From bugzilla at redhat.com Wed Jul 3 17:18:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Jul 2013 17:18:18 +0000 Subject: [RHSA-2013:1014-01] Important: java-1.6.0-openjdk security update Message-ID: <201307031718.r63HIIug026547@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:1014-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1014.html Issue date: 2013-07-03 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2457, CVE-2013-2453) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR1FwzXlSAg2UNWIIRAr2aAJ9j03lh/R8goDWLLqCz9VdH4bM1jACgkYVl x3jKc8cs/WwK8V5nIG2hJ0Q= =LPQe -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 9 18:00:53 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Jul 2013 18:00:53 +0000 Subject: [RHSA-2013:1026-01] Important: kernel security and bug fix update Message-ID: <201307091800.r69I0s7C021510@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:1026-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1026.html Issue date: 2013-07-09 CVE Names: CVE-2013-1773 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM (Kernel-based Virtual Machine) handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 916115 - CVE-2013-1773 kernel: VFAT slab-based buffer overflow 917012 - CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME 917013 - CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME 917017 - CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads 920783 - CVE-2013-1848 kernel: ext3: format string issues 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.2): Source: kernel-2.6.32-220.39.1.el6.src.rpm i386: kernel-2.6.32-220.39.1.el6.i686.rpm kernel-debug-2.6.32-220.39.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.39.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.39.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.39.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.39.1.el6.i686.rpm kernel-devel-2.6.32-220.39.1.el6.i686.rpm kernel-headers-2.6.32-220.39.1.el6.i686.rpm perf-2.6.32-220.39.1.el6.i686.rpm perf-debuginfo-2.6.32-220.39.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.39.1.el6.noarch.rpm kernel-firmware-2.6.32-220.39.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.39.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.39.1.el6.ppc64.rpm kernel-debug-2.6.32-220.39.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.39.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.39.1.el6.ppc64.rpm kernel-devel-2.6.32-220.39.1.el6.ppc64.rpm kernel-headers-2.6.32-220.39.1.el6.ppc64.rpm perf-2.6.32-220.39.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.39.1.el6.s390x.rpm kernel-debug-2.6.32-220.39.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.39.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.39.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.39.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.39.1.el6.s390x.rpm kernel-devel-2.6.32-220.39.1.el6.s390x.rpm kernel-headers-2.6.32-220.39.1.el6.s390x.rpm kernel-kdump-2.6.32-220.39.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.39.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.39.1.el6.s390x.rpm perf-2.6.32-220.39.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.39.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.39.1.el6.x86_64.rpm kernel-debug-2.6.32-220.39.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.39.1.el6.x86_64.rpm kernel-devel-2.6.32-220.39.1.el6.x86_64.rpm kernel-headers-2.6.32-220.39.1.el6.x86_64.rpm perf-2.6.32-220.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: kernel-2.6.32-220.39.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.39.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.39.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.39.1.el6.i686.rpm perf-debuginfo-2.6.32-220.39.1.el6.i686.rpm python-perf-2.6.32-220.39.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.39.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm python-perf-2.6.32-220.39.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.39.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.39.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.39.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.39.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.39.1.el6.s390x.rpm python-perf-2.6.32-220.39.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.39.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm python-perf-2.6.32-220.39.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.39.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1773.html https://www.redhat.com/security/data/cve/CVE-2013-1796.html https://www.redhat.com/security/data/cve/CVE-2013-1797.html https://www.redhat.com/security/data/cve/CVE-2013-1798.html https://www.redhat.com/security/data/cve/CVE-2013-1848.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3E+wXlSAg2UNWIIRAlIsAJ4i2so/gitsklPV/HmSFQcls86qJgCfbrcv PXzhDi6PdCtIEe2iINJrDHE= =U4TL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 10 04:52:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Jul 2013 04:52:48 +0000 Subject: [RHSA-2013:1034-01] Low: kernel security and bug fix update Message-ID: <201307100452.r6A4qmBN020852@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kernel security and bug fix update Advisory ID: RHSA-2013:1034-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1034.html Issue date: 2013-07-10 CVE Names: CVE-2012-6544 CVE-2012-6545 CVE-2013-0914 CVE-2013-1929 CVE-2013-3222 CVE-2013-3224 CVE-2013-3231 CVE-2013-3235 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6544, CVE-2012-6545, CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) This update also fixes the following bugs: * Previously on system boot, devices with associated Reserved Memory Region Reporting (RMRR) information had lost their RMRR information after they were removed from the static identity (SI) domain. Consequently, a system unexpectedly terminated in an endless loop due to unexpected NMIs triggered by DMA errors. This problem was observed on HP ProLiant Generation 7 (G7) and 8 (Gen8) systems. This update prevents non-USB devices that have RMRR information associated with them from being placed into the SI domain during system boot. HP ProLiant G7 and Gen8 systems that contain devices with the RMRR information now boot as expected. (BZ#957606) * Previously, the kernel's futex wait code used timeouts that had granularity in milliseconds. Also, when passing these timeouts to system calls, the kernel converted the timeouts to "jiffies". Consequently, programs could time out inaccurately which could lead to significant latency problems in certain environments. This update modifies the futex wait code to use a high-resolution timer (hrtimer) so the timeout granularity is now in microseconds. Timeouts are no longer converted to "jiffies" when passed to system calls. Timeouts passed to programs are now accurate and the programs time out as expected. (BZ#958021) * A recent change modified the size of the task_struct structure in the floating point unit (fpu) counter. However, on Intel Itanium systems, this change caused the kernel Application Binary Interface (kABI) to stop working properly when a previously compiled module was loaded, resulting in a kernel panic. With this update the change causing this bug has been reverted so the bug can no longer occur. (BZ#966878) * The cxgb4 driver previously did not clear data structures used for firmware requests. Consequently, when initializing some Chelsio's Terminator 4 (T4) adapters, a probe request could fail because the request was incompatible with the adapter's firmware. This update modifies the cxgb4 driver to properly initialize firmware request structures before sending a request to the firmware and the problem no longer occurs. (BZ#971872) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 920499 - CVE-2013-0914 Kernel: sa_restorer information leak 922404 - CVE-2012-6545 Kernel: Bluetooth: RFCOMM - information leak 922414 - CVE-2012-6544 Kernel: Bluetooth: HCI & L2CAP information leaks 949932 - CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmware parsing 955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg() 955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg() 956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg 956145 - CVE-2013-3235 Kernel: tipc: info leaks via msg_name in recv_msg/recv_stream 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.12.1.el5.src.rpm i386: kernel-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.12.1.el5.i686.rpm kernel-debug-2.6.18-348.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.i686.rpm kernel-devel-2.6.18-348.12.1.el5.i686.rpm kernel-headers-2.6.18-348.12.1.el5.i386.rpm kernel-xen-2.6.18-348.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.12.1.el5.i686.rpm noarch: kernel-doc-2.6.18-348.12.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.x86_64.rpm kernel-devel-2.6.18-348.12.1.el5.x86_64.rpm kernel-headers-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.12.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.12.1.el5.src.rpm i386: kernel-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.12.1.el5.i686.rpm kernel-debug-2.6.18-348.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.i686.rpm kernel-devel-2.6.18-348.12.1.el5.i686.rpm kernel-headers-2.6.18-348.12.1.el5.i386.rpm kernel-xen-2.6.18-348.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.12.1.el5.i686.rpm ia64: kernel-2.6.18-348.12.1.el5.ia64.rpm kernel-debug-2.6.18-348.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.ia64.rpm kernel-devel-2.6.18-348.12.1.el5.ia64.rpm kernel-headers-2.6.18-348.12.1.el5.ia64.rpm kernel-xen-2.6.18-348.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.12.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.12.1.el5.noarch.rpm ppc: kernel-2.6.18-348.12.1.el5.ppc64.rpm kernel-debug-2.6.18-348.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.ppc64.rpm kernel-devel-2.6.18-348.12.1.el5.ppc64.rpm kernel-headers-2.6.18-348.12.1.el5.ppc.rpm kernel-headers-2.6.18-348.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.12.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.12.1.el5.s390x.rpm kernel-debug-2.6.18-348.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.s390x.rpm kernel-devel-2.6.18-348.12.1.el5.s390x.rpm kernel-headers-2.6.18-348.12.1.el5.s390x.rpm kernel-kdump-2.6.18-348.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.12.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.12.1.el5.x86_64.rpm kernel-devel-2.6.18-348.12.1.el5.x86_64.rpm kernel-headers-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.12.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6544.html https://www.redhat.com/security/data/cve/CVE-2012-6545.html https://www.redhat.com/security/data/cve/CVE-2013-0914.html https://www.redhat.com/security/data/cve/CVE-2013-1929.html https://www.redhat.com/security/data/cve/CVE-2013-3222.html https://www.redhat.com/security/data/cve/CVE-2013-3224.html https://www.redhat.com/security/data/cve/CVE-2013-3231.html https://www.redhat.com/security/data/cve/CVE-2013-3235.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3Oh6XlSAg2UNWIIRAm8gAKCmOk1YMl9+N67xvkPhPRJXuj1/GgCfTD5E oLTFZWsEINPBE/enJvtNYpQ= =IscH -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 10 08:12:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Jul 2013 08:12:28 +0000 Subject: [RHSA-2013:1035-01] Critical: flash-plugin security update Message-ID: <201307100811.r6A8Awn8006022@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-3344, CVE-2013-3345, CVE-2013-3347) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.297. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jul 11 13:40:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Jul 2013 13:40:09 +0000 Subject: [RHSA-2013:1024-01] Moderate: Red Hat Enterprise MRG Messaging 2.3.3 security update Message-ID: <201307111340.r6BDeAjB021427@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.3.3 security update Advisory ID: RHSA-2013:1024-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1024.html Issue date: 2013-07-11 CVE Names: CVE-2013-1909 ===================================================================== 1. Summary: Updated Messaging component packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch, x86_64 Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was discovered that the Qpid Python client library for AMQP did not properly perform TLS/SSL certificate validation of the remote server's certificate, even when the 'ssl_trustfile' connection option was specified. