.rpm nss-pkcs11-devel-3.13.6-3.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nspr-4.9.2-2.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nss-3.13.6-3.el5_9.src.rpm i386: nspr-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-devel-4.9.2-2.el5_9.i386.rpm nss-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-devel-3.13.6-3.el5_9.i386.rpm nss-pkcs11-devel-3.13.6-3.el5_9.i386.rpm nss-tools-3.13.6-3.el5_9.i386.rpm ia64: nspr-4.9.2-2.el5_9.i386.rpm nspr-4.9.2-2.el5_9.ia64.rpm nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.ia64.rpm nspr-devel-4.9.2-2.el5_9.ia64.rpm nss-3.13.6-3.el5_9.i386.rpm nss-3.13.6-3.el5_9.ia64.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.ia64.rpm nss-devel-3.13.6-3.el5_9.ia64.rpm nss-pkcs11-devel-3.13.6-3.el5_9.ia64.rpm nss-tools-3.13.6-3.el5_9.ia64.rpm ppc: nspr-4.9.2-2.el5_9.ppc.rpm nspr-4.9.2-2.el5_9.ppc64.rpm nspr-debuginfo-4.9.2-2.el5_9.ppc.rpm nspr-debuginfo-4.9.2-2.el5_9.ppc64.rpm nspr-devel-4.9.2-2.el5_9.ppc.rpm nspr-devel-4.9.2-2.el5_9.ppc64.rpm nss-3.13.6-3.el5_9.ppc.rpm nss-3.13.6-3.el5_9.ppc64.rpm nss-debuginfo-3.13.6-3.el5_9.ppc.rpm nss-debuginfo-3.13.6-3.el5_9.ppc64.rpm nss-devel-3.13.6-3.el5_9.ppc.rpm nss-devel-3.13.6-3.el5_9.ppc64.rpm nss-pkcs11-devel-3.13.6-3.el5_9.ppc.rpm nss-pkcs11-devel-3.13.6-3.el5_9.ppc64.rpm nss-tools-3.13.6-3.el5_9.ppc.rpm s390x: nspr-4.9.2-2.el5_9.s390.rpm nspr-4.9.2-2.el5_9.s390x.rpm nspr-debuginfo-4.9.2-2.el5_9.s390.rpm nspr-debuginfo-4.9.2-2.el5_9.s390x.rpm nspr-devel-4.9.2-2.el5_9.s390.rpm nspr-devel-4.9.2-2.el5_9.s390x.rpm nss-3.13.6-3.el5_9.s390.rpm nss-3.13.6-3.el5_9.s390x.rpm nss-debuginfo-3.13.6-3.el5_9.s390.rpm nss-debuginfo-3.13.6-3.el5_9.s390x.rpm nss-devel-3.13.6-3.el5_9.s390.rpm nss-devel-3.13.6-3.el5_9.s390x.rpm nss-pkcs11-devel-3.13.6-3.el5_9.s390.rpm nss-pkcs11-devel-3.13.6-3.el5_9.s390x.rpm nss-tools-3.13.6-3.el5_9.s390x.rpm x86_64: nspr-4.9.2-2.el5_9.i386.rpm nspr-4.9.2-2.el5_9.x86_64.rpm nspr-debuginfo-4.9.2-2.el5_9.i386.rpm nspr-debuginfo-4.9.2-2.el5_9.x86_64.rpm nspr-devel-4.9.2-2.el5_9.i386.rpm nspr-devel-4.9.2-2.el5_9.x86_64.rpm nss-3.13.6-3.el5_9.i386.rpm nss-3.13.6-3.el5_9.x86_64.rpm nss-debuginfo-3.13.6-3.el5_9.i386.rpm nss-debuginfo-3.13.6-3.el5_9.x86_64.rpm nss-devel-3.13.6-3.el5_9.i386.rpm nss-devel-3.13.6-3.el5_9.x86_64.rpm nss-pkcs11-devel-3.13.6-3.el5_9.i386.rpm nss-pkcs11-devel-3.13.6-3.el5_9.x86_64.rpm nss-tools-3.13.6-3.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/updates/classification/#important http://www.mozilla.org/security/announce/2013/mfsa2013-20.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCufHXlSAg2UNWIIRAmwuAJ9JeZAVTboSNRYKGvidXCBgrfz6FQCfYuMv 7hkvClvoRuBJCMIGPEKMMVg= =Nuzb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:55:58 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:55:58 +0000 Subject: [RHSA-2013:0215-01] Important: abrt and libreport security update Message-ID: <201301312155.r0VLtwd0008665@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: abrt and libreport security update Advisory ID: RHSA-2013:0215-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0215.html Issue date: 2013-01-31 CVE Names: CVE-2012-5659 CVE-2012-5660 ===================================================================== 1. Summary: Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trma? of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 854011 - CVE-2012-5659 abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache 887866 - CVE-2012-5660 abrt: Race condition in abrt-action-install-debuginfo 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-2.0.8-6.el6_3.2.i686.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm abrt-cli-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-desktop-2.0.8-6.el6_3.2.i686.rpm abrt-gui-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-tui-2.0.8-6.