From bugzilla at redhat.com Mon Jun 3 17:46:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Jun 2013 17:46:50 +0000 Subject: [RHSA-2013:0895-01] Low: Red Hat Enterprise Linux 6.1 Extended Update Support Retirement Notice Message-ID: <201306031746.r53HkoNk013590@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.1 Extended Update Support Retirement Notice Advisory ID: RHSA-2013:0895-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0895.html Issue date: 2013-06-03 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat Enterprise Linux 6.1 Extended Update Support (EUS). 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.1 was retired on May 31, 2013, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.1 EUS. In addition, technical support through Red Hat's Global Support Services is no longer provided. Note: This notification applies only to those customers with subscriptions to the Extended Update Support (EUS) channels for Red Hat Enterprise Linux 6.1. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.1 to a more recent version of Red Hat Enterprise Linux 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release (6.2, 6.3, or 6.4, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release-server package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.1): Source: redhat-release-server-6Server-6.1.0.5.el6_1.src.rpm i386: redhat-release-server-6Server-6.1.0.5.el6_1.i686.rpm ppc64: redhat-release-server-6Server-6.1.0.5.el6_1.ppc64.rpm s390x: redhat-release-server-6Server-6.1.0.5.el6_1.s390x.rpm x86_64: redhat-release-server-6Server-6.1.0.5.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRrNZeXlSAg2UNWIIRAqFUAJ9hLhLcM3vBN+0ZivzcjCJhoEA2UgCeOMek M7GWtQxkqi2rDKj9cCZqXKk= =nGz4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 3 17:47:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Jun 2013 17:47:36 +0000 Subject: [RHSA-2013:0896-01] Moderate: qemu-kvm security and bug fix update Message-ID: <201306031747.r53HlaP2013827@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security and bug fix update Advisory ID: RHSA-2013:0896-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0896.html Issue date: 2013-06-03 CVE Names: CVE-2013-2007 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent (the "qemu-ga" service) created certain files with world-writable permissions when run in daemon mode (the default mode). An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the contents of the log. When a UNIX domain socket transport was explicitly configured to be used (not the default), an unprivileged guest user could potentially use this flaw to escalate their privileges in the guest. This update requires manual action. Refer below for details. (CVE-2013-2007) This update does not change the permissions of the existing log file or the UNIX domain socket. For these to be changed, stop the qemu-ga service, and then manually remove all "group" and "other" permissions on the affected files, or remove the files. Note that after installing this update, files created by the guest-file-open QEMU Monitor Protocol (QMP) command will still continue to be created with world-writable permissions for backwards compatibility. This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bugs: * Previously, due to integer overflow in code calculations, the qemu-kvm utility was reporting incorrect memory size on QMP events when using the virtio balloon driver with more than 4 GB of memory. This update fixes the overflow in the code and qemu-kvm works as expected in the described scenario. (BZ#958750) * When the set_link flag is set to "off" to change the status of a network card, the status is changed to "down" on the respective guest. Previously, with certain network cards, when such a guest was restarted, the status of the network card was unexpectedly reset to "up", even though the network was unavailable. A patch has been provided to address this bug and the link status change is now preserved across restarts for all network cards. (BZ#927591) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 927591 - use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest 956082 - CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.5.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.5.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2007.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRrNacXlSAg2UNWIIRAtYCAKCu8x0HIswSU49PqWMvvTDx1b9G5ACfbgRC ZFZNTYvvCiTTUGFY7fxlk+E= =WIq9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 3 17:48:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Jun 2013 17:48:38 +0000 Subject: [RHSA-2013:0897-01] Important: mesa security update Message-ID: <201306031748.r53HmcZT014047@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mesa security update Advisory ID: RHSA-2013:0897-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0897.html Issue date: 2013-06-03 CVE Names: CVE-2013-1872 CVE-2013-1993 ===================================================================== 1. Summary: Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 923584 - CVE-2013-1872 Mesa: Memory corruption (OOB read/write) on intel drivers 961613 - CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: glx-utils-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm x86_64: glx-utils-9.0-0.8.el6_4.3.x86_64.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-demos-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm x86_64: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-demos-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm x86_64: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm x86_64: glx-utils-9.0-0.8.el6_4.3.x86_64.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-demos-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: glx-utils-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm ppc64: glx-utils-9.0-0.8.el6_4.3.ppc64.rpm mesa-debuginfo-9.0-0.8.el6_4.3.ppc.rpm mesa-debuginfo-9.0-0.8.el6_4.3.ppc64.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.ppc.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.ppc64.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.ppc.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.ppc64.rpm mesa-libGL-9.0-0.8.el6_4.3.ppc.rpm mesa-libGL-9.0-0.8.el6_4.3.ppc64.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.ppc.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.ppc64.rpm mesa-libGLU-9.0-0.8.el6_4.3.ppc.rpm mesa-libGLU-9.0-0.8.el6_4.3.ppc64.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.ppc.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.ppc64.rpm s390x: glx-utils-9.0-0.8.el6_4.3.s390x.rpm mesa-debuginfo-9.0-0.8.el6_4.3.s390.rpm mesa-debuginfo-9.0-0.8.el6_4.3.s390x.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.s390.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.s390x.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.s390.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.s390x.rpm mesa-libGL-9.0-0.8.el6_4.3.s390.rpm mesa-libGL-9.0-0.8.el6_4.3.s390x.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.s390.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.s390x.rpm mesa-libGLU-9.0-0.8.el6_4.3.s390.rpm mesa-libGLU-9.0-0.8.el6_4.3.s390x.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.s390.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.s390x.rpm x86_64: glx-utils-9.0-0.8.el6_4.3.x86_64.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-demos-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm ppc64: mesa-debuginfo-9.0-0.8.el6_4.3.ppc.rpm mesa-debuginfo-9.0-0.8.el6_4.3.ppc64.rpm mesa-demos-9.0-0.8.el6_4.3.ppc64.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.ppc.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.ppc64.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.ppc.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.ppc64.rpm s390x: mesa-debuginfo-9.0-0.8.el6_4.3.s390.rpm mesa-debuginfo-9.0-0.8.el6_4.3.s390x.rpm mesa-demos-9.0-0.8.el6_4.3.s390x.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.s390.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.s390x.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.s390.