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information. (CVE-2013-1909) With this update, Python programs can instruct the library to validate server certificates by specifying a path to a file containing trusted CA certificates. This issue was discovered by Petr Matousek of the Red Hat MRG Messaging team. This update also fixes multiple bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG 2.3 are advised to upgrade to these updated packages, which resolve the issues noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 928530 - CVE-2013-1909 python-qpid: client does not validate qpid server TLS/SSL certificate 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/python-qpid-0.18-5.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.18-17.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.18-18.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-tools-0.18-10.el6_4.src.rpm noarch: python-qpid-0.18-5.el6_4.noarch.rpm qpid-tools-0.18-10.el6_4.noarch.rpm x86_64: python-qpid-qmf-0.18-18.el6_4.x86_64.rpm qpid-cpp-client-0.18-17.el6_4.i686.rpm qpid-cpp-client-0.18-17.el6_4.x86_64.rpm qpid-cpp-client-ssl-0.18-17.el6_4.i686.rpm qpid-cpp-client-ssl-0.18-17.el6_4.x86_64.rpm qpid-cpp-debuginfo-0.18-17.el6_4.i686.rpm qpid-cpp-debuginfo-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-0.18-17.el6_4.i686.rpm qpid-cpp-server-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-ssl-0.18-17.el6_4.x86_64.rpm qpid-qmf-0.18-18.el6_4.i686.rpm qpid-qmf-0.18-18.el6_4.x86_64.rpm qpid-qmf-debuginfo-0.18-18.el6_4.i686.rpm qpid-qmf-debuginfo-0.18-18.el6_4.x86_64.rpm ruby-qpid-qmf-0.18-18.el6_4.x86_64.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/python-qpid-0.18-5.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.18-17.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-java-0.18-8.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.18-18.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-tools-0.18-10.el6_4.src.rpm i386: python-qpid-qmf-0.18-18.el6_4.i686.rpm qpid-cpp-client-0.18-17.el6_4.i686.rpm qpid-cpp-client-devel-0.18-17.el6_4.i686.rpm qpid-cpp-client-rdma-0.18-17.el6_4.i686.rpm qpid-cpp-client-ssl-0.18-17.el6_4.i686.rpm qpid-cpp-debuginfo-0.18-17.el6_4.i686.rpm qpid-cpp-server-0.18-17.el6_4.i686.rpm qpid-cpp-server-cluster-0.18-17.el6_4.i686.rpm qpid-cpp-server-devel-0.18-17.el6_4.i686.rpm qpid-cpp-server-rdma-0.18-17.el6_4.i686.rpm qpid-cpp-server-ssl-0.18-17.el6_4.i686.rpm qpid-cpp-server-store-0.18-17.el6_4.i686.rpm qpid-cpp-server-xml-0.18-17.el6_4.i686.rpm qpid-qmf-0.18-18.el6_4.i686.rpm qpid-qmf-debuginfo-0.18-18.el6_4.i686.rpm qpid-qmf-devel-0.18-18.el6_4.i686.rpm ruby-qpid-qmf-0.18-18.el6_4.i686.rpm noarch: python-qpid-0.18-5.el6_4.noarch.rpm qpid-cpp-client-devel-docs-0.18-17.el6_4.noarch.rpm qpid-java-client-0.18-8.el6_4.noarch.rpm qpid-java-common-0.18-8.el6_4.noarch.rpm qpid-java-example-0.18-8.el6_4.noarch.rpm qpid-tools-0.18-10.el6_4.noarch.rpm x86_64: python-qpid-qmf-0.18-18.el6_4.x86_64.rpm qpid-cpp-client-0.18-17.el6_4.i686.rpm qpid-cpp-client-0.18-17.el6_4.x86_64.rpm qpid-cpp-client-devel-0.18-17.el6_4.x86_64.rpm qpid-cpp-client-rdma-0.18-17.el6_4.x86_64.rpm qpid-cpp-client-ssl-0.18-17.el6_4.i686.rpm qpid-cpp-client-ssl-0.18-17.el6_4.x86_64.rpm qpid-cpp-debuginfo-0.18-17.el6_4.i686.rpm qpid-cpp-debuginfo-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-0.18-17.el6_4.i686.rpm qpid-cpp-server-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-cluster-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-devel-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-rdma-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-ssl-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-store-0.18-17.el6_4.x86_64.rpm qpid-cpp-server-xml-0.18-17.el6_4.x86_64.rpm qpid-qmf-0.18-18.el6_4.i686.rpm qpid-qmf-0.18-18.el6_4.x86_64.rpm qpid-qmf-debuginfo-0.18-18.el6_4.i686.rpm qpid-qmf-debuginfo-0.18-18.el6_4.x86_64.rpm qpid-qmf-devel-0.18-18.el6_4.x86_64.rpm ruby-qpid-qmf-0.18-18.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1909.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3rWAXlSAg2UNWIIRAp26AJ9NRQIgya9znpPORYhNW1I4HXHiNwCaAnQ5 fmSjAqk/Tl9CglvuGJ64ELU= =gzMX -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 12 20:22:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Jul 2013 20:22:18 +0000 Subject: [RHSA-2013:1049-01] Critical: php security update Message-ID: <201307122022.r6CKMIBm015523@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1049-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1049.html Issue date: 2013-07-12 CVE Names: CVE-2013-4113 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-40.el5_9.src.rpm i386: php-5.1.6-40.el5_9.i386.rpm php-bcmath-5.1.6-40.el5_9.i386.rpm php-cli-5.1.6-40.el5_9.i386.rpm php-common-5.1.6-40.el5_9.i386.rpm php-dba-5.1.6-40.el5_9.i386.rpm php-debuginfo-5.1.6-40.el5_9.i386.rpm php-devel-5.1.6-40.el5_9.i386.rpm php-gd-5.1.6-40.el5_9.i386.rpm php-imap-5.1.6-40.el5_9.i386.rpm php-ldap-5.1.6-40.el5_9.i386.rpm php-mbstring-5.1.6-40.el5_9.i386.rpm php-mysql-5.1.6-40.el5_9.i386.rpm php-ncurses-5.1.6-40.el5_9.i386.rpm php-odbc-5.1.6-40.el5_9.i386.rpm php-pdo-5.1.6-40.el5_9.i386.rpm php-pgsql-5.1.6-40.el5_9.i386.rpm php-snmp-5.1.6-40.el5_9.i386.rpm php-soap-5.1.6-40.el5_9.i386.rpm php-xml-5.1.6-40.el5_9.i386.rpm php-xmlrpc-5.1.6-40.el5_9.i386.rpm x86_64: php-5.1.6-40.el5_9.x86_64.rpm php-bcmath-5.1.6-40.el5_9.x86_64.rpm php-cli-5.1.6-40.el5_9.x86_64.rpm php-common-5.1.6-40.el5_9.x86_64.rpm php-dba-5.1.6-40.el5_9.x86_64.rpm php-debuginfo-5.1.6-40.el5_9.x86_64.rpm php-devel-5.1.6-40.el5_9.x86_64.rpm php-gd-5.1.6-40.el5_9.x86_64.rpm php-imap-5.1.6-40.el5_9.x86_64.rpm php-ldap-5.1.6-40.el5_9.x86_64.rpm php-mbstring-5.1.6-40.el5_9.x86_64.rpm php-mysql-5.1.6-40.el5_9.x86_64.rpm php-ncurses-5.1.6-40.el5_9.x86_64.rpm php-odbc-5.1.6-40.el5_9.x86_64.rpm php-pdo-5.1.6-40.el5_9.x86_64.rpm php-pgsql-5.1.6-40.el5_9.x86_64.rpm php-snmp-5.1.6-40.el5_9.x86_64.rpm php-soap-5.1.6-40.el5_9.x86_64.rpm php-xml-5.1.6-40.el5_9.x86_64.rpm php-xmlrpc-5.1.6-40.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-40.el5_9.src.rpm i386: php-5.1.6-40.el5_9.i386.rpm php-bcmath-5.1.6-40.el5_9.i386.rpm php-cli-5.1.6-40.el5_9.i386.rpm php-common-5.1.6-40.el5_9.i386.rpm php-dba-5.1.6-40.el5_9.i386.rpm php-debuginfo-5.1.6-40.el5_9.i386.rpm php-devel-5.1.6-40.el5_9.i386.rpm php-gd-5.1.6-40.el5_9.i386.rpm php-imap-5.1.6-40.el5_9.i386.rpm php-ldap-5.1.6-40.el5_9.i386.rpm php-mbstring-5.1.6-40.el5_9.i386.rpm php-mysql-5.1.6-40.el5_9.i386.rpm php-ncurses-5.1.6-40.el5_9.i386.rpm php-odbc-5.1.6-40.el5_9.i386.rpm php-pdo-5.1.6-40.el5_9.i386.rpm php-pgsql-5.1.6-40.el5_9.i386.rpm php-snmp-5.1.6-40.el5_9.i386.rpm php-soap-5.1.6-40.el5_9.i386.rpm php-xml-5.1.6-40.el5_9.i386.rpm php-xmlrpc-5.1.6-40.el5_9.i386.rpm ia64: php-5.1.6-40.el5_9.ia64.rpm php-bcmath-5.1.6-40.el5_9.ia64.rpm php-cli-5.1.6-40.el5_9.ia64.rpm php-common-5.1.6-40.el5_9.ia64.rpm php-dba-5.1.6-40.el5_9.ia64.rpm php-debuginfo-5.1.6-40.el5_9.ia64.rpm php-devel-5.1.6-40.el5_9.ia64.rpm php-gd-5.1.6-40.el5_9.ia64.rpm php-imap-5.1.6-40.el5_9.ia64.rpm php-ldap-5.1.6-40.el5_9.ia64.rpm php-mbstring-5.1.6-40.el5_9.ia64.rpm php-mysql-5.1.6-40.el5_9.ia64.rpm php-ncurses-5.1.6-40.el5_9.ia64.rpm php-odbc-5.1.6-40.el5_9.ia64.rpm php-pdo-5.1.6-40.el5_9.ia64.rpm php-pgsql-5.1.6-40.el5_9.ia64.rpm php-snmp-5.1.6-40.el5_9.ia64.rpm php-soap-5.1.6-40.el5_9.ia64.rpm php-xml-5.1.6-40.el5_9.ia64.rpm php-xmlrpc-5.1.6-40.el5_9.ia64.rpm ppc: php-5.1.6-40.el5_9.ppc.rpm php-bcmath-5.1.6-40.el5_9.ppc.rpm php-cli-5.1.6-40.el5_9.ppc.rpm php-common-5.1.6-40.el5_9.ppc.rpm php-dba-5.1.6-40.el5_9.ppc.rpm php-debuginfo-5.1.6-40.el5_9.ppc.rpm php-devel-5.1.6-40.el5_9.ppc.rpm php-gd-5.1.6-40.el5_9.ppc.rpm php-imap-5.1.6-40.el5_9.ppc.rpm php-ldap-5.1.6-40.el5_9.ppc.rpm php-mbstring-5.1.6-40.el5_9.ppc.rpm php-mysql-5.1.6-40.el5_9.ppc.rpm php-ncurses-5.1.6-40.el5_9.ppc.rpm php-odbc-5.1.6-40.el5_9.ppc.rpm php-pdo-5.1.6-40.el5_9.ppc.rpm php-pgsql-5.1.6-40.el5_9.ppc.rpm php-snmp-5.1.6-40.el5_9.ppc.rpm php-soap-5.1.6-40.el5_9.ppc.rpm php-xml-5.1.6-40.el5_9.ppc.rpm php-xmlrpc-5.1.6-40.el5_9.ppc.rpm s390x: php-5.1.6-40.el5_9.s390x.rpm php-bcmath-5.1.6-40.el5_9.s390x.rpm php-cli-5.1.6-40.el5_9.s390x.rpm php-common-5.1.6-40.el5_9.s390x.rpm php-dba-5.1.6-40.el5_9.s390x.rpm php-debuginfo-5.1.6-40.el5_9.s390x.rpm php-devel-5.1.6-40.el5_9.s390x.rpm php-gd-5.1.6-40.el5_9.s390x.rpm php-imap-5.1.6-40.el5_9.s390x.rpm php-ldap-5.1.6-40.el5_9.s390x.rpm php-mbstring-5.1.6-40.el5_9.s390x.rpm php-mysql-5.1.6-40.el5_9.s390x.rpm php-ncurses-5.1.6-40.el5_9.s390x.rpm php-odbc-5.1.6-40.el5_9.s390x.rpm php-pdo-5.1.6-40.el5_9.s390x.rpm php-pgsql-5.1.6-40.el5_9.s390x.rpm php-snmp-5.1.6-40.el5_9.s390x.rpm php-soap-5.1.6-40.el5_9.s390x.rpm php-xml-5.1.6-40.el5_9.s390x.rpm php-xmlrpc-5.1.6-40.el5_9.s390x.rpm x86_64: php-5.1.6-40.el5_9.x86_64.rpm php-bcmath-5.1.6-40.el5_9.x86_64.rpm php-cli-5.1.6-40.el5_9.x86_64.rpm php-common-5.1.6-40.el5_9.x86_64.rpm php-dba-5.1.6-40.el5_9.x86_64.rpm php-debuginfo-5.1.6-40.el5_9.x86_64.rpm php-devel-5.1.6-40.el5_9.x86_64.rpm php-gd-5.1.6-40.el5_9.x86_64.rpm php-imap-5.1.6-40.el5_9.x86_64.rpm php-ldap-5.1.6-40.el5_9.x86_64.rpm php-mbstring-5.1.6-40.el5_9.x86_64.rpm php-mysql-5.1.6-40.el5_9.x86_64.rpm php-ncurses-5.1.6-40.el5_9.x86_64.rpm php-odbc-5.1.6-40.el5_9.x86_64.rpm php-pdo-5.1.6-40.el5_9.x86_64.rpm php-pgsql-5.1.6-40.el5_9.x86_64.rpm php-snmp-5.1.6-40.el5_9.x86_64.rpm php-soap-5.1.6-40.el5_9.x86_64.rpm php-xml-5.1.6-40.el5_9.x86_64.rpm php-xmlrpc-5.1.6-40.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm i386: php-5.3.3-23.el6_4.i686.rpm php-bcmath-5.3.3-23.el6_4.i686.rpm php-cli-5.3.3-23.el6_4.i686.rpm php-common-5.3.3-23.el6_4.i686.rpm php-dba-5.3.3-23.el6_4.i686.rpm php-debuginfo-5.3.3-23.el6_4.i686.rpm php-devel-5.3.3-23.el6_4.i686.rpm php-embedded-5.3.3-23.el6_4.i686.rpm php-enchant-5.3.3-23.el6_4.i686.rpm php-fpm-5.3.3-23.el6_4.i686.rpm php-gd-5.3.3-23.el6_4.i686.rpm php-imap-5.3.3-23.el6_4.i686.rpm php-intl-5.3.3-23.el6_4.i686.rpm php-ldap-5.3.3-23.el6_4.i686.rpm php-mbstring-5.3.3-23.el6_4.i686.rpm php-mysql-5.3.3-23.el6_4.i686.rpm php-odbc-5.3.3-23.el6_4.i686.rpm php-pdo-5.3.3-23.el6_4.i686.rpm php-pgsql-5.3.3-23.el6_4.i686.rpm php-process-5.3.3-23.el6_4.i686.rpm php-pspell-5.3.3-23.el6_4.i686.rpm php-recode-5.3.3-23.el6_4.i686.rpm php-snmp-5.3.3-23.el6_4.i686.rpm php-soap-5.3.3-23.el6_4.i686.rpm php-tidy-5.3.3-23.el6_4.i686.rpm php-xml-5.3.3-23.el6_4.i686.rpm php-xmlrpc-5.3.3-23.el6_4.i686.rpm php-zts-5.3.3-23.el6_4.i686.rpm x86_64: php-5.3.3-23.el6_4.x86_64.rpm php-bcmath-5.3.3-23.el6_4.x86_64.rpm php-cli-5.3.3-23.el6_4.x86_64.rpm php-common-5.3.3-23.el6_4.x86_64.rpm php-dba-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-devel-5.3.3-23.el6_4.x86_64.rpm php-embedded-5.3.3-23.el6_4.x86_64.rpm php-enchant-5.3.3-23.el6_4.x86_64.rpm php-fpm-5.3.3-23.el6_4.x86_64.rpm php-gd-5.3.3-23.el6_4.x86_64.rpm php-imap-5.3.3-23.el6_4.x86_64.rpm php-intl-5.3.3-23.el6_4.x86_64.rpm php-ldap-5.3.3-23.el6_4.x86_64.rpm php-mbstring-5.3.3-23.el6_4.x86_64.rpm php-mysql-5.3.3-23.el6_4.x86_64.rpm php-odbc-5.3.3-23.el6_4.x86_64.rpm php-pdo-5.3.3-23.el6_4.x86_64.rpm php-pgsql-5.3.3-23.el6_4.x86_64.rpm php-process-5.3.3-23.el6_4.x86_64.rpm php-pspell-5.3.3-23.el6_4.x86_64.rpm php-recode-5.3.3-23.el6_4.x86_64.rpm php-snmp-5.3.3-23.el6_4.x86_64.rpm php-soap-5.3.3-23.el6_4.x86_64.rpm php-tidy-5.3.3-23.el6_4.x86_64.rpm php-xml-5.3.3-23.el6_4.