From bugzilla at redhat.com Mon Mar 4 21:19:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Mar 2013 21:19:15 +0000 Subject: [RHSA-2013:0587-01] Moderate: openssl security update Message-ID: <201303042119.r24LJFE5022238@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2013:0587-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0587.html Issue date: 2013-03-04 CVE Names: CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 839735 - openssl: environment settings honored when used in privileged apps 857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 908052 - CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-26.el5_9.1.src.rpm i386: openssl-0.9.8e-26.el5_9.1.i386.rpm openssl-0.9.8e-26.el5_9.1.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i686.rpm openssl-perl-0.9.8e-26.el5_9.1.i386.rpm x86_64: openssl-0.9.8e-26.el5_9.1.i686.rpm openssl-0.9.8e-26.el5_9.1.x86_64.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.x86_64.rpm openssl-perl-0.9.8e-26.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-26.el5_9.1.src.rpm i386: openssl-debuginfo-0.9.8e-26.el5_9.1.i386.rpm openssl-devel-0.9.8e-26.el5_9.1.i386.rpm x86_64: openssl-debuginfo-0.9.8e-26.el5_9.1.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.x86_64.rpm openssl-devel-0.9.8e-26.el5_9.1.i386.rpm openssl-devel-0.9.8e-26.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssl-0.9.8e-26.el5_9.1.src.rpm i386: openssl-0.9.8e-26.el5_9.1.i386.rpm openssl-0.9.8e-26.el5_9.1.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i686.rpm openssl-devel-0.9.8e-26.el5_9.1.i386.rpm openssl-perl-0.9.8e-26.el5_9.1.i386.rpm ia64: openssl-0.9.8e-26.el5_9.1.i686.rpm openssl-0.9.8e-26.el5_9.1.ia64.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.ia64.rpm openssl-devel-0.9.8e-26.el5_9.1.ia64.rpm openssl-perl-0.9.8e-26.el5_9.1.ia64.rpm ppc: openssl-0.9.8e-26.el5_9.1.ppc.rpm openssl-0.9.8e-26.el5_9.1.ppc64.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.ppc.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.ppc64.rpm openssl-devel-0.9.8e-26.el5_9.1.ppc.rpm openssl-devel-0.9.8e-26.el5_9.1.ppc64.rpm openssl-perl-0.9.8e-26.el5_9.1.ppc.rpm s390x: openssl-0.9.8e-26.el5_9.1.s390.rpm openssl-0.9.8e-26.el5_9.1.s390x.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.s390.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.s390x.rpm openssl-devel-0.9.8e-26.el5_9.1.s390.rpm openssl-devel-0.9.8e-26.el5_9.1.s390x.rpm openssl-perl-0.9.8e-26.el5_9.1.s390x.rpm x86_64: openssl-0.9.8e-26.el5_9.1.i686.rpm openssl-0.9.8e-26.el5_9.1.x86_64.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i386.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.i686.rpm openssl-debuginfo-0.9.8e-26.el5_9.1.x86_64.rpm openssl-devel-0.9.8e-26.el5_9.1.i386.rpm openssl-devel-0.9.8e-26.el5_9.1.x86_64.rpm openssl-perl-0.9.8e-26.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm x86_64: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-1.0.0-27.el6_4.2.x86_64.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm openssl-perl-1.0.0-27.el6_4.2.i686.rpm openssl-static-1.0.0-27.el6_4.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.x86_64.rpm openssl-perl-1.0.0-27.el6_4.2.x86_64.rpm openssl-static-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm x86_64: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-1.0.0-27.el6_4.2.x86_64.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm x86_64: openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.x86_64.rpm openssl-perl-1.0.0-27.el6_4.2.x86_64.rpm openssl-static-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm ppc64: openssl-1.0.0-27.el6_4.2.ppc.rpm openssl-1.0.0-27.el6_4.2.ppc64.rpm openssl-debuginfo-1.0.0-27.el6_4.2.ppc.rpm openssl-debuginfo-1.0.0-27.el6_4.2.ppc64.rpm openssl-devel-1.0.0-27.el6_4.2.ppc.rpm openssl-devel-1.0.0-27.el6_4.2.ppc64.rpm s390x: openssl-1.0.0-27.el6_4.2.s390.rpm openssl-1.0.0-27.el6_4.2.s390x.rpm openssl-debuginfo-1.0.0-27.el6_4.2.s390.rpm openssl-debuginfo-1.0.0-27.el6_4.2.s390x.rpm openssl-devel-1.0.0-27.el6_4.2.s390.rpm openssl-devel-1.0.0-27.el6_4.2.s390x.rpm x86_64: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-1.0.0-27.el6_4.2.x86_64.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-perl-1.0.0-27.el6_4.2.i686.rpm openssl-static-1.0.0-27.el6_4.2.i686.rpm ppc64: openssl-debuginfo-1.0.0-27.el6_4.2.ppc64.rpm openssl-perl-1.0.0-27.el6_4.2.ppc64.rpm openssl-static-1.0.0-27.el6_4.2.ppc64.rpm s390x: openssl-debuginfo-1.0.0-27.el6_4.2.s390x.rpm openssl-perl-1.0.0-27.el6_4.2.s390x.rpm openssl-static-1.0.0-27.el6_4.2.s390x.rpm x86_64: openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-perl-1.0.0-27.el6_4.2.x86_64.rpm openssl-static-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm x86_64: openssl-1.0.0-27.el6_4.2.i686.rpm openssl-1.0.0-27.el6_4.2.x86_64.rpm openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-devel-1.0.0-27.el6_4.2.i686.rpm openssl-devel-1.0.0-27.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-27.el6_4.2.src.rpm i386: openssl-debuginfo-1.0.0-27.el6_4.2.i686.rpm openssl-perl-1.0.0-27.el6_4.2.i686.rpm openssl-static-1.0.0-27.el6_4.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-27.el6_4.2.x86_64.rpm openssl-perl-1.0.0-27.el6_4.2.x86_64.rpm openssl-static-1.0.0-27.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4929.html https://www.redhat.com/security/data/cve/CVE-2013-0166.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNQ/EXlSAg2UNWIIRAvKqAKChwYsq2of1r+4m83Ky3q3hXx4MOwCeLnCy RMgWe5J6TnT4GZst3Vj+h9Q= =Yr9b -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 4 21:20:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Mar 2013 21:20:11 +0000 Subject: [RHSA-2013:0588-01] Moderate: gnutls security update Message-ID: <201303042120.r24LKBFF018130@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security update Advisory ID: RHSA-2013:0588-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0588.html Issue date: 2013-03-04 CVE Names: CVE-2013-1619 ===================================================================== 1. Summary: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 908238 - CVE-2013-1619 gnutls: TLS CBC padding timing attack (lucky-13) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-10.el5_9.1.src.rpm i386: gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-utils-1.4.1-10.el5_9.1.i386.rpm x86_64: gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-1.4.1-10.el5_9.1.x86_64.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-10.el5_9.1.src.rpm i386: gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm x86_64: gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-10.el5_9.1.src.rpm i386: gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm gnutls-utils-1.4.1-10.el5_9.1.i386.rpm ia64: gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-1.4.1-10.el5_9.1.ia64.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.ia64.rpm gnutls-devel-1.4.1-10.el5_9.1.ia64.rpm gnutls-utils-1.4.1-10.el5_9.1.ia64.rpm ppc: gnutls-1.4.1-10.el5_9.1.ppc.rpm gnutls-1.4.1-10.el5_9.1.ppc64.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.ppc.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.ppc64.rpm gnutls-devel-1.4.1-10.el5_9.1.ppc.rpm gnutls-devel-1.4.1-10.el5_9.1.ppc64.rpm gnutls-utils-1.4.1-10.el5_9.1.ppc.rpm s390x: gnutls-1.4.1-10.el5_9.1.s390.rpm gnutls-1.4.1-10.el5_9.1.s390x.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.s390.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.s390x.rpm gnutls-devel-1.4.1-10.el5_9.1.s390.rpm gnutls-devel-1.4.1-10.el5_9.1.s390x.rpm gnutls-utils-1.4.1-10.el5_9.1.s390x.rpm x86_64: gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-1.4.1-10.el5_9.1.x86_64.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-utils-2.8.5-10.el6_4.1.i686.rpm x86_64: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-2.8.5-10.el6_4.1.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm x86_64: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-2.8.5-10.el6_4.1.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-utils-2.8.5-10.el6_4.1.i686.rpm ppc64: gnutls-2.8.5-10.el6_4.1.ppc.rpm gnutls-2.8.5-10.el6_4.1.ppc64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.ppc.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.ppc64.rpm gnutls-devel-2.8.5-10.el6_4.1.ppc.rpm gnutls-devel-2.8.5-10.el6_4.1.ppc64.rpm gnutls-utils-2.8.5-10.el6_4.1.ppc64.rpm s390x: gnutls-2.8.5-10.el6_4.1.s390.rpm gnutls-2.8.5-10.el6_4.1.s390x.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.s390.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.s390x.rpm gnutls-devel-2.8.5-10.el6_4.1.s390.rpm gnutls-devel-2.8.5-10.el6_4.1.s390x.rpm gnutls-utils-2.8.5-10.el6_4.1.s390x.rpm x86_64: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-2.8.5-10.el6_4.1.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm ppc64: gnutls-debuginfo-2.8.5-10.el6_4.1.ppc.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.ppc64.rpm gnutls-guile-2.8.5-10.el6_4.1.ppc.rpm gnutls-guile-2.8.5-10.el6_4.1.ppc64.rpm s390x: gnutls-debuginfo-2.8.5-10.el6_4.1.s390.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.s390x.rpm gnutls-guile-2.8.5-10.el6_4.1.s390.rpm gnutls-guile-2.8.5-10.el6_4.1.s390x.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-utils-2.8.5-10.el6_4.1.i686.rpm x86_64: gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-2.8.5-10.el6_4.1.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnutls-2.8.5-10.el6_4.1.src.rpm i386: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1619.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNQ/6XlSAg2UNWIIRAgzlAKCF5EweVXAQaJk5FQ9WdIAYBT88jACgqa9H 3zi9fpSBsg251qiv+417zss= =LO9j -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 4 21:22:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Mar 2013 21:22:20 +0000 Subject: [RHSA-2013:0589-01] Moderate: git security update Message-ID: <201303042122.r24LMLYN019565@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: git security update Advisory ID: RHSA-2013:0589-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0589.html Issue date: 2013-03-04 CVE Names: CVE-2013-0308 ===================================================================== 1. Summary: Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Git is a fast, scalable, distributed revision control system. It was discovered that Git's git-imap-send command, a tool to send a collection of patches from standard input (stdin) to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server's certificate, as it did not ensure that the server's hostname matched the one provided in the CN field of the server's certificate. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information. (CVE-2013-0308) All git users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 909977 - CVE-2013-0308 git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm i386: git-1.7.1-3.el6_4.1.i686.rpm git-daemon-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch: emacs-git-1.7.1-3.el6_4.1.noarch.rpm emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm git-all-1.7.1-3.el6_4.1.noarch.rpm git-cvs-1.7.1-3.el6_4.1.noarch.rpm git-email-1.7.1-3.el6_4.1.noarch.rpm git-gui-1.7.1-3.el6_4.1.noarch.rpm git-svn-1.7.1-3.el6_4.1.noarch.rpm gitk-1.7.1-3.el6_4.1.noarch.rpm gitweb-1.7.1-3.el6_4.1.noarch.rpm perl-Git-1.7.1-3.el6_4.1.noarch.rpm x86_64: git-1.7.1-3.el6_4.1.x86_64.rpm git-daemon-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm noarch: emacs-git-1.7.1-3.el6_4.1.noarch.rpm emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm git-all-1.7.1-3.el6_4.1.noarch.rpm git-cvs-1.7.1-3.el6_4.1.noarch.rpm git-email-1.7.1-3.el6_4.1.noarch.rpm git-gui-1.7.1-3.el6_4.1.noarch.rpm git-svn-1.7.1-3.el6_4.1.noarch.rpm gitk-1.7.1-3.el6_4.1.noarch.rpm gitweb-1.7.1-3.el6_4.1.noarch.rpm perl-Git-1.7.1-3.el6_4.1.noarch.rpm x86_64: git-1.7.1-3.el6_4.1.x86_64.rpm git-daemon-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm i386: git-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch: perl-Git-1.7.1-3.el6_4.1.noarch.rpm ppc64: git-1.7.1-3.el6_4.1.ppc64.rpm git-debuginfo-1.7.1-3.el6_4.1.ppc64.rpm s390x: git-1.7.1-3.el6_4.1.s390x.rpm git-debuginfo-1.7.1-3.el6_4.1.s390x.rpm x86_64: git-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm i386: git-daemon-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch: emacs-git-1.7.1-3.el6_4.1.noarch.rpm emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm git-all-1.7.1-3.el6_4.1.noarch.rpm git-cvs-1.7.1-3.el6_4.1.noarch.rpm git-email-1.7.1-3.el6_4.1.noarch.rpm git-gui-1.7.1-3.el6_4.1.noarch.rpm git-svn-1.7.1-3.el6_4.1.noarch.rpm gitk-1.7.1-3.el6_4.1.noarch.rpm gitweb-1.7.1-3.el6_4.1.noarch.rpm ppc64: git-daemon-1.7.1-3.el6_4.1.ppc64.rpm git-debuginfo-1.7.1-3.el6_4.1.ppc64.rpm s390x: git-daemon-1.7.1-3.el6_4.1.s390x.rpm git-debuginfo-1.7.1-3.el6_4.1.s390x.rpm x86_64: git-daemon-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm i386: git-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch: perl-Git-1.7.1-3.el6_4.1.noarch.rpm x86_64: git-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/git-1.7.1-3.el6_4.1.src.rpm i386: git-daemon-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch: emacs-git-1.7.1-3.el6_4.1.noarch.rpm emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm git-all-1.7.1-3.el6_4.1.noarch.rpm git-cvs-1.7.1-3.el6_4.1.noarch.rpm git-email-1.7.1-3.el6_4.1.noarch.rpm git-gui-1.7.1-3.el6_4.1.noarch.rpm git-svn-1.7.1-3.el6_4.1.noarch.rpm gitk-1.7.1-3.el6_4.1.noarch.rpm gitweb-1.7.1-3.el6_4.1.noarch.rpm x86_64: git-daemon-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0308.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNRA0XlSAg2UNWIIRAqSbAKDCUWfaH8t83Xfm1zTnkdhGSXQnzQCeNBcW CpzaC2EozLrKECTOIY1Iue0= =SdtX -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 4 21:23:10 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Mar 2013 21:23:10 +0000 Subject: [RHSA-2013:0590-01] Important: nss-pam-ldapd security update Message-ID: <201303042123.r24LNBOw019783@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss-pam-ldapd security update Advisory ID: RHSA-2013:0590-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0590.html Issue date: 2013-03-04 CVE Names: CVE-2013-0288 ===================================================================== 1. Summary: Updated nss-pam-ldapd packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process. (CVE-2013-0288) Red Hat would like to thank Garth Mollett for reporting this issue. All users of nss-pam-ldapd are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 909119 - CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-pam-ldapd-0.7.5-18.1.el6_4.src.rpm i386: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm x86_64: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-pam-ldapd-0.7.5-18.1.el6_4.src.rpm x86_64: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-pam-ldapd-0.7.5-18.1.el6_4.src.rpm i386: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm ppc64: nss-pam-ldapd-0.7.5-18.1.el6_4.ppc.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.ppc64.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.ppc.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.ppc64.rpm s390x: nss-pam-ldapd-0.7.5-18.1.el6_4.s390.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.s390x.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.s390.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.s390x.rpm x86_64: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-pam-ldapd-0.7.5-18.1.el6_4.src.rpm i386: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm x86_64: nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0288.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNRCmXlSAg2UNWIIRAgchAKCY+Hdime5NM6aAbZ/wtiBCHigLAQCfeSob RVbic8auz3oiYo/kqqj/jAY= =6t1Y -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 5 21:04:49 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Mar 2013 21:04:49 +0000 Subject: [RHSA-2013:0594-01] Low: kernel security and bug fix update Message-ID: <201303052104.r25L4oGt026613@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: kernel security and bug fix update Advisory ID: RHSA-2013:0594-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0594.html Issue date: 2013-03-05 CVE Names: CVE-2012-3400 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) This update also fixes the following bugs: * Previously, race conditions could sometimes occur in interrupt handling on the Emulex BladeEngine 2 (BE2) controllers, causing the network adapter to become unresponsive. This update provides a series of patches for the be2net driver, which prevents the race from occurring. The network cards using BE2 chipsets no longer hang due to incorrectly handled interrupt events. (BZ#884704) * A boot-time memory allocation pool (the DMI heap) is used to keep the list of Desktop Management Interface (DMI) devices during the system boot. Previously, the size of the DMI heap was only 2048 bytes on the AMD64 and Intel 64 architectures and the DMI heap space could become easily depleted on some systems, such as the IBM System x3500 M2. A subsequent OOM failure could, under certain circumstances, lead to a NULL pointer entry being stored in the DMI device list. Consequently, scanning of such a corrupted DMI device list resulted in a kernel panic. The boot-time memory allocation pool for the AMD64 and Intel 64 architectures has been enlarged to 4096 bytes and the routines responsible for populating the DMI device list have been modified to skip entries if their name string is NULL. The kernel no longer panics in this scenario. (BZ#902683) * The size of the buffer used to print the kernel taint output on kernel panic was too small, which resulted in the kernel taint output not being printed completely sometimes. With this update, the size of the buffer has been adjusted and the kernel taint output is now displayed properly. (BZ#905829) * The code to print the kernel taint output contained a typographical error. Consequently, the kernel taint output, which is displayed on kernel panic, could not provide taint error messages for unsupported hardware. This update fixes the typo and the kernel taint output is now displayed correctly. (BZ#885063) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 843139 - CVE-2012-3400 kernel: udf: buffer overflow when parsing sparing table 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.2.1.el5.src.rpm i386: kernel-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.2.1.el5.i686.rpm kernel-debug-2.6.18-348.2.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.2.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.i686.rpm kernel-devel-2.6.18-348.2.1.el5.i686.rpm kernel-headers-2.6.18-348.2.1.el5.i386.rpm kernel-xen-2.6.18-348.2.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.2.1.el5.i686.rpm noarch: kernel-doc-2.6.18-348.2.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.2.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.x86_64.rpm kernel-devel-2.6.18-348.2.1.el5.x86_64.rpm kernel-headers-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.2.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.2.1.el5.src.rpm i386: kernel-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.2.1.el5.i686.rpm kernel-debug-2.6.18-348.2.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.2.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.i686.rpm kernel-devel-2.6.18-348.2.1.el5.i686.rpm kernel-headers-2.6.18-348.2.1.el5.i386.rpm kernel-xen-2.6.18-348.2.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.2.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.2.1.el5.i686.rpm ia64: kernel-2.6.18-348.2.1.el5.ia64.rpm kernel-debug-2.6.18-348.2.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.2.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.2.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.ia64.rpm kernel-devel-2.6.18-348.2.1.el5.ia64.rpm kernel-headers-2.6.18-348.2.1.el5.ia64.rpm kernel-xen-2.6.18-348.2.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.2.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.2.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.2.1.el5.noarch.rpm ppc: kernel-2.6.18-348.2.1.el5.ppc64.rpm kernel-debug-2.6.18-348.2.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.2.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.2.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.ppc64.rpm kernel-devel-2.6.18-348.2.1.el5.ppc64.rpm kernel-headers-2.6.18-348.2.1.el5.ppc.rpm kernel-headers-2.6.18-348.2.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.2.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.2.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.2.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.2.1.el5.s390x.rpm kernel-debug-2.6.18-348.2.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.2.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.2.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.s390x.rpm kernel-devel-2.6.18-348.2.1.el5.s390x.rpm kernel-headers-2.6.18-348.2.1.el5.s390x.rpm kernel-kdump-2.6.18-348.2.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.2.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.2.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.2.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.2.1.el5.x86_64.rpm kernel-devel-2.6.18-348.2.1.el5.x86_64.rpm kernel-headers-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.2.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.2.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3400.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNl3WXlSAg2UNWIIRAtTVAKDBPiaNuSgkBGgJWHY5qTLZYenJCwCeNzHF PN31ju+KNRHw2eRz0p1yqnY= =BCNL -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 5 21:05:33 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Mar 2013 21:05:33 +0000 Subject: [RHSA-2013:0595-01] Moderate: openstack-packstack security and bug fix update Message-ID: <201303052105.r25L5YYB022426@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-packstack security and bug fix update Advisory ID: RHSA-2013:0595-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0595.html Issue date: 2013-03-05 CVE Names: CVE-2013-0261 CVE-2013-0266 ===================================================================== 1. Summary: An updated openstack-packstack package that fixes two security issues and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. A flaw was found in PackStack. During manifest creation, the manifest file was written to /tmp/ with a predictable file name. A local attacker could use this flaw to perform a symbolic link attack, overwriting an arbitrary file accessible to the user running PackStack with the contents of the manifest, which could lead to a denial of service. Additionally, the attacker could read and potentially modify the manifest being generated, allowing them to modify systems being deployed using OpenStack. (CVE-2013-0261) It was discovered that the cinder.conf and all api-paste.ini configuration files were created with world-readable permissions. A local attacker could use this flaw to view administrative passwords, allowing them to control systems deployed and managed by OpenStack. (CVE-2013-0266) The CVE-2013-0261 issue was discovered by Kurt Seifried of the Red Hat Security Response Team, and CVE-2013-0266 was discovered by Derek Higgins of the Red Hat OpenStack team. This update also fixes several bugs in the openstack-packstack package. All users of openstack-packstack are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886592 - Openstack Installer: packstack should return an informative error when remote nodes are not configured with openstack repository 890295 - Packstack should not fail installation of cinder-vol service if the VG doesn't exist (as cinder-vol may be using plugins) 892942 - openstack-packstack: When SELinux disabled on machine installation failed with Error during remote puppet apply of horizon.pp. 903187 - Better error handling for missing parameters in answer file 904669 - PackStack should create a simple cinder block storage device to use by default if none is present 905516 - openstack-packstack: Race condition caused /etc/sysconfig/modules/kvm.modules could not be found. 905737 - When using packstack where hostname is localhost.localdomain, mysql fails to install 906006 - The --gen-answer-file parameter does not understand the ~ shortcut for home. 906410 - Generate answer file when running on live mode 907624 - Misleading message when generating public key. 907737 - Typo: Creating Galnce Manifest... 908101 - CVE-2013-0261 OpenStack packstack: insecure use of /tmp in manifest creation 908581 - CVE-2013-0266 OpenStack packstack: puppetlabs-cinder / manifests / base.pp weak file permissions 910211 - Epel version is hardcoded to epel-release-6-8 910818 - packstack should install openstack-selinux 911653 - KeyError in remove_remote_var_dirs 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-packstack-2012.2.2-1.0.dev408.el6ost.src.rpm noarch: openstack-packstack-2012.2.2-1.0.dev408.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0261.html https://www.redhat.com/security/data/cve/CVE-2013-0266.