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-cli-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-newt-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm libreport-python-2.0.9-5.el6_3.2.i686.rpm x86_64: abrt-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.x86_64.rpm libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm libreport-python-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm x86_64: abrt-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.x86_64.rpm libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm libreport-python-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-2.0.8-6.el6_3.2.i686.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm abrt-cli-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-desktop-2.0.8-6.el6_3.2.i686.rpm abrt-gui-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-tui-2.0.8-6.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-cli-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-newt-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm libreport-python-2.0.9-5.el6_3.2.i686.rpm ppc64: abrt-2.0.8-6.el6_3.2.ppc64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.ppc64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.ppc64.rpm abrt-addon-python-2.0.8-6.el6_3.2.ppc64.rpm abrt-cli-2.0.8-6.el6_3.2.ppc64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.ppc.rpm abrt-debuginfo-2.0.8-6.el6_3.2.ppc64.rpm abrt-desktop-2.0.8-6.el6_3.2.ppc64.rpm abrt-gui-2.0.8-6.el6_3.2.ppc64.rpm abrt-libs-2.0.8-6.el6_3.2.ppc.rpm abrt-libs-2.0.8-6.el6_3.2.ppc64.rpm abrt-tui-2.0.8-6.el6_3.2.ppc64.rpm libreport-2.0.9-5.el6_3.2.ppc.rpm libreport-2.0.9-5.el6_3.2.ppc64.rpm libreport-cli-2.0.9-5.el6_3.2.ppc64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.ppc.rpm libreport-debuginfo-2.0.9-5.el6_3.2.ppc64.rpm libreport-gtk-2.0.9-5.el6_3.2.ppc.rpm libreport-gtk-2.0.9-5.el6_3.2.ppc64.rpm libreport-newt-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.ppc64.rpm libreport-python-2.0.9-5.el6_3.2.ppc64.rpm s390x: abrt-2.0.8-6.el6_3.2.s390x.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.s390x.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.s390x.rpm abrt-addon-python-2.0.8-6.el6_3.2.s390x.rpm abrt-cli-2.0.8-6.el6_3.2.s390x.rpm abrt-debuginfo-2.0.8-6.el6_3.2.s390.rpm abrt-debuginfo-2.0.8-6.el6_3.2.s390x.rpm abrt-desktop-2.0.8-6.el6_3.2.s390x.rpm abrt-gui-2.0.8-6.el6_3.2.s390x.rpm abrt-libs-2.0.8-6.el6_3.2.s390.rpm abrt-libs-2.0.8-6.el6_3.2.s390x.rpm abrt-tui-2.0.8-6.el6_3.2.s390x.rpm libreport-2.0.9-5.el6_3.2.s390.rpm libreport-2.0.9-5.el6_3.2.s390x.rpm libreport-cli-2.0.9-5.el6_3.2.s390x.rpm libreport-debuginfo-2.0.9-5.el6_3.2.s390.rpm libreport-debuginfo-2.0.9-5.el6_3.2.s390x.rpm libreport-gtk-2.0.9-5.el6_3.2.s390.rpm libreport-gtk-2.0.9-5.el6_3.2.s390x.rpm libreport-newt-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.s390x.rpm libreport-python-2.0.9-5.el6_3.2.s390x.rpm x86_64: abrt-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.x86_64.rpm libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm libreport-python-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm ppc64: abrt-addon-vmcore-2.0.8-6.el6_3.2.ppc64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.ppc.rpm abrt-debuginfo-2.0.8-6.el6_3.2.ppc64.rpm abrt-devel-2.0.8-6.el6_3.2.ppc.rpm abrt-devel-2.0.8-6.el6_3.2.ppc64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.ppc.rpm libreport-debuginfo-2.0.9-5.el6_3.2.ppc64.rpm libreport-devel-2.0.9-5.el6_3.2.ppc.rpm libreport-devel-2.0.9-5.el6_3.2.ppc64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.ppc.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.ppc64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.ppc64.rpm s390x: abrt-addon-vmcore-2.0.8-6.el6_3.2.s390x.rpm abrt-debuginfo-2.0.8-6.el6_3.2.s390.rpm abrt-debuginfo-2.0.8-6.el6_3.2.s390x.rpm abrt-devel-2.0.8-6.el6_3.2.s390.rpm abrt-devel-2.0.8-6.el6_3.2.s390x.rpm libreport-debuginfo-2.0.9-5.el6_3.2.s390.rpm libreport-debuginfo-2.0.9-5.el6_3.2.s390x.rpm libreport-devel-2.0.9-5.el6_3.2.s390.rpm libreport-devel-2.0.9-5.el6_3.2.s390x.