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.x86_64.rpm php-zts-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm x86_64: php-cli-5.3.3-23.el6_4.x86_64.rpm php-common-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm x86_64: php-5.3.3-23.el6_4.x86_64.rpm php-bcmath-5.3.3-23.el6_4.x86_64.rpm php-dba-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-devel-5.3.3-23.el6_4.x86_64.rpm php-embedded-5.3.3-23.el6_4.x86_64.rpm php-enchant-5.3.3-23.el6_4.x86_64.rpm php-fpm-5.3.3-23.el6_4.x86_64.rpm php-gd-5.3.3-23.el6_4.x86_64.rpm php-imap-5.3.3-23.el6_4.x86_64.rpm php-intl-5.3.3-23.el6_4.x86_64.rpm php-ldap-5.3.3-23.el6_4.x86_64.rpm php-mbstring-5.3.3-23.el6_4.x86_64.rpm php-mysql-5.3.3-23.el6_4.x86_64.rpm php-odbc-5.3.3-23.el6_4.x86_64.rpm php-pdo-5.3.3-23.el6_4.x86_64.rpm php-pgsql-5.3.3-23.el6_4.x86_64.rpm php-process-5.3.3-23.el6_4.x86_64.rpm php-pspell-5.3.3-23.el6_4.x86_64.rpm php-recode-5.3.3-23.el6_4.x86_64.rpm php-snmp-5.3.3-23.el6_4.x86_64.rpm php-soap-5.3.3-23.el6_4.x86_64.rpm php-tidy-5.3.3-23.el6_4.x86_64.rpm php-xml-5.3.3-23.el6_4.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.x86_64.rpm php-zts-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm i386: php-5.3.3-23.el6_4.i686.rpm php-cli-5.3.3-23.el6_4.i686.rpm php-common-5.3.3-23.el6_4.i686.rpm php-debuginfo-5.3.3-23.el6_4.i686.rpm php-gd-5.3.3-23.el6_4.i686.rpm php-ldap-5.3.3-23.el6_4.i686.rpm php-mysql-5.3.3-23.el6_4.i686.rpm php-odbc-5.3.3-23.el6_4.i686.rpm php-pdo-5.3.3-23.el6_4.i686.rpm php-pgsql-5.3.3-23.el6_4.i686.rpm php-soap-5.3.3-23.el6_4.i686.rpm php-xml-5.3.3-23.el6_4.i686.rpm php-xmlrpc-5.3.3-23.el6_4.i686.rpm ppc64: php-5.3.3-23.el6_4.ppc64.rpm php-cli-5.3.3-23.el6_4.ppc64.rpm php-common-5.3.3-23.el6_4.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.ppc64.rpm php-gd-5.3.3-23.el6_4.ppc64.rpm php-ldap-5.3.3-23.el6_4.ppc64.rpm php-mysql-5.3.3-23.el6_4.ppc64.rpm php-odbc-5.3.3-23.el6_4.ppc64.rpm php-pdo-5.3.3-23.el6_4.ppc64.rpm php-pgsql-5.3.3-23.el6_4.ppc64.rpm php-soap-5.3.3-23.el6_4.ppc64.rpm php-xml-5.3.3-23.el6_4.ppc64.rpm php-xmlrpc-5.3.3-23.el6_4.ppc64.rpm s390x: php-5.3.3-23.el6_4.s390x.rpm php-cli-5.3.3-23.el6_4.s390x.rpm php-common-5.3.3-23.el6_4.s390x.rpm php-debuginfo-5.3.3-23.el6_4.s390x.rpm php-gd-5.3.3-23.el6_4.s390x.rpm php-ldap-5.3.3-23.el6_4.s390x.rpm php-mysql-5.3.3-23.el6_4.s390x.rpm php-odbc-5.3.3-23.el6_4.s390x.rpm php-pdo-5.3.3-23.el6_4.s390x.rpm php-pgsql-5.3.3-23.el6_4.s390x.rpm php-soap-5.3.3-23.el6_4.s390x.rpm php-xml-5.3.3-23.el6_4.s390x.rpm php-xmlrpc-5.3.3-23.el6_4.s390x.rpm x86_64: php-5.3.3-23.el6_4.x86_64.rpm php-cli-5.3.3-23.el6_4.x86_64.rpm php-common-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-gd-5.3.3-23.el6_4.x86_64.rpm php-ldap-5.3.3-23.el6_4.x86_64.rpm php-mysql-5.3.3-23.el6_4.x86_64.rpm php-odbc-5.3.3-23.el6_4.x86_64.rpm php-pdo-5.3.3-23.el6_4.x86_64.rpm php-pgsql-5.3.3-23.el6_4.x86_64.rpm php-soap-5.3.3-23.el6_4.x86_64.rpm php-xml-5.3.3-23.el6_4.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm i386: php-bcmath-5.3.3-23.el6_4.i686.rpm php-dba-5.3.3-23.el6_4.i686.rpm php-debuginfo-5.3.3-23.el6_4.i686.rpm php-devel-5.3.3-23.el6_4.i686.rpm php-embedded-5.3.3-23.el6_4.i686.rpm php-enchant-5.3.3-23.el6_4.i686.rpm php-fpm-5.3.3-23.el6_4.i686.rpm php-imap-5.3.3-23.el6_4.i686.rpm php-intl-5.3.3-23.el6_4.i686.rpm php-mbstring-5.3.3-23.el6_4.i686.rpm php-process-5.3.3-23.el6_4.i686.rpm php-pspell-5.3.3-23.el6_4.i686.rpm php-recode-5.3.3-23.el6_4.i686.rpm php-snmp-5.3.3-23.el6_4.i686.rpm php-tidy-5.3.3-23.el6_4.i686.rpm php-zts-5.3.3-23.el6_4.i686.rpm ppc64: php-bcmath-5.3.3-23.el6_4.ppc64.rpm php-dba-5.3.3-23.el6_4.ppc64.rpm php-debuginfo-5.3.3-23.el6_4.ppc64.rpm php-devel-5.3.3-23.el6_4.ppc64.rpm php-embedded-5.3.3-23.el6_4.ppc64.rpm php-enchant-5.3.3-23.el6_4.ppc64.rpm php-fpm-5.3.3-23.el6_4.ppc64.rpm php-imap-5.3.3-23.el6_4.ppc64.rpm php-intl-5.3.3-23.el6_4.ppc64.rpm php-mbstring-5.3.3-23.el6_4.ppc64.rpm php-process-5.3.3-23.el6_4.ppc64.rpm php-pspell-5.3.3-23.el6_4.ppc64.rpm php-recode-5.3.3-23.el6_4.ppc64.rpm php-snmp-5.3.3-23.el6_4.ppc64.rpm php-tidy-5.3.3-23.el6_4.ppc64.rpm php-zts-5.3.3-23.el6_4.ppc64.rpm s390x: php-bcmath-5.3.3-23.el6_4.s390x.rpm php-dba-5.3.3-23.el6_4.s390x.rpm php-debuginfo-5.3.3-23.el6_4.s390x.rpm php-devel-5.3.3-23.el6_4.s390x.rpm php-embedded-5.3.3-23.el6_4.s390x.rpm php-enchant-5.3.3-23.el6_4.s390x.rpm php-fpm-5.3.3-23.el6_4.s390x.rpm php-imap-5.3.3-23.el6_4.s390x.rpm php-intl-5.3.3-23.el6_4.s390x.rpm php-mbstring-5.3.3-23.el6_4.s390x.rpm php-process-5.3.3-23.el6_4.s390x.rpm php-pspell-5.3.3-23.el6_4.s390x.rpm php-recode-5.3.3-23.el6_4.s390x.rpm php-snmp-5.3.3-23.el6_4.s390x.rpm php-tidy-5.3.3-23.el6_4.s390x.rpm php-zts-5.3.3-23.el6_4.s390x.rpm x86_64: php-bcmath-5.3.3-23.el6_4.x86_64.rpm php-dba-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-devel-5.3.3-23.el6_4.x86_64.rpm php-embedded-5.3.3-23.el6_4.x86_64.rpm php-enchant-5.3.3-23.el6_4.x86_64.rpm php-fpm-5.3.3-23.el6_4.x86_64.rpm php-imap-5.3.3-23.el6_4.x86_64.rpm php-intl-5.3.3-23.el6_4.x86_64.rpm php-mbstring-5.3.3-23.el6_4.x86_64.rpm php-process-5.3.3-23.el6_4.x86_64.rpm php-pspell-5.3.3-23.el6_4.x86_64.rpm php-recode-5.3.3-23.el6_4.x86_64.rpm php-snmp-5.3.3-23.el6_4.x86_64.rpm php-tidy-5.3.3-23.el6_4.x86_64.rpm php-zts-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm i386: php-5.3.3-23.el6_4.i686.rpm php-cli-5.3.3-23.el6_4.i686.rpm php-common-5.3.3-23.el6_4.i686.rpm php-debuginfo-5.3.3-23.el6_4.i686.rpm php-gd-5.3.3-23.el6_4.i686.rpm php-ldap-5.3.3-23.el6_4.i686.rpm php-mysql-5.3.3-23.el6_4.i686.rpm php-odbc-5.3.3-23.el6_4.i686.rpm php-pdo-5.3.3-23.el6_4.i686.rpm php-pgsql-5.3.3-23.el6_4.i686.rpm php-soap-5.3.3-23.el6_4.i686.rpm php-xml-5.3.3-23.el6_4.i686.rpm php-xmlrpc-5.3.3-23.el6_4.i686.rpm x86_64: php-5.3.3-23.el6_4.x86_64.rpm php-cli-5.3.3-23.el6_4.x86_64.rpm php-common-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-gd-5.3.3-23.el6_4.x86_64.rpm php-ldap-5.3.3-23.el6_4.x86_64.rpm php-mysql-5.3.3-23.el6_4.x86_64.rpm php-odbc-5.3.3-23.el6_4.x86_64.rpm php-pdo-5.3.3-23.el6_4.x86_64.rpm php-pgsql-5.3.3-23.el6_4.x86_64.rpm php-soap-5.3.3-23.el6_4.x86_64.rpm php-xml-5.3.3-23.el6_4.x86_64.rpm php-xmlrpc-5.3.3-23.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-23.el6_4.src.rpm i386: php-bcmath-5.3.3-23.el6_4.i686.rpm php-dba-5.3.3-23.el6_4.i686.rpm php-debuginfo-5.3.3-23.el6_4.i686.rpm php-devel-5.3.3-23.el6_4.i686.rpm php-embedded-5.3.3-23.el6_4.i686.rpm php-enchant-5.3.3-23.el6_4.i686.rpm php-fpm-5.3.3-23.el6_4.i686.rpm php-imap-5.3.3-23.el6_4.i686.rpm php-intl-5.3.3-23.el6_4.i686.rpm php-mbstring-5.3.3-23.el6_4.i686.rpm php-process-5.3.3-23.el6_4.i686.rpm php-pspell-5.3.3-23.el6_4.i686.rpm php-recode-5.3.3-23.el6_4.i686.rpm php-snmp-5.3.3-23.el6_4.i686.rpm php-tidy-5.3.3-23.el6_4.i686.rpm php-zts-5.3.3-23.el6_4.i686.rpm x86_64: php-bcmath-5.3.3-23.el6_4.x86_64.rpm php-dba-5.3.3-23.el6_4.x86_64.rpm php-debuginfo-5.3.3-23.el6_4.x86_64.rpm php-devel-5.3.3-23.el6_4.x86_64.rpm php-embedded-5.3.3-23.el6_4.x86_64.rpm php-enchant-5.3.3-23.el6_4.x86_64.rpm php-fpm-5.3.3-23.el6_4.x86_64.rpm php-imap-5.3.3-23.el6_4.x86_64.rpm php-intl-5.3.3-23.el6_4.x86_64.rpm php-mbstring-5.3.3-23.el6_4.x86_64.rpm php-process-5.3.3-23.el6_4.x86_64.rpm php-pspell-5.3.3-23.el6_4.x86_64.rpm php-recode-5.3.3-23.el6_4.x86_64.rpm php-snmp-5.3.3-23.el6_4.x86_64.rpm php-tidy-5.3.3-23.el6_4.x86_64.rpm php-zts-5.3.3-23.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4113.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR4GVYXlSAg2UNWIIRAgM3AJ9ZZ2aV8W+VVkrqklV5fKwe9XbRfgCfQ6vW hTlUa9SW0L6d+9bPVFgJ/oY= =jCN7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jul 12 20:38:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Jul 2013 20:38:32 +0000 Subject: [RHSA-2013:1050-01] Critical: php53 security update Message-ID: <201307122038.r6CKcXbB015135@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 security update Advisory ID: RHSA-2013:1050-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1050.html Issue date: 2013-07-12 CVE Names: CVE-2013-4113 ===================================================================== 1. Summary: Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-13.el5_9.1.src.rpm i386: php53-5.3.3-13.el5_9.1.i386.rpm php53-bcmath-5.3.3-13.el5_9.1.i386.rpm php53-cli-5.3.3-13.el5_9.1.i386.rpm php53-common-5.3.3-13.el5_9.1.i386.rpm php53-dba-5.3.3-13.el5_9.1.i386.rpm php53-debuginfo-5.3.3-13.el5_9.1.i386.rpm php53-devel-5.3.3-13.el5_9.1.i386.rpm php53-gd-5.3.3-13.el5_9.1.i386.rpm php53-imap-5.3.3-13.el5_9.1.i386.rpm php53-intl-5.3.3-13.el5_9.1.i386.rpm php53-ldap-5.3.3-13.el5_9.1.i386.rpm php53-mbstring-5.3.3-13.el5_9.1.i386.rpm php53-mysql-5.3.3-13.el5_9.1.i386.rpm php53-odbc-5.3.3-13.el5_9.1.i386.rpm php53-pdo-5.3.3-13.el5_9.1.i386.rpm php53-pgsql-5.3.3-13.el5_9.1.i386.rpm php53-process-5.3.3-13.el5_9.1.i386.rpm php53-pspell-5.3.3-13.el5_9.1.i386.rpm php53-snmp-5.3.3-13.el5_9.1.i386.rpm php53-soap-5.3.3-13.el5_9.1.i386.rpm php53-xml-5.3.3-13.el5_9.1.i386.rpm php53-xmlrpc-5.3.3-13.el5_9.1.i386.rpm x86_64: php53-5.3.3-13.el5_9.1.x86_64.rpm php53-bcmath-5.3.3-13.el5_9.1.x86_64.rpm php53-cli-5.3.3-13.el5_9.1.x86_64.rpm php53-common-5.3.3-13.el5_9.1.x86_64.rpm php53-dba-5.3.3-13.el5_9.1.x86_64.rpm php53-debuginfo-5.3.3-13.el5_9.1.x86_64.rpm php53-devel-5.3.3-13.el5_9.1.x86_64.rpm php53-gd-5.3.3-13.el5_9.1.x86_64.rpm php53-imap-5.3.3-13.el5_9.1.x86_64.rpm php53-intl-5.3.3-13.el5_9.1.x86_64.rpm php53-ldap-5.3.3-13.el5_9.1.x86_64.rpm php53-mbstring-5.3.3-13.el5_9.1.x86_64.rpm php53-mysql-5.3.3-13.el5_9.1.x86_64.rpm php53-odbc-5.3.3-13.el5_9.1.x86_64.rpm php53-pdo-5.3.3-13.el5_9.1.x86_64.rpm php53-pgsql-5.3.3-13.el5_9.1.x86_64.rpm php53-process-5.3.3-13.el5_9.1.x86_64.rpm php53-pspell-5.3.3-13.el5_9.1.x86_64.rpm php53-snmp-5.3.3-13.el5_9.1.x86_64.rpm php53-soap-5.3.3-13.el5_9.1.x86_64.rpm php53-xml-5.3.3-13.el5_9.1.x86_64.rpm php53-xmlrpc-5.3.3-13.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-13.el5_9.1.src.rpm i386: php53-5.3.3-13.el5_9.1.i386.rpm php53-bcmath-5.3.3-13.el5_9.1.i386.rpm php53-cli-5.3.3-13.el5_9.1.i386.rpm php53-common-5.3.3-13.el5_9.1.i386.rpm php53-dba-5.3.3-13.el5_9.1.i386.rpm php53-debuginfo-5.3.3-13.el5_9.1.i386.rpm php53-devel-5.3.3-13.el5_9.1.i386.rpm php53-gd-5.3.3-13.el5_9.1.i386.rpm php53-imap-5.3.3-13.el5_9.1.i386.rpm php53-intl-5.3.3-13.el5_9.1.i386.rpm php53-ldap-5.3.3-13.el5_9.1.i386.rpm php53-mbstring-5.3.3-13.el5_9.1.i386.rpm php53-mysql-5.3.3-13.el5_9.1.i386.rpm php53-odbc-5.3.3-13.el5_9.1.i386.rpm php53-pdo-5.3.3-13.el5_9.1.i386.rpm php53-pgsql-5.3.3-13.el5_9.1.i386.rpm php53-process-5.3.3-13.el5_9.1.i386.rpm php53-pspell-5.3.3-13.el5_9.1.i386.rpm php53-snmp-5.3.3-13.el5_9.1.i386.rpm php53-soap-5.3.3-13.el5_9.1.i386.rpm php53-xml-5.3.3-13.el5_9.1.i386.rpm php53-xmlrpc-5.3.3-13.el5_9.1.i386.rpm ia64: php53-5.3.3-13.el5_9.1.ia64.rpm php53-bcmath-5.3.3-13.el5_9.1.ia64.rpm php53-cli-5.3.3-13.el5_9.1.ia64.rpm php53-common-5.3.3-13.el5_9.1.ia64.rpm php53-dba-5.3.3-13.el5_9.1.ia64.rpm php53-debuginfo-5.3.3-13.el5_9.1.ia64.rpm php53-devel-5.3.3-13.el5_9.1.ia64.rpm php53-gd-5.3.3-13.el5_9.1.ia64.rpm php53-imap-5.3.3-13.el5_9.1.ia64.rpm php53-intl-5.3.3-13.el5_9.1.ia64.rpm php53-ldap-5.3.3-13.el5_9.1.ia64.rpm php53-mbstring-5.3.3-13.el5_9.1.ia64.rpm php53-mysql-5.3.3-13.el5_9.1.ia64.rpm php53-odbc-5.3.3-13.el5_9.1.ia64.rpm php53-pdo-5.3.3-13.el5_9.1.ia64.rpm php53-pgsql-5.3.3-13.el5_9.1.ia64.rpm php53-process-5.3.3-13.el5_9.1.ia64.rpm php53-pspell-5.3.3-13.el5_9.1.ia64.rpm php53-snmp-5.3.3-13.el5_9.1.ia64.rpm php53-soap-5.3.3-13.el5_9.1.ia64.rpm php53-xml-5.3.3-13.el5_9.1.ia64.rpm php53-xmlrpc-5.3.3-13.el5_9.1.ia64.rpm ppc: php53-5.3.3-13.el5_9.1.ppc.rpm php53-bcmath-5.3.3-13.el5_9.1.ppc.rpm php53-cli-5.3.3-13.el5_9.1.ppc.rpm php53-common-5.3.3-13.el5_9.1.ppc.rpm php53-dba-5.3.3-13.el5_9.1.ppc.rpm php53-debuginfo-5.3.3-13.el5_9.1.ppc.rpm php53-devel-5.3.3-13.el5_9.1.ppc.rpm php53-gd-5.3.3-13.el5_9.1.ppc.rpm php53-imap-5.3.3-13.el5_9.1.ppc.rpm php53-intl-5.3.3-13.el5_9.1.ppc.rpm php53-ldap-5.3.3-13.el5_9.1.ppc.rpm php53-mbstring-5.3.3-13.el5_9.1.ppc.rpm php53-mysql-5.3.3-13.el5_9.1.ppc.rpm php53-odbc-5.3.3-13.el5_9.1.ppc.rpm php53-pdo-5.3.3-13.el5_9.1.ppc.rpm php53-pgsql-5.3.3-13.el5_9.1.ppc.rpm php53-process-5.3.3-13.el5_9.1.ppc.rpm php53-pspell-5.3.3-13.el5_9.1.ppc.rpm php53-snmp-5.3.3-13.el5_9.1.ppc.rpm php53-soap-5.3.3-13.el5_9.1.ppc.rpm php53-xml-5.3.3-13.el5_9.1.ppc.rpm php53-xmlrpc-5.3.3-13.el5_9.1.ppc.rpm s390x: php53-5.3.3-13.el5_9.1.s390x.rpm php53-bcmath-5.3.3-13.el5_9.1.s390x.rpm php53-cli-5.3.3-13.el5_9.1.s390x.rpm php53-common-5.3.3-13.el5_9.1.s390x.rpm php53-dba-5.3.3-13.el5_9.1.s390x.rpm php53-debuginfo-5.3.3-13.el5_9.1.s390x.rpm php53-devel-5.3.3-13.el5_9.1.s390x.rpm php53-gd-5.3.3-13.el5_9.1.s390x.rpm php53-imap-5.3.3-13.el5_9.1.s390x.rpm php53-intl-5.3.3-13.el5_9.1.s390x.rpm php53-ldap-5.3.3-13.el5_9.1.s390x.rpm php53-mbstring-5.3.3-13.el5_9.1.s390x.rpm php53-mysql-5.3.3-13.el5_9.1.s390x.rpm php53-odbc-5.3.3-13.el5_9.1.s390x.rpm php53-pdo-5.3.3-13.el5_9.1.s390x.rpm php53-pgsql-5.3.3-13.el5_9.1.s390x.rpm php53-process-5.3.3-13.el5_9.1.s390x.rpm php53-pspell-5.3.3-13.el5_9.1.s390x.rpm php53-snmp-5.3.3-13.el5_9.1.s390x.rpm php53-soap-5.3.3-13.el5_9.1.s390x.rpm php53-xml-5.3.3-13.el5_9.1.s390x.rpm php53-xmlrpc-5.3.3-13.el5_9.1.s390x.rpm x86_64: php53-5.3.3-13.el5_9.1.x86_64.rpm php53-bcmath-5.3.3-13.el5_9.1.x86_64.rpm php53-cli-5.3.3-13.el5_9.1.x86_64.rpm php53-common-5.3.3-13.el5_9.1.x86_64.rpm php53-dba-5.3.3-13.el5_9.1.x86_64.rpm php53-debuginfo-5.3.3-13.el5_9.1.x86_64.rpm php53-devel-5.3.3-13.el5_9.1.x86_64.rpm php53-gd-5.3.3-13.el5_9.1.x86_64.rpm php53-imap-5.3.3-13.el5_9.1.x86_64.rpm php53-intl-5.3.3-13.el5_9.1.x86_64.rpm php53-ldap-5.3.3-13.el5_9.1.x86_64.rpm php53-mbstring-5.3.3-13.el5_9.1.x86_64.rpm php53-mysql-5.3.3-13.el5_9.1.x86_64.rpm php53-odbc-5.3.3-13.el5_9.1.x86_64.rpm php53-pdo-5.3.3-13.el5_9.1.x86_64.rpm php53-pgsql-5.3.3-13.el5_9.1.x86_64.rpm php53-process-5.3.3-13.el5_9.1.x86_64.rpm php53-pspell-5.3.3-13.el5_9.1.x86_64.rpm php53-snmp-5.3.3-13.el5_9.1.x86_64.rpm php53-soap-5.3.3-13.el5_9.1.x86_64.rpm php53-xml-5.3.3-13.el5_9.1.x86_64.rpm php53-xmlrpc-5.3.3-13.