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNl37XlSAg2UNWIIRAqaIAJoD3rVBXb5HMlkMZNWTXdFz11EGygCgkz3V rb6tf2+zMrAk/lGh09wlZHI= =oOBi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 5 21:06:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Mar 2013 21:06:48 +0000 Subject: [RHSA-2013:0596-01] Moderate: openstack-keystone security, bug fix, and enhancement update Message-ID: <201303052106.r25L6mbL027974@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security, bug fix, and enhancement update Advisory ID: RHSA-2013:0596-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0596.html Issue date: 2013-03-05 CVE Names: CVE-2013-0282 CVE-2013-1664 CVE-2013-1665 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#908995) This update also fixes the following security issues: It was found that Keystone failed to properly validate disabled user accounts, or user accounts associated with disabled tenants or domains, when Amazon Elastic Compute Cloud (Amazon EC2) style credentials (credentials that are issued in the same format as standard Amazon EC2 credentials) were in use. Such users could use this flaw to access resources they should no longer have access to. (CVE-2013-0282) A denial of service flaw was found in the Extensible Markup Language (XML) parser used by Keystone. If a malicious XML file were uploaded for processing, it could possibly cause Keystone to consume an excessive amount of CPU and memory. (CVE-2013-1664) A flaw was found in the XML parser used by Keystone. If a malicious XML file were uploaded for processing, it could cause Keystone to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Keystone server that are accessible to the user running the Keystone service. (CVE-2013-1665) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Nathanael Burton (National Security Agency) as the original reporter of CVE-2013-0282. All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 908995 - Keystone - Update to the latest Folsom stable release 2012.2.3 910928 - CVE-2013-0282 OpenStack Keystone: EC2-style authentication accepts disabled user/tenants 912982 - CVE-2013-1665 Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities 913808 - CVE-2013-1664 Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.2.3-3.el6ost.src.rpm noarch: openstack-keystone-2012.2.3-3.el6ost.noarch.rpm openstack-keystone-doc-2012.2.3-3.el6ost.noarch.rpm python-keystone-2012.2.3-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0282.html https://www.redhat.com/security/data/cve/CVE-2013-1664.html https://www.redhat.com/security/data/cve/CVE-2013-1665.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNl4/XlSAg2UNWIIRAlydAKCwMKVnMrQ1XguwIr7kuWe+h89xWACgpO8O csiUCAo3JgRixV74wyIB0Vg= =D0Zd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:00:52 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:00:52 +0000 Subject: [RHSA-2013:0561-01] Moderate: Red Hat Enterprise MRG Messaging 2.3 security update Message-ID: <201303062000.r26K0qio029939@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.3 security update Advisory ID: RHSA-2013:0561-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0561.html Issue date: 2013-03-06 CVE Names: CVE-2012-4446 CVE-2012-4458 CVE-2012-4459 ===================================================================== 1. Summary: Updated Messaging component packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - noarch MRG Grid for RHEL 5 Server v.2 - noarch MRG Management for RHEL 5 Server v.2 - noarch Red Hat MRG Messaging for RHEL 5 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. For Condor users, if condor-aviary is installed, this flaw could be used to submit jobs that would run as any user (except root, as Condor does not run jobs as root). (CVE-2012-4446) It was found that the AMQP type decoder in qpidd allowed arbitrary data types in certain messages. A remote attacker could use this flaw to send a message containing an excessively large amount of data, causing qpidd to allocate a large amount of memory. qpidd would then be killed by the Out of Memory killer (denial of service). (CVE-2012-4458) An integer overflow flaw, leading to an out-of-bounds read, was found in the Qpid qpid::framing::Buffer::checkAvailable() function. An unauthenticated, remote attacker could send a specially-crafted message to Qpid, causing it to crash. (CVE-2012-4459) The CVE-2012-4446, CVE-2012-4458, and CVE-2012-4459 issues were discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes several bugs and adds enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which resolve these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 678612 - service qpidd stop [failed] - with --log-to-stdout yes 710787 - Client doesn't completely honor reconnect=false Connection option 720714 - Clustered broker exits with invalid-argument error after attempting to create dynamic federation bridge 737685 - Acquired messages are not sent to alternate exchange when queue is deleted and receiver's session closed 740485 - qpid-stat is unable to get info from a remote host 754990 - qpidd broker ring queue limit depth working differently with --default-queue-limit=0 vs. default 773719 - Concurrent queue bind on the same queue results in crash 781496 - Incorrect timestamp returned by query method call 782806 - [RFE] Python qpid client ssl support 783215 - An error shall be raised rather than purge of messages when rerouting to alt-exchange and alt-exchange doesn't exist 784957 - Qpid broker ACL processing produces unexpected results 786555 - qpid-config add queue returns success. 790004 - Cluster URL option does not contain IPv6 addresses by default 800912 - qpid-perftest stucks when iterations>1 and npubs debug or change periodicity 870058 - qpidd --config hangs during startup 871774 - Browser may read messages acquired by other consumer on message group queue 876193 - No exception on creating already existing broker object (but declaring it as different type) 876664 - Some change in exception handling 877081 - Broker crash re-routing messages through a header exchange 877553 - Crash traced to generated QMF code 882243 - Failover doesn't work properly with XA 884036 - testConversionsFromString c++ unit test failing 888392 - QpidConnectionFactoryProxy Should Implement Queue/TopicConnectionFactory Interfaces 893980 - Timeout waiting for sync on declaring queue/topic with the same identifier 895535 - 'ssl_key' connection option is not working as expected 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.3.0-1.el5.src.rpm noarch: mrg-release-2.3.0-1.el5.noarch.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.3.0-1.el5.src.rpm noarch: mrg-release-2.3.0-1.el5.noarch.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-messaging-0.1.1-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.3.0-1.el5.src.rpm noarch: cumin-messaging-0.1.1-2.el5.noarch.rpm mrg-release-2.3.0-1.el5.noarch.rpm Red Hat MRG Messaging for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/mrg-release-2.3.0-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-qpid-0.18-4.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-cpp-mrg-0.18-14.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-java-0.18-7.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-jca-0.18-8.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-qmf-0.18-15.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-tests-0.18-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/qpid-tools-0.18-8.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/rhm-docs-0.18-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/saslwrapper-0.18-1.el5.src.rpm i386: python-qpid-qmf-0.18-15.el5.i386.rpm python-saslwrapper-0.18-1.el5.i386.rpm qpid-cpp-client-0.18-14.el5.i386.rpm qpid-cpp-client-devel-0.18-14.el5.i386.rpm qpid-cpp-client-devel-docs-0.18-14.el5.i386.rpm qpid-cpp-client-rdma-0.18-14.el5.i386.rpm qpid-cpp-client-ssl-0.18-14.el5.i386.rpm qpid-cpp-mrg-debuginfo-0.18-14.el5.i386.rpm qpid-cpp-server-0.18-14.el5.i386.rpm qpid-cpp-server-cluster-0.18-14.el5.i386.rpm qpid-cpp-server-devel-0.18-14.el5.i386.rpm qpid-cpp-server-rdma-0.18-14.el5.i386.rpm qpid-cpp-server-ssl-0.18-14.el5.i386.rpm qpid-cpp-server-store-0.18-14.el5.i386.rpm qpid-cpp-server-xml-0.18-14.el5.i386.rpm qpid-qmf-0.18-15.el5.i386.rpm qpid-qmf-debuginfo-0.18-15.el5.i386.rpm qpid-qmf-devel-0.18-15.el5.i386.rpm ruby-qpid-qmf-0.18-15.el5.i386.rpm ruby-saslwrapper-0.18-1.el5.i386.rpm saslwrapper-0.18-1.el5.i386.rpm saslwrapper-debuginfo-0.18-1.el5.i386.rpm saslwrapper-devel-0.18-1.el5.i386.rpm noarch: mrg-release-2.3.0-1.el5.noarch.rpm python-qpid-0.18-4.el5.noarch.rpm qpid-java-client-0.18-7.el5.noarch.rpm qpid-java-common-0.18-7.el5.noarch.rpm qpid-java-example-0.18-7.el5.noarch.rpm qpid-jca-0.18-8.el5.noarch.rpm qpid-jca-xarecovery-0.18-8.el5.noarch.rpm qpid-tests-0.18-2.el5.noarch.rpm qpid-tools-0.18-8.el5.noarch.rpm rhm-docs-0.18-2.el5.noarch.rpm x86_64: python-qpid-qmf-0.18-15.el5.x86_64.rpm python-saslwrapper-0.18-1.el5.x86_64.rpm qpid-cpp-client-0.18-14.el5.x86_64.rpm qpid-cpp-client-devel-0.18-14.el5.x86_64.rpm qpid-cpp-client-devel-docs-0.18-14.el5.x86_64.rpm qpid-cpp-client-rdma-0.18-14.el5.x86_64.rpm qpid-cpp-client-ssl-0.18-14.el5.x86_64.rpm qpid-cpp-mrg-debuginfo-0.18-14.el5.x86_64.rpm qpid-cpp-server-0.18-14.el5.x86_64.rpm qpid-cpp-server-cluster-0.18-14.el5.x86_64.rpm qpid-cpp-server-devel-0.18-14.el5.x86_64.rpm qpid-cpp-server-rdma-0.18-14.el5.x86_64.rpm qpid-cpp-server-ssl-0.18-14.el5.x86_64.rpm qpid-cpp-server-store-0.18-14.el5.x86_64.rpm qpid-cpp-server-xml-0.18-14.el5.x86_64.rpm qpid-qmf-0.18-15.el5.x86_64.rpm qpid-qmf-debuginfo-0.18-15.el5.x86_64.rpm qpid-qmf-devel-0.18-15.el5.x86_64.rpm ruby-qpid-qmf-0.18-15.el5.x86_64.rpm ruby-saslwrapper-0.18-1.el5.x86_64.rpm saslwrapper-0.18-1.el5.x86_64.rpm saslwrapper-debuginfo-0.18-1.el5.x86_64.rpm saslwrapper-devel-0.18-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4446.html https://www.redhat.com/security/data/cve/CVE-2012-4458.html https://www.redhat.com/security/data/cve/CVE-2012-4459.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0561.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6BjXlSAg2UNWIIRAonAAJ4zznhp045LFyEypcgs6XR9gzVN8gCbBMUB aFwx/ZAB6gef9KFkhTzgODU= =nGbj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:02:06 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:02:06 +0000 Subject: [RHSA-2013:0562-01] Moderate: Red Hat Enterprise MRG Messaging 2.3 security update Message-ID: <201303062002.r26K26Kf004627@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Messaging 2.3 security update Advisory ID: RHSA-2013:0562-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0562.html Issue date: 2013-03-06 CVE Names: CVE-2012-4446 CVE-2012-4458 CVE-2012-4459 ===================================================================== 1. Summary: Updated Messaging component packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch, x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - noarch MRG Grid for RHEL 6 Server v.2 - noarch MRG Management for RHEL 6 ComputeNode v.2 - noarch MRG Management for RHEL 6 Server v.2 - noarch MRG Realtime for RHEL 6 Server v.2 - noarch Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. For Condor users, if condor-aviary is installed, this flaw could be used to submit jobs that would run as any user (except root, as Condor does not run jobs as root). (CVE-2012-4446) It was found that the AMQP type decoder in qpidd allowed arbitrary data types in certain messages. A remote attacker could use this flaw to send a message containing an excessively large amount of data, causing qpidd to allocate a large amount of memory. qpidd would then be killed by the Out of Memory killer (denial of service). (CVE-2012-4458) An integer overflow flaw, leading to an out-of-bounds read, was found in the Qpid qpid::framing::Buffer::checkAvailable() function. An unauthenticated, remote attacker could send a specially-crafted message to Qpid, causing it to crash. (CVE-2012-4459) The CVE-2012-4446, CVE-2012-4458, and CVE-2012-4459 issues were discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes several bugs and adds enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All users of the Messaging capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which resolve these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the updated packages, stop the cluster by either running "service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped, restart the cluster with "service qpidd start" on all nodes for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851355 - CVE-2012-4446 qpid-cpp: qpid authentication bypass 861234 - CVE-2012-4458 qpid-cpp: long arrays of zero-width types cause a denial of service 861241 - CVE-2012-4459 qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/python-qpid-0.18-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.18-14.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.18-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-tests-0.18-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/qpid-tools-0.18-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/rubygem-rake-0.8.7-2.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/rubygems-1.8.16-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/saslwrapper-0.18-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/xerces-c-3.0.1-20.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/xqilla-2.2.3-8.el6.src.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm python-qpid-0.18-4.el6.noarch.rpm qpid-tests-0.18-2.el6.noarch.rpm qpid-tools-0.18-8.el6.noarch.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm rubygems-1.8.16-1.el6.noarch.rpm xerces-c-doc-3.0.1-20.el6.noarch.rpm xqilla-doc-2.2.3-8.el6.noarch.rpm x86_64: python-qpid-qmf-0.18-15.el6.x86_64.rpm python-saslwrapper-0.18-1.el6_3.x86_64.rpm qpid-cpp-client-0.18-14.el6.i686.rpm qpid-cpp-client-0.18-14.el6.x86_64.rpm qpid-cpp-client-ssl-0.18-14.el6.i686.rpm qpid-cpp-client-ssl-0.18-14.el6.x86_64.rpm qpid-cpp-debuginfo-0.18-14.el6.i686.rpm qpid-cpp-debuginfo-0.18-14.el6.x86_64.rpm qpid-cpp-server-0.18-14.el6.i686.rpm qpid-cpp-server-0.18-14.el6.x86_64.rpm qpid-cpp-server-ssl-0.18-14.el6.x86_64.rpm qpid-qmf-0.18-15.el6.i686.rpm qpid-qmf-0.18-15.el6.x86_64.rpm qpid-qmf-debuginfo-0.18-15.el6.i686.rpm qpid-qmf-debuginfo-0.18-15.el6.x86_64.rpm ruby-qpid-qmf-0.18-15.el6.x86_64.rpm ruby-saslwrapper-0.18-1.el6_3.x86_64.rpm saslwrapper-0.18-1.el6_3.i686.rpm saslwrapper-0.18-1.el6_3.x86_64.rpm saslwrapper-debuginfo-0.18-1.el6_3.i686.rpm saslwrapper-debuginfo-0.18-1.el6_3.x86_64.rpm saslwrapper-devel-0.18-1.el6_3.i686.rpm saslwrapper-devel-0.18-1.el6_3.x86_64.rpm xerces-c-3.0.1-20.el6.x86_64.rpm xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm xerces-c-devel-3.0.1-20.el6.x86_64.rpm xqilla-2.2.3-8.el6.x86_64.rpm xqilla-debuginfo-2.2.3-8.el6.x86_64.rpm xqilla-devel-2.2.3-8.el6.x86_64.rpm MRG Management for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rake-0.8.7-2.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygems-1.8.16-1.el6.src.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm rubygems-1.8.16-1.el6.noarch.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-messaging-0.1.1-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm noarch: cumin-messaging-0.1.1-2.el6.noarch.rpm mrg-release-2.3.0-1.el6.noarch.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/python-qpid-0.18-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-cpp-0.18-14.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-java-0.18-7.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-jca-0.18-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-qmf-0.18-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-tests-0.18-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/qpid-tools-0.18-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rhm-docs-0.18-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/saslwrapper-0.18-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/xerces-c-3.0.1-20.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/xqilla-2.2.3-8.el6.src.rpm i386: python-qpid-qmf-0.18-15.el6.i686.rpm python-saslwrapper-0.18-1.el6_3.i686.rpm qpid-cpp-client-0.18-14.el6.i686.rpm qpid-cpp-client-devel-0.18-14.el6.i686.rpm qpid-cpp-client-rdma-0.18-14.el6.i686.rpm qpid-cpp-client-ssl-0.18-14.el6.i686.rpm qpid-cpp-debuginfo-0.18-14.el6.i686.rpm qpid-cpp-server-0.18-14.el6.i686.rpm qpid-cpp-server-cluster-0.18-14.el6.i686.rpm qpid-cpp-server-devel-0.18-14.el6.i686.rpm qpid-cpp-server-rdma-0.18-14.el6.i686.rpm qpid-cpp-server-ssl-0.18-14.el6.i686.rpm qpid-cpp-server-store-0.18-14.el6.i686.rpm qpid-cpp-server-xml-0.18-14.el6.i686.rpm qpid-qmf-0.18-15.el6.i686.rpm qpid-qmf-debuginfo-0.18-15.el6.i686.rpm qpid-qmf-devel-0.18-15.el6.i686.rpm ruby-qpid-qmf-0.18-15.el6.i686.rpm ruby-saslwrapper-0.18-1.el6_3.i686.rpm saslwrapper-0.18-1.el6_3.i686.rpm saslwrapper-debuginfo-0.18-1.el6_3.i686.rpm saslwrapper-devel-0.18-1.el6_3.i686.rpm xerces-c-3.0.1-20.el6.i686.rpm xerces-c-debuginfo-3.0.1-20.el6.i686.rpm xerces-c-devel-3.0.1-20.el6.i686.rpm xqilla-2.2.3-8.el6.i686.rpm xqilla-debuginfo-2.2.3-8.el6.i686.rpm xqilla-devel-2.2.3-8.el6.i686.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm python-qpid-0.18-4.el6.noarch.rpm qpid-cpp-client-devel-docs-0.18-14.el6.noarch.rpm qpid-java-client-0.18-7.el6.noarch.rpm qpid-java-common-0.18-7.el6.noarch.rpm qpid-java-example-0.18-7.el6.noarch.rpm qpid-jca-0.18-8.el6.noarch.rpm qpid-jca-xarecovery-0.18-8.el6.noarch.rpm qpid-tests-0.18-2.el6.noarch.rpm qpid-tools-0.18-8.el6.noarch.rpm rhm-docs-0.18-2.el6.noarch.rpm xerces-c-doc-3.0.1-20.el6.noarch.rpm xqilla-doc-2.2.3-8.el6.noarch.rpm x86_64: python-qpid-qmf-0.18-15.el6.x86_64.rpm python-saslwrapper-0.18-1.el6_3.x86_64.rpm qpid-cpp-client-0.18-14.el6.i686.rpm qpid-cpp-client-0.18-14.el6.x86_64.rpm qpid-cpp-client-devel-0.18-14.el6.x86_64.rpm qpid-cpp-client-rdma-0.18-14.el6.x86_64.rpm qpid-cpp-client-ssl-0.18-14.el6.i686.rpm qpid-cpp-client-ssl-0.18-14.el6.x86_64.rpm qpid-cpp-debuginfo-0.18-14.el6.i686.rpm qpid-cpp-debuginfo-0.18-14.el6.x86_64.rpm qpid-cpp-server-0.18-14.el6.i686.rpm qpid-cpp-server-0.18-14.el6.x86_64.rpm qpid-cpp-server-cluster-0.18-14.el6.x86_64.rpm qpid-cpp-server-devel-0.18-14.el6.x86_64.rpm qpid-cpp-server-rdma-0.18-14.el6.x86_64.rpm qpid-cpp-server-ssl-0.18-14.el6.x86_64.rpm qpid-cpp-server-store-0.18-14.el6.x86_64.rpm qpid-cpp-server-xml-0.18-14.el6.x86_64.rpm qpid-qmf-0.18-15.el6.i686.rpm qpid-qmf-0.18-15.el6.x86_64.rpm qpid-qmf-debuginfo-0.18-15.el6.i686.rpm qpid-qmf-debuginfo-0.18-15.el6.x86_64.rpm qpid-qmf-devel-0.18-15.el6.x86_64.rpm ruby-qpid-qmf-0.18-15.el6.x86_64.rpm ruby-saslwrapper-0.18-1.el6_3.x86_64.rpm saslwrapper-0.18-1.el6_3.i686.rpm saslwrapper-0.18-1.el6_3.x86_64.rpm saslwrapper-debuginfo-0.18-1.el6_3.i686.rpm saslwrapper-debuginfo-0.18-1.el6_3.x86_64.rpm saslwrapper-devel-0.18-1.el6_3.i686.rpm saslwrapper-devel-0.18-1.el6_3.x86_64.rpm xerces-c-3.0.1-20.el6.x86_64.rpm xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm xerces-c-devel-3.0.1-20.el6.x86_64.rpm xqilla-2.2.3-8.el6.x86_64.rpm xqilla-debuginfo-2.2.3-8.el6.x86_64.rpm xqilla-devel-2.2.3-8.el6.x86_64.rpm MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/mrg-release-2.3.0-1.el6.src.rpm noarch: mrg-release-2.3.0-1.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4446.html https://www.redhat.com/security/data/cve/CVE-2012-4458.html https://www.redhat.com/security/data/cve/CVE-2012-4459.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0562.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6CKXlSAg2UNWIIRAusEAJ0Uohc/qqH1VE1tvhSQSm/2cFOpHgCgxL6B yaM1Uo3GO2H0QLwcMtAspSI= =+aTq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:02:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:02:59 +0000 Subject: [RHSA-2013:0564-01] Low: Red Hat Enterprise MRG Grid 2.3 security update Message-ID: <201303062002.r26K2xVd031209@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise MRG Grid 2.3 security update Advisory ID: RHSA-2013:0564-01 Product: Red Hat Enterprise MRG for RHEL-5 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0564.html Issue date: 2013-03-06 CVE Names: CVE-2012-4462 ===================================================================== 1. Summary: Updated Grid component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 5 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 5 Server v.2 - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 5 Server v.2 - i386, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. It was found that attempting to remove a job via "/usr/share/condor/aviary/jobcontrol.py" with CPROC in square brackets caused condor_schedd to crash. If aviary_query_server was configured to listen to public interfaces, this could allow a remote attacker to cause a denial of service condition in condor_schedd. While condor_schedd was restarted by the condor_master process after each exit, condor_master would throttle back restarts after each crash. This would slowly increment to the defined MASTER_BACKOFF_CEILING value (3600 seconds/1 hour, by default). (CVE-2012-4462) The CVE-2012-4462 issue was discovered by Daniel Horak of the Red Hat Enterprise MRG Quality Engineering Team. These updated packages for Red Hat Enterprise Linux 5 provide numerous enhancements and bug fixes for the Grid component of MRG. Some of the most important enhancements include: * Release of HTCondor 7.8 * OS integration with control groups (cgroups) * Kerberos integration and HTML5 interactivity in the management console * Historical data reporting in the management console as Technology Preview * Job data availability from MongoDB as Technology Preview * Updated EC2 AMI and instance tagging support * Enhanced negotiation and accounting * Enhanced DAG workflow management * Enhancements to configuration inspection, node inventory, and configuration of walk-in or dynamic resources * High availability for Aviary Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes document, available shortly from the link in the References section, for information on these changes. All users of the Grid capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 486480 - [RFE] Master should send obituary from .old logs if necessary 635207 - Cumin: Edit Dynamic Group Quota chart should allow editing subshares 703859 - Add chart(s) showing grid utilization by accounting group [RFE] 732388 - aviary query 'getSubmissionSummary' - match for owner 733498 - Expose suspend/continue controls for jobs through Aviary 733515 - lookup or discovery capability so that cumin can find Aviary endpoints 733516 - support for proposed Aviary endpoint lookup feature 739219 - Aviary does not handle job output filenames that do not contain explicit paths 740774 - Condor doesn't run jobs with real number in RequestMemory classad 746005 - [RFE] wallaby plumage feature 748053 - preemption does not work when group quotas are in effect 749569 - [RFE] the skeleton group support in ccp/s 750196 - Timer to dismiss invocation banners [RFE] 750818 - SELinux error (setattr) for VM/KVM universe jobs (RHEL5 only) 751013 - Job receive twice signal SIGCONT after condor_continue command. 752732 - list of OSes is out of frame 753822 - Make condor_job_server default submission publisher 755765 - RFE: Gracefully handle MAX_..._LOG configuration errors 756096 - [RFE]change UNHIBERNATE default value to not wake up all the machines 756384 - RFE: Add suspend/continue job operations 760567 - Change of DynamicQuota causes KeyError on empty data 766612 - condor_schedd.init - stop should return 0 if there is not service executable 768298 - Display supported browsers in cumin [RFE] 768319 - provide information of suspended jobs 768328 - there is no suspend and transfer states in ns0:JobStatusType 772587 - openmpiscript - A deprecated MCA parameter value 'plm_rsh_agent' (on RHEL 6.2) 773434 - Some condor_ commands with valid parameter '-help' return non zero exit code 782054 - VM without VNC console doesn't start 782132 - openmpiscript - Command mpirun needs parameter --prefix for correct run (on RHEL 6.2) 782359 - Condor HFS quota example returns "Unknown config:" from QMF 782552 - Use idempotent EC2 RunInstances 782553 - [RFE] Add support for EC2 Instance Resource Tagging 782816 - warning messages of wallaby shell 783139 - Remove job using aviary isn't handled properly 783267 - [RFE] ssh_to_job for VM/Java/Sched/Local universe 785283 - RFE: expose accounting group negotiation-ordering to configuration 785289 - RFE: Alter semantic of GROUP_AUTOREGROUP to replicate legacy behavior 786020 - condor_configure_pool + required parameters 786801 - Rotation of wallaby agent logs wrongly affects old logs 786815 - Time borders have no effect for list of resources, groups, users 786825 - plumage_stats parameter for server raise exception 787138 - Add time-stamp to yellow banner [RFE] 788452 - Java issue on updated packages from condor-7.6.3-0.3 to condor-7.6.5-0.11 789351 - Change cumin's charting tools to a non-flash-based solution [RFE] 796406 - wallaby doesn't recognize node config change when group deleted 796798 - [RFE] Make grid persona default for Cumin 799129 - [RFE] Add Kerberos authentication for Cumin 799382 - Grid - Quotas - CSV - 'loading' values 799404 - Grid - Limits - CSV - html metadata 800065 - Cumin processes sometimes do not exit and must be killed from master with SIGKILL 800079 - Provide API and implementation to query submissions using a page size and age 800660 - Updates for new Aviary locator support 801047 - [RFE] Change default value of sasl-mech-list to 'ANONYMOUS' or 'PLAIN DIGEST-MD5' with credentials 801287 - service cumin start missing pid file 801632 - [RFE] wallaby shell should have a means to delete a snapshot 802704 - Inventory - Filters for a value in a column in a table 802799 - wallaby shell replace-* commands with empty args should clear the value in the store 802821 - Support description metadata for features and snapshots in wallaby store 803359 - [RFE]change UNHIBERNATE default value to not wake up all the machines 803897 - RFE: advertise the accounting group that a running job matched under on the resource ad 805029 - Remove slotvis functionality from cumin [RFE] 805448 - bad submitter limit 805581 - Number of group quota exceeded 807398 - Endpoint updating for HA configurations 807820 - Update wallaby packaging to use wallaby assigned uid/gid 807838 - Use plumage data to provide initial reporting capabilities [RFE] 809006 - Double escaping html strings 809551 - [RFE] Add the ability to use keypair by name 809732 - PU job is runned before slots are cleaned from previous (removed) job 810982 - Enable locator support for QueryServer in RHHAv2 tools 813807 - Jobs submitted from cumin through aviary show 'unknown' for enqueued column 814386 - Integration of aviary for job control, submission, and job/submission queries [RFE] 815820 - condor_configd is using QMF_BROKER_AUTH_MECHANISM instead of QMF_BROKER_AUTH_MECH 820419 - RFE: new command show-node-config 828983 - condor resource agent start operation should have verification of startup 831709 - SharedPort should depend on Master 831725 - Cleanup ALLOW_NEGOTIATOR* params 831756 - Add ALLOW_NEGOTIATOR to the ExecuteNode feature 833095 - total local resources per slot for dynamic slots is always zero 833611 - The cluster-* commands always ask for a password even if only acting on the store 840076 - Job history collection daemon and tool 845567 - new PRE_SKIP key word in DAGMan 846955 - unexpected error message from condor init.d script 848344 - Problem submitting jobs from cumin via Aviary when commands have no arguments 850205 - traceback when bad option is provided to wallaby 850392 - RFE Update Hunting+Splitting+Defaults algorithm 850555 - RFE Add? new -expand option to condor_config_val 850567 - RFE Improved? the output of condor_userprio to better support hierarchical groups 850838 - RFE copy PRIORITY values from the DAG input file to the JobPrio?attribute in the job ClassAd 851205 - schedulers list is bigger than its parent 851217 - wallaby shell should detect if there are more wallaby agents on broker 851222 - configd should detect if there are more wallaby agents on broker 855449 - getSubmissionID by qdate with scan mode "AFTER" does not work unless the qdate supplied is an exact match of an existing qdate 856646 - getSubmissionID() by qdate returning duplicates 860308 - condor SEGFAULT after upgrade while using custom hostname 860850 - CVE-2012-4462 condor: DoS when removing jobs via jobcontrol.py when job id is in square brackets 862550 - schedd crash on local universe condor_suspend+condor_continue job 864091 - wallaby list-users prints READ_ONLY instead of READ 864637 - 'condor_restart -subsystem had' causes had and negotiator to shutdown 867989 - Cumin missing scheduler stats 871080 - Queryserver is not visible in locator 881366 - Wallaby shell modify-* commands do not accept empty strings as arguments 885787 - Wallaby agent exception while running in memory 886448 - Aviary api examples: option --timeout leads to Traceback 6. Package List: MRG Grid for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.8.8-0.4.