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.s390x.rpm x86_64: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-demos-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: glx-utils-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm x86_64: glx-utils-9.0-0.8.el6_4.3.x86_64.rpm mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.i686.rpm mesa-dri-drivers-9.0-0.8.el6_4.3.x86_64.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.i686.rpm mesa-dri-filesystem-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGL-devel-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-9.0-0.8.el6_4.3.x86_64.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libGLU-devel-9.0-0.8.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mesa-9.0-0.8.el6_4.3.src.rpm i386: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-demos-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm x86_64: mesa-debuginfo-9.0-0.8.el6_4.3.i686.rpm mesa-debuginfo-9.0-0.8.el6_4.3.x86_64.rpm mesa-demos-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-9.0-0.8.el6_4.3.x86_64.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.i686.rpm mesa-libOSMesa-devel-9.0-0.8.el6_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1872.html https://www.redhat.com/security/data/cve/CVE-2013-1993.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRrNbTXlSAg2UNWIIRAr5SAJ9bH8gqJzPVhqmsMZC0LD3gsPdmUgCfeNaR 4LwLpr8Jdsr4JAITFuavIig= =PI+3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 3 17:50:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Jun 2013 17:50:36 +0000 Subject: [RHSA-2013:0898-01] Moderate: mesa security update Message-ID: <201306031750.r53Hoauk020694@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mesa security update Advisory ID: RHSA-2013:0898-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0898.html Issue date: 2013-06-03 CVE Names: CVE-2013-1993 ===================================================================== 1. Summary: Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 961613 - CVE-2013-1993 Mesa: Multiple integer overflows leading to heap-based bufer overflows 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mesa-6.5.1-7.11.el5_9.src.rpm i386: glx-utils-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.i386.rpm mesa-source-6.5.1-7.11.el5_9.i386.rpm x86_64: glx-utils-6.5.1-7.11.el5_9.x86_64.rpm mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGL-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLU-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLw-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-6.5.1-7.11.el5_9.x86_64.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.x86_64.rpm mesa-source-6.5.1-7.11.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mesa-6.5.1-7.11.el5_9.src.rpm i386: mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.i386.rpm x86_64: mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mesa-6.5.1-7.11.el5_9.src.rpm i386: glx-utils-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.i386.rpm mesa-source-6.5.1-7.11.el5_9.i386.rpm ia64: glx-utils-6.5.1-7.11.el5_9.ia64.rpm mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.ia64.rpm mesa-libGL-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-6.5.1-7.11.el5_9.ia64.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.ia64.rpm mesa-libGLU-6.5.1-7.11.el5_9.ia64.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.ia64.rpm mesa-libGLw-6.5.1-7.11.el5_9.ia64.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.ia64.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.ia64.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.ia64.rpm mesa-source-6.5.1-7.11.el5_9.ia64.rpm ppc: glx-utils-6.5.1-7.11.el5_9.ppc.rpm mesa-debuginfo-6.5.1-7.11.el5_9.ppc.rpm mesa-debuginfo-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGL-6.5.1-7.11.el5_9.ppc.rpm mesa-libGL-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.ppc.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGLU-6.5.1-7.11.el5_9.ppc.rpm mesa-libGLU-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.ppc.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGLw-6.5.1-7.11.el5_9.ppc.rpm mesa-libGLw-6.5.1-7.11.el5_9.ppc64.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.ppc.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.ppc64.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.ppc.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.ppc64.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.ppc.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.ppc64.rpm mesa-source-6.5.1-7.11.el5_9.ppc.rpm s390x: glx-utils-6.5.1-7.11.el5_9.s390x.rpm mesa-debuginfo-6.5.1-7.11.el5_9.s390.rpm mesa-debuginfo-6.5.1-7.11.el5_9.s390x.rpm mesa-libGL-6.5.1-7.11.el5_9.s390.rpm mesa-libGL-6.5.1-7.11.el5_9.s390x.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.s390.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.s390x.rpm mesa-libGLU-6.5.1-7.11.el5_9.s390.rpm mesa-libGLU-6.5.1-7.11.el5_9.s390x.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.s390.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.s390x.rpm mesa-libGLw-6.5.1-7.11.el5_9.s390.rpm mesa-libGLw-6.5.1-7.11.el5_9.s390x.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.s390.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.s390x.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.s390.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.s390x.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.s390.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.s390x.rpm mesa-source-6.5.1-7.11.el5_9.s390x.rpm x86_64: glx-utils-6.5.1-7.11.el5_9.x86_64.rpm mesa-debuginfo-6.5.1-7.11.el5_9.i386.rpm mesa-debuginfo-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGL-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGL-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLU-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLU-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLw-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-6.5.1-7.11.el5_9.x86_64.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libGLw-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-6.5.1-7.11.el5_9.x86_64.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.i386.rpm mesa-libOSMesa-devel-6.5.1-7.11.el5_9.x86_64.rpm mesa-source-6.5.1-7.11.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1993.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRrNdGXlSAg2UNWIIRArJwAJ4hGiFY+7y/YhJ3Zz54TctpuFEhwwCeJEqA R9bD0gup3+nMUqFJ/X5sL08= =98zo -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 10 21:09:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Jun 2013 21:09:24 +0000 Subject: [RHSA-2013:0911-01] Important: kernel security, bug fix, and enhancement update Message-ID: <201306102109.r5AL9PdO016656@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2013:0911-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0911.html Issue date: 2013-06-10 CVE Names: CVE-2013-1935 CVE-2013-1943 CVE-2013-2017 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935, Important) * A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1943, Important) * A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system. (CVE-2013-2017, Moderate) Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 949981 - CVE-2013-1935 kernel: kvm: pv_eoi guest updates with interrupts disabled 950490 - CVE-2013-1943 kernel: kvm: missing check in kvm_set_memory_region() 957705 - CVE-2013-2017 kernel: veth: double-free flaw in case of congestion 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-2.6.32-358.11.1.el6.i686.rpm kernel-debug-2.6.32-358.11.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm kernel-devel-2.6.32-358.11.1.el6.i686.rpm kernel-headers-2.6.32-358.11.1.el6.i686.rpm perf-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.11.1.el6.noarch.rpm kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm perf-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.11.1.el6.noarch.rpm kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm perf-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-2.6.32-358.11.1.el6.i686.rpm kernel-debug-2.6.32-358.11.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm kernel-devel-2.6.32-358.11.1.el6.i686.rpm kernel-headers-2.6.32-358.11.1.el6.i686.rpm perf-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.11.1.el6.noarch.rpm kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.11.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.11.1.el6.ppc64.rpm kernel-debug-2.6.32-358.11.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.11.