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4113.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR4GkYXlSAg2UNWIIRAo5yAJ9qWrMZal+Bko5DXaueScPJr5j4DgCfYA8H cqeQeW8MtpWqyacv1A5AeXE= =VDs6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 15 20:43:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Jul 2013 20:43:21 +0000 Subject: [RHSA-2013:1059-01] Critical: java-1.6.0-ibm security update Message-ID: <201307152043.r6FKhL8m009046@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2013:1059-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1059.html Issue date: 2013-07-15 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR14 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm ppc: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2437.html https://www.redhat.com/security/data/cve/CVE-2013-2442.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2451.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2464.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2466.html https://www.redhat.com/security/data/cve/CVE-2013-2468.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://www.redhat.com/security/data/cve/CVE-2013-3743.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F7SXlSAg2UNWIIRAoLZAJ0VjJsfypi7E/eTRM17TcAUxLApcgCeOawz KToQFuV/rQGbw/9j9N5it68= =y+B0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 15 20:44:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Jul 2013 20:44:08 +0000 Subject: [RHSA-2013:1060-01] Critical: java-1.7.0-ibm security update Message-ID: <201307152044.r6FKi8c4012482@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2013:1060-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1060.html Issue date: 2013-07-15 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2400 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2462 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3744 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3744) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR5 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975769 - CVE-2013-2462 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975774 - CVE-2013-2400 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975775 - CVE-2013-3744 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.i386.rpm ppc: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.5.0-1jpp.2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2400.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2437.html https://www.redhat.com/security/data/cve/CVE-2013-2442.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2451.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2462.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2464.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2466.html https://www.redhat.com/security/data/cve/CVE-2013-2468.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://www.redhat.com/security/data/cve/CVE-2013-3744.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F8AXlSAg2UNWIIRAiu5AKC0LjZw2DnZ4Hx04VeuK8/Sp1tlRwCcCHIg TyjccVkOdnpFGemmPzDJZco= =RCog -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 15 20:44:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Jul 2013 20:44:56 +0000 Subject: [RHSA-2013:1061-01] Critical: php security update Message-ID: <201307152044.r6FKiuJw024912@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1061-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1061.html Issue date: 2013-07-15 CVE Names: CVE-2013-4113 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.2 and 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: php-5.1.6-23.4.el5_3.src.rpm i386: php-5.1.6-23.4.el5_3.i386.rpm php-bcmath-5.1.6-23.4.el5_3.i386.rpm php-cli-5.1.6-23.4.el5_3.i386.rpm php-common-5.1.6-23.4.el5_3.i386.rpm php-dba-5.1.6-23.4.el5_3.i386.rpm php-debuginfo-5.1.6-23.4.el5_3.i386.rpm php-devel-5.1.6-23.4.el5_3.i386.rpm php-gd-5.1.6-23.4.el5_3.i386.rpm php-imap-5.1.6-23.4.el5_3.i386.rpm php-ldap-5.1.6-23.4.el5_3.i386.rpm php-mbstring-5.1.6-23.4.el5_3.i386.rpm php-mysql-5.1.6-23.4.el5_3.i386.rpm php-ncurses-5.1.6-23.4.el5_3.i386.rpm php-odbc-5.1.6-23.4.el5_3.i386.rpm php-pdo-5.1.6-23.4.el5_3.i386.rpm php-pgsql-5.1.6-23.4.el5_3.i386.rpm php-snmp-5.1.6-23.4.el5_3.i386.rpm php-soap-5.1.6-23.4.el5_3.i386.rpm php-xml-5.1.6-23.4.el5_3.i386.rpm php-xmlrpc-5.1.6-23.4.el5_3.i386.rpm ia64: php-5.1.6-23.4.el5_3.ia64.rpm php-bcmath-5.1.6-23.4.el5_3.ia64.rpm php-cli-5.1.6-23.4.el5_3.ia64.rpm php-common-5.1.6-23.4.el5_3.ia64.rpm php-dba-5.1.6-23.4.el5_3.ia64.rpm php-debuginfo-5.1.6-23.4.el5_3.ia64.rpm php-devel-5.1.6-23.4.el5_3.ia64.rpm php-gd-5.1.6-23.4.el5_3.ia64.rpm php-imap-5.1.6-23.4.el5_3.ia64.rpm php-ldap-5.1.6-23.4.el5_3.ia64.rpm php-mbstring-5.1.6-23.4.el5_3.ia64.rpm php-mysql-5.1.6-23.4.el5_3.ia64.rpm php-ncurses-5.1.6-23.4.el5_3.ia64.rpm php-odbc-5.1.6-23.4.el5_3.ia64.rpm php-pdo-5.1.6-23.4.el5_3.ia64.rpm php-pgsql-5.1.6-23.4.el5_3.ia64.rpm php-snmp-5.1.6-23.4.el5_3.ia64.rpm php-soap-5.1.6-23.4.el5_3.ia64.rpm php-xml-5.1.6-23.4.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.4.el5_3.ia64.rpm x86_64: php-5.1.6-23.4.el5_3.x86_64.rpm php-bcmath-5.1.6-23.4.el5_3.x86_64.rpm php-cli-5.1.6-23.4.el5_3.x86_64.rpm php-common-5.1.6-23.4.el5_3.x86_64.rpm php-dba-5.1.6-23.4.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.4.el5_3.x86_64.rpm php-devel-5.1.6-23.4.el5_3.x86_64.rpm php-gd-5.1.6-23.4.el5_3.x86_64.rpm php-imap-5.1.6-23.4.el5_3.x86_64.rpm php-ldap-5.1.6-23.4.el5_3.x86_64.rpm php-mbstring-5.1.6-23.4.el5_3.x86_64.rpm php-mysql-5.1.6-23.4.el5_3.x86_64.rpm php-ncurses-5.1.6-23.4.el5_3.x86_64.rpm php-odbc-5.1.6-23.4.el5_3.x86_64.rpm php-pdo-5.1.6-23.4.el5_3.x86_64.rpm php-pgsql-5.1.6-23.4.el5_3.x86_64.rpm php-snmp-5.1.6-23.4.el5_3.x86_64.rpm php-soap-5.1.6-23.4.el5_3.x86_64.rpm php-xml-5.1.6-23.4.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.4.el5_3.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php-5.1.6-27.el5_6.5.src.rpm i386: php-5.1.6-27.el5_6.5.i386.rpm php-bcmath-5.1.6-27.el5_6.5.i386.rpm php-cli-5.1.6-27.el5_6.5.i386.rpm php-common-5.1.6-27.el5_6.5.i386.rpm php-dba-5.1.6-27.el5_6.5.i386.rpm php-debuginfo-5.1.6-27.el5_6.5.i386.rpm php-devel-5.1.6-27.el5_6.5.i386.rpm php-gd-5.1.6-27.el5_6.5.i386.rpm php-imap-5.1.6-27.el5_6.5.i386.rpm php-ldap-5.1.6-27.el5_6.5.i386.rpm php-mbstring-5.1.6-27.el5_6.5.i386.rpm php-mysql-5.1.6-27.el5_6.5.i386.rpm php-ncurses-5.1.6-27.el5_6.5.i386.rpm php-odbc-5.1.6-27.el5_6.5.i386.rpm php-pdo-5.1.6-27.el5_6.5.i386.rpm php-pgsql-5.1.6-27.el5_6.5.i386.rpm php-snmp-5.1.6-27.el5_6.5.i386.rpm php-soap-5.1.6-27.el5_6.5.i386.rpm php-xml-5.1.6-27.el5_6.5.i386.rpm php-xmlrpc-5.1.6-27.el5_6.5.i386.rpm ia64: php-5.1.6-27.el5_6.5.ia64.rpm php-bcmath-5.1.6-27.el5_6.5.ia64.rpm php-cli-5.1.6-27.el5_6.5.ia64.rpm php-common-5.1.6-27.el5_6.5.ia64.rpm php-dba-5.1.6-27.el5_6.5.ia64.rpm php-debuginfo-5.1.6-27.el5_6.5.ia64.rpm php-devel-5.1.6-27.el5_6.5.ia64.rpm php-gd-5.1.6-27.el5_6.5.ia64.rpm php-imap-5.1.6-27.el5_6.5.ia64.rpm php-ldap-5.1.6-27.el5_6.5.ia64.rpm php-mbstring-5.1.6-27.el5_6.5.ia64.rpm php-mysql-5.1.6-27.el5_6.5.ia64.rpm php-ncurses-5.1.6-27.el5_6.5.ia64.rpm php-odbc-5.1.6-27.el5_6.5.ia64.rpm php-pdo-5.1.6-27.el5_6.5.ia64.rpm php-pgsql-5.1.6-27.el5_6.5.ia64.rpm php-snmp-5.1.6-27.el5_6.5.ia64.rpm php-soap-5.1.6-27.el5_6.5.ia64.rpm php-xml-5.1.6-27.el5_6.5.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.5.ia64.rpm ppc: php-5.1.6-27.el5_6.5.ppc.rpm php-bcmath-5.1.6-27.el5_6.5.ppc.rpm php-cli-5.1.6-27.el5_6.5.ppc.rpm php-common-5.1.6-27.el5_6.5.ppc.rpm php-dba-5.1.6-27.el5_6.5.ppc.rpm php-debuginfo-5.1.6-27.el5_6.5.ppc.rpm php-devel-5.1.6-27.el5_6.5.ppc.rpm php-gd-5.1.6-27.el5_6.5.ppc.rpm php-imap-5.1.6-27.el5_6.5.ppc.rpm php-ldap-5.1.6-27.el5_6.5.ppc.rpm php-mbstring-5.1.6-27.el5_6.5.ppc.rpm php-mysql-5.1.6-27.el5_6.5.ppc.rpm php-ncurses-5.1.6-27.el5_6.5.ppc.rpm php-odbc-5.1.6-27.el5_6.5.ppc.rpm php-pdo-5.1.6-27.el5_6.5.ppc.rpm php-pgsql-5.1.6-27.el5_6.5.ppc.rpm php-snmp-5.1.6-27.el5_6.5.ppc.rpm php-soap-5.1.6-27.el5_6.5.ppc.rpm php-xml-5.1.6-27.el5_6.5.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.5.ppc.rpm s390x: php-5.1.6-27.el5_6.5.s390x.rpm php-bcmath-5.1.6-27.el5_6.5.s390x.rpm php-cli-5.1.6-27.el5_6.5.s390x.rpm php-common-5.1.6-27.el5_6.5.s390x.rpm php-dba-5.1.6-27.el5_6.5.s390x.rpm php-debuginfo-5.1.6-27.el5_6.5.s390x.rpm php-devel-5.1.6-27.el5_6.5.s390x.rpm php-gd-5.1.6-27.el5_6.5.s390x.rpm php-imap-5.1.6-27.el5_6.5.s390x.rpm php-ldap-5.1.6-27.el5_6.5.s390x.rpm php-mbstring-5.1.6-27.el5_6.5.s390x.rpm php-mysql-5.1.6-27.el5_6.5.s390x.rpm php-ncurses-5.1.6-27.el5_6.5.s390x.rpm php-odbc-5.1.6-27.el5_6.5.s390x.rpm php-pdo-5.1.6-27.el5_6.5.s390x.rpm php-pgsql-5.1.6-27.el5_6.5.s390x.rpm php-snmp-5.1.6-27.el5_6.5.s390x.rpm php-soap-5.1.6-27.el5_6.5.s390x.rpm php-xml-5.1.6-27.el5_6.5.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.5.s390x.rpm x86_64: php-5.1.6-27.el5_6.5.x86_64.rpm php-bcmath-5.1.6-27.el5_6.5.x86_64.rpm php-cli-5.1.6-27.el5_6.5.x86_64.rpm php-common-5.1.6-27.el5_6.5.x86_64.rpm php-dba-5.1.6-27.el5_6.5.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.5.x86_64.rpm php-devel-5.1.6-27.el5_6.5.x86_64.rpm php-gd-5.1.6-27.el5_6.5.x86_64.rpm php-imap-5.1.6-27.el5_6.5.x86_64.rpm php-ldap-5.1.6-27.el5_6.5.x86_64.rpm php-mbstring-5.1.6-27.el5_6.5.x86_64.rpm php-mysql-5.1.6-27.el5_6.5.x86_64.rpm php-ncurses-5.1.6-27.el5_6.5.x86_64.rpm php-odbc-5.1.6-27.el5_6.5.x86_64.rpm php-pdo-5.1.6-27.el5_6.5.x86_64.rpm php-pgsql-5.1.6-27.el5_6.5.x86_64.rpm php-snmp-5.1.6-27.el5_6.5.x86_64.rpm php-soap-5.1.6-27.el5_6.5.x86_64.rpm php-xml-5.1.6-27.el5_6.5.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: php-5.3.3-3.el6_2.10.src.rpm i386: php-5.3.3-3.el6_2.10.i686.rpm php-cli-5.3.3-3.el6_2.10.i686.rpm php-common-5.3.3-3.el6_2.10.i686.rpm php-debuginfo-5.3.3-3.el6_2.10.i686.rpm php-gd-5.3.3-3.el6_2.10.i686.rpm php-ldap-5.3.3-3.el6_2.10.i686.rpm php-mysql-5.3.3-3.el6_2.10.i686.rpm php-odbc-5.3.3-3.el6_2.10.i686.rpm php-pdo-5.3.3-3.el6_2.10.i686.rpm php-pgsql-5.3.3-3.el6_2.10.i686.rpm php-soap-5.3.3-3.el6_2.10.i686.rpm php-xml-5.3.3-3.el6_2.10.i686.rpm php-xmlrpc-5.3.3-3.el6_2.10.i686.rpm ppc64: php-5.3.3-3.el6_2.10.ppc64.rpm php-cli-5.3.3-3.el6_2.10.ppc64.rpm php-common-5.3.3-3.el6_2.10.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.10.ppc64.rpm php-gd-5.3.3-3.el6_2.10.ppc64.rpm php-ldap-5.3.3-3.el6_2.10.ppc64.rpm php-mysql-5.3.3-3.el6_2.10.ppc64.rpm php-odbc-5.3.3-3.el6_2.10.ppc64.rpm php-pdo-5.3.3-3.el6_2.10.ppc64.rpm php-pgsql-5.3.3-3.el6_2.10.ppc64.rpm php-soap-5.3.3-3.el6_2.10.ppc64.rpm php-xml-5.3.3-3.el6_2.10.