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-1.3.0-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-hooks-1.3.0-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-job-hooks-1.5-6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-low-latency-1.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-5.0.5-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.25-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5675-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-boto-2.3.0-1.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-rhubarb-0.4.3-5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-spqr-0.3.6-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-7.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.16.3-1.el5.src.rpm i386: condor-7.8.8-0.4.1.el5.i386.rpm condor-aviary-7.8.8-0.4.1.el5.i386.rpm condor-classads-7.8.8-0.4.1.el5.i386.rpm condor-debuginfo-7.8.8-0.4.1.el5.i386.rpm condor-kbdd-7.8.8-0.4.1.el5.i386.rpm condor-qmf-7.8.8-0.4.1.el5.i386.rpm condor-vm-gahp-7.8.8-0.4.1.el5.i386.rpm sesame-1.0-7.el5.i386.rpm sesame-debuginfo-1.0-7.el5.i386.rpm noarch: condor-ec2-enhanced-1.3.0-2.el5.noarch.rpm condor-ec2-enhanced-hooks-1.3.0-3.el5.noarch.rpm condor-job-hooks-1.5-6.el5.noarch.rpm condor-low-latency-1.2-3.el5.noarch.rpm condor-wallaby-base-db-1.25-1.el5.noarch.rpm condor-wallaby-client-5.0.5-2.el5.noarch.rpm condor-wallaby-tools-5.0.5-2.el5.noarch.rpm cumin-0.1.5675-1.el5.noarch.rpm python-boto-2.3.0-1.1.el5.noarch.rpm python-condorec2e-1.3.0-3.el5.noarch.rpm python-condorutils-1.5-6.el5.noarch.rpm python-wallaby-0.16.3-1.el5.noarch.rpm python-wallabyclient-5.0.5-2.el5.noarch.rpm ruby-condor-wallaby-5.0.5-2.el5.noarch.rpm ruby-rhubarb-0.4.3-5.el5.noarch.rpm ruby-spqr-0.3.6-3.el5.noarch.rpm ruby-wallaby-0.16.3-1.el5.noarch.rpm spqr-gen-0.3.6-3.el5.noarch.rpm wallaby-0.16.3-1.el5.noarch.rpm wallaby-utils-0.16.3-1.el5.noarch.rpm x86_64: condor-7.8.8-0.4.1.el5.x86_64.rpm condor-aviary-7.8.8-0.4.1.el5.x86_64.rpm condor-classads-7.8.8-0.4.1.el5.x86_64.rpm condor-debuginfo-7.8.8-0.4.1.el5.x86_64.rpm condor-kbdd-7.8.8-0.4.1.el5.x86_64.rpm condor-qmf-7.8.8-0.4.1.el5.x86_64.rpm condor-vm-gahp-7.8.8-0.4.1.el5.x86_64.rpm sesame-1.0-7.el5.x86_64.rpm sesame-debuginfo-1.0-7.el5.x86_64.rpm MRG Grid Execute Node for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-7.8.8-0.4.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-1.3.0-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-ec2-enhanced-hooks-1.3.0-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-job-hooks-1.5-6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-low-latency-1.2-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-5.0.5-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/condor-wallaby-base-db-1.25-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/python-boto-2.3.0-1.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-rhubarb-0.4.3-5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ruby-spqr-0.3.6-3.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.16.3-1.el5.src.rpm i386: condor-7.8.8-0.4.1.el5.i386.rpm condor-classads-7.8.8-0.4.1.el5.i386.rpm condor-debuginfo-7.8.8-0.4.1.el5.i386.rpm condor-kbdd-7.8.8-0.4.1.el5.i386.rpm condor-qmf-7.8.8-0.4.1.el5.i386.rpm condor-vm-gahp-7.8.8-0.4.1.el5.i386.rpm noarch: condor-ec2-enhanced-1.3.0-2.el5.noarch.rpm condor-job-hooks-1.5-6.el5.noarch.rpm condor-low-latency-1.2-3.el5.noarch.rpm condor-wallaby-base-db-1.25-1.el5.noarch.rpm condor-wallaby-client-5.0.5-2.el5.noarch.rpm condor-wallaby-tools-5.0.5-2.el5.noarch.rpm python-boto-2.3.0-1.1.el5.noarch.rpm python-condorec2e-1.3.0-3.el5.noarch.rpm python-condorutils-1.5-6.el5.noarch.rpm python-wallabyclient-5.0.5-2.el5.noarch.rpm ruby-condor-wallaby-5.0.5-2.el5.noarch.rpm ruby-rhubarb-0.4.3-5.el5.noarch.rpm ruby-spqr-0.3.6-3.el5.noarch.rpm ruby-wallaby-0.16.3-1.el5.noarch.rpm spqr-gen-0.3.6-3.el5.noarch.rpm wallaby-utils-0.16.3-1.el5.noarch.rpm x86_64: condor-7.8.8-0.4.1.el5.x86_64.rpm condor-classads-7.8.8-0.4.1.el5.x86_64.rpm condor-debuginfo-7.8.8-0.4.1.el5.x86_64.rpm condor-kbdd-7.8.8-0.4.1.el5.x86_64.rpm condor-qmf-7.8.8-0.4.1.el5.x86_64.rpm condor-vm-gahp-7.8.8-0.4.1.el5.x86_64.rpm MRG Management for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/cumin-0.1.5675-1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-7.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/wallaby-0.16.3-1.el5.src.rpm i386: sesame-1.0-7.el5.i386.rpm sesame-debuginfo-1.0-7.el5.i386.rpm noarch: cumin-0.1.5675-1.el5.noarch.rpm python-wallaby-0.16.3-1.el5.noarch.rpm x86_64: sesame-1.0-7.el5.x86_64.rpm sesame-debuginfo-1.0-7.el5.x86_64.rpm Red Hat MRG Messaging for RHEL 5 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/sesame-1.0-7.el5.src.rpm i386: sesame-1.0-7.el5.i386.rpm sesame-debuginfo-1.0-7.el5.i386.rpm x86_64: sesame-1.0-7.el5.x86_64.rpm sesame-debuginfo-1.0-7.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4462.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0564.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6DXXlSAg2UNWIIRAg/DAKCUcUHpUN4Q6JGmfAl+iidS8/0lhACfe683 /pL+9MvkiMIAqn7oVMEph6g= =M9NR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:03:44 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:03:44 +0000 Subject: [RHSA-2013:0565-01] Low: Red Hat Enterprise MRG Grid 2.3 security update Message-ID: <201303062003.r26K3ij9005059@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise MRG Grid 2.3 security update Advisory ID: RHSA-2013:0565-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0565.html Issue date: 2013-03-06 CVE Names: CVE-2012-4462 ===================================================================== 1. Summary: Updated Grid component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Grid Execute Node for RHEL 6 ComputeNode v.2 - noarch, x86_64 MRG Grid Execute Node for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Grid for RHEL 6 Server v.2 - i386, noarch, x86_64 MRG Management for RHEL 6 ComputeNode v.2 - x86_64 MRG Management for RHEL 6 Server v.2 - i386, noarch, x86_64 Red Hat MRG Messaging for RHEL 6 Server v.2 - i386, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. It was found that attempting to remove a job via "/usr/share/condor/aviary/jobcontrol.py" with CPROC in square brackets caused condor_schedd to crash. If aviary_query_server was configured to listen to public interfaces, this could allow a remote attacker to cause a denial of service condition in condor_schedd. While condor_schedd was restarted by the condor_master process after each exit, condor_master would throttle back restarts after each crash. This would slowly increment to the defined MASTER_BACKOFF_CEILING value (3600 seconds/1 hour, by default). (CVE-2012-4462) The CVE-2012-4462 issue was discovered by Daniel Horak of the Red Hat Enterprise MRG Quality Engineering Team. These updated packages for Red Hat Enterprise Linux 6 provide numerous enhancements and bug fixes for the Grid component of MRG. Some of the most important enhancements include: * Release of HTCondor 7.8 * OS integration with control groups (cgroups) * Kerberos integration and HTML5 interactivity in the management console * Historical data reporting in the management console as Technology Preview * Job data availability from MongoDB as Technology Preview * Updated EC2 AMI and instance tagging support * Enhanced negotiation and accounting * Enhanced DAG workflow management * Enhancements to configuration inspection, node inventory, and configuration of walk-in or dynamic resources * High availability for Aviary Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes document, available shortly from the link in the References section, for information on these changes. All users of the Grid capabilities of Red Hat Enterprise MRG are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 860850 - CVE-2012-4462 condor: DoS when removing jobs via jobcontrol.py when job id is in square brackets 6. Package List: MRG Grid Execute Node for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-7.8.8-0.4.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-job-hooks-1.5-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-low-latency-1.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-5.0.5-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.25-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/ruby-rhubarb-0.4.3-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/ruby-spqr-0.3.6-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/wallaby-0.16.3-1.el6.src.rpm noarch: condor-job-hooks-1.5-6.el6.noarch.rpm condor-low-latency-1.2-3.el6.noarch.rpm condor-wallaby-base-db-1.25-1.el6_3.noarch.rpm condor-wallaby-client-5.0.5-2.el6.noarch.rpm condor-wallaby-tools-5.0.5-2.el6.noarch.rpm python-condorutils-1.5-6.el6.noarch.rpm python-wallabyclient-5.0.5-2.el6.noarch.rpm ruby-condor-wallaby-5.0.5-2.el6.noarch.rpm ruby-rhubarb-0.4.3-5.el6.noarch.rpm ruby-spqr-0.3.6-3.el6.noarch.rpm ruby-wallaby-0.16.3-1.el6.noarch.rpm spqr-gen-0.3.6-3.el6.noarch.rpm wallaby-utils-0.16.3-1.el6.noarch.rpm x86_64: condor-7.8.8-0.4.1.el6.x86_64.rpm condor-classads-7.8.8-0.4.1.el6.x86_64.rpm condor-debuginfo-7.8.8-0.4.1.el6.x86_64.rpm condor-kbdd-7.8.8-0.4.1.el6.x86_64.rpm condor-qmf-7.8.8-0.4.1.el6.x86_64.rpm condor-vm-gahp-7.8.8-0.4.1.el6.x86_64.rpm MRG Management for RHEL 6 ComputeNode v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-8.el6.src.rpm x86_64: sesame-1.0-8.el6.x86_64.rpm sesame-debuginfo-1.0-8.el6.x86_64.rpm MRG Grid for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.8.8-0.4.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-1.3.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-hooks-1.3.0-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-job-hooks-1.5-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-low-latency-1.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-5.0.5-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.25-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5675-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/deltacloud-core-0.5.0-11.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-rhubarb-0.4.3-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-spqr-0.3.6-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/rubygem-rack-1.3.0-3.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.16.3-1.el6.src.rpm i386: condor-7.8.8-0.4.1.el6.i686.rpm condor-aviary-7.8.8-0.4.1.el6.i686.rpm condor-classads-7.8.8-0.4.1.el6.i686.rpm condor-cluster-resource-agent-7.8.8-0.4.1.el6.i686.rpm condor-debuginfo-7.8.8-0.4.1.el6.i686.rpm condor-kbdd-7.8.8-0.4.1.el6.i686.rpm condor-plumage-7.8.8-0.4.1.el6.i686.rpm condor-qmf-7.8.8-0.4.1.el6.i686.rpm sesame-1.0-8.el6.i686.rpm sesame-debuginfo-1.0-8.el6.i686.rpm noarch: condor-ec2-enhanced-1.3.0-2.el6.noarch.rpm condor-ec2-enhanced-hooks-1.3.0-3.el6.noarch.rpm condor-job-hooks-1.5-6.el6.noarch.rpm condor-low-latency-1.2-3.el6.noarch.rpm condor-wallaby-base-db-1.25-1.el6_3.noarch.rpm condor-wallaby-client-5.0.5-2.el6.noarch.rpm condor-wallaby-tools-5.0.5-2.el6.noarch.rpm cumin-0.1.5675-1.el6.noarch.rpm deltacloud-core-0.5.0-11.el6cf.noarch.rpm deltacloud-core-doc-0.5.0-11.el6cf.noarch.rpm deltacloud-core-rhevm-0.5.0-11.el6cf.noarch.rpm python-condorec2e-1.3.0-3.el6.noarch.rpm python-condorutils-1.5-6.el6.noarch.rpm python-wallaby-0.16.3-1.el6.noarch.rpm python-wallabyclient-5.0.5-2.el6.noarch.rpm ruby-condor-wallaby-5.0.5-2.el6.noarch.rpm ruby-rhubarb-0.4.3-5.el6.noarch.rpm ruby-spqr-0.3.6-3.el6.noarch.rpm ruby-wallaby-0.16.3-1.el6.noarch.rpm rubygem-nokogiri-doc-1.5.0-0.9.beta4.el6cf.noarch.rpm rubygem-rack-1.3.0-3.el6cf.noarch.rpm spqr-gen-0.3.6-3.el6.noarch.rpm wallaby-0.16.3-1.el6.noarch.rpm wallaby-utils-0.16.3-1.el6.noarch.rpm x86_64: condor-7.8.8-0.4.1.el6.x86_64.rpm condor-aviary-7.8.8-0.4.1.el6.x86_64.rpm condor-classads-7.8.8-0.4.1.el6.x86_64.rpm condor-cluster-resource-agent-7.8.8-0.4.1.el6.x86_64.rpm condor-debuginfo-7.8.8-0.4.1.el6.x86_64.rpm condor-deltacloud-gahp-7.8.8-0.4.1.el6.x86_64.rpm condor-kbdd-7.8.8-0.4.1.el6.x86_64.rpm condor-plumage-7.8.8-0.4.1.el6.x86_64.rpm condor-qmf-7.8.8-0.4.1.el6.x86_64.rpm condor-vm-gahp-7.8.8-0.4.1.el6.x86_64.rpm ruby-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm rubygem-nokogiri-1.5.0-0.9.beta4.el6cf.x86_64.rpm rubygem-nokogiri-debuginfo-1.5.0-0.9.beta4.el6cf.x86_64.rpm sesame-1.0-8.el6.x86_64.rpm sesame-debuginfo-1.0-8.el6.x86_64.rpm MRG Grid Execute Node for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-7.8.8-0.4.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-1.3.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-ec2-enhanced-hooks-1.3.0-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-job-hooks-1.5-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-low-latency-1.2-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-5.0.5-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/condor-wallaby-base-db-1.25-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-rhubarb-0.4.3-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/ruby-spqr-0.3.6-3.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.16.3-1.el6.src.rpm i386: condor-7.8.8-0.4.1.el6.i686.rpm condor-classads-7.8.8-0.4.1.el6.i686.rpm condor-debuginfo-7.8.8-0.4.1.el6.i686.rpm condor-kbdd-7.8.8-0.4.1.el6.i686.rpm condor-qmf-7.8.8-0.4.1.el6.i686.rpm noarch: condor-ec2-enhanced-1.3.0-2.el6.noarch.rpm condor-job-hooks-1.5-6.el6.noarch.rpm condor-low-latency-1.2-3.el6.noarch.rpm condor-wallaby-base-db-1.25-1.el6_3.noarch.rpm condor-wallaby-client-5.0.5-2.el6.noarch.rpm condor-wallaby-tools-5.0.5-2.el6.noarch.rpm python-condorec2e-1.3.0-3.el6.noarch.rpm python-condorutils-1.5-6.el6.noarch.rpm python-wallabyclient-5.0.5-2.el6.noarch.rpm ruby-condor-wallaby-5.0.5-2.el6.noarch.rpm ruby-rhubarb-0.4.3-5.el6.noarch.rpm ruby-spqr-0.3.6-3.el6.noarch.rpm ruby-wallaby-0.16.3-1.el6.noarch.rpm spqr-gen-0.3.6-3.el6.noarch.rpm wallaby-utils-0.16.3-1.el6.noarch.rpm x86_64: condor-7.8.8-0.4.1.el6.x86_64.rpm condor-classads-7.8.8-0.4.1.el6.x86_64.rpm condor-debuginfo-7.8.8-0.4.1.el6.x86_64.rpm condor-kbdd-7.8.8-0.4.1.el6.x86_64.rpm condor-qmf-7.8.8-0.4.1.el6.x86_64.rpm condor-vm-gahp-7.8.8-0.4.1.el6.x86_64.rpm MRG Management for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5675-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/wallaby-0.16.3-1.el6.src.rpm i386: sesame-1.0-8.el6.i686.rpm sesame-debuginfo-1.0-8.el6.i686.rpm noarch: cumin-0.1.5675-1.el6.noarch.rpm python-wallaby-0.16.3-1.el6.noarch.rpm x86_64: sesame-1.0-8.el6.x86_64.rpm sesame-debuginfo-1.0-8.el6.x86_64.rpm Red Hat MRG Messaging for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/sesame-1.0-8.el6.src.rpm i386: sesame-1.0-8.el6.i686.rpm sesame-debuginfo-1.0-8.el6.i686.rpm x86_64: sesame-1.0-8.el6.x86_64.rpm sesame-debuginfo-1.0-8.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4462.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0565.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6EEXlSAg2UNWIIRAlLYAKCTqaNy7tssTWOPs1UNUAmq0F1IwwCgo1PB XW4aQUjRyGw9Cyln3bmcGg8= =0ZUe -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:04:27 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:04:27 +0000 Subject: [RHSA-2013:0566-01] Important: kernel-rt security and bug fix update Message-ID: <201303062004.r26K4R2D005232@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2013:0566-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0566.html Issue date: 2013-03-06 CVE Names: CVE-2012-2375 CVE-2012-4530 CVE-2013-1772 CVE-2013-1773 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * It was found that the RHSA-2012:0333 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A memory disclosure flaw was found in the way the load_script() function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts. (CVE-2012-4530, Low) * A flaw was found in the way file permission checks for the "/dev/kmsg" file were performed in restricted root environments (for example, when using a capability-based security model). A local user able to write to this file could cause a denial of service. (CVE-2013-1772, Low) The CVE-2012-2375 issue was discovered by Jian Li of Red Hat. This update also fixes multiple bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.6.11-rt28, correct these issues, and fix the bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 773017 - kernel-rt-{debug,trace}-debuginfo conflicts against kernel-debuginfo 822869 - CVE-2012-2375 kernel: incomplete fix for CVE-2011-4131 866596 - RFE: rebase to 3.4 or greater kernel [mrg2.3] 866600 - RFE: adding PTP kernel support as a Tech Preview [mrg2.3] 868285 - CVE-2012-4530 kernel: stack disclosure in binfmt_script load_script() 916075 - CVE-2013-1772 kernel: call_console_drivers() function log prefix stripping DoS 916115 - CVE-2013-1773 kernel: VFAT slab-based buffer overflow 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.6.11-rt28.20.el6rt.src.rpm noarch: kernel-rt-doc-3.6.11-rt28.20.el6rt.noarch.rpm kernel-rt-firmware-3.6.11-rt28.20.el6rt.noarch.rpm mrg-rt-release-3.6.11-rt28.20.el6rt.noarch.rpm x86_64: kernel-rt-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-debug-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-debug-devel-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-debuginfo-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-devel-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-trace-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-trace-devel-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-vanilla-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.6.11-rt28.20.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.6.11-rt28.20.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2375.html https://www.redhat.com/security/data/cve/CVE-2012-4530.html https://www.redhat.com/security/data/cve/CVE-2013-1772.html https://www.redhat.com/security/data/cve/CVE-2013-1773.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2012-0333.html https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0566.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6EuXlSAg2UNWIIRAkMDAJ9ciFzFQKycMhyu/BD7+dBkslHheQCff2L2 lDDkn79lGnfsT7/B1L6Fv5U= =aEab -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:05:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:05:20 +0000 Subject: [RHSA-2013:0599-01] Important: xen security update Message-ID: <201303062005.r26K5K4J021444@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2013:0599-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0599.html Issue date: 2013-03-06 CVE Names: CVE-2012-6075 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 889301 - CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-142.el5_9.2.src.rpm i386: xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-libs-3.0.3-142.el5_9.2.i386.rpm x86_64: xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.x86_64.rpm xen-libs-3.0.3-142.el5_9.2.i386.rpm xen-libs-3.0.3-142.el5_9.2.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-142.el5_9.2.src.rpm i386: xen-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-devel-3.0.3-142.el5_9.2.i386.rpm x86_64: xen-3.0.3-142.el5_9.2.x86_64.rpm xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.x86_64.rpm xen-devel-3.0.3-142.el5_9.2.i386.rpm xen-devel-3.0.3-142.el5_9.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-142.el5_9.2.src.rpm i386: xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-libs-3.0.3-142.el5_9.2.i386.rpm ia64: xen-debuginfo-3.0.3-142.el5_9.2.ia64.rpm xen-libs-3.0.3-142.el5_9.2.ia64.rpm x86_64: xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.x86_64.rpm xen-libs-3.0.3-142.el5_9.2.i386.rpm xen-libs-3.0.3-142.el5_9.2.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-142.el5_9.2.src.rpm i386: xen-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-devel-3.0.3-142.el5_9.2.i386.rpm ia64: xen-3.0.3-142.el5_9.2.ia64.rpm xen-debuginfo-3.0.3-142.el5_9.2.ia64.rpm xen-devel-3.0.3-142.el5_9.2.ia64.rpm x86_64: xen-3.0.3-142.el5_9.2.x86_64.rpm xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm xen-debuginfo-3.0.3-142.el5_9.2.x86_64.rpm xen-devel-3.0.3-142.el5_9.2.i386.rpm xen-devel-3.0.3-142.el5_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6075.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6FgXlSAg2UNWIIRAhMWAJ0e1s957Rv3aWBKQr5k0Q+XpFLnuQCfWkEK RJUT2uEM++2XhGTp/PZR4J4= =a03g -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:05:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:05:57 +0000 Subject: [RHSA-2013:0600-01] Critical: java-1.7.0-oracle security update Message-ID: <201303062005.r26K5wZr029523@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0600-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0600.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. (CVE-2013-0809, CVE-2013-1493) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 17 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.i686.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.17-1jpp.1.el6_4.x86_64.rpm java-1.7.0-oracle-src-1.7.0.17-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6GRXlSAg2UNWIIRAqcGAJwKcpx+l0hh5ss4cpvQX8it4cJAMACgr7ew Q5P8GiBJmZjC9QyF9oryp58= =CD8J -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:06:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:06:31 +0000 Subject: [RHSA-2013:0601-01] Critical: java-1.6.0-sun security update Message-ID: <201303062006.r26K6WKJ001640@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2013:0601-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0601.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. (CVE-2013-0809, CVE-2013-1493) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 43. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.1.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6G1XlSAg2UNWIIRAhvHAJ9nIMN5N8KB0DJWqDXvlglgyzn/lwCgj9vz 85BwedXj1ntH7DYdYJGMm3c= =alSi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:07:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:07:47 +0000 Subject: [RHSA-2013:0602-01] Critical: java-1.7.0-openjdk security update Message-ID: <201303062007.r26K7lCZ000768@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0602-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0602.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.8/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6HcXlSAg2UNWIIRAsYRAJ4hQlVhsjtdhFFz4OVMpYPC8OPDUACggzcV uGVFVemfvJCPnKJUoIawBi8= =in+y -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:08:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:08:31 +0000 Subject: [RHSA-2013:0603-01] Important: java-1.7.0-openjdk security update Message-ID: <201303062008.r26K8Vie030519@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0603-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0603.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.8/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6IkXlSAg2UNWIIRAi8OAKCRs24Y9QT8uiZSaG8aY6578X3R2gCgotwh Vz/nlzILVdhilg3ASWEH27w= =dxyv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:09:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:09:09 +0000 Subject: [RHSA-2013:0604-01] Important: java-1.6.0-openjdk security update Message-ID: <201303062009.r26K99pa024836@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0604-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0604.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.9/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6JQXlSAg2UNWIIRAh1JAJ9jMbVbTHdTk7Ox8UAnI1ZFUg+HlwCeKNEn 4HS3k9OpFQuYKlK8UXlnuRI= =uZF+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 6 20:10:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Mar 2013 20:10:01 +0000 Subject: [RHSA-2013:0605-01] Critical: java-1.6.0-openjdk security update Message-ID: <201303062010.r26KA23t007641@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0605-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0605.