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.s390.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.s390x.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.s390x.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-2.0.8-6.el6_3.2.i686.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm abrt-cli-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-desktop-2.0.8-6.el6_3.2.i686.rpm abrt-gui-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-tui-2.0.8-6.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-cli-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-newt-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm libreport-python-2.0.9-5.el6_3.2.i686.rpm x86_64: abrt-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.x86_64.rpm libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm libreport-python-2.0.9-5.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/abrt-2.0.8-6.el6_3.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libreport-2.0.9-5.el6_3.2.src.rpm i386: abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm x86_64: abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5659.html https://www.redhat.com/security/data/cve/CVE-2012-5660.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCuhcXlSAg2UNWIIRAs7sAKCfyrlQMxH/6/G+DzrOn14iO/n2XQCePihU onFxRjnga3srFU27AETG77w= =K0MA -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:57:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:57:47 +0000 Subject: [RHSA-2013:0216-01] Important: freetype security update Message-ID: <201301312157.r0VLvm7s000773@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2013:0216-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0216.html Issue date: 2013-01-31 CVE Names: CVE-2012-5669 ===================================================================== 1. Summary: Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5669) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 890088 - CVE-2012-5669 freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#37906) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-32.el5_9.1.src.rpm i386: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm x86_64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.x86_64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-32.el5_9.1.src.rpm i386: freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-demos-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-32.el5_9.1.src.rpm i386: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-demos-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm ia64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.ia64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ia64.rpm freetype-demos-2.2.1-32.el5_9.1.ia64.rpm freetype-devel-2.2.1-32.el5_9.1.ia64.rpm ppc: freetype-2.2.1-32.el5_9.1.ppc.rpm freetype-2.2.1-32.el5_9.1.ppc64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ppc.rpm freetype-debuginfo-2.2.1-32.el5_9.1.ppc64.rpm freetype-demos-2.2.1-32.el5_9.1.ppc.rpm freetype-devel-2.2.1-32.el5_9.1.ppc.rpm freetype-devel-2.2.1-32.el5_9.1.ppc64.rpm s390x: freetype-2.2.1-32.el5_9.1.s390.rpm freetype-2.2.1-32.el5_9.1.s390x.rpm freetype-debuginfo-2.2.1-32.el5_9.1.s390.rpm freetype-debuginfo-2.2.1-32.el5_9.1.s390x.rpm freetype-demos-2.2.1-32.el5_9.1.s390x.rpm freetype-devel-2.2.1-32.el5_9.1.s390.rpm freetype-devel-2.2.1-32.el5_9.1.s390x.rpm x86_64: freetype-2.2.1-32.el5_9.1.i386.rpm freetype-2.2.1-32.el5_9.1.x86_64.rpm freetype-debuginfo-2.2.1-32.el5_9.1.i386.rpm freetype-debuginfo-2.2.1-32.el5_9.1.x86_64.rpm freetype-demos-2.2.1-32.el5_9.1.x86_64.rpm freetype-devel-2.2.1-32.el5_9.1.i386.rpm freetype-devel-2.2.1-32.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm ppc64: freetype-2.3.11-14.el6_3.1.ppc.rpm freetype-2.3.11-14.el6_3.1.ppc64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.ppc.rpm freetype-debuginfo-2.3.11-14.el6_3.1.ppc64.rpm freetype-devel-2.3.11-14.el6_3.1.ppc.rpm freetype-devel-2.3.11-14.el6_3.1.ppc64.rpm s390x: freetype-2.3.11-14.el6_3.1.s390.rpm freetype-2.3.11-14.el6_3.1.s390x.rpm freetype-debuginfo-2.3.11-14.el6_3.1.s390.rpm freetype-debuginfo-2.3.11-14.el6_3.1.s390x.rpm freetype-devel-2.3.11-14.el6_3.1.s390.rpm freetype-devel-2.3.11-14.el6_3.1.s390x.