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.11.1.el6.ppc64.rpm kernel-devel-2.6.32-358.11.1.el6.ppc64.rpm kernel-headers-2.6.32-358.11.1.el6.ppc64.rpm perf-2.6.32-358.11.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.11.1.el6.s390x.rpm kernel-debug-2.6.32-358.11.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.11.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.11.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.11.1.el6.s390x.rpm kernel-devel-2.6.32-358.11.1.el6.s390x.rpm kernel-headers-2.6.32-358.11.1.el6.s390x.rpm kernel-kdump-2.6.32-358.11.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.11.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.11.1.el6.s390x.rpm perf-2.6.32-358.11.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.11.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm perf-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.11.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm python-perf-2.6.32-358.11.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.11.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.11.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.11.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.11.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.11.1.el6.s390x.rpm python-perf-2.6.32-358.11.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-2.6.32-358.11.1.el6.i686.rpm kernel-debug-2.6.32-358.11.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm kernel-devel-2.6.32-358.11.1.el6.i686.rpm kernel-headers-2.6.32-358.11.1.el6.i686.rpm perf-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.11.1.el6.noarch.rpm kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm perf-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.11.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.11.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.11.1.el6.i686.rpm perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm python-perf-2.6.32-358.11.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm python-perf-2.6.32-358.11.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.11.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1935.html https://www.redhat.com/security/data/cve/CVE-2013-1943.html https://www.redhat.com/security/data/cve/CVE-2013-2017.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRtkB1XlSAg2UNWIIRAqPmAJ49NbAmEBCnsjCy+wRmjBDv5CU+6gCfSZ9F cY89NYgRw1gVK/MMDMnr+yk= =s0x3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 11 17:42:58 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Jun 2013 17:42:58 +0000 Subject: [RHSA-2013:0928-01] Important: kernel security and bug fix update Message-ID: <201306111742.r5BHgxnt000727@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:0928-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0928.html Issue date: 2013-06-11 CVE Names: CVE-2012-4542 CVE-2013-0311 CVE-2013-1767 CVE-2013-1773 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM (Kernel-based Virtual Machine) guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) Red Hat would like to thank Andrew Honig of Google for reporting the CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798 issues. The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes 912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor 915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object 916115 - CVE-2013-1773 kernel: VFAT slab-based buffer overflow 917012 - CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME 917013 - CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME 917017 - CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads 920783 - CVE-2013-1848 kernel: ext3: format string issues 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.3): Source: kernel-2.6.32-279.31.1.el6.src.rpm i386: kernel-2.6.32-279.31.1.el6.i686.rpm kernel-debug-2.6.32-279.31.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.31.1.el6.i686.rpm kernel-devel-2.6.32-279.31.1.el6.i686.rpm kernel-headers-2.6.32-279.31.1.el6.i686.rpm perf-2.6.32-279.31.1.el6.i686.rpm perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.31.1.el6.noarch.rpm kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.31.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.31.1.el6.ppc64.rpm kernel-devel-2.6.32-279.31.1.el6.ppc64.rpm kernel-headers-2.6.32-279.31.1.el6.ppc64.rpm perf-2.6.32-279.31.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.31.1.el6.s390x.rpm kernel-devel-2.6.32-279.31.1.el6.s390x.rpm kernel-headers-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.31.1.el6.s390x.rpm perf-2.6.32-279.31.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.31.1.el6.x86_64.rpm kernel-devel-2.6.32-279.31.1.el6.x86_64.rpm kernel-headers-2.6.32-279.31.1.el6.x86_64.rpm perf-2.6.32-279.31.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: kernel-2.6.32-279.31.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.31.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.31.1.el6.i686.rpm perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm python-perf-2.6.32-279.31.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.31.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm python-perf-2.6.32-279.31.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.31.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.31.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.31.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm python-perf-2.6.32-279.31.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.31.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm python-perf-2.6.32-279.31.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4542.html https://www.redhat.com/security/data/cve/CVE-2013-0311.html https://www.redhat.com/security/data/cve/CVE-2013-1767.html https://www.redhat.com/security/data/cve/CVE-2013-1773.html https://www.redhat.com/security/data/cve/CVE-2013-1796.html https://www.redhat.com/security/data/cve/CVE-2013-1797.html https://www.redhat.com/security/data/cve/CVE-2013-1798.html https://www.redhat.com/security/data/cve/CVE-2013-1848.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRt2GMXlSAg2UNWIIRAtsEAKCXUp7E7+w25NzbK8vmbVV/m0TsKACeNv5a r3NI91zOo4ypS0/SIG4i5TQ= =5o+0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 12 09:10:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Jun 2013 09:10:28 +0000 Subject: [RHSA-2013:0941-01] Critical: flash-plugin security update Message-ID: <201306120909.r5C99NlH017227@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0941-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0941.html Issue date: 2013-06-12 CVE Names: CVE-2013-3343 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-16, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-3343) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.291. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973404 - CVE-2013-3343 flash-plugin: code execution flaw (APSB13-16) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.291-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.291-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.291-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.291-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.291-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.291-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.291-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.291-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.291-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.291-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3343.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-16.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRuDq8XlSAg2UNWIIRAudBAKCIVhRxSaURyekTXeB5ZyRIfDVUvQCgjCtK KzfMsUixmMSIFxWMB50bqNc= =QOhj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 12 16:57:42 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Jun 2013 16:57:42 +0000 Subject: [RHSA-2013:0942-01] Moderate: krb5 security update Message-ID: <201306121657.r5CGvlk5031297@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2013:0942-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0942.html Issue date: 2013-06-12 CVE Names: CVE-2002-2443 ===================================================================== 1. Summary: Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 962531 - CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-70.el5_9.2.src.rpm i386: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-workstation-1.6.1-70.el5_9.2.i386.rpm x86_64: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-debuginfo-1.6.1-70.el5_9.2.x86_64.