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) Note: If your system has not yet been upgraded to Red Hat Enterprise Linux 6.4 and the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Thus, this update has been rated as having critical security impact as a one time exception. The icedtea-web package as provided with Red Hat Enterprise Linux 6.4 uses OpenJDK 7 instead. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.9/NEWS 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRN6KFXlSAg2UNWIIRAtsSAKCpmtL1mj7GjJThHwDwT1AlTloiWQCghzdv qAiBrVMdByLRcdx+JcM8NMg= =xE2s -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 7 19:23:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Mar 2013 19:23:20 +0000 Subject: [RHSA-2013:0608-01] Important: kvm security update Message-ID: <201303071923.r27JNKnp026665@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2013:0608-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0608.html Issue date: 2013-03-07 CVE Names: CVE-2012-6075 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 889301 - CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kvm-83-262.el5_9.1.src.rpm x86_64: kmod-kvm-83-262.el5_9.1.x86_64.rpm kmod-kvm-debug-83-262.el5_9.1.x86_64.rpm kvm-83-262.el5_9.1.x86_64.rpm kvm-debuginfo-83-262.el5_9.1.x86_64.rpm kvm-qemu-img-83-262.el5_9.1.x86_64.rpm kvm-tools-83-262.el5_9.1.x86_64.rpm RHEL Virtualization (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kvm-83-262.el5_9.1.src.rpm x86_64: kmod-kvm-83-262.el5_9.1.x86_64.rpm kmod-kvm-debug-83-262.el5_9.1.x86_64.rpm kvm-83-262.el5_9.1.x86_64.rpm kvm-debuginfo-83-262.el5_9.1.x86_64.rpm kvm-qemu-img-83-262.el5_9.1.x86_64.rpm kvm-tools-83-262.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6075.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFROOkWXlSAg2UNWIIRAjcfAJ0QgD1VleyOB+4UxDZAjSjYTVA9wwCglGi4 O4IzdGIyKRqVJxNg8OBd1yk= =+dhI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 7 19:24:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Mar 2013 19:24:11 +0000 Subject: [RHSA-2013:0609-01] Important: qemu-kvm security update Message-ID: <201303071924.r27JOBSJ009092@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2013:0609-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0609.html Issue date: 2013-03-07 CVE Names: CVE-2012-6075 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 889301 - CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm i386: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6075.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFROOk4XlSAg2UNWIIRAqDQAJ90r5nvpHMtBx3c0pqH5uX9rWbmAQCgtUQT YSeMbrrPQmuEYmOmkNIe1bI= =pISq -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 7 19:26:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Mar 2013 19:26:08 +0000 Subject: [RHSA-2013:0611-01] Moderate: ruby security update Message-ID: <201303071926.r27JQ8Z4006696@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2013:0611-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0611.html Issue date: 2013-03-07 CVE Names: CVE-2013-1821 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 914716 - CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-29.el5_9.src.rpm i386: ruby-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-docs-1.8.5-29.el5_9.i386.rpm ruby-irb-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-rdoc-1.8.5-29.el5_9.i386.rpm ruby-ri-1.8.5-29.el5_9.i386.rpm ruby-tcltk-1.8.5-29.el5_9.i386.rpm x86_64: ruby-1.8.5-29.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.x86_64.rpm ruby-docs-1.8.5-29.el5_9.x86_64.rpm ruby-irb-1.8.5-29.el5_9.x86_64.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.x86_64.rpm ruby-rdoc-1.8.5-29.el5_9.x86_64.rpm ruby-ri-1.8.5-29.el5_9.x86_64.rpm ruby-tcltk-1.8.5-29.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-29.el5_9.src.rpm i386: ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-mode-1.8.5-29.el5_9.i386.rpm x86_64: ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.x86_64.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.x86_64.rpm ruby-mode-1.8.5-29.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-29.el5_9.src.rpm i386: ruby-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-docs-1.8.5-29.el5_9.i386.rpm ruby-irb-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-mode-1.8.5-29.el5_9.i386.rpm ruby-rdoc-1.8.5-29.el5_9.i386.rpm ruby-ri-1.8.5-29.el5_9.i386.rpm ruby-tcltk-1.8.5-29.el5_9.i386.rpm ia64: ruby-1.8.5-29.el5_9.ia64.rpm ruby-debuginfo-1.8.5-29.el5_9.ia64.rpm ruby-devel-1.8.5-29.el5_9.ia64.rpm ruby-docs-1.8.5-29.el5_9.ia64.rpm ruby-irb-1.8.5-29.el5_9.ia64.rpm ruby-libs-1.8.5-29.el5_9.ia64.rpm ruby-mode-1.8.5-29.el5_9.ia64.rpm ruby-rdoc-1.8.5-29.el5_9.ia64.rpm ruby-ri-1.8.5-29.el5_9.ia64.rpm ruby-tcltk-1.8.5-29.el5_9.ia64.rpm ppc: ruby-1.8.5-29.el5_9.ppc.rpm ruby-debuginfo-1.8.5-29.el5_9.ppc.rpm ruby-debuginfo-1.8.5-29.el5_9.ppc64.rpm ruby-devel-1.8.5-29.el5_9.ppc.rpm ruby-devel-1.8.5-29.el5_9.ppc64.rpm ruby-docs-1.8.5-29.el5_9.ppc.rpm ruby-irb-1.8.5-29.el5_9.ppc.rpm ruby-libs-1.8.5-29.el5_9.ppc.rpm ruby-libs-1.8.5-29.el5_9.ppc64.rpm ruby-mode-1.8.5-29.el5_9.ppc.rpm ruby-rdoc-1.8.5-29.el5_9.ppc.rpm ruby-ri-1.8.5-29.el5_9.ppc.rpm ruby-tcltk-1.8.5-29.el5_9.ppc.rpm s390x: ruby-1.8.5-29.el5_9.s390x.rpm ruby-debuginfo-1.8.5-29.el5_9.s390.rpm ruby-debuginfo-1.8.5-29.el5_9.s390x.rpm ruby-devel-1.8.5-29.el5_9.s390.rpm ruby-devel-1.8.5-29.el5_9.s390x.rpm ruby-docs-1.8.5-29.el5_9.s390x.rpm ruby-irb-1.8.5-29.el5_9.s390x.rpm ruby-libs-1.8.5-29.el5_9.s390.rpm ruby-libs-1.8.5-29.el5_9.s390x.rpm ruby-mode-1.8.5-29.el5_9.s390x.rpm ruby-rdoc-1.8.5-29.el5_9.s390x.rpm ruby-ri-1.8.5-29.el5_9.s390x.rpm ruby-tcltk-1.8.5-29.el5_9.s390x.rpm x86_64: ruby-1.8.5-29.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-29.el5_9.i386.rpm ruby-debuginfo-1.8.5-29.el5_9.x86_64.rpm ruby-devel-1.8.5-29.el5_9.i386.rpm ruby-devel-1.8.5-29.el5_9.x86_64.rpm ruby-docs-1.8.5-29.el5_9.x86_64.rpm ruby-irb-1.8.5-29.el5_9.x86_64.rpm ruby-libs-1.8.5-29.el5_9.i386.rpm ruby-libs-1.8.5-29.el5_9.x86_64.rpm ruby-mode-1.8.5-29.el5_9.x86_64.rpm ruby-rdoc-1.8.5-29.el5_9.x86_64.rpm ruby-ri-1.8.5-29.el5_9.x86_64.rpm ruby-tcltk-1.8.5-29.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1821.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFROOmwXlSAg2UNWIIRApxQAKCNhbE/3cPqzNIUQOEYYklSrZ0JqwCfRnsc UGvuR+hQj800kyBVpdnXHfE= =/04w -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 7 19:26:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Mar 2013 19:26:59 +0000 Subject: [RHSA-2013:0612-01] Moderate: ruby security update Message-ID: <201303071926.r27JQxGX007315@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2013:0612-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0612.html Issue date: 2013-03-07 CVE Names: CVE-2012-4481 CVE-2013-1821 ===================================================================== 1. Summary: Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) It was found that the RHSA-2011:0910 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 863484 - CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects 914716 - CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-irb-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-rdoc-1.8.7.352-10.el6_4.i686.rpm x86_64: ruby-1.8.7.352-10.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.x86_64.rpm ruby-irb-1.8.7.352-10.el6_4.x86_64.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-docs-1.8.7.352-10.el6_4.i686.rpm ruby-ri-1.8.7.352-10.el6_4.i686.rpm ruby-static-1.8.7.352-10.el6_4.i686.rpm ruby-tcltk-1.8.7.352-10.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-docs-1.8.7.352-10.el6_4.x86_64.rpm ruby-ri-1.8.7.352-10.el6_4.x86_64.rpm ruby-static-1.8.7.352-10.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm x86_64: ruby-1.8.7.352-10.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.x86_64.rpm ruby-irb-1.8.7.352-10.el6_4.x86_64.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm x86_64: ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-docs-1.8.7.352-10.el6_4.x86_64.rpm ruby-ri-1.8.7.352-10.el6_4.x86_64.rpm ruby-static-1.8.7.352-10.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-irb-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-rdoc-1.8.7.352-10.el6_4.i686.rpm ppc64: ruby-1.8.7.352-10.el6_4.ppc64.rpm ruby-debuginfo-1.8.7.352-10.el6_4.ppc.rpm ruby-debuginfo-1.8.7.352-10.el6_4.ppc64.rpm ruby-devel-1.8.7.352-10.el6_4.ppc.rpm ruby-devel-1.8.7.352-10.el6_4.ppc64.rpm ruby-irb-1.8.7.352-10.el6_4.ppc64.rpm ruby-libs-1.8.7.352-10.el6_4.ppc.rpm ruby-libs-1.8.7.352-10.el6_4.ppc64.rpm ruby-rdoc-1.8.7.352-10.el6_4.ppc64.rpm s390x: ruby-1.8.7.352-10.el6_4.s390x.rpm ruby-debuginfo-1.8.7.352-10.el6_4.s390.rpm ruby-debuginfo-1.8.7.352-10.el6_4.s390x.rpm ruby-devel-1.8.7.352-10.el6_4.s390.rpm ruby-devel-1.8.7.352-10.el6_4.s390x.rpm ruby-irb-1.8.7.352-10.el6_4.s390x.rpm ruby-libs-1.8.7.352-10.el6_4.s390.rpm ruby-libs-1.8.7.352-10.el6_4.s390x.rpm ruby-rdoc-1.8.7.352-10.el6_4.s390x.rpm x86_64: ruby-1.8.7.352-10.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.x86_64.rpm ruby-irb-1.8.7.352-10.el6_4.x86_64.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-docs-1.8.7.352-10.el6_4.i686.rpm ruby-ri-1.8.7.352-10.el6_4.i686.rpm ruby-static-1.8.7.352-10.el6_4.i686.rpm ruby-tcltk-1.8.7.352-10.el6_4.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-10.el6_4.ppc64.rpm ruby-docs-1.8.7.352-10.el6_4.ppc64.rpm ruby-ri-1.8.7.352-10.el6_4.ppc64.rpm ruby-static-1.8.7.352-10.el6_4.ppc64.rpm ruby-tcltk-1.8.7.352-10.el6_4.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-10.el6_4.s390x.rpm ruby-docs-1.8.7.352-10.el6_4.s390x.rpm ruby-ri-1.8.7.352-10.el6_4.s390x.rpm ruby-static-1.8.7.352-10.el6_4.s390x.rpm ruby-tcltk-1.8.7.352-10.el6_4.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-docs-1.8.7.352-10.el6_4.x86_64.rpm ruby-ri-1.8.7.352-10.el6_4.x86_64.rpm ruby-static-1.8.7.352-10.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-irb-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-rdoc-1.8.7.352-10.el6_4.i686.rpm x86_64: ruby-1.8.7.352-10.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-devel-1.8.7.352-10.el6_4.i686.rpm ruby-devel-1.8.7.352-10.el6_4.x86_64.rpm ruby-irb-1.8.7.352-10.el6_4.x86_64.rpm ruby-libs-1.8.7.352-10.el6_4.i686.rpm ruby-libs-1.8.7.352-10.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-10.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-10.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-10.el6_4.i686.rpm ruby-docs-1.8.7.352-10.el6_4.i686.rpm ruby-ri-1.8.7.352-10.el6_4.i686.rpm ruby-static-1.8.7.352-10.el6_4.i686.rpm ruby-tcltk-1.8.7.352-10.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-10.el6_4.x86_64.rpm ruby-docs-1.8.7.352-10.el6_4.x86_64.rpm ruby-ri-1.8.7.352-10.el6_4.x86_64.rpm ruby-static-1.8.7.352-10.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-10.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4481.html https://www.redhat.com/security/data/cve/CVE-2013-1821.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-0910.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFROOnoXlSAg2UNWIIRArXjAJ994FMWnz8iVo1wBaZIQqnGgf7mTwCfdlbp hgaDLhzspKG9kGioyMmAUjg= =DnEU -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 8 12:28:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 8 Mar 2013 12:28:22 +0000 Subject: [RHSA-2013:0614-01] Critical: xulrunner security update Message-ID: <201303081231.r28CVwSC014048@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: xulrunner security update Advisory ID: RHSA-2013:0614-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0614.html Issue date: 2013-03-08 CVE Names: CVE-2013-0787 ===================================================================== 1. Summary: Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 918876 - CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.3-2.el5_9.src.rpm i386: xulrunner-17.0.3-2.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm x86_64: xulrunner-17.0.3-2.el5_9.i386.rpm xulrunner-17.0.3-2.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-2.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.3-2.el5_9.src.rpm i386: xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm xulrunner-devel-17.0.3-2.el5_9.i386.rpm x86_64: xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-2.el5_9.x86_64.rpm xulrunner-devel-17.0.3-2.el5_9.i386.rpm xulrunner-devel-17.0.3-2.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.3-2.el5_9.src.rpm i386: xulrunner-17.0.3-2.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm xulrunner-devel-17.0.3-2.el5_9.i386.rpm ia64: xulrunner-17.0.3-2.el5_9.ia64.rpm xulrunner-debuginfo-17.0.3-2.el5_9.ia64.rpm xulrunner-devel-17.0.3-2.el5_9.ia64.rpm ppc: xulrunner-17.0.3-2.el5_9.ppc.rpm xulrunner-17.0.3-2.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.3-2.el5_9.ppc.rpm xulrunner-debuginfo-17.0.3-2.el5_9.ppc64.rpm xulrunner-devel-17.0.3-2.el5_9.ppc.rpm xulrunner-devel-17.0.3-2.el5_9.ppc64.rpm s390x: xulrunner-17.0.3-2.el5_9.s390.rpm xulrunner-17.0.3-2.el5_9.s390x.rpm xulrunner-debuginfo-17.0.3-2.el5_9.s390.rpm xulrunner-debuginfo-17.0.3-2.el5_9.s390x.rpm xulrunner-devel-17.0.3-2.el5_9.s390.rpm xulrunner-devel-17.0.3-2.el5_9.s390x.rpm x86_64: xulrunner-17.0.3-2.el5_9.i386.rpm xulrunner-17.0.3-2.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el5_9.i386.rpm xulrunner-debuginfo-17.0.3-2.el5_9.x86_64.rpm xulrunner-devel-17.0.3-2.el5_9.i386.rpm xulrunner-devel-17.0.3-2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm x86_64: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-17.0.3-2.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm x86_64: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-17.0.3-2.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm ppc64: xulrunner-17.0.3-2.el6_4.ppc.rpm xulrunner-17.0.3-2.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.3-2.el6_4.ppc.rpm xulrunner-debuginfo-17.0.3-2.el6_4.ppc64.rpm s390x: xulrunner-17.0.3-2.el6_4.s390.rpm xulrunner-17.0.3-2.el6_4.s390x.rpm xulrunner-debuginfo-17.0.3-2.el6_4.s390.rpm xulrunner-debuginfo-17.0.3-2.el6_4.s390x.rpm x86_64: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-17.0.3-2.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm ppc64: xulrunner-debuginfo-17.0.3-2.el6_4.ppc.rpm xulrunner-debuginfo-17.0.3-2.el6_4.ppc64.rpm xulrunner-devel-17.0.3-2.el6_4.ppc.rpm xulrunner-devel-17.0.3-2.el6_4.ppc64.rpm s390x: xulrunner-debuginfo-17.0.3-2.el6_4.s390.rpm xulrunner-debuginfo-17.0.3-2.el6_4.s390x.rpm xulrunner-devel-17.0.3-2.el6_4.s390.rpm xulrunner-devel-17.0.3-2.el6_4.s390x.rpm x86_64: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm x86_64: xulrunner-17.0.3-2.el6_4.i686.rpm xulrunner-17.0.3-2.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.3-2.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.3-2.el6_4.i686.rpm xulrunner-debuginfo-17.0.3-2.el6_4.x86_64.rpm xulrunner-devel-17.0.3-2.el6_4.i686.rpm xulrunner-devel-17.0.3-2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0787.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFROdo5XlSAg2UNWIIRAk2GAJ45D9ZAiWMwp4iuwjFSKto+QV1XnQCeOr5r O2utAhty+IErvHxmAVEweEA= =qsmN -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:52:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:52:08 +0000 Subject: [RHSA-2013:0621-01] Important: kernel security update Message-ID: <201303111952.r2BJq8fs000979@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2013:0621-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0621.html Issue date: 2013-03-11 CVE Names: CVE-2013-0268 CVE-2013-0871 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 908693 - CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation 911937 - CVE-2013-0871 kernel: race condition with PTRACE_SETREGS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.3.1.el5.src.rpm i386: kernel-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.3.1.el5.i686.rpm kernel-debug-2.6.18-348.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.i686.rpm kernel-devel-2.6.18-348.3.1.el5.i686.rpm kernel-headers-2.6.18-348.3.1.el5.i386.rpm kernel-xen-2.6.18-348.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.3.1.el5.i686.rpm noarch: kernel-doc-2.6.18-348.3.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.x86_64.rpm kernel-devel-2.6.18-348.3.1.el5.x86_64.rpm kernel-headers-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.3.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.3.1.el5.src.rpm i386: kernel-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.3.1.el5.i686.rpm kernel-debug-2.6.18-348.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.i686.rpm kernel-devel-2.6.18-348.3.1.el5.i686.rpm kernel-headers-2.6.18-348.3.1.el5.i386.rpm kernel-xen-2.6.18-348.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.3.1.el5.i686.rpm ia64: kernel-2.6.18-348.3.1.el5.ia64.rpm kernel-debug-2.6.18-348.3.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.3.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.3.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.ia64.rpm kernel-devel-2.6.18-348.3.1.el5.ia64.rpm kernel-headers-2.6.18-348.3.1.el5.ia64.rpm kernel-xen-2.6.18-348.3.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.3.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.3.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.3.1.el5.noarch.rpm ppc: kernel-2.6.18-348.3.1.el5.ppc64.rpm kernel-debug-2.6.18-348.3.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.3.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.3.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.ppc64.rpm kernel-devel-2.6.18-348.3.1.el5.ppc64.rpm kernel-headers-2.6.18-348.3.1.el5.ppc.rpm kernel-headers-2.6.18-348.3.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.3.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.3.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.3.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.3.1.el5.s390x.rpm kernel-debug-2.6.18-348.3.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.3.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.3.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.s390x.rpm kernel-devel-2.6.18-348.3.1.el5.s390x.rpm kernel-headers-2.6.18-348.3.1.el5.s390x.rpm kernel-kdump-2.6.18-348.3.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.3.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.3.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.3.1.el5.x86_64.rpm kernel-devel-2.6.18-348.3.1.el5.x86_64.rpm kernel-headers-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.3.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0268.html https://www.redhat.com/security/data/cve/CVE-2013-0871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjW6XlSAg2UNWIIRAgb9AKCc/Bsb3qC+XmoCvbmr1aK82wpOmgCcDliT QbiKo7FzpWFrbkgEPfXtNi8= =yL6c -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:52:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:52:35 +0000 Subject: [RHSA-2013:0622-01] Important: kernel-rt security and bug fix update Message-ID: <201303111952.r2BJqZJE024719@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2013:0622-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0622.html Issue date: 2013-03-11 CVE Names: CVE-2012-4542 CVE-2013-0268 CVE-2013-0290 CVE-2013-0871 CVE-2013-1763 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and three bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) * An out-of-bounds access flaw was found in the way SOCK_DIAG_BY_FAMILY Netlink messages were processed in the Linux kernel. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1763, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the __skb_recv_datagram() function in the Linux kernel processed payload-less socket buffers (skb) when the MSG_PEEK option was requested. A local, unprivileged user could use this flaw to cause a denial of service (infinite loop). (CVE-2013-0290, Moderate) The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This update also fixes the following bugs: * There was high contention on run-queue lock when load balancing before idling, causing latency spikes on high CPU core count systems. With this update, IPI is used to send notification to cores with pending work, and the cores push the work rather than trying to pull it, resolving this issue. (BZ#858396) * Previously, ACPI lock was converted to an rt_mutex, leading to a traceback when scheduling while atomic. With this update, ACPI lock has been converted back to a raw spinlock. (BZ#909965) * Fibre Channel (FC)/iSCSI device state was set to off-line and after a timeout, not set back to running. Such a device would not come back online after a fast_io_fail or timeout. With this update, an explicit check for the device being offline has been added, and the device is set back to running when re-initializing, allowing devices to recover after a failure or timeout. (BZ#912942) Users should upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 858396 - latency issues on four-socket systems 875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes 908693 - CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation 911473 - CVE-2013-0290 kernel: net: infinite loop in __skb_recv_datagram() 911937 - CVE-2013-0871 kernel: race condition with PTRACE_SETREGS 915052 - CVE-2013-1763 kernel: sock_diag: out-of-bounds access to sock_diag_handlers[] 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.6.11-rt30.25.el6rt.src.rpm noarch: kernel-rt-doc-3.6.11-rt30.25.el6rt.noarch.rpm kernel-rt-firmware-3.6.11-rt30.25.el6rt.noarch.rpm mrg-rt-release-3.6.11-rt30.25.el6rt.noarch.rpm x86_64: kernel-rt-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-debug-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-debug-devel-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-debuginfo-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-devel-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-trace-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-trace-devel-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-vanilla-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.6.11-rt30.25.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.6.11-rt30.25.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4542.html https://www.redhat.com/security/data/cve/CVE-2013-0268.html https://www.redhat.com/security/data/cve/CVE-2013-0290.html https://www.redhat.com/security/data/cve/CVE-2013-0871.html https://www.redhat.com/security/data/cve/CVE-2013-1763.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjXwXlSAg2UNWIIRAq62AJ9FPsszWA8ZkvgHnR5uSc+zBagW5gCgwbAJ d2KQdi1Pxupi1iO8CkxPlAI= =zm+E -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:53:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:53:11 +0000 Subject: [RHSA-2013:0623-01] Important: tomcat6 security update Message-ID: <201303111953.r2BJrB2O001356@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2013:0623-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0623.html Issue date: 2013-03-11 CVE Names: CVE-2012-3546 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 ===================================================================== 1. Summary: Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker could use this flaw to cause a denial of service (infinite loop). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2012-4534) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873664 - CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 tomcat: three DIGEST authentication implementation issues 883634 - CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints 883637 - CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-6.0.24-52.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-lib-6.0.24-52.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-6.0.24-52.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-lib-6.0.24-52.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-6.0.24-52.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-lib-6.0.24-52.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-6.0.24-52.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-52.el6_4.noarch.rpm tomcat6-lib-6.0.24-52.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-52.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-52.el6_4.src.rpm noarch: tomcat6-admin-webapps-6.0.24-52.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-52.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-52.el6_4.noarch.rpm tomcat6-webapps-6.0.24-52.el6_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3546.html https://www.redhat.com/security/data/cve/CVE-2012-4534.html https://www.redhat.com/security/data/cve/CVE-2012-5885.html https://www.redhat.com/security/data/cve/CVE-2012-5886.html https://www.redhat.com/security/data/cve/CVE-2012-5887.html https://access.redhat.com/security/updates/classification/#important http://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjYZXlSAg2UNWIIRAmiLAKCD9yphTOSD5TNrLMcamAZMXktMmQCgm02+ UnGJF3q3bK9MsuRZbyckwYs= =dvgI -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:54:46 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:54:46 +0000 Subject: [RHSA-2013:0624-01] Critical: java-1.5.0-ibm security update Message-ID: <201303111954.r2BJskIl023379@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2013:0624-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0624.html Issue date: 2013-03-11 CVE Names: CVE-2013-0409 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0440 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-0809 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 CVE-2013-1486 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.s390.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1481.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjZYXlSAg2UNWIIRAgsKAJ9zHt0qPI0/VwqbWPZiB+H38XTr3QCggnyO lj43s5onODDW/SKWkhtSUSE= =tRBF -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:55:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:55:21 +0000 Subject: [RHSA-2013:0625-01] Critical: java-1.6.0-ibm security update Message-ID: <201303111955.r2BJtLjt022879@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2013:0625-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0625.html Issue date: 2013-03-11 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-0809 CVE-2013-1473 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 CVE-2013-1486 CVE-2013-1487 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.i386.rpm ppc: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.s390.rpm java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.s390.