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm ppc64: freetype-debuginfo-2.3.11-14.el6_3.1.ppc64.rpm freetype-demos-2.3.11-14.el6_3.1.ppc64.rpm s390x: freetype-debuginfo-2.3.11-14.el6_3.1.s390x.rpm freetype-demos-2.3.11-14.el6_3.1.s390x.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-2.3.11-14.el6_3.1.i686.rpm freetype-2.3.11-14.el6_3.1.x86_64.rpm freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-devel-2.3.11-14.el6_3.1.i686.rpm freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-14.el6_3.1.src.rpm i386: freetype-debuginfo-2.3.11-14.el6_3.1.i686.rpm freetype-demos-2.3.11-14.el6_3.1.i686.rpm x86_64: freetype-debuginfo-2.3.11-14.el6_3.1.x86_64.rpm freetype-demos-2.3.11-14.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5669.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujGXlSAg2UNWIIRAqsXAJ9I8EFrSYaxbO2Jk+q62dsKDGAuGwCeMSlK AA/yg5ZMuWOU63awDXndZ2s= =x7N0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:58:19 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:58:19 +0000 Subject: [RHSA-2013:0217-01] Important: mingw32-libxml2 security update Message-ID: <201301312158.r0VLwJtc021015@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 ===================================================================== 1. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:58:45 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:58:45 +0000 Subject: [RHSA-2013:0218-01] Moderate: xorg-x11-drv-qxl security update Message-ID: <201301312158.r0VLwkDh018242@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: xorg-x11-drv-qxl security update Advisory ID: RHSA-2013:0218-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0218.html Issue date: 2013-01-31 CVE Names: CVE-2013-0241 ===================================================================== 1. Summary: An updated xorg-x11-drv-qxl package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to "1" in the guest), crash the guest. (CVE-2013-0241) All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 906032 - CVE-2013-0241 qxl: synchronous io guest DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-drv-qxl-0.0.14-14.el6_3.src.rpm i386: xorg-x11-drv-qxl-0.0.14-14.el6_3.i686.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.i686.rpm x86_64: xorg-x11-drv-qxl-0.0.14-14.el6_3.x86_64.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-drv-qxl-0.0.14-14.el6_3.src.rpm i386: xorg-x11-drv-qxl-0.0.14-14.el6_3.i686.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.i686.rpm x86_64: xorg-x11-drv-qxl-0.0.14-14.el6_3.x86_64.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-drv-qxl-0.0.14-14.el6_3.src.rpm i386: xorg-x11-drv-qxl-0.0.14-14.el6_3.i686.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.i686.rpm x86_64: xorg-x11-drv-qxl-0.0.14-14.el6_3.x86_64.rpm xorg-x11-drv-qxl-debuginfo-0.0.14-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0241.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCukIXlSAg2UNWIIRAjRwAKCxXl/mUqFo5NnrZfIVbvy7AtcCbgCfZ+79 43PvIABd3aP3eKRuSahL2A8= =U0Db -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 21:59:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 21:59:36 +0000 Subject: [RHSA-2013:0219-01] Moderate: mysql security update Message-ID: <201301312159.r0VLxabu017675@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql security update Advisory ID: RHSA-2013:0219-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0219.html Issue date: 2013-01-31 CVE Names: CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 ===================================================================== 1. Summary: Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389) These updated packages upgrade MySQL to version 5.1.67. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 896062 - CVE-2013-0384 mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013) 896063 - CVE-2013-0389 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013) 896066 - CVE-2013-0385 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows local attackers to alter confidentiality and integrity 896067 - CVE-2013-0375 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows remote attackers to alter confidentiality and integrity 896069 - CVE-2012-1702 mysql: unspecified unauthenticated DoS vulnerability related to Server (CPU Jan 2013) 896070 - CVE-2013-0383 mysql: unspecified unauthenticated DoS vulnerability related to Server Locking (CPU Jan 2013) 896072 - CVE-2012-0572 mysql: unspecified DoS vulnerability related to InnoDB (CPU Jan 2013) 896076 - CVE-2012-0574 mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013) 896078 - CVE-2012-1705 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-server-5.1.67-1.el6_3.i686.rpm x86_64: mysql-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.x86_64.rpm mysql-server-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-bench-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm mysql-test-5.1.67-1.el6_3.i686.rpm x86_64: mysql-bench-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.x86_64.rpm mysql-test-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm x86_64: mysql-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm x86_64: mysql-bench-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.x86_64.rpm mysql-server-5.1.67-1.el6_3.x86_64.rpm mysql-test-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-5.1.67-1.el6_3.i686.rpm mysql-bench-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-server-5.1.67-1.el6_3.i686.rpm mysql-test-5.1.67-1.el6_3.i686.rpm ppc64: mysql-5.1.67-1.el6_3.ppc64.rpm mysql-bench-5.1.67-1.el6_3.ppc64.rpm mysql-debuginfo-5.1.67-1.el6_3.ppc.rpm mysql-debuginfo-5.1.67-1.el6_3.ppc64.rpm mysql-devel-5.1.67-1.el6_3.ppc.rpm mysql-devel-5.1.67-1.el6_3.ppc64.rpm mysql-libs-5.1.67-1.el6_3.ppc.rpm mysql-libs-5.1.67-1.el6_3.ppc64.rpm mysql-server-5.1.67-1.el6_3.ppc64.rpm mysql-test-5.1.67-1.el6_3.ppc64.rpm s390x: mysql-5.1.67-1.el6_3.s390x.rpm mysql-bench-5.1.67-1.el6_3.s390x.rpm mysql-debuginfo-5.1.67-1.el6_3.s390.rpm mysql-debuginfo-5.1.67-1.el6_3.s390x.rpm mysql-devel-5.1.67-1.el6_3.s390.rpm mysql-devel-5.1.67-1.el6_3.s390x.rpm mysql-libs-5.1.67-1.el6_3.s390.rpm mysql-libs-5.1.67-1.el6_3.s390x.rpm mysql-server-5.1.67-1.el6_3.s390x.rpm mysql-test-5.1.67-1.el6_3.s390x.rpm x86_64: mysql-5.1.67-1.el6_3.x86_64.rpm mysql-bench-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.x86_64.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.x86_64.rpm mysql-server-5.1.67-1.el6_3.x86_64.rpm mysql-test-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm ppc64: mysql-debuginfo-5.1.67-1.el6_3.ppc.rpm mysql-debuginfo-5.1.67-1.el6_3.ppc64.rpm mysql-embedded-5.1.67-1.el6_3.ppc.rpm mysql-embedded-5.1.67-1.el6_3.ppc64.rpm mysql-embedded-devel-5.1.67-1.el6_3.ppc.rpm mysql-embedded-devel-5.1.67-1.el6_3.ppc64.rpm s390x: mysql-debuginfo-5.1.67-1.el6_3.s390.rpm mysql-debuginfo-5.1.67-1.el6_3.s390x.rpm mysql-embedded-5.1.67-1.el6_3.s390.rpm mysql-embedded-5.1.67-1.el6_3.s390x.rpm mysql-embedded-devel-5.1.67-1.el6_3.s390.rpm mysql-embedded-devel-5.1.67-1.el6_3.s390x.rpm x86_64: mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-5.1.67-1.el6_3.i686.rpm mysql-bench-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-server-5.1.67-1.el6_3.i686.rpm mysql-test-5.1.67-1.el6_3.i686.rpm x86_64: mysql-5.1.67-1.el6_3.x86_64.rpm mysql-bench-5.1.67-1.el6_3.x86_64.rpm mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-devel-5.1.67-1.el6_3.i686.rpm mysql-devel-5.1.67-1.el6_3.x86_64.rpm mysql-libs-5.1.67-1.el6_3.i686.rpm mysql-libs-5.1.67-1.el6_3.x86_64.rpm mysql-server-5.1.67-1.el6_3.x86_64.rpm mysql-test-5.1.67-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mysql-5.1.67-1.el6_3.src.rpm