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.10.ppc64.rpm s390x: php-5.3.3-3.el6_2.10.s390x.rpm php-cli-5.3.3-3.el6_2.10.s390x.rpm php-common-5.3.3-3.el6_2.10.s390x.rpm php-debuginfo-5.3.3-3.el6_2.10.s390x.rpm php-gd-5.3.3-3.el6_2.10.s390x.rpm php-ldap-5.3.3-3.el6_2.10.s390x.rpm php-mysql-5.3.3-3.el6_2.10.s390x.rpm php-odbc-5.3.3-3.el6_2.10.s390x.rpm php-pdo-5.3.3-3.el6_2.10.s390x.rpm php-pgsql-5.3.3-3.el6_2.10.s390x.rpm php-soap-5.3.3-3.el6_2.10.s390x.rpm php-xml-5.3.3-3.el6_2.10.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.10.s390x.rpm x86_64: php-5.3.3-3.el6_2.10.x86_64.rpm php-cli-5.3.3-3.el6_2.10.x86_64.rpm php-common-5.3.3-3.el6_2.10.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.10.x86_64.rpm php-gd-5.3.3-3.el6_2.10.x86_64.rpm php-ldap-5.3.3-3.el6_2.10.x86_64.rpm php-mysql-5.3.3-3.el6_2.10.x86_64.rpm php-odbc-5.3.3-3.el6_2.10.x86_64.rpm php-pdo-5.3.3-3.el6_2.10.x86_64.rpm php-pgsql-5.3.3-3.el6_2.10.x86_64.rpm php-soap-5.3.3-3.el6_2.10.x86_64.rpm php-xml-5.3.3-3.el6_2.10.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.10.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: php-5.3.3-14.el6_3.1.src.rpm i386: php-5.3.3-14.el6_3.1.i686.rpm php-cli-5.3.3-14.el6_3.1.i686.rpm php-common-5.3.3-14.el6_3.1.i686.rpm php-debuginfo-5.3.3-14.el6_3.1.i686.rpm php-gd-5.3.3-14.el6_3.1.i686.rpm php-ldap-5.3.3-14.el6_3.1.i686.rpm php-mysql-5.3.3-14.el6_3.1.i686.rpm php-odbc-5.3.3-14.el6_3.1.i686.rpm php-pdo-5.3.3-14.el6_3.1.i686.rpm php-pgsql-5.3.3-14.el6_3.1.i686.rpm php-soap-5.3.3-14.el6_3.1.i686.rpm php-xml-5.3.3-14.el6_3.1.i686.rpm php-xmlrpc-5.3.3-14.el6_3.1.i686.rpm ppc64: php-5.3.3-14.el6_3.1.ppc64.rpm php-cli-5.3.3-14.el6_3.1.ppc64.rpm php-common-5.3.3-14.el6_3.1.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.1.ppc64.rpm php-gd-5.3.3-14.el6_3.1.ppc64.rpm php-ldap-5.3.3-14.el6_3.1.ppc64.rpm php-mysql-5.3.3-14.el6_3.1.ppc64.rpm php-odbc-5.3.3-14.el6_3.1.ppc64.rpm php-pdo-5.3.3-14.el6_3.1.ppc64.rpm php-pgsql-5.3.3-14.el6_3.1.ppc64.rpm php-soap-5.3.3-14.el6_3.1.ppc64.rpm php-xml-5.3.3-14.el6_3.1.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.1.ppc64.rpm s390x: php-5.3.3-14.el6_3.1.s390x.rpm php-cli-5.3.3-14.el6_3.1.s390x.rpm php-common-5.3.3-14.el6_3.1.s390x.rpm php-debuginfo-5.3.3-14.el6_3.1.s390x.rpm php-gd-5.3.3-14.el6_3.1.s390x.rpm php-ldap-5.3.3-14.el6_3.1.s390x.rpm php-mysql-5.3.3-14.el6_3.1.s390x.rpm php-odbc-5.3.3-14.el6_3.1.s390x.rpm php-pdo-5.3.3-14.el6_3.1.s390x.rpm php-pgsql-5.3.3-14.el6_3.1.s390x.rpm php-soap-5.3.3-14.el6_3.1.s390x.rpm php-xml-5.3.3-14.el6_3.1.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.1.s390x.rpm x86_64: php-5.3.3-14.el6_3.1.x86_64.rpm php-cli-5.3.3-14.el6_3.1.x86_64.rpm php-common-5.3.3-14.el6_3.1.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.1.x86_64.rpm php-gd-5.3.3-14.el6_3.1.x86_64.rpm php-ldap-5.3.3-14.el6_3.1.x86_64.rpm php-mysql-5.3.3-14.el6_3.1.x86_64.rpm php-odbc-5.3.3-14.el6_3.1.x86_64.rpm php-pdo-5.3.3-14.el6_3.1.x86_64.rpm php-pgsql-5.3.3-14.el6_3.1.x86_64.rpm php-soap-5.3.3-14.el6_3.1.x86_64.rpm php-xml-5.3.3-14.el6_3.1.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: php-5.3.3-3.el6_2.10.src.rpm i386: php-bcmath-5.3.3-3.el6_2.10.i686.rpm php-dba-5.3.3-3.el6_2.10.i686.rpm php-debuginfo-5.3.3-3.el6_2.10.i686.rpm php-devel-5.3.3-3.el6_2.10.i686.rpm php-embedded-5.3.3-3.el6_2.10.i686.rpm php-enchant-5.3.3-3.el6_2.10.i686.rpm php-imap-5.3.3-3.el6_2.10.i686.rpm php-intl-5.3.3-3.el6_2.10.i686.rpm php-mbstring-5.3.3-3.el6_2.10.i686.rpm php-process-5.3.3-3.el6_2.10.i686.rpm php-pspell-5.3.3-3.el6_2.10.i686.rpm php-recode-5.3.3-3.el6_2.10.i686.rpm php-snmp-5.3.3-3.el6_2.10.i686.rpm php-tidy-5.3.3-3.el6_2.10.i686.rpm php-zts-5.3.3-3.el6_2.10.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.10.ppc64.rpm php-dba-5.3.3-3.el6_2.10.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.10.ppc64.rpm php-devel-5.3.3-3.el6_2.10.ppc64.rpm php-embedded-5.3.3-3.el6_2.10.ppc64.rpm php-enchant-5.3.3-3.el6_2.10.ppc64.rpm php-imap-5.3.3-3.el6_2.10.ppc64.rpm php-intl-5.3.3-3.el6_2.10.ppc64.rpm php-mbstring-5.3.3-3.el6_2.10.ppc64.rpm php-process-5.3.3-3.el6_2.10.ppc64.rpm php-pspell-5.3.3-3.el6_2.10.ppc64.rpm php-recode-5.3.3-3.el6_2.10.ppc64.rpm php-snmp-5.3.3-3.el6_2.10.ppc64.rpm php-tidy-5.3.3-3.el6_2.10.ppc64.rpm php-zts-5.3.3-3.el6_2.10.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.10.s390x.rpm php-dba-5.3.3-3.el6_2.10.s390x.rpm php-debuginfo-5.3.3-3.el6_2.10.s390x.rpm php-devel-5.3.3-3.el6_2.10.s390x.rpm php-embedded-5.3.3-3.el6_2.10.s390x.rpm php-enchant-5.3.3-3.el6_2.10.s390x.rpm php-imap-5.3.3-3.el6_2.10.s390x.rpm php-intl-5.3.3-3.el6_2.10.s390x.rpm php-mbstring-5.3.3-3.el6_2.10.s390x.rpm php-process-5.3.3-3.el6_2.10.s390x.rpm php-pspell-5.3.3-3.el6_2.10.s390x.rpm php-recode-5.3.3-3.el6_2.10.s390x.rpm php-snmp-5.3.3-3.el6_2.10.s390x.rpm php-tidy-5.3.3-3.el6_2.10.s390x.rpm php-zts-5.3.3-3.el6_2.10.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.10.x86_64.rpm php-dba-5.3.3-3.el6_2.10.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.10.x86_64.rpm php-devel-5.3.3-3.el6_2.10.x86_64.rpm php-embedded-5.3.3-3.el6_2.10.x86_64.rpm php-enchant-5.3.3-3.el6_2.10.x86_64.rpm php-imap-5.3.3-3.el6_2.10.x86_64.rpm php-intl-5.3.3-3.el6_2.10.x86_64.rpm php-mbstring-5.3.3-3.el6_2.10.x86_64.rpm php-process-5.3.3-3.el6_2.10.x86_64.rpm php-pspell-5.3.3-3.el6_2.10.x86_64.rpm php-recode-5.3.3-3.el6_2.10.x86_64.rpm php-snmp-5.3.3-3.el6_2.10.x86_64.rpm php-tidy-5.3.3-3.el6_2.10.x86_64.rpm php-zts-5.3.3-3.el6_2.10.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: php-5.3.3-14.el6_3.1.src.rpm i386: php-bcmath-5.3.3-14.el6_3.1.i686.rpm php-dba-5.3.3-14.el6_3.1.i686.rpm php-debuginfo-5.3.3-14.el6_3.1.i686.rpm php-devel-5.3.3-14.el6_3.1.i686.rpm php-embedded-5.3.3-14.el6_3.1.i686.rpm php-enchant-5.3.3-14.el6_3.1.i686.rpm php-imap-5.3.3-14.el6_3.1.i686.rpm php-intl-5.3.3-14.el6_3.1.i686.rpm php-mbstring-5.3.3-14.el6_3.1.i686.rpm php-process-5.3.3-14.el6_3.1.i686.rpm php-pspell-5.3.3-14.el6_3.1.i686.rpm php-recode-5.3.3-14.el6_3.1.i686.rpm php-snmp-5.3.3-14.el6_3.1.i686.rpm php-tidy-5.3.3-14.el6_3.1.i686.rpm php-zts-5.3.3-14.el6_3.1.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.1.ppc64.rpm php-dba-5.3.3-14.el6_3.1.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.1.ppc64.rpm php-devel-5.3.3-14.el6_3.1.ppc64.rpm php-embedded-5.3.3-14.el6_3.1.ppc64.rpm php-enchant-5.3.3-14.el6_3.1.ppc64.rpm php-imap-5.3.3-14.el6_3.1.ppc64.rpm php-intl-5.3.3-14.el6_3.1.ppc64.rpm php-mbstring-5.3.3-14.el6_3.1.ppc64.rpm php-process-5.3.3-14.el6_3.1.ppc64.rpm php-pspell-5.3.3-14.el6_3.1.ppc64.rpm php-recode-5.3.3-14.el6_3.1.ppc64.rpm php-snmp-5.3.3-14.el6_3.1.ppc64.rpm php-tidy-5.3.3-14.el6_3.1.ppc64.rpm php-zts-5.3.3-14.el6_3.1.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.1.s390x.rpm php-dba-5.3.3-14.el6_3.1.s390x.rpm php-debuginfo-5.3.3-14.el6_3.1.s390x.rpm php-devel-5.3.3-14.el6_3.1.s390x.rpm php-embedded-5.3.3-14.el6_3.1.s390x.rpm php-enchant-5.3.3-14.el6_3.1.s390x.rpm php-imap-5.3.3-14.el6_3.1.s390x.rpm php-intl-5.3.3-14.el6_3.1.s390x.rpm php-mbstring-5.3.3-14.el6_3.1.s390x.rpm php-process-5.3.3-14.el6_3.1.s390x.rpm php-pspell-5.3.3-14.el6_3.1.s390x.rpm php-recode-5.3.3-14.el6_3.1.s390x.rpm php-snmp-5.3.3-14.el6_3.1.s390x.rpm php-tidy-5.3.3-14.el6_3.1.s390x.rpm php-zts-5.3.3-14.el6_3.1.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.1.x86_64.rpm php-dba-5.3.3-14.el6_3.1.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.1.x86_64.rpm php-devel-5.3.3-14.el6_3.1.x86_64.rpm php-embedded-5.3.3-14.el6_3.1.x86_64.rpm php-enchant-5.3.3-14.el6_3.1.x86_64.rpm php-imap-5.3.3-14.el6_3.1.x86_64.rpm php-intl-5.3.3-14.el6_3.1.x86_64.rpm php-mbstring-5.3.3-14.el6_3.1.x86_64.rpm php-process-5.3.3-14.el6_3.1.x86_64.rpm php-pspell-5.3.3-14.el6_3.1.x86_64.rpm php-recode-5.3.3-14.el6_3.1.x86_64.rpm php-snmp-5.3.3-14.el6_3.1.x86_64.rpm php-tidy-5.3.3-14.el6_3.1.x86_64.rpm php-zts-5.3.3-14.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4113.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F8zXlSAg2UNWIIRAtJHAKCv++ycTaLuL6vfgSQ0TmhGUCvGqQCeO8aI dqDaCVC0arj3YDXQ4iBdzok= =jVI3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 15 20:45:25 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Jul 2013 20:45:25 +0000 Subject: [RHSA-2013:1062-01] Critical: php53 security update Message-ID: <201307152045.r6FKjPHC005766@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php53 security update Advisory ID: RHSA-2013:1062-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1062.html Issue date: 2013-07-15 CVE Names: CVE-2013-4113 ===================================================================== 1. Summary: Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: php53-5.3.3-1.el5_6.3.src.rpm i386: php53-5.3.3-1.el5_6.3.i386.rpm php53-bcmath-5.3.3-1.el5_6.3.i386.rpm php53-cli-5.3.3-1.el5_6.3.i386.rpm php53-common-5.3.3-1.el5_6.3.i386.rpm php53-dba-5.3.3-1.el5_6.3.i386.rpm php53-debuginfo-5.3.3-1.el5_6.3.i386.rpm php53-devel-5.3.3-1.el5_6.3.i386.rpm php53-gd-5.3.3-1.el5_6.3.i386.rpm php53-imap-5.3.3-1.el5_6.3.i386.rpm php53-intl-5.3.3-1.el5_6.3.i386.rpm php53-ldap-5.3.3-1.el5_6.3.i386.rpm php53-mbstring-5.3.3-1.el5_6.3.i386.rpm php53-mysql-5.3.3-1.el5_6.3.i386.rpm php53-odbc-5.3.3-1.el5_6.3.i386.rpm php53-pdo-5.3.3-1.el5_6.3.i386.rpm php53-pgsql-5.3.3-1.el5_6.3.i386.rpm php53-process-5.3.3-1.el5_6.3.i386.rpm php53-pspell-5.3.3-1.el5_6.3.i386.rpm php53-snmp-5.3.3-1.el5_6.3.i386.rpm php53-soap-5.3.3-1.el5_6.3.i386.rpm php53-xml-5.3.3-1.el5_6.3.i386.rpm php53-xmlrpc-5.3.3-1.el5_6.3.i386.rpm ia64: php53-5.3.3-1.el5_6.3.ia64.rpm php53-bcmath-5.3.3-1.el5_6.3.ia64.rpm php53-cli-5.3.3-1.el5_6.3.ia64.rpm php53-common-5.3.3-1.el5_6.3.ia64.rpm php53-dba-5.3.3-1.el5_6.3.ia64.rpm php53-debuginfo-5.3.3-1.el5_6.3.ia64.rpm php53-devel-5.3.3-1.el5_6.3.ia64.rpm php53-gd-5.3.3-1.el5_6.3.ia64.rpm php53-imap-5.3.3-1.el5_6.3.ia64.rpm php53-intl-5.3.3-1.el5_6.3.ia64.rpm php53-ldap-5.3.3-1.el5_6.3.ia64.rpm php53-mbstring-5.3.3-1.el5_6.3.ia64.rpm php53-mysql-5.3.3-1.el5_6.3.ia64.rpm php53-odbc-5.3.3-1.el5_6.3.ia64.rpm php53-pdo-5.3.3-1.el5_6.3.ia64.rpm php53-pgsql-5.3.3-1.el5_6.3.ia64.rpm php53-process-5.3.3-1.el5_6.3.ia64.rpm php53-pspell-5.3.3-1.el5_6.3.ia64.rpm php53-snmp-5.3.3-1.el5_6.3.ia64.rpm php53-soap-5.3.3-1.el5_6.3.ia64.rpm php53-xml-5.3.3-1.el5_6.3.ia64.rpm php53-xmlrpc-5.3.3-1.el5_6.3.ia64.rpm ppc: php53-5.3.3-1.el5_6.3.ppc.rpm php53-bcmath-5.3.3-1.el5_6.3.ppc.rpm php53-cli-5.3.3-1.el5_6.3.ppc.rpm php53-common-5.3.3-1.el5_6.3.ppc.rpm php53-dba-5.3.3-1.el5_6.3.ppc.rpm php53-debuginfo-5.3.3-1.el5_6.3.ppc.rpm php53-devel-5.3.3-1.el5_6.3.ppc.rpm php53-gd-5.3.3-1.el5_6.3.ppc.rpm php53-imap-5.3.3-1.el5_6.3.ppc.rpm php53-intl-5.3.3-1.el5_6.3.ppc.rpm php53-ldap-5.3.3-1.el5_6.3.ppc.rpm php53-mbstring-5.3.3-1.el5_6.3.ppc.rpm php53-mysql-5.3.3-1.el5_6.3.ppc.rpm php53-odbc-5.3.3-1.el5_6.3.ppc.rpm php53-pdo-5.3.3-1.el5_6.3.ppc.rpm php53-pgsql-5.3.3-1.el5_6.3.ppc.rpm php53-process-5.3.3-1.el5_6.3.ppc.rpm php53-pspell-5.3.3-1.el5_6.3.ppc.rpm php53-snmp-5.3.3-1.el5_6.3.ppc.rpm php53-soap-5.3.3-1.el5_6.3.ppc.rpm php53-xml-5.3.3-1.el5_6.3.ppc.rpm php53-xmlrpc-5.3.3-1.el5_6.3.ppc.rpm s390x: php53-5.3.3-1.el5_6.3.s390x.rpm php53-bcmath-5.3.3-1.el5_6.3.s390x.rpm php53-cli-5.3.3-1.el5_6.3.s390x.rpm php53-common-5.3.3-1.el5_6.3.s390x.rpm php53-dba-5.3.3-1.el5_6.3.s390x.rpm php53-debuginfo-5.3.3-1.el5_6.3.s390x.rpm php53-devel-5.3.3-1.el5_6.3.s390x.rpm php53-gd-5.3.3-1.el5_6.3.s390x.rpm php53-imap-5.3.3-1.el5_6.3.s390x.rpm php53-intl-5.3.3-1.el5_6.3.s390x.rpm php53-ldap-5.3.3-1.el5_6.3.s390x.rpm php53-mbstring-5.3.3-1.el5_6.3.s390x.rpm php53-mysql-5.3.3-1.el5_6.3.s390x.rpm php53-odbc-5.3.3-1.el5_6.3.s390x.rpm php53-pdo-5.3.3-1.el5_6.3.s390x.rpm php53-pgsql-5.3.3-1.el5_6.3.s390x.rpm php53-process-5.3.3-1.el5_6.3.s390x.rpm php53-pspell-5.3.3-1.el5_6.3.s390x.rpm php53-snmp-5.3.3-1.el5_6.3.s390x.rpm php53-soap-5.3.3-1.el5_6.3.s390x.rpm php53-xml-5.3.3-1.el5_6.3.s390x.rpm php53-xmlrpc-5.3.3-1.el5_6.3.s390x.rpm x86_64: php53-5.3.3-1.el5_6.3.x86_64.rpm php53-bcmath-5.3.3-1.el5_6.3.x86_64.rpm php53-cli-5.3.3-1.el5_6.3.x86_64.rpm php53-common-5.3.3-1.el5_6.3.x86_64.rpm php53-dba-5.3.3-1.el5_6.3.x86_64.rpm php53-debuginfo-5.3.3-1.el5_6.3.x86_64.rpm php53-devel-5.3.3-1.el5_6.3.x86_64.rpm php53-gd-5.3.3-1.el5_6.3.x86_64.rpm php53-imap-5.3.3-1.el5_6.3.x86_64.rpm php53-intl-5.3.3-1.el5_6.3.x86_64.rpm php53-ldap-5.3.3-1.el5_6.3.x86_64.rpm php53-mbstring-5.3.3-1.el5_6.3.x86_64.rpm php53-mysql-5.3.3-1.el5_6.3.x86_64.rpm php53-odbc-5.3.3-1.el5_6.3.x86_64.rpm php53-pdo-5.3.3-1.el5_6.3.x86_64.rpm php53-pgsql-5.3.3-1.el5_6.3.x86_64.rpm php53-process-5.3.3-1.el5_6.3.x86_64.rpm php53-pspell-5.3.3-1.el5_6.3.x86_64.rpm php53-snmp-5.3.3-1.el5_6.3.x86_64.rpm php53-soap-5.3.3-1.el5_6.3.x86_64.rpm php53-xml-5.3.3-1.el5_6.3.