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.s390.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.s390.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.s390.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.s390x.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.13.0-1jpp.3.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1481.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjacXlSAg2UNWIIRAocMAKCHwniGV/DegcuINmJ4h95xUcpABQCeMoZu 7MA85UeOGKgGVLJXvZt6eVk= =xr8S -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:55:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:55:57 +0000 Subject: [RHSA-2013:0626-01] Critical: java-1.7.0-ibm security update Message-ID: <201303111955.r2BJtvQT023411@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2013:0626-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0626.html Issue date: 2013-03-11 CVE Names: CVE-2012-1541 CVE-2012-3174 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0422 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0449 CVE-2013-0450 CVE-2013-0809 CVE-2013-1473 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1541, CVE-2012-3174, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 894172 - CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017) 894934 - CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906932 - CVE-2013-0449 Oracle JDK: unspecified vulnerability fixed in 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907222 - CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm ppc: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3174.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0422.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0437.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0449.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1484.html https://www.redhat.com/security/data/cve/CVE-2013-1485.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPja8XlSAg2UNWIIRAheUAJ0YfD3Wq1TJTNvd9g6aoCaIIOMstgCfRXuh Y+iAc4f3P9/We3tINcGRMdo= =Yacn -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:56:31 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:56:31 +0000 Subject: [RHSA-2013:0627-01] Important: thunderbird security update Message-ID: <201303111956.r2BJuWSk011928@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2013:0627-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0627.html Issue date: 2013-03-11 CVE Names: CVE-2013-0787 ===================================================================== 1. Summary: An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 918876 - CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-17.0.3-2.el5_9.src.rpm i386: thunderbird-17.0.3-2.el5_9.i386.rpm thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm x86_64: thunderbird-17.0.3-2.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-17.0.3-2.el5_9.src.rpm i386: thunderbird-17.0.3-2.el5_9.i386.rpm thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm x86_64: thunderbird-17.0.3-2.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-17.0.3-2.el6_4.src.rpm i386: thunderbird-17.0.3-2.el6_4.i686.rpm thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm x86_64: thunderbird-17.0.3-2.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-17.0.3-2.el6_4.src.rpm i386: thunderbird-17.0.3-2.el6_4.i686.rpm thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm ppc64: thunderbird-17.0.3-2.el6_4.ppc64.rpm thunderbird-debuginfo-17.0.3-2.el6_4.ppc64.rpm s390x: thunderbird-17.0.3-2.el6_4.s390x.rpm thunderbird-debuginfo-17.0.3-2.el6_4.s390x.rpm x86_64: thunderbird-17.0.3-2.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-17.0.3-2.el6_4.src.rpm i386: thunderbird-17.0.3-2.el6_4.i686.rpm thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm x86_64: thunderbird-17.0.3-2.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0787.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjbhXlSAg2UNWIIRAuRwAKCaZuwFWlPpsM6hrmnn+Favcy0W6ACfYhKJ QhSCyguEtxoLMB22G9T4KsE= =yrb6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 11 19:57:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Mar 2013 19:57:20 +0000 Subject: [RHSA-2013:0628-01] Moderate: 389-ds-base security and bug fix update Message-ID: <201303111957.r2BJvLrv026821@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2013:0628-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0628.html Issue date: 2013-03-11 CVE Names: CVE-2013-0312 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able to bind to the directory (even anonymously) and send an LDAP request containing crafted LDAPv3 control data, they could cause the server to crash, denying service to the directory. (CVE-2013-0312) The CVE-2013-0312 issue was discovered by Thierry Bordaz of Red Hat. This update also fixes the following bugs: * After an upgrade from Red Hat Enterprise Linux 6.3 to version 6.4, the upgrade script did not update the schema file for the PamConfig object class. Consequently, new features for PAM such as configuration of multiple instances and pamFilter attribute could not be used because of the schema violation. With this update, the upgrade script updates the schema file for the PamConfig object class and new features function properly. (BZ#910994) * Previously, the valgrind test suite reported recurring memory leaks in the modify_update_last_modified_attr() function. The size of the leaks averaged between 60-80 bytes per modify call. In environments where modify operations were frequent, this caused significant problems. Now, memory leaks no longer occur in the modify_update_last_modified_attr() function. (BZ#910995) * The Directory Server (DS) failed when multi-valued attributes were replaced. The problem occurred when replication was enabled, while the server executing the modification was configured as a single master and there was at least one replication agreement. Consequently, the modification requests were refused by the master server, which returned a code 20 "Type or value exists" error message. These requests were replacements of multi-valued attributes, and the error only occurred when one of the new values matched one of the current values of the attribute, but had a different letter case. Now, modification requests function properly and no longer return code 20 errors. (BZ#910996) * The DNA (distributed numeric assignment) plug-in, under certain conditions, could log error messages with the "DB_LOCK_DEADLOCK" error code when attempting to create an entry with a uidNumber attribute. Now, DNA handles this case properly and errors no longer occur during attempts to create entries with uidNumber attributes. (BZ#911467) * Posix Winsync plugin was calling an internal modify function which was not necessary. The internal modify call failed and logged an error message "slapi_modify_internal_set_pb: NULL parameter" which was not clear. This patch stops calling the internal modify function if it is not necessary and the cryptic error message is not observed. (BZ#911468) * Previously, under certain conditions, the dse.ldif file had 0 bytes after a server termination or when the machine was powered off. Consequently, after the system was brought up, a DS or IdM system could be unable to restart, leading to production server outages. Now, the server mechanism by which the dse.ldif is written is more robust, and tries all available backup dse.ldif files, and outages no longer occur. (BZ#911469) * Due to an incorrect interpretation of an error code, a directory server considered an invalid chaining configuration setting as the disk full error and shut down unexpectedly. Now, a more appropriate error code is in use and the server no longer shuts down from invalid chaining configuration settings. (BZ#911474) * While trying to remove a tombstone entry, the ns-slapd daemon terminated unexpectedly with a segmentation fault. With this update, removal of tombstone entries no longer causes crashes. (BZ#914305) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910994 - PamConfig schema not updated during upgrade 910995 - Valgrind reports memleak in modify_update_last_modified_attr 911467 - DNA plugin acceptance tests failed with "DB_LOCK_DEADLOCK" error. 911468 - Error messages encountered when using POSIX winsync 911469 - dse.ldif is 0 length after server kill or machine kill 911474 - Invalid chaining config triggers a disk full error and shutdown 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data 914305 - ns-slapd segfaults while trying to delete a tombstone entry 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm x86_64: 389-ds-base-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm i386: 389-ds-base-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm x86_64: 389-ds-base-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-libs-1.2.11.15-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-12.el6_4.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-debuginfo-1.2.11.15-12.el6_4.x86_64.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.i686.rpm 389-ds-base-devel-1.2.11.15-12.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0312.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPjcJXlSAg2UNWIIRAr7vAKCaklQDgAQ1lFr4Am4MEFcKY+Lt5QCeLy3U EIgYNua7vYdHlgSFM+EhH6g= =wIbF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 12 19:05:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Mar 2013 19:05:11 +0000 Subject: [RHSA-2013:0630-01] Important: kernel security and bug fix update Message-ID: <201303121905.r2CJ5Bw0024515@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:0630-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0630.html Issue date: 2013-03-12 CVE Names: CVE-2013-0228 CVE-2013-0268 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important) * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) The CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 906309 - CVE-2013-0228 kernel: xen: userspace alterable %ds access in xen_iret() 908693 - CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-2.6.32-358.2.1.el6.i686.rpm kernel-debug-2.6.32-358.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm kernel-devel-2.6.32-358.2.1.el6.i686.rpm kernel-headers-2.6.32-358.2.1.el6.i686.rpm perf-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.2.1.el6.noarch.rpm kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm perf-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.2.1.el6.noarch.rpm kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm perf-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-2.6.32-358.2.1.el6.i686.rpm kernel-debug-2.6.32-358.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm kernel-devel-2.6.32-358.2.1.el6.i686.rpm kernel-headers-2.6.32-358.2.1.el6.i686.rpm perf-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.2.1.el6.noarch.rpm kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.2.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.2.1.el6.ppc64.rpm kernel-debug-2.6.32-358.2.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.2.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.2.1.el6.ppc64.rpm kernel-devel-2.6.32-358.2.1.el6.ppc64.rpm kernel-headers-2.6.32-358.2.1.el6.ppc64.rpm perf-2.6.32-358.2.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.2.1.el6.s390x.rpm kernel-debug-2.6.32-358.2.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.2.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.2.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x.rpm kernel-devel-2.6.32-358.2.1.el6.s390x.rpm kernel-headers-2.6.32-358.2.1.el6.s390x.rpm kernel-kdump-2.6.32-358.2.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.2.1.el6.s390x.rpm perf-2.6.32-358.2.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.2.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm perf-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.2.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm python-perf-2.6.32-358.2.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.2.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.2.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.2.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.2.1.el6.s390x.rpm python-perf-2.6.32-358.2.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-2.6.32-358.2.1.el6.i686.rpm kernel-debug-2.6.32-358.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm kernel-devel-2.6.32-358.2.1.el6.i686.rpm kernel-headers-2.6.32-358.2.1.el6.i686.rpm perf-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.2.1.el6.noarch.rpm kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm perf-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.2.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm python-perf-2.6.32-358.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm python-perf-2.6.32-358.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0228.html https://www.redhat.com/security/data/cve/CVE-2013-0268.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRP3xSXlSAg2UNWIIRAsrWAKCkt6r5M+BMbPWEi215EkU+4AOrOwCgmBvk KdmsNi+/yyWeXDa8bAPxqkY= =jSit -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 12 19:05:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Mar 2013 19:05:43 +0000 Subject: [RHSA-2013:0638-01] Moderate: Red Hat OpenShift Enterprise 1.1.2 update Message-ID: <201303121905.r2CJ5hS5007420@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 1.1.2 update Advisory ID: RHSA-2013:0638-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0638.html Issue date: 2013-03-12 CVE Names: CVE-2013-0262 CVE-2013-0263 CVE-2013-0327 CVE-2013-0328 CVE-2013-0329 CVE-2013-0330 CVE-2013-0331 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Infrastructure - noarch Red Hat OpenShift Enterprise Node - noarch 3. Description: OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. (CVE-2013-0262) A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2013-0263) It was found that Jenkins did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into Jenkins, into visiting a specially-crafted URL, the attacker could perform operations on Jenkins. (CVE-2013-0327, CVE-2013-0329) A cross-site scripting (XSS) flaw was found in Jenkins. A remote attacker could use this flaw to conduct an XSS attack against users of Jenkins. (CVE-2013-0328) A flaw could allow a Jenkins user to build jobs they do not have access to. (CVE-2013-0330) A flaw could allow a Jenkins user to cause a denial of service if they are able to supply a specially-crafted payload. (CVE-2013-0331) Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.2. It is recommended that you restart your system after applying this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 909071 - CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions 909072 - CVE-2013-0262 rubygem-rack: Path sanitization information disclosure 914875 - CVE-2013-0327 jenkins: cross-site request forgery (CSRF) on Jenkins master 914876 - CVE-2013-0328 jenkins: XSS 914877 - CVE-2013-0329 jenkins: cross-site request forgery (CSRF) protection mechanism bypass 914878 - CVE-2013-0330 jenkins: cause building jobs without direct access 914879 - CVE-2013-0331 jenkins: denial of service attack by feeding a carefully crafted payload to Jenkins 6. Package List: Red Hat OpenShift Enterprise Infrastructure: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-rack-1.4.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-rack-1.3.0-4.el6op.src.rpm noarch: ruby193-rubygem-rack-1.4.1-4.el6.noarch.rpm rubygem-rack-1.3.0-4.el6op.noarch.rpm Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/jenkins-1.502-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-cartridge-jenkins-1.4-1.0.3-1.el6op.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/ruby193-rubygem-rack-1.4.1-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-rack-1.3.0-4.el6op.src.rpm noarch: jenkins-1.502-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.4-1.0.3-1.el6op.noarch.rpm ruby193-rubygem-rack-1.4.1-4.el6.noarch.rpm rubygem-rack-1.3.0-4.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0262.html https://www.redhat.com/security/data/cve/CVE-2013-0263.html https://www.redhat.com/security/data/cve/CVE-2013-0327.html https://www.redhat.com/security/data/cve/CVE-2013-0328.html https://www.redhat.com/security/data/cve/CVE-2013-0329.html https://www.redhat.com/security/data/cve/CVE-2013-0330.html https://www.redhat.com/security/data/cve/CVE-2013-0331.html https://access.redhat.com/security/updates/classification/#moderate https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRP3xxXlSAg2UNWIIRAh+1AJsF2XNG8khEIR8o2fUA4XA7NUjN6wCeOXNW x1Us/Pf3JvMIb0/Ih/EyeSw= =2yrc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 12 19:06:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Mar 2013 19:06:20 +0000 Subject: [RHSA-2013:0639-01] Important: qemu-kvm-rhev security update Message-ID: <201303121906.r2CJ6KMb025149@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm-rhev security update Advisory ID: RHSA-2013:0639-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0639.html Issue date: 2013-03-12 CVE Names: CVE-2012-6075 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 889301 - CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.src.rpm x86_64: qemu-img-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-rhev-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm qemu-kvm-rhev-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6075.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRP3yRXlSAg2UNWIIRAuddAKC8lLE34NcAZyvO3/ccTVZe333a9wCfXZ7J 9j53qQqx7kJKIg6n/CpsjH0= =Vtb/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 12 19:07:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Mar 2013 19:07:23 +0000 Subject: [RHSA-2013:0640-01] Important: tomcat5 security update Message-ID: <201303121907.r2CJ7N5e013142@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat5 security update Advisory ID: RHSA-2013:0640-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0640.html Issue date: 2013-03-12 CVE Names: CVE-2012-3546 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 ===================================================================== 1. Summary: Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873664 - CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 tomcat: three DIGEST authentication implementation issues 883634 - CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.38.el5_9.src.rpm i386: tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.38.el5_9.src.rpm i386: tomcat5-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.i386.rpm x86_64: tomcat5-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.38.el5_9.src.rpm i386: tomcat5-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.i386.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.i386.rpm ia64: tomcat5-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.ia64.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.ia64.rpm ppc: tomcat5-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-5.5.23-0jpp.38.el5_9.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.ppc.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.ppc.rpm s390x: tomcat5-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.s390x.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.el5_9.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.38.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3546.html https://www.redhat.com/security/data/cve/CVE-2012-5885.html https://www.redhat.com/security/data/cve/CVE-2012-5886.html https://www.redhat.com/security/data/cve/CVE-2012-5887.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRP3zAXlSAg2UNWIIRAuJ0AJ9u5twpBb/2o3w4/aNZF0xQnTzyDACdEegl AiN62o8f2uBuUn7UjW8KYEQ= =uLmN -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 13 15:08:17 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Mar 2013 15:08:17 +0000 Subject: [RHSA-2013:0643-01] Critical: flash-plugin security update Message-ID: <201303131508.r2DF8H7f001421@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0643-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0643.html Issue date: 2013-03-13 CVE Names: CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.275. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 920854 - CVE-2013-0646 CVE-2013-0650 CVE-2013-1371 CVE-2013-1375 flash-plugin: multiple code execution flaws (APSB13-09) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.275-2.el5.i386.rpm x86_64: flash-plugin-11.2.202.275-2.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.275-2.el5.i386.rpm x86_64: flash-plugin-11.2.202.275-2.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.275-2.el6.i686.rpm x86_64: flash-plugin-11.2.202.275-2.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.275-2.el6.i686.rpm x86_64: flash-plugin-11.2.202.275-2.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.275-2.el6.i686.rpm x86_64: flash-plugin-11.2.202.275-2.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0646.html https://www.redhat.com/security/data/cve/CVE-2013-0650.html https://www.redhat.com/security/data/cve/CVE-2013-1371.html https://www.redhat.com/security/data/cve/CVE-2013-1375.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-09.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRQJYRXlSAg2UNWIIRAo4+AJ9DSndZbBbawIhCcn5CMINukNbIQQCcCBB+ 0dmzJ23bXlZd+aD7iBzviKE= =ZZXk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 14 16:56:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Mar 2013 16:56:56 +0000 Subject: [RHSA-2013:0646-01] Moderate: pidgin security update Message-ID: <201303141656.r2EGuvo9003732@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pidgin security update Advisory ID: RHSA-2013:0646-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0646.html Issue date: 2013-03-14 CVE Names: CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 ===================================================================== 1. Summary: Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910040 - CVE-2013-0272 pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers 910041 - CVE-2013-0273 pidgin: Meanwhile protocol missing nul termination of long Lotus Sametime usernames 910042 - CVE-2013-0274 pidgin: missing nul termination of long values in UPnP responses 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-17.el5_9.1.src.rpm i386: finch-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-perl-2.6.6-17.el5_9.1.i386.rpm libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-perl-2.6.6-17.el5_9.1.i386.rpm x86_64: finch-2.6.6-17.el5_9.1.i386.rpm finch-2.6.6-17.el5_9.1.x86_64.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.x86_64.rpm libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.x86_64.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-17.el5_9.1.src.rpm i386: finch-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm x86_64: finch-devel-2.6.6-17.el5_9.1.i386.rpm finch-devel-2.6.6-17.el5_9.1.x86_64.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.6-17.el5_9.1.src.rpm i386: finch-2.6.6-17.el5_9.1.i386.rpm finch-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-perl-2.6.6-17.el5_9.1.i386.rpm libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-perl-2.6.6-17.el5_9.1.i386.rpm x86_64: finch-2.6.6-17.el5_9.1.i386.rpm finch-2.6.6-17.el5_9.1.x86_64.rpm finch-devel-2.6.6-17.el5_9.1.i386.rpm finch-devel-2.6.6-17.el5_9.1.x86_64.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.x86_64.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.x86_64.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-10.el6_4.1.src.rpm i386: libpurple-2.7.9-10.el6_4.1.i686.rpm pidgin-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm x86_64: libpurple-2.7.9-10.el6_4.1.i686.rpm libpurple-2.7.9-10.el6_4.1.x86_64.rpm pidgin-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-10.el6_4.1.src.rpm i386: finch-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-perl-2.7.9-10.el6_4.1.i686.rpm libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-docs-2.7.9-10.el6_4.1.i686.rpm pidgin-perl-2.7.9-10.el6_4.1.i686.rpm x86_64: finch-2.7.9-10.el6_4.1.i686.rpm finch-2.7.9-10.el6_4.1.x86_64.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.7.9-10.el6_4.1.src.rpm i386: finch-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-perl-2.7.9-10.el6_4.1.i686.rpm libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm pidgin-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-docs-2.7.9-10.el6_4.1.i686.rpm pidgin-perl-2.7.9-10.el6_4.1.i686.rpm ppc64: finch-2.7.9-10.el6_4.1.ppc.rpm finch-2.7.9-10.el6_4.1.ppc64.rpm finch-devel-2.7.9-10.el6_4.1.ppc.rpm finch-devel-2.7.9-10.el6_4.1.ppc64.rpm libpurple-2.7.9-10.el6_4.1.ppc.rpm libpurple-2.7.9-10.el6_4.1.ppc64.rpm libpurple-devel-2.7.9-10.el6_4.1.ppc.rpm libpurple-devel-2.7.9-10.el6_4.1.ppc64.rpm libpurple-perl-2.7.9-10.el6_4.1.ppc64.rpm libpurple-tcl-2.7.9-10.el6_4.1.ppc64.rpm pidgin-2.7.9-10.el6_4.1.ppc64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.ppc.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.ppc64.rpm pidgin-devel-2.7.9-10.el6_4.1.ppc.rpm pidgin-devel-2.7.9-10.el6_4.1.ppc64.rpm pidgin-docs-2.7.9-10.el6_4.1.ppc64.rpm pidgin-perl-2.7.9-10.el6_4.1.ppc64.rpm x86_64: finch-2.7.9-10.el6_4.1.i686.rpm finch-2.7.9-10.el6_4.1.x86_64.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-2.7.9-10.el6_4.1.i686.rpm libpurple-2.7.9-10.el6_4.1.x86_64.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm pidgin-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-10.el6_4.1.src.rpm i386: libpurple-2.7.9-10.el6_4.1.i686.rpm pidgin-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm x86_64: libpurple-2.7.9-10.el6_4.1.i686.rpm libpurple-2.7.9-10.el6_4.1.x86_64.rpm pidgin-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-10.el6_4.1.src.rpm i386: finch-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-perl-2.7.9-10.el6_4.1.i686.rpm libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-docs-2.7.9-10.el6_4.1.i686.rpm pidgin-perl-2.7.9-10.el6_4.1.i686.rpm x86_64: finch-2.7.9-10.el6_4.1.i686.rpm finch-2.7.9-10.el6_4.1.x86_64.