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.x86_64.rpm krb5-workstation-1.6.1-70.el5_9.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.6.1-70.el5_9.2.src.rpm i386: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-server-1.6.1-70.el5_9.2.i386.rpm krb5-server-ldap-1.6.1-70.el5_9.2.i386.rpm x86_64: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-debuginfo-1.6.1-70.el5_9.2.x86_64.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-ldap-1.6.1-70.el5_9.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/krb5-1.6.1-70.el5_9.2.src.rpm i386: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-server-1.6.1-70.el5_9.2.i386.rpm krb5-server-ldap-1.6.1-70.el5_9.2.i386.rpm krb5-workstation-1.6.1-70.el5_9.2.i386.rpm ia64: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-debuginfo-1.6.1-70.el5_9.2.ia64.rpm krb5-devel-1.6.1-70.el5_9.2.ia64.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.ia64.rpm krb5-server-1.6.1-70.el5_9.2.ia64.rpm krb5-server-ldap-1.6.1-70.el5_9.2.ia64.rpm krb5-workstation-1.6.1-70.el5_9.2.ia64.rpm ppc: krb5-debuginfo-1.6.1-70.el5_9.2.ppc.rpm krb5-debuginfo-1.6.1-70.el5_9.2.ppc64.rpm krb5-devel-1.6.1-70.el5_9.2.ppc.rpm krb5-devel-1.6.1-70.el5_9.2.ppc64.rpm krb5-libs-1.6.1-70.el5_9.2.ppc.rpm krb5-libs-1.6.1-70.el5_9.2.ppc64.rpm krb5-server-1.6.1-70.el5_9.2.ppc.rpm krb5-server-ldap-1.6.1-70.el5_9.2.ppc.rpm krb5-workstation-1.6.1-70.el5_9.2.ppc.rpm s390x: krb5-debuginfo-1.6.1-70.el5_9.2.s390.rpm krb5-debuginfo-1.6.1-70.el5_9.2.s390x.rpm krb5-devel-1.6.1-70.el5_9.2.s390.rpm krb5-devel-1.6.1-70.el5_9.2.s390x.rpm krb5-libs-1.6.1-70.el5_9.2.s390.rpm krb5-libs-1.6.1-70.el5_9.2.s390x.rpm krb5-server-1.6.1-70.el5_9.2.s390x.rpm krb5-server-ldap-1.6.1-70.el5_9.2.s390x.rpm krb5-workstation-1.6.1-70.el5_9.2.s390x.rpm x86_64: krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-debuginfo-1.6.1-70.el5_9.2.x86_64.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.x86_64.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-ldap-1.6.1-70.el5_9.2.x86_64.rpm krb5-workstation-1.6.1-70.el5_9.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.i686.rpm krb5-workstation-1.10.3-10.el6_4.3.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-server-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.i686.rpm krb5-server-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-workstation-1.10.3-10.el6_4.3.i686.rpm ppc64: krb5-debuginfo-1.10.3-10.el6_4.3.ppc.rpm krb5-debuginfo-1.10.3-10.el6_4.3.ppc64.rpm krb5-devel-1.10.3-10.el6_4.3.ppc.rpm krb5-devel-1.10.3-10.el6_4.3.ppc64.rpm krb5-libs-1.10.3-10.el6_4.3.ppc.rpm krb5-libs-1.10.3-10.el6_4.3.ppc64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.ppc64.rpm krb5-server-1.10.3-10.el6_4.3.ppc64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.ppc.rpm krb5-server-ldap-1.10.3-10.el6_4.3.ppc64.rpm krb5-workstation-1.10.3-10.el6_4.3.ppc64.rpm s390x: krb5-debuginfo-1.10.3-10.el6_4.3.s390.rpm krb5-debuginfo-1.10.3-10.el6_4.3.s390x.rpm krb5-devel-1.10.3-10.el6_4.3.s390.rpm krb5-devel-1.10.3-10.el6_4.3.s390x.rpm krb5-libs-1.10.3-10.el6_4.3.s390.rpm krb5-libs-1.10.3-10.el6_4.3.s390x.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.s390x.rpm krb5-server-1.10.3-10.el6_4.3.s390x.rpm krb5-server-ldap-1.10.3-10.el6_4.3.s390.rpm krb5-server-ldap-1.10.3-10.el6_4.3.s390x.rpm krb5-workstation-1.10.3-10.el6_4.3.s390x.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.x86_64.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.10.3-10.el6_4.3.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.i686.rpm krb5-server-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-workstation-1.10.3-10.el6_4.3.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.x86_64.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2002-2443.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRuKhxXlSAg2UNWIIRAuEZAJ9YgFoyhp++XuH+PFVXD9/8MupERACgs2eM AUTouQ1hh+B4Rsoskma2QtM= =2IZt -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 12 16:59:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Jun 2013 16:59:18 +0000 Subject: [RHSA-2013:0944-01] Moderate: python-keystoneclient security and bug fix update Message-ID: <201306121659.r5CGxID7002359@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient security and bug fix update Advisory ID: RHSA-2013:0944-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0944.html Issue date: 2013-06-12 CVE Names: CVE-2013-2104 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix one security issue and multiple bugs are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw in Keystone allowed an attacker with access to the web and network interfaces of services utilizing python-keystoneclient (such as Nova, Cinder, Swift, Glance, and so on) to continue using PKI tokens that had expired. This would allow the attacker to continue using the PKI tokens despite the PKI tokens being expired, giving them continued access to OpenStack services. (CVE-2013-2104) This issue was discovered by Eoghan Glynn of Red Hat. This update also fixes a number of bugs in python-keystoneclient. All users of Red Hat OpenStack 3.0 (Grizzly) Preview are advised to install these updated packages. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 904351 - Provide keystone man page for the command line interface. 928558 - add support for Swift cache in authtoken m/w 965852 - CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/python-keystoneclient-0.2.3-2.el6ost.src.rpm noarch: python-keystoneclient-0.2.3-2.el6ost.noarch.rpm python-keystoneclient-doc-0.2.3-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2104.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRuKjAXlSAg2UNWIIRAh13AKCv9LZOC0UN2kddBifOKvNWRnGrwACguXnj WFCF0QI3yxBPKiuMTOkjUv8= =07lX -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 20 00:10:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jun 2013 00:10:28 +0000 Subject: [RHSA-2013:0957-01] Critical: java-1.7.0-openjdk security update Message-ID: <201306200010.r5K0ASri015875@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0957-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0957.html Issue date: 2013-06-19 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. (CVE-2013-2449) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. After installing this update, users of icedtea-web must install RHBA-2013:0959 for icedtea-web to continue functioning. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information. 4. Solution: All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs(Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check(Libraries, 8004288) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS https://rhn.redhat.com/errata/RHBA-2013-0959.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRwkhZXlSAg2UNWIIRAq8SAJ9tsW9PY39Aa6lmSLhOhlUi8hrnugCePCKO NAdLLpJKlVulPXKONu/CudU= =+H1U -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 20 00:11:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jun 2013 00:11:09 +0000 Subject: [RHSA-2013:0958-01] Important: java-1.7.0-openjdk security update Message-ID: <201306200011.r5K0B924015599@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0958-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0958.html Issue date: 2013-06-19 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. (CVE-2013-2449) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs(Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check(Libraries, 8004288) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.4.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.4.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.4.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.4.