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4113.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F9VXlSAg2UNWIIRAo6MAJ9EO2ru35tm7sdXMAK0ZpZ3ebVWYACgoKBd HfxSpnrx+QfUdUk+6S9fP2k= =Pr5k -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 15 20:45:58 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 15 Jul 2013 20:45:58 +0000 Subject: [RHSA-2013:1063-01] Critical: php security update Message-ID: <201307152045.r6FKjwVE005880@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1063-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1063.html Issue date: 2013-07-15 CVE Names: CVE-2013-4113 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: php-4.3.2-56.ent.src.rpm i386: php-4.3.2-56.ent.i386.rpm php-debuginfo-4.3.2-56.ent.i386.rpm php-devel-4.3.2-56.ent.i386.rpm php-imap-4.3.2-56.ent.i386.rpm php-ldap-4.3.2-56.ent.i386.rpm php-mysql-4.3.2-56.ent.i386.rpm php-odbc-4.3.2-56.ent.i386.rpm php-pgsql-4.3.2-56.ent.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: php-4.3.2-56.ent.src.rpm i386: php-4.3.2-56.ent.i386.rpm php-debuginfo-4.3.2-56.ent.i386.rpm php-devel-4.3.2-56.ent.i386.rpm php-imap-4.3.2-56.ent.i386.rpm php-ldap-4.3.2-56.ent.i386.rpm php-mysql-4.3.2-56.ent.i386.rpm php-odbc-4.3.2-56.ent.i386.rpm php-pgsql-4.3.2-56.ent.i386.rpm Red Hat Enterprise Linux AS (v. 4 ELS): Source: php-4.3.9-3.37.el4.src.rpm i386: php-4.3.9-3.37.el4.i386.rpm php-debuginfo-4.3.9-3.37.el4.i386.rpm php-devel-4.3.9-3.37.el4.i386.rpm php-domxml-4.3.9-3.37.el4.i386.rpm php-gd-4.3.9-3.37.el4.i386.rpm php-imap-4.3.9-3.37.el4.i386.rpm php-ldap-4.3.9-3.37.el4.i386.rpm php-mbstring-4.3.9-3.37.el4.i386.rpm php-mysql-4.3.9-3.37.el4.i386.rpm php-ncurses-4.3.9-3.37.el4.i386.rpm php-odbc-4.3.9-3.37.el4.i386.rpm php-pear-4.3.9-3.37.el4.i386.rpm php-pgsql-4.3.9-3.37.el4.i386.rpm php-snmp-4.3.9-3.37.el4.i386.rpm php-xmlrpc-4.3.9-3.37.el4.i386.rpm ia64: php-4.3.9-3.37.el4.ia64.rpm php-debuginfo-4.3.9-3.37.el4.ia64.rpm php-devel-4.3.9-3.37.el4.ia64.rpm php-domxml-4.3.9-3.37.el4.ia64.rpm php-gd-4.3.9-3.37.el4.ia64.rpm php-imap-4.3.9-3.37.el4.ia64.rpm php-ldap-4.3.9-3.37.el4.ia64.rpm php-mbstring-4.3.9-3.37.el4.ia64.rpm php-mysql-4.3.9-3.37.el4.ia64.rpm php-ncurses-4.3.9-3.37.el4.ia64.rpm php-odbc-4.3.9-3.37.el4.ia64.rpm php-pear-4.3.9-3.37.el4.ia64.rpm php-pgsql-4.3.9-3.37.el4.ia64.rpm php-snmp-4.3.9-3.37.el4.ia64.rpm php-xmlrpc-4.3.9-3.37.el4.ia64.rpm x86_64: php-4.3.9-3.37.el4.x86_64.rpm php-debuginfo-4.3.9-3.37.el4.x86_64.rpm php-devel-4.3.9-3.37.el4.x86_64.rpm php-domxml-4.3.9-3.37.el4.x86_64.rpm php-gd-4.3.9-3.37.el4.x86_64.rpm php-imap-4.3.9-3.37.el4.x86_64.rpm php-ldap-4.3.9-3.37.el4.x86_64.rpm php-mbstring-4.3.9-3.37.el4.x86_64.rpm php-mysql-4.3.9-3.37.el4.x86_64.rpm php-ncurses-4.3.9-3.37.el4.x86_64.rpm php-odbc-4.3.9-3.37.el4.x86_64.rpm php-pear-4.3.9-3.37.el4.x86_64.rpm php-pgsql-4.3.9-3.37.el4.x86_64.rpm php-snmp-4.3.9-3.37.el4.x86_64.rpm php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: php-4.3.9-3.37.el4.src.rpm i386: php-4.3.9-3.37.el4.i386.rpm php-debuginfo-4.3.9-3.37.el4.i386.rpm php-devel-4.3.9-3.37.el4.i386.rpm php-domxml-4.3.9-3.37.el4.i386.rpm php-gd-4.3.9-3.37.el4.i386.rpm php-imap-4.3.9-3.37.el4.i386.rpm php-ldap-4.3.9-3.37.el4.i386.rpm php-mbstring-4.3.9-3.37.el4.i386.rpm php-mysql-4.3.9-3.37.el4.i386.rpm php-ncurses-4.3.9-3.37.el4.i386.rpm php-odbc-4.3.9-3.37.el4.i386.rpm php-pear-4.3.9-3.37.el4.i386.rpm php-pgsql-4.3.9-3.37.el4.i386.rpm php-snmp-4.3.9-3.37.el4.i386.rpm php-xmlrpc-4.3.9-3.37.el4.i386.rpm x86_64: php-4.3.9-3.37.el4.x86_64.rpm php-debuginfo-4.3.9-3.37.el4.x86_64.rpm php-devel-4.3.9-3.37.el4.x86_64.rpm php-domxml-4.3.9-3.37.el4.x86_64.rpm php-gd-4.3.9-3.37.el4.x86_64.rpm php-imap-4.3.9-3.37.el4.x86_64.rpm php-ldap-4.3.9-3.37.el4.x86_64.rpm php-mbstring-4.3.9-3.37.el4.x86_64.rpm php-mysql-4.3.9-3.37.el4.x86_64.rpm php-ncurses-4.3.9-3.37.el4.x86_64.rpm php-odbc-4.3.9-3.37.el4.x86_64.rpm php-pear-4.3.9-3.37.el4.x86_64.rpm php-pgsql-4.3.9-3.37.el4.x86_64.rpm php-snmp-4.3.9-3.37.el4.x86_64.rpm php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4113.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5F9yXlSAg2UNWIIRAtPHAJ0bZEnHZYbSGKoho37FhW1N89kP4gCfWxAx GzBqMHdYzJxQ/urUrbFGVck= =aFoP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 16 18:27:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Jul 2013 18:27:38 +0000 Subject: [RHSA-2013:1051-01] Moderate: kernel security and bug fix update Message-ID: <201307161827.r6GIRc4s005297@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1051-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1051.html Issue date: 2013-07-16 CVE Names: CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-2128 CVE-2013-2634 CVE-2013-2635 CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb) were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service. (CVE-2013-2128, Moderate) * Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2852. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 920499 - CVE-2013-0914 Kernel: sa_restorer information leak 920783 - CVE-2013-1848 kernel: ext3: format string issues 922353 - CVE-2012-6548 Kernel: udf: information leak on export 924689 - CVE-2013-2634 kernel: Information leak in the Data Center Bridging (DCB) component 924690 - CVE-2013-2635 kernel: Information leak in the RTNETLINK component 952197 - CVE-2013-3301 Kernel: tracing: NULL pointer dereference 955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg() 955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg() 955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg 968484 - CVE-2013-2128 Kernel: net: oops from tcp_collapse() when using splice(2) 969518 - CVE-2013-2852 kernel: b43: format string leaking into error msgs 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-2.6.32-358.14.1.el6.i686.rpm kernel-debug-2.6.32-358.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm kernel-devel-2.6.32-358.14.1.el6.i686.rpm kernel-headers-2.6.32-358.14.1.el6.i686.rpm perf-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.14.1.el6.noarch.rpm kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm perf-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.14.1.el6.noarch.rpm kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm perf-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-2.6.32-358.14.1.el6.i686.rpm kernel-debug-2.6.32-358.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm kernel-devel-2.6.32-358.14.1.el6.i686.rpm kernel-headers-2.6.32-358.14.1.el6.i686.rpm perf-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.14.1.el6.noarch.rpm kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.14.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.14.1.el6.ppc64.rpm kernel-debug-2.6.32-358.14.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.14.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.14.1.el6.ppc64.rpm kernel-devel-2.6.32-358.14.1.el6.ppc64.rpm kernel-headers-2.6.32-358.14.1.el6.ppc64.rpm perf-2.6.32-358.14.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.14.1.el6.s390x.rpm kernel-debug-2.6.32-358.14.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.14.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.14.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.14.1.el6.s390x.rpm kernel-devel-2.6.32-358.14.1.el6.s390x.rpm kernel-headers-2.6.32-358.14.1.el6.s390x.rpm kernel-kdump-2.6.32-358.14.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.14.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.14.1.el6.s390x.rpm perf-2.6.32-358.14.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.14.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm perf-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.14.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm python-perf-2.6.32-358.14.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.14.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.14.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.14.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.14.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.14.1.el6.s390x.rpm python-perf-2.6.32-358.14.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-2.6.32-358.14.1.el6.i686.rpm kernel-debug-2.6.32-358.14.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm kernel-devel-2.6.32-358.14.1.el6.i686.rpm kernel-headers-2.6.32-358.14.1.el6.i686.rpm perf-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.14.1.el6.noarch.rpm kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm perf-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.14.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm python-perf-2.6.32-358.14.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm python-perf-2.6.32-358.14.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6548.html https://www.redhat.com/security/data/cve/CVE-2013-0914.html https://www.redhat.com/security/data/cve/CVE-2013-1848.html https://www.redhat.com/security/data/cve/CVE-2013-2128.html https://www.redhat.com/security/data/cve/CVE-2013-2634.html https://www.redhat.com/security/data/cve/CVE-2013-2635.html https://www.redhat.com/security/data/cve/CVE-2013-2852.html https://www.redhat.com/security/data/cve/CVE-2013-3222.html https://www.redhat.com/security/data/cve/CVE-2013-3224.html https://www.redhat.com/security/data/cve/CVE-2013-3225.html https://www.redhat.com/security/data/cve/CVE-2013-3301.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5ZCBXlSAg2UNWIIRAu45AJ4wvCIgZc5p6JTP60Jn+m6E6+7aWQCgomY5 SsizMDtk6PKcY/bnlrCqcSQ= =15di -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 16 18:30:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Jul 2013 18:30:03 +0000 Subject: [RHSA-2013:1080-01] Moderate: kernel security and bug fix update Message-ID: <201307161830.r6GIU3As011578@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1080-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1080.html Issue date: 2013-07-16 CVE Names: CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-2128 CVE-2013-2634 CVE-2013-2635 CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. This update fixes the following security issues: * A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb) were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service. (CVE-2013-2128, Moderate) * Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2852. More information on the Red Hat Enterprise Linux 6.4 kernel packages upon which these custom kernel packages are based is available in RHSA-2013:1051: https://rhn.redhat.com/errata/RHSA-2013-1051.html All Red Hat OpenStack 3.0 users deploying the OpenStack Networking service are advised to install these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 This Red Hat OpenStack 3.0 kernel may be installed by running this command while logged in as the root user on a system that has the required entitlements and subscriptions attached: # yum install "kernel-2.6.*.openstack.el6.x86_64" Documentation for both stable and preview releases of Red Hat OpenStack is available at: https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/ In particular it is highly recommended that all users read the Release Notes document for the relevant Red Hat OpenStack release prior to installation. 