i386: mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm x86_64: mysql-debuginfo-5.1.67-1.el6_3.i686.rpm mysql-debuginfo-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-5.1.67-1.el6_3.i686.rpm mysql-embedded-5.1.67-1.el6_3.x86_64.rpm mysql-embedded-devel-5.1.67-1.el6_3.i686.rpm mysql-embedded-devel-5.1.67-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0572.html https://www.redhat.com/security/data/cve/CVE-2012-0574.html https://www.redhat.com/security/data/cve/CVE-2012-1702.html https://www.redhat.com/security/data/cve/CVE-2012-1705.html https://www.redhat.com/security/data/cve/CVE-2013-0375.html https://www.redhat.com/security/data/cve/CVE-2013-0383.html https://www.redhat.com/security/data/cve/CVE-2013-0384.html https://www.redhat.com/security/data/cve/CVE-2013-0385.html https://www.redhat.com/security/data/cve/CVE-2013-0389.html https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCuk5XlSAg2UNWIIRAtWuAKCfNcguMGgtbD9CDQdpb6juIkgNhQCeP05o /+W68jjLnStAl7Kva1r9fjI= =7UDN -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 31 22:00:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 31 Jan 2013 22:00:01 +0000 Subject: [RHSA-2013:0220-01] Important: Red Hat OpenShift Enterprise 1.1 update Message-ID: <201301312200.r0VM01ns017738@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise 1.1 update Advisory ID: RHSA-2013:0220-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0220.html Issue date: 2013-01-31 CVE Names: CVE-2012-5658 CVE-2012-6072 CVE-2012-6073 CVE-2012-6074 CVE-2012-6496 CVE-2013-0158 CVE-2013-0164 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise 1.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Client Tools - noarch Red Hat OpenShift Enterprise Infrastructure - noarch, x86_64 Red Hat OpenShift Enterprise Node - noarch, x86_64 3. Description: Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly from https://access.redhat.com/knowledge/docs/ This update also fixes the following security issues: It was found that the master cryptographic key of Jenkins could be retrieved via the HTTP server that is hosting Jenkins. A remote attacker could use this flaw to access the server and execute arbitrary code with the privileges of the user running Jenkins. Note that this issue only affected Jenkins instances that had slaves attached and that also allowed anonymous read access (not the default configuration). Manual action is also required to correct this issue. Refer to "Jenkins Security Advisory 2013-01-04", linked to in the References, for further information. (CVE-2013-0158) When the rhc-chk script was run in debug mode, its output included sensitive information, such as database passwords, in plain text. As this script is commonly used when troubleshooting, this flaw could lead to users unintentionally exposing sensitive information in support channels (for example, a Bugzilla report). This update removes the rhc-chk script. (CVE-2012-5658) Multiple flaws in the Jenkins web interface could allow a remote attacker to perform HTTP response splitting and cross-site scripting (XSS) attacks, as well as redirecting a victim to an arbitrary page by utilizing an open redirect flaw. (CVE-2012-6072, CVE-2012-6074, CVE-2012-6073) A flaw was found in the way rubygem-activerecord dynamic finders extracted options from method parameters. A remote attacker could possibly use this flaw to perform SQL injection attacks against applications using the Active Record dynamic finder methods. (CVE-2012-6496) The openshift-port-proxy-cfg program created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting an arbitrary file accessible to the root user with a "0" or a "1", which could lead to a denial of service. By default, OpenShift uses polyinstantiation (per user) for the /tmp/ directory, minimizing the risk of exploitation by local attackers. (CVE-2013-0164) The CVE-2013-0164 issue was discovered by Michael Scherer of the Red Hat Regional IT team. Users of Red Hat OpenShift Enterprise 1.0 are advised to upgrade to Red Hat OpenShift Enterprise 1.1. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 855264 - Can't "rhc app tail" ruby app error_log file when the server's timezone is not EST. 864921 - Exception is seen upon creating domain when no cartridge is installed in node. 872415 - No config setting for default gear capabilities for a new user 873765 - typo in description of man page for oo-admin-ctl-app 873768 - description of man page for oo-admin-ctl-template 874511 - [Installation]"error while loading shared libraries: libruby.so.1.9" is seen in the file /etc/httpd/logs/error_log 874750 - man page for oo-accept-broker defines '-d' for two different options 874751 - man page for oo-accept-broker does not provide acceptable options for auth, storage, and dns switches 874757 - oo-accept-broker usage statement does not match man page options 874799 - oo-admin-chk '-h' option ignored 874845 - oo-admin-ctl-app accepts garbage for a command and returns success. 875657 - [US3036]Some format errors in the prompt message when executing "oo-admin-ctl" and "oo-accept-*" 876324 - httpd ssl.conf and node conf should not intercept requests meant for the broker 876465 - Embedding scalable app (php) with jenkins fails to create a new builder (only via web) 876644 - oo-register-dns is hardcoded to add entries to a BIND server at 127.0.0.1 876937 - Return "FAILED" if trying to stop openshift-console which is already stopped 876939 - Return "FAILED" if trying to stop openshift-port-proxy which is already stopped 877158 - No "log out" button exists for the web console when using basic auth 877407 - [Cartridge] "Node execution failure" when creating app by --enable-jenkins 883527 - Remove oo-setup-bind 885587 - Jenkins server isn't created using option --enable-jenkins without jenkins server name speicified if commander version is 4.0.3 885598 - [client]Should add split charater between each alias-name when execute "rhc domain show" in ruby-1. 8 environment 886159 - Changing the local console port from 3128 to 8118 888043 - Replica set variables in broker.conf not being utilized correctly 888056 - production.rb should not be marked as a conf file 888671 - [Installation]oo-accept-broker or oo-accept-systems will create production.log, the file's permission is wrong. 889062 - CVE-2012-5658 OpenShift Origin: rhc-chk.rb password exposure in log files 889088 - Prompt error message when restore the app 889095 - Database password not printed out when adding db cartridge to applications 889125 - Should remove rhc-chk in rhc client of Enterprise 889649 - CVE-2012-6496 rubygem-activerecord: find_by_* SQL Injection 890607 - CVE-2012-6072 Jenkins: HTTP response splitting 890608 - CVE-2012-6073 Jenkins: open redirect 890612 - CVE-2012-6074 Jenkins: cross-site scripting vulnerability 892781 - Race condition adding multiple SSH keys to gears 892795 - CVE-2013-0158 jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04) 892990 - The server address should not be "localhost" on user account info page 893288 - [Console] We should tell them the actual cloud domain they get, not rhcloud.com 893307 - CVE-2013-0164 openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation 893895 - "File a bug" link should be Openshift Enterprise 896406 - [Installation]Some warning message when install "rubygem-openshift-origin-node" pacakge. 6. Package List: Red Hat OpenShift Enterprise Client Tools: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rhc-1.3.2-1.3.el6op.src.rpm noarch: rhc-1.3.2-1.3.el6op.noarch.rpm Red Hat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/mongodb-2.0.2-6.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-console-0.0.13-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-1.0.10-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-util-1.0.14-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-passenger-3.0.12-21.