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0272.html https://www.redhat.com/security/data/cve/CVE-2013-0273.html https://www.redhat.com/security/data/cve/CVE-2013-0274.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRQgFFXlSAg2UNWIIRAuSnAKCcW5UPuIDU+zwv40Qu5W8gsiiygQCfaxLc iVj1W9AkQO/xT83hGD0TjMY= =+CQ6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 18 18:09:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Mar 2013 18:09:21 +0000 Subject: [RHSA-2013:0656-01] Moderate: krb5 security update Message-ID: <201303181809.r2II9LwA003510@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2013:0656-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0656.html Issue date: 2013-03-18 CVE Names: CVE-2012-1016 CVE-2013-1415 ===================================================================== 1. Summary: Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash. (CVE-2013-1415) When a client attempts to use PKINIT to obtain credentials from the KDC, the client will typically format its request to conform to the specification published in RFC 4556. For interoperability reasons, clients and servers also provide support for an older, draft version of that specification. If a client formatted its request to conform to this older version of the specification, with a non-default key agreement option, it could cause the KDC to attempt to dereference a NULL pointer and crash. (CVE-2012-1016) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 914749 - CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) 917840 - CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm krb5-workstation-1.10.3-10.el6_4.1.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-server-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm krb5-server-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-workstation-1.10.3-10.el6_4.1.i686.rpm ppc64: krb5-debuginfo-1.10.3-10.el6_4.1.ppc.rpm krb5-debuginfo-1.10.3-10.el6_4.1.ppc64.rpm krb5-devel-1.10.3-10.el6_4.1.ppc.rpm krb5-devel-1.10.3-10.el6_4.1.ppc64.rpm krb5-libs-1.10.3-10.el6_4.1.ppc.rpm krb5-libs-1.10.3-10.el6_4.1.ppc64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.ppc64.rpm krb5-server-1.10.3-10.el6_4.1.ppc64.rpm krb5-server-ldap-1.10.3-10.el6_4.1.ppc.rpm krb5-server-ldap-1.10.3-10.el6_4.1.ppc64.rpm krb5-workstation-1.10.3-10.el6_4.1.ppc64.rpm s390x: krb5-debuginfo-1.10.3-10.el6_4.1.s390.rpm krb5-debuginfo-1.10.3-10.el6_4.1.s390x.rpm krb5-devel-1.10.3-10.el6_4.1.s390.rpm krb5-devel-1.10.3-10.el6_4.1.s390x.rpm krb5-libs-1.10.3-10.el6_4.1.s390.rpm krb5-libs-1.10.3-10.el6_4.1.s390x.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.s390x.rpm krb5-server-1.10.3-10.el6_4.1.s390x.rpm krb5-server-ldap-1.10.3-10.el6_4.1.s390.rpm krb5-server-ldap-1.10.3-10.el6_4.1.s390x.rpm krb5-workstation-1.10.3-10.el6_4.1.s390x.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/krb5-1.10.3-10.el6_4.1.src.rpm i386: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm krb5-server-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-workstation-1.10.3-10.el6_4.1.i686.rpm x86_64: krb5-debuginfo-1.10.3-10.el6_4.1.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.1.x86_64.rpm krb5-devel-1.10.3-10.el6_4.1.i686.rpm krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm krb5-libs-1.10.3-10.el6_4.1.i686.rpm krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-1.10.3-10.el6_4.1.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1016.html https://www.redhat.com/security/data/cve/CVE-2013-1415.html https://access.redhat.com/security/updates/classification/#moderate http://tools.ietf.org/html/rfc4556 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRR1g9XlSAg2UNWIIRAibEAKCEYZ5I/HIGOCUzaUjggFJJJHJcDQCfWEc4 klXheDQWzN0lGXWDN8o7g5E= =+g6V -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 19 18:39:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Mar 2013 18:39:22 +0000 Subject: [RHSA-2013:0661-01] Important: kernel security and bug fix update Message-ID: <201303191839.r2JIdN4K025253@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:0661-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0661.html Issue date: 2013-03-19 CVE Names: CVE-2013-0871 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) This update also fixes the following bug: * Due to the incorrect validation of a pointer dereference in the d_validate() function, running a command such as ls or find on the MultiVersion File System (MVFS), used by IBM Rational ClearCase, for example, could trigger a kernel panic. This update modifies d_validate() to verify the parent-child dentry relationship by searching through the parent's d_child list. The kernel no longer panics in this situation. (BZ#915580) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 911937 - CVE-2013-0871 kernel: race condition with PTRACE_SETREGS 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.1): Source: kernel-2.6.32-131.38.1.el6.src.rpm i386: kernel-2.6.32-131.38.1.el6.i686.rpm kernel-debug-2.6.32-131.38.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.38.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.38.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.38.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.38.1.el6.i686.rpm kernel-devel-2.6.32-131.38.1.el6.i686.rpm kernel-headers-2.6.32-131.38.1.el6.i686.rpm perf-2.6.32-131.38.1.el6.i686.rpm perf-debuginfo-2.6.32-131.38.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.38.1.el6.noarch.rpm kernel-firmware-2.6.32-131.38.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.38.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.38.1.el6.ppc64.rpm kernel-debug-2.6.32-131.38.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.38.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.38.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.38.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.38.1.el6.ppc64.rpm kernel-devel-2.6.32-131.38.1.el6.ppc64.rpm kernel-headers-2.6.32-131.38.1.el6.ppc64.rpm perf-2.6.32-131.38.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.38.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.38.1.el6.s390x.rpm kernel-debug-2.6.32-131.38.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.38.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.38.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.38.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.38.1.el6.s390x.rpm kernel-devel-2.6.32-131.38.1.el6.s390x.rpm kernel-headers-2.6.32-131.38.1.el6.s390x.rpm kernel-kdump-2.6.32-131.38.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.38.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.38.1.el6.s390x.rpm perf-2.6.32-131.38.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.38.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.38.1.el6.x86_64.rpm kernel-debug-2.6.32-131.38.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.38.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.38.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.38.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.38.1.el6.x86_64.rpm kernel-devel-2.6.32-131.38.1.el6.x86_64.rpm kernel-headers-2.6.32-131.38.1.el6.x86_64.rpm perf-2.6.32-131.38.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.38.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRSLC5XlSAg2UNWIIRAkaxAJ9OF/hDamL3scSFyWOuyWlRKVFlsgCgryZt 9va+KOYGi9Nv0oY39FIZpF4= =VK9O -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 19 18:40:29 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Mar 2013 18:40:29 +0000 Subject: [RHSA-2013:0662-01] Important: kernel security and bug fix update Message-ID: <201303191840.r2JIeTap008432@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:0662-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0662.html Issue date: 2013-03-19 CVE Names: CVE-2013-0871 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) This update also fixes the following bugs: * Previously, init scripts were unable to set the MAC address of the master interface properly because it was overwritten by the first slave MAC address. To avoid this problem, this update re-introduces the check for an unassigned MAC address before setting the MAC address of the first slave interface as the MAC address of the master interface. (BZ#908735) * When using transparent proxy (TProxy) over IPv6, the kernel previously created neighbor entries for local interfaces and peers that were not reachable directly. This update corrects this problem and the kernel no longer creates invalid neighbor entries. (BZ#909158) * Due to the incorrect validation of a pointer dereference in the d_validate() function, running a command such as ls or find on the MultiVersion File System (MVFS), used by IBM Rational ClearCase, for example, could trigger a kernel panic. This update modifies d_validate() to verify the parent-child dentry relationship by searching through the parent's d_child list. The kernel no longer panics in this situation. (BZ#915582) * A previously backported patch introduced usage of the page_descs length field but did not set the page data length for the FUSE page descriptor. This code path can be exercised by a loopback device (pagecache_write_end) if used over FUSE. As a result, fuse_copy_page does not copy page data from the page descriptor to the user-space request buffer and the user space can see uninitialized data. This could previously lead to file system data corruption. This problem has been fixed by setting the page_descs length prior to submitting the requests, and FUSE therefore provides correctly initialized data. (BZ#916956) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 911937 - CVE-2013-0871 kernel: race condition with PTRACE_SETREGS 6. Package List: Red Hat Enterprise Linux Server EUS (v. 6.3): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.23.1.el6.src.rpm i386: kernel-2.6.32-279.23.1.el6.i686.rpm kernel-debug-2.6.32-279.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.23.1.el6.i686.rpm kernel-devel-2.6.32-279.23.1.el6.i686.rpm kernel-headers-2.6.32-279.23.1.el6.i686.rpm perf-2.6.32-279.23.1.el6.i686.rpm perf-debuginfo-2.6.32-279.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.i686.rpm noarch: kernel-doc-2.6.32-279.23.1.el6.noarch.rpm kernel-firmware-2.6.32-279.23.1.el6.noarch.rpm ppc64: kernel-2.6.32-279.23.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.23.1.el6.ppc64.rpm kernel-debug-2.6.32-279.23.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.23.1.el6.ppc64.rpm kernel-devel-2.6.32-279.23.1.el6.ppc64.rpm kernel-headers-2.6.32-279.23.1.el6.ppc64.rpm perf-2.6.32-279.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm s390x: kernel-2.6.32-279.23.1.el6.s390x.rpm kernel-debug-2.6.32-279.23.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.23.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.23.1.el6.s390x.rpm kernel-devel-2.6.32-279.23.1.el6.s390x.rpm kernel-headers-2.6.32-279.23.1.el6.s390x.rpm kernel-kdump-2.6.32-279.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.23.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.23.1.el6.s390x.rpm perf-2.6.32-279.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.s390x.rpm x86_64: kernel-2.6.32-279.23.1.el6.x86_64.rpm kernel-debug-2.6.32-279.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.23.1.el6.x86_64.rpm kernel-devel-2.6.32-279.23.1.el6.x86_64.rpm kernel-headers-2.6.32-279.23.1.el6.x86_64.rpm perf-2.6.32-279.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.23.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.23.1.el6.i686.rpm perf-debuginfo-2.6.32-279.23.1.el6.i686.rpm python-perf-2.6.32-279.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm python-perf-2.6.32-279.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.23.1.el6.s390x.rpm python-perf-2.6.32-279.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm python-perf-2.6.32-279.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.23.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0871.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRSLDnXlSAg2UNWIIRAoi0AJ9xm/Ua1v+PYZxikfCU2doDRudkQQCgoIfk wFd0UOpkugaCEhO1AAQh+Dg= =tscp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 19 18:42:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Mar 2013 18:42:28 +0000 Subject: [RHSA-2013:0663-01] Moderate: sssd security and bug fix update Message-ID: <201303191842.r2JIgSvO005482@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: sssd security and bug fix update Advisory ID: RHSA-2013:0663-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0663.html Issue date: 2013-03-19 CVE Names: CVE-2013-0287 ===================================================================== 1. Summary: Updated sssd packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory client by using the new Active Directory provider (introduced in RHSA-2013:0508), the Simple Access Provider ("access_provider = simple" in "/etc/sssd/sssd.conf") did not handle access control correctly. If any groups were specified with the "simple_deny_groups" option (in sssd.conf), all users were permitted access. (CVE-2013-0287) The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat. This update also fixes the following bugs: * If a group contained a member whose Distinguished Name (DN) pointed out of any of the configured search bases, the search request that was processing this particular group never ran to completion. To the user, this bug manifested as a long timeout between requesting the group data and receiving the result. A patch has been provided to address this bug and SSSD now processes group search requests without delays. (BZ#907362) * The pwd_expiration_warning should have been set for seven days, but instead it was set to zero for Kerberos. This incorrect zero setting returned the "always display warning if the server sends one" error message and users experienced problems in environments like IPA or Active Directory. Currently, the value setting for Kerberos is modified and this issue no longer occurs. (BZ#914671) All users of sssd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910938 - CVE-2013-0287 sssd: simple access provider flaw prevents intended ACL use when client to an AD provider 914671 - pwd_expiration_warning has wrong default for Kerberos 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm ppc64: libipa_hbac-1.9.2-82.4.el6_4.ppc.rpm libipa_hbac-1.9.2-82.4.el6_4.ppc64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.ppc64.rpm libsss_autofs-1.9.2-82.4.el6_4.ppc64.rpm libsss_idmap-1.9.2-82.4.el6_4.ppc64.rpm libsss_sudo-1.9.2-82.4.el6_4.ppc64.rpm sssd-1.9.2-82.4.el6_4.ppc64.rpm sssd-client-1.9.2-82.4.el6_4.ppc.rpm sssd-client-1.9.2-82.4.el6_4.ppc64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc64.rpm s390x: libipa_hbac-1.9.2-82.4.el6_4.s390.rpm libipa_hbac-1.9.2-82.4.el6_4.s390x.rpm libipa_hbac-python-1.9.2-82.4.el6_4.s390x.rpm libsss_autofs-1.9.2-82.4.el6_4.s390x.rpm libsss_idmap-1.9.2-82.4.el6_4.s390x.rpm libsss_sudo-1.9.2-82.4.el6_4.s390x.rpm sssd-1.9.2-82.4.el6_4.s390x.rpm sssd-client-1.9.2-82.4.el6_4.s390.rpm sssd-client-1.9.2-82.4.el6_4.s390x.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390x.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm ppc64: libipa_hbac-devel-1.9.2-82.4.el6_4.ppc.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.ppc64.rpm libsss_idmap-1.9.2-82.4.el6_4.ppc.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.ppc.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.ppc64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.ppc.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.ppc64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc64.rpm sssd-tools-1.9.2-82.4.el6_4.ppc64.rpm s390x: libipa_hbac-devel-1.9.2-82.4.el6_4.s390.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.s390x.rpm libsss_idmap-1.9.2-82.4.el6_4.s390.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.s390.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.s390x.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.s390.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.s390x.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390x.rpm sssd-tools-1.9.2-82.4.el6_4.s390x.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sssd-1.9.2-82.4.el6_4.src.rpm i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0287.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0508.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRSLFGXlSAg2UNWIIRAh8pAJ4+9T4hyo+ZgTN4uLHp9OBmTEG1KgCdGRdi teuMZv9N9Kaksfi9xe7z4Yk= =RcQq -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 20 16:07:00 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Mar 2013 16:07:00 +0000 Subject: [RHSA-2013:0666-01] Low: Oracle Java SE 6 - notification of end of public updates Message-ID: <201303201607.r2KG70OQ029520@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Oracle Java SE 6 - notification of end of public updates Advisory ID: RHSA-2013:0666-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0666.html Issue date: 2013-03-20 ===================================================================== 1. Summary: Updates to the java-1.6.0-sun packages that disable the Java Web Browser Plug-in and Web Start included in these packages. As a result, customers who rely on Java-based browser applets may need to re-configure their browser to use one of the Java implementations listed in the Solution section below. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Oracle Java SE 6 will not receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and in Red Hat Network (RHN) channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to these packages after this date. Once customers update their system by installing the packages associated with this advisory, the Oracle Java Web Plug-in will be disabled. As a result, customers who rely on Java-based browser applets may need to re-configure their browser to use one of the Java implementations listed in the Solution section below. All users of java-1.6.0-sun are advised to upgrade to these updated packages. 4. Solution: Red Hat recommends that customers using Oracle Java SE 6 choose one of the following alternative Java implementations: * OpenJDK 6, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 6, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels through September 2017. * OpenJDK 7, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 7, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. * Oracle Java SE 7, which is available today on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. Please refer to Red Hat Knowledge solution 314713 for information on how to install and configure any of these Java implementations. This solution also describes how customers who rely on Java-based browser applets can re-configure their Java Web Plug-in. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low http://www.ibm.com/developerworks/java/jdk/lifecycle/index.html https://access.redhat.com/knowledge/solutions/314713 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRSd59XlSAg2UNWIIRAq8CAJ0XrgtmV8UgLvjJSsTJi/ZlhT9yqQCgoKDU es9FDe+AoZlufJcpmMlthLw= =D0KK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:28:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:28:36 +0000 Subject: [RHSA-2013:0657-01] Moderate: openstack-nova security, bug fix, and enhancement update Message-ID: <201303211828.r2LISaIk017750@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2013:0657-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0657.html Issue date: 2013-03-21 CVE Names: CVE-2013-1664 CVE-2013-1665 ===================================================================== 1. Summary: Updated openstack-nova packages that fix two security issues, several bugs, and add an enhancement are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-nova packages provide OpenStack Compute (code name Nova), which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language (XML) parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory. (CVE-2013-1664) A flaw was found in the XML parser used by Nova. If a remote attacker sent a specially-crafted request to a Nova API, it could cause Nova to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Nova server that are accessible to the user running Nova. (CVE-2013-1665) This update also fixes several bugs. The following are noteworthy changes: * In single node, all-in-one environments where all services (such as Nova, Glance, and Keystone) are installed and run on a single system, after a host reboot, some instances may have automatically started again, but soon after, automatically shut down. "Instance shutdown by itself. Calling the stop API" messages were logged to Nova logs (in "/var/log/nova/") in these cases. (BZ#890512) * In environments using Quantum, after creating a network with two subnets, removing an IP address (using "nova remove-fixed-ip"), and then adding a fixed address (using "nova add-fixed-ip"), resulted in the virtual machine having two IP addresses. (BZ#908373) * Prior to this update, after converting a downloaded image to raw, the original, downloaded image (a large .part file) was not removed. After installing this update, the following three options must be configured in "/etc/nova/nova.conf" to correctly resolve this issue: remove_unused_base_images=true remove_unused_resized_minimum_age_seconds=60 remove_unused_original_minimum_age_seconds=60 (BZ#911103) Additionally, this update adds the following enhancement: * The RHSA-2013:0658 openstack-cinder update implemented a Cinder driver that allows Red Hat Storage to be used as a back-end for Cinder volumes. This update adds a libvirt connector to Nova, which is a requirement for using the new Cinder driver. Note that you must manually install the glusterfs and glusterfs-fuse packages on the Nova nodes. Additionally, when running Security-Enhanced Linux (SELinux) in Enforcing mode, the latest selinux-policy packages provided by RHBA-2013:0618 must be installed, otherwise denials will be logged when attempting to mount Red Hat Storage volumes. (BZ#912384) All users of openstack-nova are advised to upgrade to these updated packages, which correct these issues and add this enhancement. After installing the updated packages, the Nova running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 889868 - dnsmasq DHCP request blocked by default firewall rules 890512 - Some Instances are shutoff after host reboot 891347 - Use fallocate when copying disk images around in _base to improve copy performance and out of space errors 891420 - Change default for compute node to poll for database connection indefinitely 902409 - Network disassociation from a project doesn't work 905113 - Backport qpid_hosts option - nova 906783 - Quantum/Nova does not work with nova.virt.firewall.NoopFirewallDriver 907178 - Deletion of the "default" security group fails without error 908373 - Quantum: adding fixed ip to an instance on a network with two subnets using NOVA will results with two ip address 910224 - CVE-2013-1664 CVE-2013-1665 OpenStack nova: XML entity parsing 911103 - libvirt leaves large stale .part files on disk when downloading non raw images 912384 - Backport GlusterFS connector from Grizzly 912982 - CVE-2013-1665 Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities 913613 - Some Instances are shutoff after they're suspended externally to nova 913808 - CVE-2013-1664 Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities 914759 - nova-dhcpbridge does not support nova.conf and nova-dist.conf at the same time 916241 - nova-dhcpbridge fails to startup 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-nova-2012.2.3-4.el6ost.src.rpm noarch: openstack-nova-2012.2.3-4.el6ost.noarch.rpm openstack-nova-api-2012.2.3-4.el6ost.noarch.rpm openstack-nova-cert-2012.2.3-4.el6ost.noarch.rpm openstack-nova-common-2012.2.3-4.el6ost.noarch.rpm openstack-nova-compute-2012.2.3-4.el6ost.noarch.rpm openstack-nova-console-2012.2.3-4.el6ost.noarch.rpm openstack-nova-doc-2012.2.3-4.el6ost.noarch.rpm openstack-nova-network-2012.2.3-4.el6ost.noarch.rpm openstack-nova-objectstore-2012.2.3-4.el6ost.noarch.rpm openstack-nova-scheduler-2012.2.3-4.el6ost.noarch.rpm openstack-nova-volume-2012.2.3-4.el6ost.noarch.rpm python-nova-2012.2.3-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1664.html https://www.redhat.com/security/data/cve/CVE-2013-1665.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0658.html https://rhn.redhat.com/errata/RHBA-2013-0618.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1EhXlSAg2UNWIIRAvjYAJkBOtoEQU0Oi0i9BUPl21HASWP5FACgns5i ei9nr9ngjqmnWQBphufqT4g= =Y4Xk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:29:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:29:12 +0000 Subject: [RHSA-2013:0658-01] Moderate: openstack-cinder security and enhancement update Message-ID: <201303211829.r2LITCHj027419@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security and enhancement update Advisory ID: RHSA-2013:0658-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0658.html Issue date: 2013-03-21 CVE Names: CVE-2013-1664 CVE-2013-1665 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix two security issues and add one enhancement are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The openstack-cinder packages provide OpenStack Volume (code name Cinder), which provides services to manage and access block storage volumes for use by virtual machine instances. A denial of service flaw was found in the Extensible Markup Language (XML) parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory. (CVE-2013-1664) A flaw was found in the XML parser used by Cinder. If a remote attacker sent a specially-crafted request to a Cinder API, it could cause Cinder to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Cinder server that are accessible to the user running Cinder. (CVE-2013-1665) This update also adds the following enhancement: * This update implements a Cinder driver that allows Red Hat Storage to be used as a back-end for Cinder volumes. To use this driver, "volume_driver = cinder.volume.glusterfs.GlusterfsDriver" and the "glusterfs_shares_config" option must be set in "/etc/cinder/cinder.conf", and the RHSA-2013:0657 openstack-nova update must also be installed. Note that there is no volume snapshot or clone support when using this driver. (BZ#892686) All users of openstack-cinder are advised to upgrade to these updated packages, which fix these issues and add this enhancement. After installing the updated packages, the Cinder running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 892686 - Develop Cinder driver for Gluster/Red Hat Storage backend for volume support 910222 - CVE-2013-1664 CVE-2013-1665 OpenStack cinder: XML entity parsing 912982 - CVE-2013-1665 Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities 913808 - CVE-2013-1664 Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-cinder-2012.2.3-4.el6ost.src.rpm noarch: openstack-cinder-2012.2.3-4.el6ost.noarch.rpm openstack-cinder-doc-2012.2.3-4.el6ost.noarch.rpm python-cinder-2012.2.3-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1664.html https://www.redhat.com/security/data/cve/CVE-2013-1665.