5. Bugs fixed (http://bugzilla.redhat.com/): 920499 - CVE-2013-0914 Kernel: sa_restorer information leak 920783 - CVE-2013-1848 kernel: ext3: format string issues 922353 - CVE-2012-6548 Kernel: udf: information leak on export 924689 - CVE-2013-2634 kernel: Information leak in the Data Center Bridging (DCB) component 924690 - CVE-2013-2635 kernel: Information leak in the RTNETLINK component 952197 - CVE-2013-3301 Kernel: tracing: NULL pointer dereference 955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg() 955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg() 955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg 968484 - CVE-2013-2128 Kernel: net: oops from tcp_collapse() when using splice(2) 969518 - CVE-2013-2852 kernel: b43: format string leaking into error msgs 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/kernel-2.6.32-358.114.1.openstack.el6.src.rpm noarch: kernel-doc-2.6.32-358.114.1.openstack.el6.noarch.rpm kernel-firmware-2.6.32-358.114.1.openstack.el6.noarch.rpm x86_64: kernel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-devel-2.6.32-358.114.1.openstack.el6.x86_64.rpm kernel-headers-2.6.32-358.114.1.openstack.el6.x86_64.rpm perf-2.6.32-358.114.1.openstack.el6.x86_64.rpm perf-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm python-perf-2.6.32-358.114.1.openstack.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.114.1.openstack.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6548.html https://www.redhat.com/security/data/cve/CVE-2013-0914.html https://www.redhat.com/security/data/cve/CVE-2013-1848.html https://www.redhat.com/security/data/cve/CVE-2013-2128.html https://www.redhat.com/security/data/cve/CVE-2013-2634.html https://www.redhat.com/security/data/cve/CVE-2013-2635.html https://www.redhat.com/security/data/cve/CVE-2013-2852.html https://www.redhat.com/security/data/cve/CVE-2013-3222.html https://www.redhat.com/security/data/cve/CVE-2013-3224.html https://www.redhat.com/security/data/cve/CVE-2013-3225.html https://www.redhat.com/security/data/cve/CVE-2013-3301.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-1051.html https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5ZELXlSAg2UNWIIRAnyEAKCQmfo77gOX4PyGDEpf7KbN4VmvGACgp/ZQ wRA1/svGVSCxEBsM1o9XQeQ= =MQ/x -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 16 18:31:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Jul 2013 18:31:11 +0000 Subject: [RHSA-2013:1081-01] Important: java-1.5.0-ibm security update Message-ID: <201307161831.r6GIVBK4007238@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2013:1081-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1081.html Issue date: 2013-07-16 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP3 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2464.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://www.redhat.com/security/data/cve/CVE-2013-3743.html https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5ZFTXlSAg2UNWIIRAmLoAKCfy4f4XRFpBUc9H7Spg769mGd7rQCdGND3 FM5RCdlpLpFn3epzI03f4mg= =kncq -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 16 18:31:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Jul 2013 18:31:52 +0000 Subject: [RHSA-2013:1083-01] Important: openstack-keystone security update Message-ID: <201307161831.r6GIVqBr002561@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security update Advisory ID: RHSA-2013:1083-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1083.html Issue date: 2013-07-16 CVE Names: CVE-2013-2157 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP (Lightweight Directory Access Protocol) based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds (anonymous binds is a common default), anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password. (CVE-2013-2157) Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Jose Castro Leon of CERN as the original reporter. All users of openstack-keystone are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 971884 - CVE-2013-2157 openstack-keystone: Authentication bypass when using LDAP backend 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.2.4-3.el6ost.src.rpm noarch: openstack-keystone-2012.2.4-3.el6ost.noarch.rpm openstack-keystone-doc-2012.2.4-3.el6ost.noarch.rpm python-keystone-2012.2.4-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2157.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5ZF6XlSAg2UNWIIRAmBbAJoDLeL1sf3+zETgWDgbOdaaR52yTQCdH7Co XaePT9/epZmpoGpxFdjHejU= =Nyfq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 17 19:24:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Jul 2013 19:24:14 +0000 Subject: [RHSA-2013:1090-01] Moderate: ruby security update Message-ID: <201307171924.r6HJOFKq009940@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2013:1090-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1090.html Issue date: 2013-07-17 CVE Names: CVE-2013-4073 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-31.el5_9.src.rpm i386: ruby-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-docs-1.8.5-31.el5_9.i386.rpm ruby-irb-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-rdoc-1.8.5-31.el5_9.i386.rpm ruby-ri-1.8.5-31.el5_9.i386.rpm ruby-tcltk-1.8.5-31.el5_9.i386.rpm x86_64: ruby-1.8.5-31.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-docs-1.8.5-31.el5_9.x86_64.rpm ruby-irb-1.8.5-31.el5_9.x86_64.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.x86_64.rpm ruby-rdoc-1.8.5-31.el5_9.x86_64.rpm ruby-ri-1.8.5-31.el5_9.x86_64.rpm ruby-tcltk-1.8.5-31.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-31.el5_9.src.rpm i386: ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-mode-1.8.5-31.el5_9.i386.rpm x86_64: ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.x86_64.rpm ruby-mode-1.8.5-31.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-31.el5_9.src.rpm i386: ruby-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-docs-1.8.5-31.el5_9.i386.rpm ruby-irb-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-mode-1.8.5-31.el5_9.i386.rpm ruby-rdoc-1.8.5-31.el5_9.i386.rpm ruby-ri-1.8.5-31.el5_9.i386.rpm ruby-tcltk-1.8.5-31.el5_9.i386.rpm ia64: ruby-1.8.5-31.el5_9.ia64.rpm ruby-debuginfo-1.8.5-31.el5_9.ia64.rpm ruby-devel-1.8.5-31.el5_9.ia64.rpm ruby-docs-1.8.5-31.el5_9.ia64.rpm ruby-irb-1.8.5-31.el5_9.ia64.rpm ruby-libs-1.8.5-31.el5_9.ia64.rpm ruby-mode-1.8.5-31.el5_9.ia64.rpm ruby-rdoc-1.8.5-31.el5_9.ia64.rpm ruby-ri-1.8.5-31.el5_9.ia64.rpm ruby-tcltk-1.8.5-31.el5_9.ia64.rpm ppc: ruby-1.8.5-31.el5_9.ppc.rpm ruby-debuginfo-1.8.5-31.el5_9.ppc.rpm ruby-debuginfo-1.8.5-31.el5_9.ppc64.rpm ruby-devel-1.8.5-31.el5_9.ppc.rpm ruby-devel-1.8.5-31.el5_9.ppc64.rpm ruby-docs-1.8.5-31.el5_9.ppc.rpm ruby-irb-1.8.5-31.el5_9.ppc.rpm ruby-libs-1.8.5-31.el5_9.ppc.rpm ruby-libs-1.8.5-31.el5_9.ppc64.rpm ruby-mode-1.8.5-31.el5_9.ppc.rpm ruby-rdoc-1.8.5-31.el5_9.ppc.rpm ruby-ri-1.8.5-31.el5_9.ppc.rpm ruby-tcltk-1.8.5-31.el5_9.ppc.rpm s390x: ruby-1.8.5-31.el5_9.s390x.rpm ruby-debuginfo-1.8.5-31.el5_9.s390.rpm ruby-debuginfo-1.8.5-31.el5_9.s390x.rpm ruby-devel-1.8.5-31.el5_9.s390.rpm ruby-devel-1.8.5-31.el5_9.s390x.rpm ruby-docs-1.8.5-31.el5_9.s390x.rpm ruby-irb-1.8.5-31.el5_9.s390x.rpm ruby-libs-1.8.5-31.el5_9.s390.rpm ruby-libs-1.8.5-31.el5_9.s390x.rpm ruby-mode-1.8.5-31.el5_9.s390x.rpm ruby-rdoc-1.8.5-31.el5_9.s390x.rpm ruby-ri-1.8.5-31.el5_9.s390x.rpm ruby-tcltk-1.8.5-31.el5_9.s390x.rpm x86_64: ruby-1.8.5-31.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.x86_64.rpm ruby-docs-1.8.5-31.el5_9.x86_64.rpm ruby-irb-1.8.5-31.el5_9.x86_64.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.x86_64.rpm ruby-mode-1.8.5-31.el5_9.x86_64.rpm ruby-rdoc-1.8.5-31.el5_9.x86_64.rpm ruby-ri-1.8.5-31.el5_9.x86_64.rpm ruby-tcltk-1.8.5-31.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm ppc64: ruby-1.8.7.352-12.el6_4.ppc64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.ppc.rpm ruby-debuginfo-1.8.7.352-12.el6_4.ppc64.rpm ruby-devel-1.8.7.352-12.el6_4.ppc.rpm ruby-devel-1.8.7.352-12.el6_4.ppc64.rpm ruby-irb-1.8.7.352-12.el6_4.ppc64.rpm ruby-libs-1.8.7.352-12.el6_4.ppc.rpm ruby-libs-1.8.7.352-12.el6_4.ppc64.rpm ruby-rdoc-1.8.7.352-12.el6_4.ppc64.rpm s390x: ruby-1.8.7.352-12.el6_4.s390x.rpm ruby-debuginfo-1.8.7.352-12.el6_4.s390.rpm ruby-debuginfo-1.8.7.352-12.el6_4.s390x.rpm ruby-devel-1.8.7.352-12.el6_4.s390.rpm ruby-devel-1.8.7.352-12.el6_4.s390x.rpm ruby-irb-1.8.7.352-12.el6_4.s390x.rpm ruby-libs-1.8.7.352-12.el6_4.s390.rpm ruby-libs-1.8.7.352-12.el6_4.s390x.rpm ruby-rdoc-1.8.7.352-12.el6_4.s390x.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-12.el6_4.ppc64.rpm ruby-docs-1.8.7.352-12.el6_4.ppc64.rpm ruby-ri-1.8.7.352-12.el6_4.ppc64.rpm ruby-static-1.8.7.352-12.el6_4.ppc64.rpm ruby-tcltk-1.8.7.352-12.el6_4.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-12.el6_4.s390x.rpm ruby-docs-1.8.7.352-12.el6_4.s390x.rpm ruby-ri-1.8.7.352-12.el6_4.s390x.rpm ruby-static-1.8.7.352-12.el6_4.s390x.rpm ruby-tcltk-1.8.7.352-12.el6_4.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-12.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4073.html https://access.redhat.com/security/updates/classification/#moderate http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR5u9MXlSAg2UNWIIRAoTNAJsF5UOODgSYjFV0hbv+1zYZjAL3GQCgn4mP izgdIvlpZEjVXR9sP6zLoBE= =jSh5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 22 17:38:33 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Jul 2013 17:38:33 +0000 Subject: [RHSA-2013:1100-01] Important: qemu-kvm security update Message-ID: <201307221738.r6MHcXkg016843@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2013:1100-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1100.html Issue date: 2013-07-22 CVE Names: CVE-2013-2231 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2231) This issue was discovered by Lev Veyde of Red Hat. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 980757 - CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.6.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2231.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR7W4FXlSAg2UNWIIRAs5xAJ9UDXf8SqgJ8D+6qjnV0RoqsuM4WgCbB57p mziWwvSUONtvs2NP6omFctk= =tLLV -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jul 22 17:39:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Jul 2013 17:39:15 +0000 Subject: [RHSA-2013:1101-01] Important: virtio-win security update Message-ID: <201307221739.r6MHdFjS017010@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: virtio-win security update Advisory ID: RHSA-2013:1101-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1101.html Issue date: 2013-07-22 CVE Names: CVE-2013-2231 ===================================================================== 1. Summary: An updated virtio-win package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - noarch Red Hat Enterprise Linux Server Supplementary (v. 6) - noarch Red Hat Enterprise Linux Workstation Supplementary (v. 6) - noarch 3. Description: The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2231) This issue was discovered by Lev Veyde of Red Hat. Users of virtio-win are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 980757 - CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): noarch: virtio-win-1.6.5-6.el6_4.noarch.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): noarch: virtio-win-1.6.5-6.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): noarch: virtio-win-1.6.5-6.el6_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2231.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR7W4iXlSAg2UNWIIRAh0wAKCTuDc09I4UMqC++i2Rsd+t3XxISQCgrlLb LrIe4+0sMHmVo7Pn4BCsH+Q= =HgDR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 23 17:59:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Jul 2013 17:59:52 +0000 Subject: [RHSA-2013:1103-01] Moderate: ruby193-ruby security update Message-ID: <201307231759.r6NHxr10016281@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-ruby security update Advisory ID: RHSA-2013:1103-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1103.html Issue date: 2013-07-23 CVE Names: CVE-2013-4073 ===================================================================== 1. Summary: Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 (Grizzly). The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust. (CVE-2013-4073) Users of Red Hat OpenStack 3.0 (Grizzly) are advised to upgrade to these updated packages, which correct this issue. After installing the update, the puppetmaster service must be restarted on the Puppet master server, and the puppet service must be restarted on all clients that run the Puppet agent as a daemon. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-ruby-1.9.3.429-34.2.el6ost.src.rpm noarch: ruby193-ruby-irb-1.9.3.429-34.2.el6ost.noarch.rpm ruby193-rubygem-minitest-2.5.1-34.2.el6ost.noarch.rpm ruby193-rubygem-rake-0.9.2.2-34.2.el6ost.noarch.rpm x86_64: ruby193-ruby-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-devel-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-doc-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-libs-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-ruby-tcltk-1.9.3.429-34.2.el6ost.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-34.2.el6ost.x86_64.rpm ruby193-rubygem-io-console-0.3-34.2.el6ost.x86_64.rpm ruby193-rubygem-json-1.5.5-34.2.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4073.html https://access.redhat.com/security/updates/classification/#moderate http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR7sSIXlSAg2UNWIIRAntBAKChxkwZ+fuRog0jEy32pX2PIcfGsACfSLLK NDd8FeL3yCLIrQ56A2jxlso= =3sSR -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 30 02:54:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Jul 2013 02:54:24 +0000 Subject: [RHSA-2013:1114-01] Important: bind security update Message-ID: <201307300254.r6U2sObb013733@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2013:1114-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1114.html Issue date: 2013-07-30 CVE Names: CVE-2013-4854 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 988999 - CVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm ppc64: bind-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm s390x: bind-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.s390x.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.i686.rpm ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.5.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4854.html https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01015 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9yrGXlSAg2UNWIIRAqWkAKDB1AsvbWLbOpEeVYiwYDFuYbv73QCdGdaB ib+VH0FeGnxyQ76US2RIbR8= =ql71 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 30 02:57:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Jul 2013 02:57:59 +0000 Subject: [RHSA-2013:1115-01] Important: bind97 security update Message-ID: <201307300258.r6U2vx9o015217@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2013:1115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1115.html Issue date: 2013-07-30 CVE Names: CVE-2013-4854 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 988999 - CVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-17.P2.el5_9.2.src.rpm i386: bind97-9.7.0-17.P2.el5_9.2.i386.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm x86_64: bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-17.P2.el5_9.2.src.rpm i386: bind97-9.7.0-17.P2.el5_9.2.i386.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm ia64: bind97-9.7.0-17.P2.el5_9.2.ia64.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.ia64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.ia64.rpm bind97-devel-9.7.0-17.P2.el5_9.2.ia64.rpm bind97-libs-9.7.0-17.P2.el5_9.2.ia64.rpm bind97-utils-9.7.0-17.P2.el5_9.2.ia64.rpm ppc: bind97-9.7.0-17.P2.el5_9.2.ppc.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.ppc.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.ppc.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.ppc64.rpm bind97-devel-9.7.0-17.P2.el5_9.2.ppc.rpm bind97-devel-9.7.0-17.P2.el5_9.2.ppc64.rpm bind97-libs-9.7.0-17.P2.el5_9.2.ppc.rpm bind97-libs-9.7.0-17.P2.el5_9.2.ppc64.rpm bind97-utils-9.7.0-17.P2.el5_9.2.ppc.rpm s390x: bind97-9.7.0-17.P2.el5_9.2.s390x.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.s390x.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.s390.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.s390x.rpm bind97-devel-9.7.0-17.P2.el5_9.2.s390.rpm bind97-devel-9.7.0-17.P2.el5_9.2.s390x.rpm bind97-libs-9.7.0-17.P2.el5_9.2.s390.rpm bind97-libs-9.7.0-17.P2.el5_9.2.s390x.rpm bind97-utils-9.7.0-17.P2.el5_9.2.s390x.rpm x86_64: bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4854.html https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01015 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9yuoXlSAg2UNWIIRAoiIAJ4uXrHluCq+LcppcdETpaeBkiw5RwCgwTbo LdLPCQNKPeerbiJ5C2j6kAk= =3wS1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 30 17:01:53 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Jul 2013 17:01:53 +0000 Subject: [RHSA-2013:1119-01] Moderate: 389-ds-base security and bug fix update Message-ID: <201307301701.r6UH1raN020611@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2013:1119-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1119.html Issue date: 2013-07-30 CVE Names: CVE-2013-2219 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker (with permission to query the Directory Server) could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes. (CVE-2013-2219) This issue was discovered by Ludwig Krispenz of Red Hat. This update also fixes the following bugs: * Previously, the disk monitoring feature did not function properly. If logging functionality was set to critical and logging was disabled, rotated logs would be deleted. If the attribute "nsslapd-errorlog-level" was explicitly set to any value, even zero, the disk monitoring feature would not stop the Directory Server when it was supposed to. This update corrects the disk monitoring feature settings, and it no longer malfunctions in the described scenarios. (BZ#972930) * Previously, setting the "nsslapd-disk-monitoring-threshold" attribute via ldapmodify to a large value worked as expected; however, a bug in ldapsearch caused such values for the option to be displayed as negative values. This update corrects the bug in ldapsearch and correct values are now displayed. (BZ#984970) * If logging functionality was not set to critical, then the mount point for the logs directory was incorrectly skipped during the disk space check. (BZ#987850) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979508 - CVE-2013-2219 Directory Server: ACLs inoperative in some search scenarios 984970 - Overflow in nsslapd-disk-monitoring-threshold 987850 - Disk Monitoring not checking filesystem with logs 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm x86_64: 389-ds-base-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-20.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-20.el6_4.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-20.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-20.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2219.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9/FkXlSAg2UNWIIRAn68AJ0QZFBgJigq8BZbOh7BRE0uCwQ6PwCeLEAI 4vEiKXLdGn1hjRhwB+QtY8k= =FERY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 30 17:02:27 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Jul 2013 17:02:27 +0000 Subject: [RHSA-2013:1120-01] Moderate: haproxy security update Message-ID: <201307301702.r6UH2SiW021930@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: haproxy security update Advisory ID: RHSA-2013:1120-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1120.html Issue date: 2013-07-30 CVE Names: CVE-2013-2175 ===================================================================== 1. Summary: An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Load Balancer (v. 6) - i386, x86_64 3. Description: HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration. (CVE-2013-2175) Red Hat would like to thank HAProxy upstream for reporting this issue. Upstream acknowledges David Torgerson as the original reporter. HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6. More information about Red Hat Technology Previews is available at https://access.redhat.com/support/offerings/techpreview/ All users of haproxy are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 974259 - CVE-2013-2175 haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service 6. Package List: Red Hat Enterprise Linux Load Balancer (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/haproxy-1.4.22-5.el6_4.src.rpm i386: haproxy-1.4.22-5.el6_4.i686.rpm haproxy-debuginfo-1.4.22-5.el6_4.i686.rpm x86_64: haproxy-1.4.22-5.el6_4.x86_64.rpm haproxy-debuginfo-1.4.22-5.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2175.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9/GOXlSAg2UNWIIRApRYAJ0Q78qLAJW2g94MPR9ef/DfEQWWgQCdEo05 R4rOHZ1Y9GsJYXWDyMCtAEs= =Ohr5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jul 30 17:03:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Jul 2013 17:03:18 +0000 Subject: [RHSA-2013:1121-01] Low: sos security update Message-ID: <201307301703.r6UH3It2007253@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sos security update Advisory ID: RHSA-2013:1121-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1121.html Issue date: 2013-07-30 CVE Names: CVE-2012-2664 ===================================================================== 1. Summary: An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password. (CVE-2012-2664) Note: This issue affected all installations, not only systems installed via Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation types. The utility also collects yum repository information from "/etc/yum.repos.d" which in uncommon configurations may contain passwords. Any http_proxy password specified in these files will now be automatically removed. Passwords embedded within URLs in these files should be manually removed or the files excluded from the archive. All users of sos are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 826884 - CVE-2012-2664 sosreport does not blank root password in anaconda plugin 965807 - sosreport does not blankout password in anaconda-ks.cfg and yum.repo 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sos-1.7-9.62.el5_9.1.src.rpm noarch: sos-1.7-9.62.el5_9.1.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sos-1.7-9.62.el5_9.1.src.rpm noarch: sos-1.7-9.62.el5_9.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2664.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR9/G0XlSAg2UNWIIRApyvAJ0Szp3VFy5Leg6Weu5k7t3JwPQvzgCfSRKV S/EJpqtw49kaCSwpLDmcBVM= =2o7s -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jul 31 18:17:32 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 31 Jul 2013 18:17:32 +0000 Subject: [RHSA-2013:1126-01] Low: Red Hat Enterprise Linux 3 Extended Lifecycle Support 6-Month Notice Message-ID: <201307311817.r6VIHW3I022516@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 3 Extended Lifecycle Support 6-Month Notice Advisory ID: RHSA-2013:1126-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1126.html Issue date: 2013-07-31 ===================================================================== 1. Summary: This is the 6-Month notification for the retirement of Red Hat Enterprise Linux 3 Extended Lifecycle Support (ELS). 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support (ELS) for Red Hat Enterprise Linux 3 will be retired on January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, after January 30, 2014, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support (ELS) channel for Red Hat Enterprise Linux 3. We encourage customers to plan their migration from Red Hat Enterprise Linux 3 to a more recent version of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release or Red Hat Enterprise Linux 6 release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this end of life notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: redhat-release-3AS-13.9.15.src.rpm i386: redhat-release-3AS-13.9.15.i386.rpm redhat-release-debuginfo-3AS-13.9.15.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: redhat-release-3ES-13.9.15.src.rpm i386: redhat-release-3ES-13.9.15.i386.rpm redhat-release-debuginfo-3ES-13.9.15.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR+VSkXlSAg2UNWIIRAiBQAJwKU1io0m9UGALa38kWkayaECHQdACfQTMz m4V50Ids13KshIDe0fOCgDY= =H9jV -----END PGP SIGNATURE-----