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRwkiDXlSAg2UNWIIRAnjwAJ98PjLz3SbQOaaEj3FdaDpw1hM1bACeMKi8 ONtI1dvFg9XLfy79TqcQq1I= =xGMV -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 20 14:55:40 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jun 2013 14:55:40 +0000 Subject: [RHSA-2013:0963-01] Critical: java-1.7.0-oracle security update Message-ID: <201306201455.r5KEtel0030318@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0963-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0963.html Issue date: 2013-06-20 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2400 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2462 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3744 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3744) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 25 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975769 - CVE-2013-2462 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975774 - CVE-2013-2400 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975775 - CVE-2013-3744 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.25-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.25-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2400.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2437.html https://www.redhat.com/security/data/cve/CVE-2013-2442.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2451.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2462.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2464.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2466.html https://www.redhat.com/security/data/cve/CVE-2013-2468.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://www.redhat.com/security/data/cve/CVE-2013-3744.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRwxfSXlSAg2UNWIIRAtbuAJ9H6PHJcgqEan9vQtHjkUXl58kRpwCeI9sA Jow4P90PK0jpYNzHe9siPmU= =GzWl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 20 14:56:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Jun 2013 14:56:52 +0000 Subject: [RHSA-2013:0964-01] Moderate: tomcat6 security update Message-ID: <201306201456.r5KEuqqQ004315@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security update Advisory ID: RHSA-2013:0964-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0964.html Issue date: 2013-06-20 CVE Names: CVE-2013-2067 ===================================================================== 1. Summary: Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. (CVE-2013-2067) Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 961779 - CVE-2013-2067 tomcat: Session fixation in form authenticator 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-6.0.24-57.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-lib-6.0.24-57.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-6.0.24-57.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-lib-6.0.24-57.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-6.0.24-57.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-lib-6.0.24-57.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-6.0.24-57.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm tomcat6-lib-6.0.24-57.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-57.el6_4.src.rpm noarch: tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2067.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRwxgEXlSAg2UNWIIRAsJHAKCnJ0BpttIv/jzv/ERQXPQqsFortwCgqGPo qXr/7cPa6TpzhHx930B8hZA= =8UHN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 25 20:13:39 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Jun 2013 20:13:39 +0000 Subject: [RHSA-2013:0981-01] Critical: firefox security update Message-ID: <201306252013.r5PKDelN032605@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:0981-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0981.html Issue date: 2013-06-25 CVE Names: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690) It was found that Firefox allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692) Timing differences in the way Firefox processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure. (CVE-2013-1693) Two flaws were found in the way Firefox implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.7 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.7 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 977597 - CVE-2013-1682 Mozilla: Miscellaneous memory safety hazards (rv:17.0.7) (MFSA 2013-49) 977599 - CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50) 977600 - CVE-2013-1687 Mozilla: Privileged content access and execution via XBL (MFSA 2013-51) 977602 - CVE-2013-1690 Mozilla: Execution of unmapped memory through onreadystatechange event (MFSA 2013-53) 977603 - CVE-2013-1692 Mozilla: Data in the body of XHR HEAD requests leads to CSRF attacks (MFSA 2013-54) 977605 - CVE-2013-1693 Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55) 977610 - CVE-2013-1694 Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56) 977614 - CVE-2013-1697 Mozilla: XrayWrappers can be bypassed to run user defined methods in a privileged context (MFSA 2013-59) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.7-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.7-1.el5_9.src.rpm i386: firefox-17.0.7-1.el5_9.i386.rpm firefox-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-17.0.7-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm x86_64: firefox-17.0.7-1.el5_9.i386.rpm firefox-17.0.7-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.7-1.el5_9.i386.rpm firefox-debuginfo-17.0.7-1.el5_9.x86_64.rpm xulrunner-17.0.7-1.el5_9.i386.rpm xulrunner-17.0.7-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.7-1.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.7-1.el5_9.src.rpm i386: xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-devel-17.0.7-1.el5_9.i386.rpm x86_64: xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.7-1.el5_9.x86_64.rpm xulrunner-devel-17.0.7-1.el5_9.i386.rpm xulrunner-devel-17.0.7-1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.7-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.7-1.el5_9.src.rpm i386: firefox-17.0.7-1.el5_9.i386.rpm firefox-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-17.0.7-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-devel-17.0.7-1.el5_9.i386.rpm ia64: firefox-17.0.7-1.el5_9.ia64.rpm firefox-debuginfo-17.0.7-1.el5_9.ia64.rpm xulrunner-17.0.7-1.el5_9.ia64.rpm xulrunner-debuginfo-17.0.7-1.el5_9.ia64.rpm xulrunner-devel-17.0.7-1.el5_9.ia64.rpm ppc: firefox-17.0.7-1.el5_9.ppc.rpm firefox-debuginfo-17.0.7-1.el5_9.ppc.rpm xulrunner-17.0.7-1.el5_9.ppc.rpm xulrunner-17.0.7-1.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.7-1.el5_9.ppc.rpm xulrunner-debuginfo-17.0.7-1.el5_9.ppc64.rpm xulrunner-devel-17.0.7-1.el5_9.ppc.rpm xulrunner-devel-17.0.7-1.el5_9.ppc64.rpm s390x: firefox-17.0.7-1.el5_9.s390.rpm firefox-17.0.7-1.el5_9.s390x.rpm firefox-debuginfo-17.0.7-1.el5_9.s390.rpm firefox-debuginfo-17.0.7-1.el5_9.s390x.rpm xulrunner-17.0.7-1.el5_9.s390.rpm xulrunner-17.0.7-1.el5_9.s390x.rpm xulrunner-debuginfo-17.0.7-1.el5_9.s390.rpm xulrunner-debuginfo-17.0.7-1.el5_9.s390x.rpm xulrunner-devel-17.0.7-1.el5_9.s390.rpm xulrunner-devel-17.0.7-1.el5_9.s390x.rpm x86_64: firefox-17.0.7-1.el5_9.i386.rpm firefox-17.0.7-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.7-1.el5_9.i386.rpm firefox-debuginfo-17.0.7-1.el5_9.x86_64.rpm xulrunner-17.0.7-1.el5_9.i386.rpm xulrunner-17.0.7-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.7-1.el5_9.x86_64.rpm xulrunner-devel-17.0.7-1.el5_9.i386.rpm xulrunner-devel-17.0.7-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.7-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: firefox-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm x86_64: firefox-17.0.7-1.el6_4.i686.rpm firefox-17.0.7-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.7-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm x86_64: firefox-17.0.7-1.el6_4.i686.rpm firefox-17.0.7-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.7-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: firefox-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm ppc64: firefox-17.0.7-1.el6_4.ppc.rpm firefox-17.0.7-1.el6_4.ppc64.rpm firefox-debuginfo-17.0.7-1.el6_4.ppc.rpm firefox-debuginfo-17.0.7-1.el6_4.ppc64.rpm xulrunner-17.0.7-1.el6_4.ppc.rpm xulrunner-17.0.7-1.