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0657.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1FgXlSAg2UNWIIRAntSAJ0dX0r4bc3ohO/7bAETVP9NAxWz3gCgiA8J exT7U4260Re8r9hkpCWoIW8= =QlFK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:30:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:30:50 +0000 Subject: [RHSA-2013:0668-01] Moderate: boost security update Message-ID: <201303211830.r2LIUoeD003688@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: boost security update Advisory ID: RHSA-2013:0668-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0668.html Issue date: 2013-03-21 CVE Names: CVE-2012-2677 ===================================================================== 1. Summary: Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677) All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 828856 - CVE-2012-2677 boost: ordered_malloc() overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/boost-1.33.1-16.el5_9.src.rpm i386: boost-1.33.1-16.el5_9.i386.rpm boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-doc-1.33.1-16.el5_9.i386.rpm x86_64: boost-1.33.1-16.el5_9.i386.rpm boost-1.33.1-16.el5_9.x86_64.rpm boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-debuginfo-1.33.1-16.el5_9.x86_64.rpm boost-doc-1.33.1-16.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/boost-1.33.1-16.el5_9.src.rpm i386: boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-devel-1.33.1-16.el5_9.i386.rpm x86_64: boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-debuginfo-1.33.1-16.el5_9.x86_64.rpm boost-devel-1.33.1-16.el5_9.i386.rpm boost-devel-1.33.1-16.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/boost-1.33.1-16.el5_9.src.rpm i386: boost-1.33.1-16.el5_9.i386.rpm boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-devel-1.33.1-16.el5_9.i386.rpm boost-doc-1.33.1-16.el5_9.i386.rpm ia64: boost-1.33.1-16.el5_9.ia64.rpm boost-debuginfo-1.33.1-16.el5_9.ia64.rpm boost-devel-1.33.1-16.el5_9.ia64.rpm boost-doc-1.33.1-16.el5_9.ia64.rpm ppc: boost-1.33.1-16.el5_9.ppc.rpm boost-1.33.1-16.el5_9.ppc64.rpm boost-debuginfo-1.33.1-16.el5_9.ppc.rpm boost-debuginfo-1.33.1-16.el5_9.ppc64.rpm boost-devel-1.33.1-16.el5_9.ppc.rpm boost-devel-1.33.1-16.el5_9.ppc64.rpm boost-doc-1.33.1-16.el5_9.ppc.rpm s390x: boost-1.33.1-16.el5_9.s390.rpm boost-1.33.1-16.el5_9.s390x.rpm boost-debuginfo-1.33.1-16.el5_9.s390.rpm boost-debuginfo-1.33.1-16.el5_9.s390x.rpm boost-devel-1.33.1-16.el5_9.s390.rpm boost-devel-1.33.1-16.el5_9.s390x.rpm boost-doc-1.33.1-16.el5_9.s390x.rpm x86_64: boost-1.33.1-16.el5_9.i386.rpm boost-1.33.1-16.el5_9.x86_64.rpm boost-debuginfo-1.33.1-16.el5_9.i386.rpm boost-debuginfo-1.33.1-16.el5_9.x86_64.rpm boost-devel-1.33.1-16.el5_9.i386.rpm boost-devel-1.33.1-16.el5_9.x86_64.rpm boost-doc-1.33.1-16.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-python-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.i686.rpm x86_64: boost-1.41.0-15.el6_4.x86_64.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.x86_64.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.x86_64.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.x86_64.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.x86_64.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.x86_64.rpm boost-python-1.41.0-15.el6_4.x86_64.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.x86_64.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.x86_64.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.x86_64.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.x86_64.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.x86_64.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.x86_64.rpm boost-wave-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-devel-1.41.0-15.el6_4.i686.rpm boost-doc-1.41.0-15.el6_4.i686.rpm boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm boost-math-1.41.0-15.el6_4.i686.rpm boost-mpich2-1.41.0-15.el6_4.i686.rpm boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm boost-mpich2-python-1.41.0-15.el6_4.i686.rpm boost-openmpi-1.41.0-15.el6_4.i686.rpm boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm boost-openmpi-python-1.41.0-15.el6_4.i686.rpm boost-static-1.41.0-15.el6_4.i686.rpm x86_64: boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-devel-1.41.0-15.el6_4.x86_64.rpm boost-doc-1.41.0-15.el6_4.x86_64.rpm boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-math-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm boost-static-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm x86_64: boost-1.41.0-15.el6_4.x86_64.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.x86_64.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.x86_64.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.x86_64.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.x86_64.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.x86_64.rpm boost-python-1.41.0-15.el6_4.x86_64.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.x86_64.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.x86_64.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.x86_64.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.x86_64.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.x86_64.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.x86_64.rpm boost-wave-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm x86_64: boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-devel-1.41.0-15.el6_4.x86_64.rpm boost-doc-1.41.0-15.el6_4.x86_64.rpm boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-math-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm boost-static-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-devel-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-python-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.i686.rpm ppc64: boost-1.41.0-15.el6_4.ppc64.rpm boost-date-time-1.41.0-15.el6_4.ppc.rpm boost-date-time-1.41.0-15.el6_4.ppc64.rpm boost-debuginfo-1.41.0-15.el6_4.ppc.rpm boost-debuginfo-1.41.0-15.el6_4.ppc64.rpm boost-devel-1.41.0-15.el6_4.ppc64.rpm boost-filesystem-1.41.0-15.el6_4.ppc.rpm boost-filesystem-1.41.0-15.el6_4.ppc64.rpm boost-graph-1.41.0-15.el6_4.ppc.rpm boost-graph-1.41.0-15.el6_4.ppc64.rpm boost-iostreams-1.41.0-15.el6_4.ppc.rpm boost-iostreams-1.41.0-15.el6_4.ppc64.rpm boost-program-options-1.41.0-15.el6_4.ppc.rpm boost-program-options-1.41.0-15.el6_4.ppc64.rpm boost-python-1.41.0-15.el6_4.ppc64.rpm boost-regex-1.41.0-15.el6_4.ppc.rpm boost-regex-1.41.0-15.el6_4.ppc64.rpm boost-serialization-1.41.0-15.el6_4.ppc.rpm boost-serialization-1.41.0-15.el6_4.ppc64.rpm boost-signals-1.41.0-15.el6_4.ppc.rpm boost-signals-1.41.0-15.el6_4.ppc64.rpm boost-system-1.41.0-15.el6_4.ppc.rpm boost-system-1.41.0-15.el6_4.ppc64.rpm boost-test-1.41.0-15.el6_4.ppc.rpm boost-test-1.41.0-15.el6_4.ppc64.rpm boost-thread-1.41.0-15.el6_4.ppc.rpm boost-thread-1.41.0-15.el6_4.ppc64.rpm boost-wave-1.41.0-15.el6_4.ppc.rpm boost-wave-1.41.0-15.el6_4.ppc64.rpm s390x: boost-1.41.0-15.el6_4.s390x.rpm boost-date-time-1.41.0-15.el6_4.s390.rpm boost-date-time-1.41.0-15.el6_4.s390x.rpm boost-debuginfo-1.41.0-15.el6_4.s390.rpm boost-debuginfo-1.41.0-15.el6_4.s390x.rpm boost-devel-1.41.0-15.el6_4.s390x.rpm boost-filesystem-1.41.0-15.el6_4.s390.rpm boost-filesystem-1.41.0-15.el6_4.s390x.rpm boost-graph-1.41.0-15.el6_4.s390.rpm boost-graph-1.41.0-15.el6_4.s390x.rpm boost-iostreams-1.41.0-15.el6_4.s390.rpm boost-iostreams-1.41.0-15.el6_4.s390x.rpm boost-program-options-1.41.0-15.el6_4.s390.rpm boost-program-options-1.41.0-15.el6_4.s390x.rpm boost-python-1.41.0-15.el6_4.s390x.rpm boost-regex-1.41.0-15.el6_4.s390.rpm boost-regex-1.41.0-15.el6_4.s390x.rpm boost-serialization-1.41.0-15.el6_4.s390.rpm boost-serialization-1.41.0-15.el6_4.s390x.rpm boost-signals-1.41.0-15.el6_4.s390.rpm boost-signals-1.41.0-15.el6_4.s390x.rpm boost-system-1.41.0-15.el6_4.s390.rpm boost-system-1.41.0-15.el6_4.s390x.rpm boost-test-1.41.0-15.el6_4.s390.rpm boost-test-1.41.0-15.el6_4.s390x.rpm boost-thread-1.41.0-15.el6_4.s390.rpm boost-thread-1.41.0-15.el6_4.s390x.rpm boost-wave-1.41.0-15.el6_4.s390.rpm boost-wave-1.41.0-15.el6_4.s390x.rpm x86_64: boost-1.41.0-15.el6_4.x86_64.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.x86_64.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-devel-1.41.0-15.el6_4.x86_64.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.x86_64.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.x86_64.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.x86_64.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.x86_64.rpm boost-python-1.41.0-15.el6_4.x86_64.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.x86_64.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.x86_64.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.x86_64.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.x86_64.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.x86_64.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.x86_64.rpm boost-wave-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-doc-1.41.0-15.el6_4.i686.rpm boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm boost-math-1.41.0-15.el6_4.i686.rpm boost-mpich2-1.41.0-15.el6_4.i686.rpm boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm boost-mpich2-python-1.41.0-15.el6_4.i686.rpm boost-openmpi-1.41.0-15.el6_4.i686.rpm boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm boost-openmpi-python-1.41.0-15.el6_4.i686.rpm boost-static-1.41.0-15.el6_4.i686.rpm ppc64: boost-debuginfo-1.41.0-15.el6_4.ppc64.rpm boost-doc-1.41.0-15.el6_4.ppc64.rpm boost-graph-openmpi-1.41.0-15.el6_4.ppc64.rpm boost-math-1.41.0-15.el6_4.ppc64.rpm boost-openmpi-1.41.0-15.el6_4.ppc64.rpm boost-openmpi-devel-1.41.0-15.el6_4.ppc64.rpm boost-openmpi-python-1.41.0-15.el6_4.ppc64.rpm boost-static-1.41.0-15.el6_4.ppc64.rpm s390x: boost-debuginfo-1.41.0-15.el6_4.s390x.rpm boost-doc-1.41.0-15.el6_4.s390x.rpm boost-math-1.41.0-15.el6_4.s390x.rpm boost-static-1.41.0-15.el6_4.s390x.rpm x86_64: boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-doc-1.41.0-15.el6_4.x86_64.rpm boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-math-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm boost-static-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-devel-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-python-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.i686.rpm x86_64: boost-1.41.0-15.el6_4.x86_64.rpm boost-date-time-1.41.0-15.el6_4.i686.rpm boost-date-time-1.41.0-15.el6_4.x86_64.rpm boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-devel-1.41.0-15.el6_4.x86_64.rpm boost-filesystem-1.41.0-15.el6_4.i686.rpm boost-filesystem-1.41.0-15.el6_4.x86_64.rpm boost-graph-1.41.0-15.el6_4.i686.rpm boost-graph-1.41.0-15.el6_4.x86_64.rpm boost-iostreams-1.41.0-15.el6_4.i686.rpm boost-iostreams-1.41.0-15.el6_4.x86_64.rpm boost-program-options-1.41.0-15.el6_4.i686.rpm boost-program-options-1.41.0-15.el6_4.x86_64.rpm boost-python-1.41.0-15.el6_4.x86_64.rpm boost-regex-1.41.0-15.el6_4.i686.rpm boost-regex-1.41.0-15.el6_4.x86_64.rpm boost-serialization-1.41.0-15.el6_4.i686.rpm boost-serialization-1.41.0-15.el6_4.x86_64.rpm boost-signals-1.41.0-15.el6_4.i686.rpm boost-signals-1.41.0-15.el6_4.x86_64.rpm boost-system-1.41.0-15.el6_4.i686.rpm boost-system-1.41.0-15.el6_4.x86_64.rpm boost-test-1.41.0-15.el6_4.i686.rpm boost-test-1.41.0-15.el6_4.x86_64.rpm boost-thread-1.41.0-15.el6_4.i686.rpm boost-thread-1.41.0-15.el6_4.x86_64.rpm boost-wave-1.41.0-15.el6_4.i686.rpm boost-wave-1.41.0-15.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/boost-1.41.0-15.el6_4.src.rpm i386: boost-debuginfo-1.41.0-15.el6_4.i686.rpm boost-doc-1.41.0-15.el6_4.i686.rpm boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm boost-math-1.41.0-15.el6_4.i686.rpm boost-mpich2-1.41.0-15.el6_4.i686.rpm boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm boost-mpich2-python-1.41.0-15.el6_4.i686.rpm boost-openmpi-1.41.0-15.el6_4.i686.rpm boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm boost-openmpi-python-1.41.0-15.el6_4.i686.rpm boost-static-1.41.0-15.el6_4.i686.rpm x86_64: boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm boost-doc-1.41.0-15.el6_4.x86_64.rpm boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-math-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm boost-static-1.41.0-15.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2677.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1GkXlSAg2UNWIIRAkXkAKCSIJDdQA68tXByuCOW42drMFqtdACgtsmU ZLUfi1a6+ANyxOAjJf1lKV4= =Fpr0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:32:25 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:32:25 +0000 Subject: [RHSA-2013:0669-01] Moderate: qt security update Message-ID: <201303211832.r2LIWPMW000697@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qt security update Advisory ID: RHSA-2013:0669-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0669.html Issue date: 2013-03-21 CVE Names: CVE-2013-0254 ===================================================================== 1. Summary: Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907425 - CVE-2013-0254 qt: QSharedMemory class created shared memory segments with insecure permissions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.i686.rpm x86_64: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm qt-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.x86_64.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.x86_64.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.x86_64.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.x86_64.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.x86_64.rpm qt-x11-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-demos-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-examples-4.6.2-26.el6_4.i686.rpm noarch: qt-doc-4.6.2-26.el6_4.noarch.rpm x86_64: qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-demos-4.6.2-26.el6_4.x86_64.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.x86_64.rpm qt-examples-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm x86_64: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm qt-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.x86_64.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.x86_64.rpm qt-x11-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm noarch: qt-doc-4.6.2-26.el6_4.noarch.rpm x86_64: qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-demos-4.6.2-26.el6_4.x86_64.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.x86_64.rpm qt-examples-4.6.2-26.el6_4.x86_64.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.x86_64.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.x86_64.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.i686.rpm noarch: qt-doc-4.6.2-26.el6_4.noarch.rpm ppc64: phonon-backend-gstreamer-4.6.2-26.el6_4.ppc.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.ppc64.rpm qt-4.6.2-26.el6_4.ppc.rpm qt-4.6.2-26.el6_4.ppc64.rpm qt-debuginfo-4.6.2-26.el6_4.ppc.rpm qt-debuginfo-4.6.2-26.el6_4.ppc64.rpm qt-devel-4.6.2-26.el6_4.ppc.rpm qt-devel-4.6.2-26.el6_4.ppc64.rpm qt-mysql-4.6.2-26.el6_4.ppc.rpm qt-mysql-4.6.2-26.el6_4.ppc64.rpm qt-odbc-4.6.2-26.el6_4.ppc.rpm qt-odbc-4.6.2-26.el6_4.ppc64.rpm qt-postgresql-4.6.2-26.el6_4.ppc.rpm qt-postgresql-4.6.2-26.el6_4.ppc64.rpm qt-sqlite-4.6.2-26.el6_4.ppc.rpm qt-sqlite-4.6.2-26.el6_4.ppc64.rpm qt-x11-4.6.2-26.el6_4.ppc.rpm qt-x11-4.6.2-26.el6_4.ppc64.rpm s390x: phonon-backend-gstreamer-4.6.2-26.el6_4.s390.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.s390x.rpm qt-4.6.2-26.el6_4.s390.rpm qt-4.6.2-26.el6_4.s390x.rpm qt-debuginfo-4.6.2-26.el6_4.s390.rpm qt-debuginfo-4.6.2-26.el6_4.s390x.rpm qt-devel-4.6.2-26.el6_4.s390.rpm qt-devel-4.6.2-26.el6_4.s390x.rpm qt-mysql-4.6.2-26.el6_4.s390.rpm qt-mysql-4.6.2-26.el6_4.s390x.rpm qt-odbc-4.6.2-26.el6_4.s390.rpm qt-odbc-4.6.2-26.el6_4.s390x.rpm qt-postgresql-4.6.2-26.el6_4.s390.rpm qt-postgresql-4.6.2-26.el6_4.s390x.rpm qt-sqlite-4.6.2-26.el6_4.s390.rpm qt-sqlite-4.6.2-26.el6_4.s390x.rpm qt-x11-4.6.2-26.el6_4.s390.rpm qt-x11-4.6.2-26.el6_4.s390x.rpm x86_64: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm qt-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.x86_64.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.x86_64.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.x86_64.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.x86_64.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.x86_64.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.x86_64.rpm qt-x11-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-demos-4.6.2-26.el6_4.i686.rpm qt-examples-4.6.2-26.el6_4.i686.rpm ppc64: qt-debuginfo-4.6.2-26.el6_4.ppc64.rpm qt-demos-4.6.2-26.el6_4.ppc64.rpm qt-examples-4.6.2-26.el6_4.ppc64.rpm s390x: qt-debuginfo-4.6.2-26.el6_4.s390x.rpm qt-demos-4.6.2-26.el6_4.s390x.rpm qt-examples-4.6.2-26.el6_4.s390x.rpm x86_64: qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-demos-4.6.2-26.el6_4.x86_64.rpm qt-examples-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.i686.rpm noarch: qt-doc-4.6.2-26.el6_4.noarch.rpm x86_64: phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm qt-4.6.2-26.el6_4.i686.rpm qt-4.6.2-26.el6_4.x86_64.rpm qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-devel-4.6.2-26.el6_4.i686.rpm qt-devel-4.6.2-26.el6_4.x86_64.rpm qt-mysql-4.6.2-26.el6_4.i686.rpm qt-mysql-4.6.2-26.el6_4.x86_64.rpm qt-odbc-4.6.2-26.el6_4.i686.rpm qt-odbc-4.6.2-26.el6_4.x86_64.rpm qt-postgresql-4.6.2-26.el6_4.i686.rpm qt-postgresql-4.6.2-26.el6_4.x86_64.rpm qt-sqlite-4.6.2-26.el6_4.i686.rpm qt-sqlite-4.6.2-26.el6_4.x86_64.rpm qt-x11-4.6.2-26.el6_4.i686.rpm qt-x11-4.6.2-26.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qt-4.6.2-26.el6_4.src.rpm i386: qt-debuginfo-4.6.2-26.el6_4.i686.rpm qt-demos-4.6.2-26.el6_4.i686.rpm qt-examples-4.6.2-26.el6_4.i686.rpm x86_64: qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm qt-demos-4.6.2-26.el6_4.x86_64.rpm qt-examples-4.6.2-26.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0254.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1H/XlSAg2UNWIIRAn6yAJ9rXT13qERuhJmU6SRjkd5rrhOqmwCghwSb dtk5/2MkxSqQndrD4qk3Xxg= =XpWe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:32:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:32:50 +0000 Subject: [RHSA-2013:0670-01] Moderate: Django security update Message-ID: <201303211832.r2LIWop2004675@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Django security update Advisory ID: RHSA-2013:0670-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0670.html Issue date: 2013-03-21 CVE Names: CVE-2013-0305 CVE-2013-0306 CVE-2013-1664 CVE-2013-1665 ===================================================================== 1. Summary: Updated Django packages that fix multiple security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: The Django web framework is used by Horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A denial of service flaw was found in the Extensible Markup Language (XML) parser used by Django. A remote attacker could use this flaw to send a specially-crafted request to an Horizon API, causing Horizon to consume an excessive amount of CPU and memory. (CVE-2013-1664) A flaw was found in the XML parser used by Django. If a remote attacker sent a specially-crafted request to an Horizon API, it could cause Horizon to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Horizon server that are accessible to the user running Horizon. (CVE-2013-1665) It was found that the history view in the bundled administrative web interface in Django did not perform permission checks. An authenticated user who can access the web interface could use this flaw to view the changes to objects and data they would otherwise not have access to. (CVE-2013-0305) A flaw was found in the way Django handled formsets. A remote attacker could use this flaw to submit a large number of forms, causing excessive memory consumption. Note: The current version of OpenStack in Red Hat OpenStack Folsom does not expose this vulnerability. (CVE-2013-0306) This update also includes two hardening fixes to help protect against XML entity and HTTP Host header poisoning attacks. (BZ#913039, BZ#913037) All users of Horizon are advised to upgrade to these updated packages, which resolve these issues. After installing the updated packages, the httpd daemon must be restarted ("service httpd restart") for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 912982 - CVE-2013-1665 Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities 913037 - Django: Host header poisoning hardening 913039 - Django: XML entity attacks 913041 - CVE-2013-0305 Django: Data leakage via admin history log 913042 - CVE-2013-0306 Django: Formset denial-of-service 913808 - CVE-2013-1664 Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/Django14-1.4.4-1.el6ost.src.rpm noarch: Django14-1.4.4-1.el6ost.noarch.rpm Django14-doc-1.4.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0305.html https://www.redhat.com/security/data/cve/CVE-2013-0306.html https://www.redhat.com/security/data/cve/CVE-2013-1664.html https://www.redhat.com/security/data/cve/CVE-2013-1665.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1JFXlSAg2UNWIIRAk+cAJ9ENrLSNdyNehsGloeKn1W1JGBx1QCbBPFT d8ithQMgnsDEi0OsKXtrXZQ= =4cHe -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 21 18:33:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Mar 2013 18:33:14 +0000 Subject: [RHSA-2013:0671-01] Moderate: openstack-packstack security and bug fix update Message-ID: <201303211833.r2LIXEUu000913@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-packstack security and bug fix update Advisory ID: RHSA-2013:0671-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0671.html Issue date: 2013-03-21 CVE Names: CVE-2013-1815 ===================================================================== 1. Summary: An updated openstack-packstack package that fixes one security issue and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. It was found that PackStack did not handle the answer file securely. In some environments, such as those using a non-default umask, a local attacker could possibly modify the answer file if PackStack was run in an attacker controlled directory, or attempted to create the answer file in "/tmp/", allowing the attacker to modify systems being deployed using OpenStack. Note: After applying this update, PackStack will create the answer file in the user's home directory by default. It will no longer create it in the current working directory or the "/tmp/" directory by default. (CVE-2013-1815) The CVE-2013-1815 issue was discovered by Derek Higgins of the Red Hat OpenStack team. This update also fixes several bugs in the openstack-packstack package. All users of openstack-packstack are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 865347 - RFE: Hypervisor installer should change host's IO scheduler to deadline for improved performance 886603 - Openstack Installer: packstack should handle both IP addresses and hostnames for all parameters available in its answer file. 888725 - packstack puppet recipes should set authtoken parameters in *.conf not paste.ini 892247 - Provide --all-in-one parameter to Packstack 893107 - Openstack-packstack: The installation log file is available at - is empty, ( when not using '--debug=true') . 894733 - packstack: keystonerc_admin file generation: assumes '/root' exists, stores keystonerc_admin file with too much permissions 896618 - RFE: Use full/explanatory service names in user prompts. 903502 - packstack munges my RHN password 903545 - take /usr/share/*dist.conf into account when writing /etc/*conf 903813 - Configure Horizon to use HTTPS by default. 905081 - glance endpoint url contains version which brakes new-enough python-glanceclient 905368 - Support for RHN Hosted and Satellite 905842 - NTP configuration fails if ntpd service is running in the machine already 908695 - openstack-packstack: Installation failed on iptables Command Error 'Resource temporarily unavailable'. 908771 - Have consistent conventions for variables (passwords) 908837 - RHEL version not supported. RHEL >6.4 required is not true. True is RHEL >= 6.4 is required. 908838 - RHEL version not supported. RHEL >6.4 required is not true. Reported when connection problem happened. 908846 - answer file options values doesn't allow white-spaces 908900 - CONFIG_SWIFT_STORAGE_HOSTS format handling is badly parsed 910089 - Packstack doesn't make sure the private interface is up 910210 - packstack needs to add option to subscribe to rh beta rpm's 911626 - double first typo in answfile 912006 - Openstack Installer: packstack error while trying to validate NTP server 912702 - Remove symlink to qemu-kvm from qemu-system-x86_64 created for VM on VM installs 912745 - INFO_KEYSTONERC hardcoded to /root/ location. 