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-activerecord-3.0.13-3.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-auth-remote-user-1.0.4-2.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-common-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-console-1.0.6-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-controller-1.0.11-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-dns-bind-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-msg-broker-mcollective-1.0.4-1.el6op.src.rpm noarch: openshift-console-0.0.13-2.el6op.noarch.rpm openshift-origin-broker-1.0.10-1.el6op.noarch.rpm openshift-origin-broker-util-1.0.14-1.el6op.noarch.rpm ruby193-rubygem-activerecord-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-2.el6.noarch.rpm rubygem-activerecord-3.0.13-3.el6op.noarch.rpm rubygem-openshift-origin-auth-remote-user-1.0.4-2.el6op.noarch.rpm rubygem-openshift-origin-common-1.0.2-1.el6op.noarch.rpm rubygem-openshift-origin-console-1.0.6-1.el6op.noarch.rpm rubygem-openshift-origin-console-doc-1.0.6-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.0.11-1.el6op.noarch.rpm rubygem-openshift-origin-dns-bind-1.0.2-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.0.4-1.el6op.noarch.rpm x86_64: libmongodb-2.0.2-6.el6op.x86_64.rpm mongodb-2.0.2-6.el6op.x86_64.rpm mongodb-debuginfo-2.0.2-6.el6op.x86_64.rpm mongodb-devel-2.0.2-6.el6op.x86_64.rpm mongodb-server-2.0.2-6.el6op.x86_64.rpm ruby193-mod_passenger-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-doc-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.12-21.el6op.x86_64.rpm Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/jenkins-1.498-1.1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-haproxy-1.4-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.8-1.0.5-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-ruby-1.9-scl-1.0.5-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-msg-node-mcollective-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-node-util-1.0.7-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-port-proxy-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-activerecord-3.2.8-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-passenger-3.0.12-21.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-common-1.0.2-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-node-1.0.10-6.el6op.src.rpm noarch: jenkins-1.498-1.1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.4-1.0.3-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.8-1.0.5-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.9-scl-1.0.5-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.0.2-1.el6op.noarch.rpm openshift-origin-node-util-1.0.7-1.el6op.noarch.rpm openshift-origin-port-proxy-1.0.3-1.el6op.noarch.rpm ruby193-rubygem-activerecord-3.2.8-2.el6.noarch.rpm ruby193-rubygem-activerecord-doc-3.2.8-2.el6.noarch.rpm rubygem-openshift-origin-common-1.0.2-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.0.10-6.el6op.noarch.rpm x86_64: ruby193-mod_passenger-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-doc-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.12-21.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.12-21.el6op.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5658.html https://www.redhat.com/security/data/cve/CVE-2012-6072.html https://www.redhat.com/security/data/cve/CVE-2012-6073.html https://www.redhat.com/security/data/cve/CVE-2012-6074.html https://www.redhat.com/security/data/cve/CVE-2012-6496.html https://www.redhat.com/security/data/cve/CVE-2013-0158.html https://www.redhat.com/security/data/cve/CVE-2013-0164.html https://access.redhat.com/security/updates/classification/#important https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 https://access.redhat.com/knowledge/docs/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCulVXlSAg2UNWIIRAoddAKCeBTMfH2qv+P775KDv1oUHWpMxSQCdFM4R x1sRW4JKHO7v/62BF98ez7g= =/wBX -----END PGP SIGNATURE-----