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.7-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.7-1.el6_4.ppc64.rpm s390x: firefox-17.0.7-1.el6_4.s390.rpm firefox-17.0.7-1.el6_4.s390x.rpm firefox-debuginfo-17.0.7-1.el6_4.s390.rpm firefox-debuginfo-17.0.7-1.el6_4.s390x.rpm xulrunner-17.0.7-1.el6_4.s390.rpm xulrunner-17.0.7-1.el6_4.s390x.rpm xulrunner-debuginfo-17.0.7-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.7-1.el6_4.s390x.rpm x86_64: firefox-17.0.7-1.el6_4.i686.rpm firefox-17.0.7-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm ppc64: xulrunner-debuginfo-17.0.7-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.7-1.el6_4.ppc64.rpm xulrunner-devel-17.0.7-1.el6_4.ppc.rpm xulrunner-devel-17.0.7-1.el6_4.ppc64.rpm s390x: xulrunner-debuginfo-17.0.7-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.7-1.el6_4.s390x.rpm xulrunner-devel-17.0.7-1.el6_4.s390.rpm xulrunner-devel-17.0.7-1.el6_4.s390x.rpm x86_64: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.7-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: firefox-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm x86_64: firefox-17.0.7-1.el6_4.i686.rpm firefox-17.0.7-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.7-1.el6_4.i686.rpm firefox-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-17.0.7-1.el6_4.i686.rpm xulrunner-17.0.7-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.7-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.7-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.7-1.el6_4.x86_64.rpm xulrunner-devel-17.0.7-1.el6_4.i686.rpm xulrunner-devel-17.0.7-1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1682.html https://www.redhat.com/security/data/cve/CVE-2013-1684.html https://www.redhat.com/security/data/cve/CVE-2013-1685.html https://www.redhat.com/security/data/cve/CVE-2013-1686.html https://www.redhat.com/security/data/cve/CVE-2013-1687.html https://www.redhat.com/security/data/cve/CVE-2013-1690.html https://www.redhat.com/security/data/cve/CVE-2013-1692.html https://www.redhat.com/security/data/cve/CVE-2013-1693.html https://www.redhat.com/security/data/cve/CVE-2013-1694.html https://www.redhat.com/security/data/cve/CVE-2013-1697.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRyfnfXlSAg2UNWIIRArgaAKCP/N9R7GwXk0b0H8GX5Axb13XVjgCfagg0 f9KlClqlf95rE9FnZkkRktQ= =kdqO -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 25 20:14:10 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Jun 2013 20:14:10 +0000 Subject: [RHSA-2013:0982-01] Important: thunderbird security update Message-ID: <201306252014.r5PKEBTJ003392@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2013:0982-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0982.html Issue date: 2013-06-25 CVE Names: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690) It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692) Timing differences in the way Thunderbird processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure. (CVE-2013-1693) Two flaws were found in the way Thunderbird implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.7 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 977597 - CVE-2013-1682 Mozilla: Miscellaneous memory safety hazards (rv:17.0.7) (MFSA 2013-49) 977599 - CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50) 977600 - CVE-2013-1687 Mozilla: Privileged content access and execution via XBL (MFSA 2013-51) 977602 - CVE-2013-1690 Mozilla: Execution of unmapped memory through onreadystatechange event (MFSA 2013-53) 977603 - CVE-2013-1692 Mozilla: Data in the body of XHR HEAD requests leads to CSRF attacks (MFSA 2013-54) 977605 - CVE-2013-1693 Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55) 977610 - CVE-2013-1694 Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56) 977614 - CVE-2013-1697 Mozilla: XrayWrappers can be bypassed to run user defined methods in a privileged context (MFSA 2013-59) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-17.0.7-1.el5_9.src.rpm i386: thunderbird-17.0.7-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.7-1.el5_9.i386.rpm x86_64: thunderbird-17.0.7-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.7-1.el5_9.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-17.0.7-1.el5_9.src.rpm i386: thunderbird-17.0.7-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.7-1.el5_9.i386.rpm x86_64: thunderbird-17.0.7-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.7-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-17.0.7-1.el6_4.src.rpm i386: thunderbird-17.0.7-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.7-1.el6_4.i686.rpm x86_64: thunderbird-17.0.7-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-17.0.7-1.el6_4.src.rpm i386: thunderbird-17.0.7-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.7-1.el6_4.i686.rpm ppc64: thunderbird-17.0.7-1.el6_4.ppc64.rpm thunderbird-debuginfo-17.0.7-1.el6_4.ppc64.rpm s390x: thunderbird-17.0.7-1.el6_4.s390x.rpm thunderbird-debuginfo-17.0.7-1.el6_4.s390x.rpm x86_64: thunderbird-17.0.7-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.7-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-17.0.7-1.el6_4.src.rpm i386: thunderbird-17.0.7-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.7-1.el6_4.i686.rpm x86_64: thunderbird-17.0.7-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.7-1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1682.html https://www.redhat.com/security/data/cve/CVE-2013-1684.html https://www.redhat.com/security/data/cve/CVE-2013-1685.html https://www.redhat.com/security/data/cve/CVE-2013-1686.html https://www.redhat.com/security/data/cve/CVE-2013-1687.html https://www.redhat.com/security/data/cve/CVE-2013-1690.html https://www.redhat.com/security/data/cve/CVE-2013-1692.html https://www.redhat.com/security/data/cve/CVE-2013-1693.html https://www.redhat.com/security/data/cve/CVE-2013-1694.html https://www.redhat.com/security/data/cve/CVE-2013-1697.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRyfoGXlSAg2UNWIIRAuvbAKC9F1lgXZDRne5OiJgxg1LhaTYfUgCfed1o RiB0GUx9+uXxiLfbEgubT0M= =sqqA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 25 20:14:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Jun 2013 20:14:52 +0000 Subject: [RHSA-2013:0983-01] Moderate: curl security update Message-ID: <201306252014.r5PKEqPE000365@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2013:0983-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0983.html Issue date: 2013-06-25 CVE Names: CVE-2013-2174 ===================================================================== 1. Summary: Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code. (CVE-2013-2174) Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Timo Sirainen as the original reporter. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 965640 - CVE-2013-2174 curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-17.el5_9.src.rpm i386: curl-7.15.5-17.el5_9.i386.rpm curl-debuginfo-7.15.5-17.el5_9.i386.rpm x86_64: curl-7.15.5-17.el5_9.i386.rpm curl-7.15.5-17.el5_9.x86_64.rpm curl-debuginfo-7.15.5-17.el5_9.i386.rpm curl-debuginfo-7.15.5-17.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/curl-7.15.5-17.el5_9.src.rpm i386: curl-debuginfo-7.15.5-17.el5_9.i386.rpm curl-devel-7.15.5-17.el5_9.i386.rpm x86_64: curl-debuginfo-7.15.5-17.el5_9.i386.rpm curl-debuginfo-7.15.5-17.el5_9.x86_64.rpm curl-devel-7.15.5-17.el5_9.i386.rpm curl-devel-7.15.5-17.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/curl-7.15.5-17.el5_9.src.rpm i386: curl-7.15.5-17.el5_9.i386.rpm curl-debuginfo-7.15.5-17.el5_9.i386.rpm curl-devel-7.15.5-17.el5_9.i386.rpm ia64: curl-7.15.5-17.el5_9.ia64.rpm curl-debuginfo-7.15.5-17.el5_9.ia64.rpm curl-devel-7.15.5-17.el5_9.ia64.rpm ppc: curl-7.15.5-17.el5_9.ppc.rpm curl-7.15.5-17.el5_9.ppc64.rpm curl-debuginfo-7.15.5-17.el5_9.ppc.rpm curl-debuginfo-7.15.5-17.el5_9.ppc64.rpm curl-devel-7.15.5-17.el5_9.ppc.rpm curl-devel-7.15.5-17.el5_9.ppc64.rpm s390x: curl-7.15.5-17.el5_9.s390.rpm curl-7.15.5-17.el5_9.s390x.rpm curl-debuginfo-7.15.5-17.el5_9.s390.rpm curl-debuginfo-7.15.5-17.el5_9.s390x.rpm curl-devel-7.15.5-17.el5_9.s390.rpm curl-devel-7.15.5-17.el5_9.s390x.rpm x86_64: curl-7.15.5-17.el5_9.i386.rpm curl-7.15.5-17.el5_9.x86_64.rpm curl-debuginfo-7.15.5-17.el5_9.i386.rpm curl-debuginfo-7.15.5-17.el5_9.x86_64.rpm curl-devel-7.15.5-17.el5_9.i386.rpm curl-devel-7.15.5-17.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm i386: curl-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.i686.rpm x86_64: curl-7.19.7-37.el6_4.x86_64.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm i386: curl-debuginfo-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm x86_64: curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm x86_64: curl-7.19.7-37.el6_4.x86_64.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm x86_64: curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm i386: curl-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm ppc64: curl-7.19.7-37.el6_4.ppc64.rpm curl-debuginfo-7.19.7-37.el6_4.ppc.rpm curl-debuginfo-7.19.7-37.el6_4.ppc64.rpm libcurl-7.19.7-37.el6_4.ppc.rpm libcurl-7.19.7-37.el6_4.ppc64.rpm libcurl-devel-7.19.7-37.el6_4.ppc.rpm libcurl-devel-7.19.7-37.el6_4.ppc64.rpm s390x: curl-7.19.7-37.el6_4.s390x.rpm curl-debuginfo-7.19.7-37.el6_4.s390.rpm curl-debuginfo-7.19.7-37.el6_4.s390x.rpm libcurl-7.19.7-37.el6_4.s390.rpm libcurl-7.19.7-37.el6_4.s390x.rpm libcurl-devel-7.19.7-37.el6_4.s390.rpm libcurl-devel-7.19.7-37.el6_4.s390x.rpm x86_64: curl-7.19.7-37.el6_4.x86_64.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.x86_64.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/curl-7.19.7-37.el6_4.src.rpm i386: curl-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm x86_64: curl-7.19.7-37.el6_4.x86_64.rpm curl-debuginfo-7.19.7-37.el6_4.i686.rpm curl-debuginfo-7.19.7-37.el6_4.x86_64.rpm libcurl-7.19.7-37.el6_4.i686.rpm libcurl-7.19.7-37.el6_4.x86_64.rpm libcurl-devel-7.19.7-37.el6_4.i686.rpm libcurl-devel-7.19.7-37.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2174.html https://access.redhat.com/security/updates/classification/#moderate http://curl.haxx.se/docs/adv_20130622.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRyfovXlSAg2UNWIIRApOqAKC0fXUq/HqdyF9Um25Ri+e3NVKkcQCfThf3 kUOajsFhep3iDPXLtl2YP38= =e+b1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 27 18:21:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jun 2013 18:21:31 +0000 Subject: [RHSA-2013:0992-01] Important: python-keystoneclient security, bug fix, and enhancement update Message-ID: <201306271821.r5RILVPL030271@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: python-keystoneclient security, bug fix, and enhancement update Advisory ID: RHSA-2013:0992-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0992.html Issue date: 2013-06-27 CVE Names: CVE-2013-2166 CVE-2013-2167 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix two security issues, one bug, and add one enhancement are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw was found in the way python-keystoneclient handled encrypted data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to ENCRYPT to help prevent tampering, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to bypass intended restrictions and modify data in memcached that will later be used by services utilizing python-keystoneclient (such as Nova, Cinder, Swift, Glance, and so on). (CVE-2013-2166) A flaw was found in the way python-keystoneclient verified data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to MAC to perform signature checking, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to modify data in memcached that will later pass signature checking in python-keystoneclient. (CVE-2013-2167) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Paul McMillan of Nebula as the original reporter. This update also fixes the following bug: * python-webob1.2 (which can be installed in parallel with python-webob1.0) was not found by python-keystoneclient. Attempting to import python-webob from python-keystoneclient failed with a stack trace. This could also be observed with other applications using python-keystoneclient, such as OpenStack Swift. With this update, python-keystoneclient can import python-webob1.2 independently from other installed versions. (BZ#971026) Additionally, this update adds the following enhancement: * This update adds support for Amazon Web Services (AWS) Signature Version 4 to python-keystoneclient. This makes python-keystoneclient compatible with future versions of python-boto, which will use Signature Version 4 by default. (BZ#970134) All users of Red Hat OpenStack 3.0 (Grizzly) Preview are advised to install these updated packages, which correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 971026 - Dependancy issue prevents swift proxy from starting 974271 - CVE-2013-2166 CVE-2013-2167 python-keystoneclient: middleware memcache encryption and signing bypass 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/python-keystoneclient-0.2.3-5.el6ost.src.rpm noarch: python-keystoneclient-0.2.3-5.el6ost.noarch.rpm python-keystoneclient-doc-0.2.3-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2166.html https://www.redhat.com/security/data/cve/CVE-2013-2167.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzIKWXlSAg2UNWIIRAmGXAJ9LLNDLGEdjMWBTDB62ORslsby/6ACeKqI+ 6ExbNxiK3R1FU6AEC6WjDrg= =NVkT -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 27 18:22:19 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jun 2013 18:22:19 +0000 Subject: [RHSA-2013:0993-01] Moderate: openstack-swift security and bug fix update Message-ID: <201306271822.r5RIMJ62007849@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security and bug fix update Advisory ID: RHSA-2013:0993-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0993.html Issue date: 2013-06-27 CVE Names: CVE-2013-2161 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue and one bug are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: OpenStack Swift (http://swift.openstack.org) is a highly available, distributed, eventually consistent object/blob store. An XML injection flaw in OpenStack Swift could allow remote attackers to manipulate the contents of XML responses via specially-crafted data. This could be used to trigger a denial of service. (CVE-2013-2161) Red Hat would like to thank Alex Gaynor from Rackspace for reporting this issue. This update also fixes the following bug: * If permissions on the "/etc/swift/" directory were incorrect, services (such as swift-proxy-server) flooded the console and "/var/log/messages" with "UNCAUGHT EXCEPTION" errors, including a traceback and "Permission denied: '/etc/swift/proxy-server.conf'" message. This could occur when restarting a service or updating the packages. (BZ#967631) All users of openstack-swift are advised to upgrade to these updated packages, which correct these issues. After installing this update, the OpenStack Swift services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 967631 - swift keeps spamming console when it cannot access config. 972988 - CVE-2013-2161 OpenStack Swift: Unchecked user input in Swift XML responses 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-swift-1.8.0-6.el6ost.src.rpm noarch: openstack-swift-1.8.0-6.el6ost.noarch.rpm openstack-swift-account-1.8.0-6.el6ost.noarch.rpm openstack-swift-container-1.8.0-6.el6ost.noarch.rpm openstack-swift-doc-1.8.0-6.el6ost.noarch.rpm openstack-swift-object-1.8.0-6.el6ost.noarch.rpm openstack-swift-proxy-1.8.0-6.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2161.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzIK1XlSAg2UNWIIRAkMtAJ4nbeXqLe9N/9r/kTdSuKdXf+UXgACgwNdA eWZicPXyVbEIlN2DmLoP894= =SNTa -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 27 18:22:49 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jun 2013 18:22:49 +0000 Subject: [RHSA-2013:0994-01] Important: openstack-keystone security and bug fix update Message-ID: <201306271822.r5RIMnAJ012177@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security and bug fix update Advisory ID: RHSA-2013:0994-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0994.html Issue date: 2013-06-27 CVE Names: CVE-2013-2157 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP (Lightweight Directory Access Protocol) based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds (anonymous binds is a common default), anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password. (CVE-2013-2157) Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Jose Castro Leon of CERN as the original reporter. These updated packages have been upgraded to upstream version 2013.1.2, which provides a number of bug fixes over the previous version. (BZ#972660) All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 971884 - CVE-2013-2157 openstack-keystone: Authentication bypass when using LDAP backend 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2013.1.2-2.el6ost.src.rpm noarch: openstack-keystone-2013.1.2-2.el6ost.noarch.rpm openstack-keystone-doc-2013.1.2-2.el6ost.noarch.rpm python-keystone-2013.1.2-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2157.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzILjXlSAg2UNWIIRAhzEAKCZROuEKy0WOXpgwikr6pVUmSk8kQCfRwdl NeqbtBNXJeoHjwtV40vzvEg= =8hF/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 27 18:23:16 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jun 2013 18:23:16 +0000 Subject: [RHSA-2013:0995-01] Important: Foreman security and bug fix update Message-ID: <201306271823.r5RINGqd008177@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Foreman security and bug fix update Advisory ID: RHSA-2013:0995-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0995.html Issue date: 2013-06-27 CVE Names: CVE-2013-2113 CVE-2013-2121 ===================================================================== 1. Summary: Updated Foreman packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack 3.0 (Grizzly) Preview. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0 ("Grizzly") Preview. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ A flaw was found in the create method of the Foreman Bookmarks controller. A user with privileges to create a bookmark could use this flaw to execute arbitrary code with the privileges of the user running Foreman, giving them control of the system running Foreman (such as installing new packages) and all systems managed by Foreman. (CVE-2013-2121) A flaw was found in the way the Foreman UsersController controller handled user creation. A non-admin user with privileges to create non-admin accounts could use this flaw to create admin accounts, giving them control of the system running Foreman (such as installing new packages) and all systems managed by Foreman. (CVE-2013-2113) These issues were discovered by Ramon de C Valle of the Red Hat Product Security Team. This update also fixes the following bugs: * The cron job for Puppet had an incorrect path when installed via the Foreman installer. (BZ#969531) * This update removes provisioning templates and installation media for unsupported client operating systems. (BZ#971545) * Previously, the init script for Foreman was installed in the /opt/ directory, resulting in errors when attempting to use the "service" command to control Foreman, and errors when installing or upgrading the Foreman packages. As the Foreman service is not needed for Red Hat OpenStack, this update removes the init script. (BZ#972755) * Previously, after using Foreman to install controller and compute nodes, it was not possible to launch compute instances. (BZ#972780) * Previously, Foreman compiled assets for an incorrect path. The assets were configured for "[fully qualified domain name]/foreman", which is not where Foreman is served from in Red Hat OpenStack. (BZ#975068) * Previously, the Foreman installer used a reference to an OpenStack host's network interface instead of its own secondary interface when creating a subnet, which could cause subnet creation to fail and a "rake aborted!" message to be displayed. (BZ#976907) Users of Foreman are advised to upgrade to these updated packages, which correct these issues. In Red Hat OpenStack, Foreman runs on the Apache HTTP Server using mod_passenger. As such, after installing the updated packages, the httpd service must be restarted ("service httpd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 966804 - CVE-2013-2113 Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment 968166 - CVE-2013-2121 Foreman: app/controllers/bookmarks_controller.rb remote code execution 969531 - puppet cron installed with wrong path 971545 - Brand: remove non-RHEL templates and install media from Foreman 972780 - Unable to launch a compute instance (openstack-foreman) 975068 - Foreman asset compilation directory incorrect 976907 - Foreman installer ruby setup uses wrong nic 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-foreman-1.1.10009-3.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-foreman-proxy-1.1.10001-4.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-openstack-foreman-installer-0.0.18-1.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-rubygem-ancestry-1.3.0-5.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-rubygem-fog-1.10.1-11.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-rubygem-mysql-2.8.1-4.el6ost.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-rubygem-safemode-1.2.0-9.el6ost.src.rpm noarch: ruby193-foreman-1.1.10009-3.el6ost.noarch.rpm ruby193-foreman-mysql-1.1.10009-3.el6ost.noarch.rpm ruby193-foreman-proxy-1.1.10001-4.el6ost.noarch.rpm ruby193-rubygem-ancestry-1.3.0-5.el6ost.noarch.rpm ruby193-rubygem-ancestry-doc-1.3.0-5.el6ost.noarch.rpm ruby193-rubygem-fog-1.10.1-11.el6ost.noarch.rpm ruby193-rubygem-fog-doc-1.10.1-11.el6ost.noarch.rpm ruby193-rubygem-safemode-1.2.0-9.el6ost.noarch.rpm ruby193-rubygem-safemode-doc-1.2.0-9.el6ost.noarch.rpm x86_64: ruby193-openstack-foreman-installer-0.0.18-1.el6ost.x86_64.rpm ruby193-openstack-foreman-installer-debuginfo-0.0.18-1.el6ost.x86_64.rpm ruby193-rubygem-mysql-2.8.1-4.el6ost.x86_64.rpm ruby193-rubygem-mysql-debuginfo-2.8.1-4.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2113.html https://www.redhat.com/security/data/cve/CVE-2013-2121.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzIMBXlSAg2UNWIIRApRSAJ9gfedwYSR4ATSeJkRu4sa+pUcyZwCgmmXE rbU2+kw9Xxwnbgk1xxgmvDI= =a6Yd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 27 18:23:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 27 Jun 2013 18:23:38 +0000 Subject: [RHSA-2013:0996-01] Low: Red Hat Enterprise Linux 5.6 Extended Update Support 1-Month Notice Message-ID: <201306271823.r5RINcp3025066@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.6 Extended Update Support 1-Month Notice Advisory ID: RHSA-2013:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0996.html Issue date: 2013-06-27 ===================================================================== 1. Summary: This is the 1-Month notification for the retirement of Red Hat Enterprise Linux 5.6 Extended Update Support (EUS). 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.6 will be retired on July 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.6. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.6 to a more recent version of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release (5.9, for which EUS is available) or Red Hat Enterprise Linux 6 release (6.2, 6.3, or 6.4, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: redhat-release-5Server-5.6.0.7.src.rpm i386: redhat-release-5Server-5.6.0.7.i386.rpm ia64: redhat-release-5Server-5.6.0.7.ia64.rpm ppc: redhat-release-5Server-5.6.0.7.ppc.rpm s390x: redhat-release-5Server-5.6.0.7.s390x.rpm x86_64: redhat-release-5Server-5.6.0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzIMfXlSAg2UNWIIRApT8AJ9GjGah9wJQUMCtW/NlmV5r6nZ2lwCggyt2 x0H2yMsjpsm2k+ugqlNvjH4= =SEm3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 28 02:44:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 28 Jun 2013 02:44:38 +0000 Subject: [RHSA-2013:1001-01] Low: Red Hat Enterprise Linux 6.2 Extended Update Support 6-Month Notice Message-ID: <201306280244.r5S2icrV007908@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.2 Extended Update Support 6-Month Notice Advisory ID: RHSA-2013:1001-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1001.html Issue date: 2013-06-28 ===================================================================== 1. Summary: This is the 6-Month notification for the retirement of Red Hat Enterprise Linux 6.2 Extended Update Support (EUS). 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.2. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.2 to a more recent version of Red Hat Enterprise Linux 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release (6.3, or 6.4, for which EUS is available). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This advisory contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.2): Source: redhat-release-server-6Server-6.2.0.4.el6_2.src.rpm i386: redhat-release-server-6Server-6.2.0.4.el6_2.i686.rpm ppc64: redhat-release-server-6Server-6.2.0.4.el6_2.ppc64.rpm s390x: redhat-release-server-6Server-6.2.0.4.el6_2.s390x.rpm x86_64: redhat-release-server-6Server-6.2.0.4.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRzPiBXlSAg2UNWIIRAvuuAJ4z+GGk343s4sVARelNH+Nk486GlgCgruTj anVmBpyKaQY/1/2HNiDZmAU= =RUWn -----END PGP SIGNATURE-----