912768 - Packstack needs to add nagios to monitor hosts 915382 - Prompt for NTP should highlight way to provide list (comma separated) 917904 - CVE-2013-1815 OpenStack packstack: answerfile creation permissions issue 6. Package List: OpenStack Folsom: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-packstack-2012.2.3-0.1.dev454.el6ost.src.rpm noarch: openstack-packstack-2012.2.3-0.1.dev454.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1815.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1JZXlSAg2UNWIIRAh0DAJ9IE0vX11+D1fF6TyuQxFC6pe2TkACggEGV YCXGwwcuE4rXH/4RWlnNBLE= =rUZ2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 25 17:23:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Mar 2013 17:23:03 +0000 Subject: [RHSA-2013:0683-01] Moderate: axis security update Message-ID: <201303251723.r2PHN4Lt016921@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: axis security update Advisory ID: RHSA-2013:0683-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0683.html Issue date: 2013-03-25 CVE Names: CVE-2012-5784 ===================================================================== 1. Summary: Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873252 - CVE-2012-5784 axis: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/axis-1.2.1-2jpp.7.el5_9.src.rpm i386: axis-1.2.1-2jpp.7.el5_9.i386.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm x86_64: axis-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/axis-1.2.1-2jpp.7.el5_9.src.rpm i386: axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm x86_64: axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/axis-1.2.1-2jpp.7.el5_9.src.rpm i386: axis-1.2.1-2jpp.7.el5_9.i386.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.i386.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm ia64: axis-1.2.1-2jpp.7.el5_9.ia64.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.ia64.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.ia64.rpm axis-manual-1.2.1-2jpp.7.el5_9.ia64.rpm ppc: axis-1.2.1-2jpp.7.el5_9.ppc.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.ppc.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.ppc.rpm axis-manual-1.2.1-2jpp.7.el5_9.ppc.rpm s390x: axis-1.2.1-2jpp.7.el5_9.s390x.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.s390x.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.s390x.rpm axis-manual-1.2.1-2jpp.7.el5_9.s390x.rpm x86_64: axis-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-debuginfo-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5784.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRUIfnXlSAg2UNWIIRAtEDAJsGwcJfA1ECO1P7txjTef3KyCwj7wCfXOQU bjZYJxkZHrDGLHsdTBi25+Q= =r2sK -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 26 19:30:53 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Mar 2013 19:30:53 +0000 Subject: [RHSA-2013:0685-01] Moderate: perl security update Message-ID: <201303261930.r2QJUrgo006153@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2013:0685-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0685.html Issue date: 2013-03-26 CVE Names: CVE-2012-5195 CVE-2012-5526 CVE-2012-6329 CVE-2013-1667 ===================================================================== 1. Summary: Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 862413 - CVE-2012-5195 perl: heap buffer overrun flaw may lead to arbitrary code execution 877015 - CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers 884354 - CVE-2012-6329 perl: possible arbitrary code execution via Locale::Maketext 912276 - CVE-2013-1667 perl: DoS in rehashing code 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-5.8.8-40.el5_9.src.rpm i386: perl-5.8.8-40.el5_9.i386.rpm perl-debuginfo-5.8.8-40.el5_9.i386.rpm perl-suidperl-5.8.8-40.el5_9.i386.rpm x86_64: perl-5.8.8-40.el5_9.i386.rpm perl-5.8.8-40.el5_9.x86_64.rpm perl-debuginfo-5.8.8-40.el5_9.i386.rpm perl-debuginfo-5.8.8-40.el5_9.x86_64.rpm perl-suidperl-5.8.8-40.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-5.8.8-40.el5_9.src.rpm i386: perl-5.8.8-40.el5_9.i386.rpm perl-debuginfo-5.8.8-40.el5_9.i386.rpm perl-suidperl-5.8.8-40.el5_9.i386.rpm ia64: perl-5.8.8-40.el5_9.ia64.rpm perl-debuginfo-5.8.8-40.el5_9.ia64.rpm perl-suidperl-5.8.8-40.el5_9.ia64.rpm ppc: perl-5.8.8-40.el5_9.ppc.rpm perl-debuginfo-5.8.8-40.el5_9.ppc.rpm perl-suidperl-5.8.8-40.el5_9.ppc.rpm s390x: perl-5.8.8-40.el5_9.s390x.rpm perl-debuginfo-5.8.8-40.el5_9.s390x.rpm perl-suidperl-5.8.8-40.el5_9.s390x.rpm x86_64: perl-5.8.8-40.el5_9.x86_64.rpm perl-debuginfo-5.8.8-40.el5_9.x86_64.rpm perl-suidperl-5.8.8-40.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/perl-5.10.1-130.el6_4.src.rpm i386: perl-5.10.1-130.el6_4.i686.rpm perl-Archive-Extract-0.38-130.el6_4.i686.rpm perl-Archive-Tar-1.58-130.el6_4.i686.rpm perl-CGI-3.51-130.el6_4.i686.rpm perl-CPAN-1.9402-130.el6_4.i686.rpm perl-CPANPLUS-0.88-130.el6_4.i686.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm perl-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-Digest-SHA-5.47-130.el6_4.i686.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm perl-File-Fetch-0.26-130.el6_4.i686.rpm perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-IO-Zlib-1.09-130.el6_4.i686.rpm perl-IPC-Cmd-0.56-130.el6_4.i686.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm perl-Log-Message-0.02-130.el6_4.i686.rpm perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm perl-Module-Build-0.3500-130.el6_4.i686.rpm perl-Module-CoreList-2.18-130.el6_4.i686.rpm perl-Module-Load-0.16-130.el6_4.i686.rpm perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm perl-Module-Loaded-0.02-130.el6_4.i686.rpm perl-Module-Pluggable-3.90-130.el6_4.i686.rpm perl-Object-Accessor-0.34-130.el6_4.i686.rpm perl-Package-Constants-0.02-130.el6_4.i686.rpm perl-Params-Check-0.26-130.el6_4.i686.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm perl-Pod-Escapes-1.04-130.el6_4.i686.rpm perl-Pod-Simple-3.13-130.el6_4.i686.rpm perl-Term-UI-0.20-130.el6_4.i686.rpm perl-Test-Harness-3.17-130.el6_4.i686.rpm perl-Test-Simple-0.92-130.el6_4.i686.rpm perl-Time-HiRes-1.9721-130.el6_4.i686.rpm perl-Time-Piece-1.15-130.el6_4.i686.rpm perl-core-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-parent-0.221-130.el6_4.i686.rpm perl-suidperl-5.10.1-130.el6_4.i686.rpm perl-version-0.77-130.el6_4.i686.rpm x86_64: perl-5.10.1-130.el6_4.x86_64.rpm perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm perl-CGI-3.51-130.el6_4.x86_64.rpm perl-CPAN-1.9402-130.el6_4.x86_64.rpm perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm perl-File-Fetch-0.26-130.el6_4.x86_64.rpm perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm perl-Log-Message-0.02-130.el6_4.x86_64.rpm perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm perl-Module-Build-0.3500-130.el6_4.x86_64.rpm perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm perl-Module-Load-0.16-130.el6_4.x86_64.rpm perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm perl-Package-Constants-0.02-130.el6_4.x86_64.rpm perl-Params-Check-0.26-130.el6_4.x86_64.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm perl-Term-UI-0.20-130.el6_4.x86_64.rpm perl-Test-Harness-3.17-130.el6_4.x86_64.rpm perl-Test-Simple-0.92-130.el6_4.x86_64.rpm perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm perl-Time-Piece-1.15-130.el6_4.x86_64.rpm perl-core-5.10.1-130.el6_4.x86_64.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.x86_64.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.x86_64.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.x86_64.rpm perl-parent-0.221-130.el6_4.x86_64.rpm perl-suidperl-5.10.1-130.el6_4.x86_64.rpm perl-version-0.77-130.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perl-5.10.1-130.el6_4.src.rpm x86_64: perl-5.10.1-130.el6_4.x86_64.rpm perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm perl-CGI-3.51-130.el6_4.x86_64.rpm perl-CPAN-1.9402-130.el6_4.x86_64.rpm perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm perl-File-Fetch-0.26-130.el6_4.x86_64.rpm perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm perl-Log-Message-0.02-130.el6_4.x86_64.rpm perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm perl-Module-Build-0.3500-130.el6_4.x86_64.rpm perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm perl-Module-Load-0.16-130.el6_4.x86_64.rpm perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm perl-Package-Constants-0.02-130.el6_4.x86_64.rpm perl-Params-Check-0.26-130.el6_4.x86_64.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm perl-Term-UI-0.20-130.el6_4.x86_64.rpm perl-Test-Harness-3.17-130.el6_4.x86_64.rpm perl-Test-Simple-0.92-130.el6_4.x86_64.rpm perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm perl-Time-Piece-1.15-130.el6_4.x86_64.rpm perl-core-5.10.1-130.el6_4.x86_64.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.x86_64.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.x86_64.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.x86_64.rpm perl-parent-0.221-130.el6_4.x86_64.rpm perl-suidperl-5.10.1-130.el6_4.x86_64.rpm perl-version-0.77-130.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perl-5.10.1-130.el6_4.src.rpm i386: perl-5.10.1-130.el6_4.i686.rpm perl-Archive-Extract-0.38-130.el6_4.i686.rpm perl-Archive-Tar-1.58-130.el6_4.i686.rpm perl-CGI-3.51-130.el6_4.i686.rpm perl-CPAN-1.9402-130.el6_4.i686.rpm perl-CPANPLUS-0.88-130.el6_4.i686.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm perl-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-Digest-SHA-5.47-130.el6_4.i686.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm perl-File-Fetch-0.26-130.el6_4.i686.rpm perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-IO-Zlib-1.09-130.el6_4.i686.rpm perl-IPC-Cmd-0.56-130.el6_4.i686.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm perl-Log-Message-0.02-130.el6_4.i686.rpm perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm perl-Module-Build-0.3500-130.el6_4.i686.rpm perl-Module-CoreList-2.18-130.el6_4.i686.rpm perl-Module-Load-0.16-130.el6_4.i686.rpm perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm perl-Module-Loaded-0.02-130.el6_4.i686.rpm perl-Module-Pluggable-3.90-130.el6_4.i686.rpm perl-Object-Accessor-0.34-130.el6_4.i686.rpm perl-Package-Constants-0.02-130.el6_4.i686.rpm perl-Params-Check-0.26-130.el6_4.i686.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm perl-Pod-Escapes-1.04-130.el6_4.i686.rpm perl-Pod-Simple-3.13-130.el6_4.i686.rpm perl-Term-UI-0.20-130.el6_4.i686.rpm perl-Test-Harness-3.17-130.el6_4.i686.rpm perl-Test-Simple-0.92-130.el6_4.i686.rpm perl-Time-HiRes-1.9721-130.el6_4.i686.rpm perl-Time-Piece-1.15-130.el6_4.i686.rpm perl-core-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-parent-0.221-130.el6_4.i686.rpm perl-suidperl-5.10.1-130.el6_4.i686.rpm perl-version-0.77-130.el6_4.i686.rpm ppc64: perl-5.10.1-130.el6_4.ppc64.rpm perl-Archive-Extract-0.38-130.el6_4.ppc64.rpm perl-Archive-Tar-1.58-130.el6_4.ppc64.rpm perl-CGI-3.51-130.el6_4.ppc64.rpm perl-CPAN-1.9402-130.el6_4.ppc64.rpm perl-CPANPLUS-0.88-130.el6_4.ppc64.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.ppc64.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.ppc64.rpm perl-Compress-Zlib-2.020-130.el6_4.ppc64.rpm perl-Digest-SHA-5.47-130.el6_4.ppc64.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.ppc64.rpm perl-ExtUtils-Embed-1.28-130.el6_4.ppc64.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.ppc64.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.ppc64.rpm perl-File-Fetch-0.26-130.el6_4.ppc64.rpm perl-IO-Compress-Base-2.020-130.el6_4.ppc64.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.ppc64.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.ppc64.rpm perl-IO-Zlib-1.09-130.el6_4.ppc64.rpm perl-IPC-Cmd-0.56-130.el6_4.ppc64.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.ppc64.rpm perl-Log-Message-0.02-130.el6_4.ppc64.rpm perl-Log-Message-Simple-0.04-130.el6_4.ppc64.rpm perl-Module-Build-0.3500-130.el6_4.ppc64.rpm perl-Module-CoreList-2.18-130.el6_4.ppc64.rpm perl-Module-Load-0.16-130.el6_4.ppc64.rpm perl-Module-Load-Conditional-0.30-130.el6_4.ppc64.rpm perl-Module-Loaded-0.02-130.el6_4.ppc64.rpm perl-Module-Pluggable-3.90-130.el6_4.ppc64.rpm perl-Object-Accessor-0.34-130.el6_4.ppc64.rpm perl-Package-Constants-0.02-130.el6_4.ppc64.rpm perl-Params-Check-0.26-130.el6_4.ppc64.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.ppc64.rpm perl-Pod-Escapes-1.04-130.el6_4.ppc64.rpm perl-Pod-Simple-3.13-130.el6_4.ppc64.rpm perl-Term-UI-0.20-130.el6_4.ppc64.rpm perl-Test-Harness-3.17-130.el6_4.ppc64.rpm perl-Test-Simple-0.92-130.el6_4.ppc64.rpm perl-Time-HiRes-1.9721-130.el6_4.ppc64.rpm perl-Time-Piece-1.15-130.el6_4.ppc64.rpm perl-core-5.10.1-130.el6_4.ppc64.rpm perl-debuginfo-5.10.1-130.el6_4.ppc.rpm perl-debuginfo-5.10.1-130.el6_4.ppc64.rpm perl-devel-5.10.1-130.el6_4.ppc.rpm perl-devel-5.10.1-130.el6_4.ppc64.rpm perl-libs-5.10.1-130.el6_4.ppc.rpm perl-libs-5.10.1-130.el6_4.ppc64.rpm perl-parent-0.221-130.el6_4.ppc64.rpm perl-suidperl-5.10.1-130.el6_4.ppc64.rpm perl-version-0.77-130.el6_4.ppc64.rpm s390x: perl-5.10.1-130.el6_4.s390x.rpm perl-Archive-Extract-0.38-130.el6_4.s390x.rpm perl-Archive-Tar-1.58-130.el6_4.s390x.rpm perl-CGI-3.51-130.el6_4.s390x.rpm perl-CPAN-1.9402-130.el6_4.s390x.rpm perl-CPANPLUS-0.88-130.el6_4.s390x.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.s390x.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.s390x.rpm perl-Compress-Zlib-2.020-130.el6_4.s390x.rpm perl-Digest-SHA-5.47-130.el6_4.s390x.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.s390x.rpm perl-ExtUtils-Embed-1.28-130.el6_4.s390x.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.s390x.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.s390x.rpm perl-File-Fetch-0.26-130.el6_4.s390x.rpm perl-IO-Compress-Base-2.020-130.el6_4.s390x.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.s390x.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.s390x.rpm perl-IO-Zlib-1.09-130.el6_4.s390x.rpm perl-IPC-Cmd-0.56-130.el6_4.s390x.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.s390x.rpm perl-Log-Message-0.02-130.el6_4.s390x.rpm perl-Log-Message-Simple-0.04-130.el6_4.s390x.rpm perl-Module-Build-0.3500-130.el6_4.s390x.rpm perl-Module-CoreList-2.18-130.el6_4.s390x.rpm perl-Module-Load-0.16-130.el6_4.s390x.rpm perl-Module-Load-Conditional-0.30-130.el6_4.s390x.rpm perl-Module-Loaded-0.02-130.el6_4.s390x.rpm perl-Module-Pluggable-3.90-130.el6_4.s390x.rpm perl-Object-Accessor-0.34-130.el6_4.s390x.rpm perl-Package-Constants-0.02-130.el6_4.s390x.rpm perl-Params-Check-0.26-130.el6_4.s390x.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.s390x.rpm perl-Pod-Escapes-1.04-130.el6_4.s390x.rpm perl-Pod-Simple-3.13-130.el6_4.s390x.rpm perl-Term-UI-0.20-130.el6_4.s390x.rpm perl-Test-Harness-3.17-130.el6_4.s390x.rpm perl-Test-Simple-0.92-130.el6_4.s390x.rpm perl-Time-HiRes-1.9721-130.el6_4.s390x.rpm perl-Time-Piece-1.15-130.el6_4.s390x.rpm perl-core-5.10.1-130.el6_4.s390x.rpm perl-debuginfo-5.10.1-130.el6_4.s390.rpm perl-debuginfo-5.10.1-130.el6_4.s390x.rpm perl-devel-5.10.1-130.el6_4.s390.rpm perl-devel-5.10.1-130.el6_4.s390x.rpm perl-libs-5.10.1-130.el6_4.s390.rpm perl-libs-5.10.1-130.el6_4.s390x.rpm perl-parent-0.221-130.el6_4.s390x.rpm perl-suidperl-5.10.1-130.el6_4.s390x.rpm perl-version-0.77-130.el6_4.s390x.rpm x86_64: perl-5.10.1-130.el6_4.x86_64.rpm perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm perl-CGI-3.51-130.el6_4.x86_64.rpm perl-CPAN-1.9402-130.el6_4.x86_64.rpm perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm perl-File-Fetch-0.26-130.el6_4.x86_64.rpm perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm perl-Log-Message-0.02-130.el6_4.x86_64.rpm perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm perl-Module-Build-0.3500-130.el6_4.x86_64.rpm perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm perl-Module-Load-0.16-130.el6_4.x86_64.rpm perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm perl-Package-Constants-0.02-130.el6_4.x86_64.rpm perl-Params-Check-0.26-130.el6_4.x86_64.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm perl-Term-UI-0.20-130.el6_4.x86_64.rpm perl-Test-Harness-3.17-130.el6_4.x86_64.rpm perl-Test-Simple-0.92-130.el6_4.x86_64.rpm perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm perl-Time-Piece-1.15-130.el6_4.x86_64.rpm perl-core-5.10.1-130.el6_4.x86_64.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.x86_64.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.x86_64.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.x86_64.rpm perl-parent-0.221-130.el6_4.x86_64.rpm perl-suidperl-5.10.1-130.el6_4.x86_64.rpm perl-version-0.77-130.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perl-5.10.1-130.el6_4.src.rpm i386: perl-5.10.1-130.el6_4.i686.rpm perl-Archive-Extract-0.38-130.el6_4.i686.rpm perl-Archive-Tar-1.58-130.el6_4.i686.rpm perl-CGI-3.51-130.el6_4.i686.rpm perl-CPAN-1.9402-130.el6_4.i686.rpm perl-CPANPLUS-0.88-130.el6_4.i686.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm perl-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-Digest-SHA-5.47-130.el6_4.i686.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm perl-File-Fetch-0.26-130.el6_4.i686.rpm perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm perl-IO-Zlib-1.09-130.el6_4.i686.rpm perl-IPC-Cmd-0.56-130.el6_4.i686.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm perl-Log-Message-0.02-130.el6_4.i686.rpm perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm perl-Module-Build-0.3500-130.el6_4.i686.rpm perl-Module-CoreList-2.18-130.el6_4.i686.rpm perl-Module-Load-0.16-130.el6_4.i686.rpm perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm perl-Module-Loaded-0.02-130.el6_4.i686.rpm perl-Module-Pluggable-3.90-130.el6_4.i686.rpm perl-Object-Accessor-0.34-130.el6_4.i686.rpm perl-Package-Constants-0.02-130.el6_4.i686.rpm perl-Params-Check-0.26-130.el6_4.i686.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm perl-Pod-Escapes-1.04-130.el6_4.i686.rpm perl-Pod-Simple-3.13-130.el6_4.i686.rpm perl-Term-UI-0.20-130.el6_4.i686.rpm perl-Test-Harness-3.17-130.el6_4.i686.rpm perl-Test-Simple-0.92-130.el6_4.i686.rpm perl-Time-HiRes-1.9721-130.el6_4.i686.rpm perl-Time-Piece-1.15-130.el6_4.i686.rpm perl-core-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-parent-0.221-130.el6_4.i686.rpm perl-suidperl-5.10.1-130.el6_4.i686.rpm perl-version-0.77-130.el6_4.i686.rpm x86_64: perl-5.10.1-130.el6_4.x86_64.rpm perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm perl-CGI-3.51-130.el6_4.x86_64.rpm perl-CPAN-1.9402-130.el6_4.x86_64.rpm perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm perl-File-Fetch-0.26-130.el6_4.x86_64.rpm perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm perl-Log-Message-0.02-130.el6_4.x86_64.rpm perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm perl-Module-Build-0.3500-130.el6_4.x86_64.rpm perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm perl-Module-Load-0.16-130.el6_4.x86_64.rpm perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm perl-Package-Constants-0.02-130.el6_4.x86_64.rpm perl-Params-Check-0.26-130.el6_4.x86_64.rpm perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm perl-Term-UI-0.20-130.el6_4.x86_64.rpm perl-Test-Harness-3.17-130.el6_4.x86_64.rpm perl-Test-Simple-0.92-130.el6_4.x86_64.rpm perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm perl-Time-Piece-1.15-130.el6_4.x86_64.rpm perl-core-5.10.1-130.el6_4.x86_64.rpm perl-debuginfo-5.10.1-130.el6_4.i686.rpm perl-debuginfo-5.10.1-130.el6_4.x86_64.rpm perl-devel-5.10.1-130.el6_4.i686.rpm perl-devel-5.10.1-130.el6_4.x86_64.rpm perl-libs-5.10.1-130.el6_4.i686.rpm perl-libs-5.10.1-130.el6_4.x86_64.rpm perl-parent-0.221-130.el6_4.x86_64.rpm perl-suidperl-5.10.1-130.el6_4.x86_64.rpm perl-version-0.77-130.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5195.html https://www.redhat.com/security/data/cve/CVE-2012-5526.html https://www.redhat.com/security/data/cve/CVE-2012-6329.html https://www.redhat.com/security/data/cve/CVE-2013-1667.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRUfdNXlSAg2UNWIIRAl88AJ4/YxSeZA3iaPdv6vs78VxWw5fr/wCgl+DZ gKbJPAspitHnnYb4NngdLT4= =CjhI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 27 18:57:25 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Mar 2013 18:57:25 +0000 Subject: [RHSA-2013:0687-01] Moderate: pixman security update Message-ID: <201303271857.r2RIvPFp020463@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pixman security update Advisory ID: RHSA-2013:0687-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0687.html Issue date: 2013-03-27 CVE Names: CVE-2013-1591 ===================================================================== 1. Summary: Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910149 - CVE-2013-1591 pixman: stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm i386: pixman-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm x86_64: pixman-0.26.2-5.el6_4.i686.rpm pixman-0.26.2-5.el6_4.x86_64.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm i386: pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm x86_64: pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm x86_64: pixman-0.26.2-5.el6_4.i686.rpm pixman-0.26.2-5.el6_4.x86_64.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm x86_64: pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm i386: pixman-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm ppc64: pixman-0.26.2-5.el6_4.ppc.rpm pixman-0.26.2-5.el6_4.ppc64.rpm pixman-debuginfo-0.26.2-5.el6_4.ppc.rpm pixman-debuginfo-0.26.2-5.el6_4.ppc64.rpm pixman-devel-0.26.2-5.el6_4.ppc.rpm pixman-devel-0.26.2-5.el6_4.ppc64.rpm s390x: pixman-0.26.2-5.el6_4.s390.rpm pixman-0.26.2-5.el6_4.s390x.rpm pixman-debuginfo-0.26.2-5.el6_4.s390.rpm pixman-debuginfo-0.26.2-5.el6_4.s390x.rpm pixman-devel-0.26.2-5.el6_4.s390.rpm pixman-devel-0.26.2-5.el6_4.s390x.rpm x86_64: pixman-0.26.2-5.el6_4.i686.rpm pixman-0.26.2-5.el6_4.x86_64.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pixman-0.26.2-5.el6_4.src.rpm i386: pixman-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm x86_64: pixman-0.26.2-5.el6_4.i686.rpm pixman-0.26.2-5.el6_4.x86_64.rpm pixman-debuginfo-0.26.2-5.el6_4.i686.rpm pixman-debuginfo-0.26.2-5.el6_4.x86_64.rpm pixman-devel-0.26.2-5.el6_4.i686.rpm pixman-devel-0.26.2-5.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1591.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRU0ELXlSAg2UNWIIRAid5AJ4ny496TN4uZcrGZSEGw2axcaw+AQCfbBOP RV0CZSk9gyjLFC/ydr8HN6k= =8pJz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 28 22:22:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Mar 2013 22:22:56 +0000 Subject: [RHSA-2013:0688-01] Low: Red Hat Enterprise Linux Advanced Mission Critical 5.3 1-Year Notice Message-ID: <201303282222.r2SMMvRV012870@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux Advanced Mission Critical 5.3 1-Year Notice Advisory ID: RHSA-2013:0688-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0688.html Issue date: 2013-03-28 ===================================================================== 1. Summary: This is the one-year notification for the retirement of Advanced Mission Critical (AMC) for Red Hat Enterprise Linux 5.3. 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date. In addition, after March 31, 2014, technical support through Red Hat?s Global Support Services will no longer be provided. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support (AMC) channels for Red Hat Enterprise Linux 5.3. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.3 to a more recent release of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release (AMC is available on 5.9) or Red Hat Enterprise Linux 6 release (AMC is available on 6.2 and 6.4, and planned for 6.6). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: redhat-release-5Server-5.3.0.5.src.rpm i386: redhat-release-5Server-5.3.0.5.i386.rpm redhat-release-debuginfo-5Server-5.3.0.5.i386.rpm ia64: redhat-release-5Server-5.3.0.5.ia64.rpm redhat-release-debuginfo-5Server-5.3.0.5.ia64.rpm x86_64: redhat-release-5Server-5.3.0.5.x86_64.rpm redhat-release-debuginfo-5Server-5.3.0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRVMKvXlSAg2UNWIIRAiCpAJ9VXM80Qpt9EoSBc+vjiyarMXIStwCfQ400 /vdOkCfQNmz/lyEijNHqI4I= =XDP8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 28 22:23:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Mar 2013 22:23:50 +0000 Subject: [RHSA-2013:0689-01] Important: bind security and bug fix update Message-ID: <201303282223.r2SMNoHr028547@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2013:0689-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0689.html Issue date: 2013-03-28 CVE Names: CVE-2013-2266 ===================================================================== 1. Summary: Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug: * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a "/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or directory" error. (BZ#928439) All bind users are advised to upgrade to these updated packages, which contain patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS 928439 - building bind-dyndb-ldap error: dns/rrl.h: No such file or directory 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2266.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2013-2266 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRVMLdXlSAg2UNWIIRAsZfAKCyin6VjKh+MJwZjqJ0tn2+ayZTygCdEwWJ SMtY22xlYL6dxJ9RgKwa9Q0= =/8r6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 28 22:24:25 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Mar 2013 22:24:25 +0000 Subject: [RHSA-2013:0690-01] Important: bind97 security update Message-ID: <201303282224.r2SMOPWv019815@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2013:0690-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0690.html Issue date: 2013-03-28 CVE Names: CVE-2013-2266 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-17.P2.el5_9.1.src.rpm i386: bind97-9.7.0-17.P2.el5_9.1.i386.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm bind97-utils-9.7.0-17.P2.el5_9.1.i386.rpm x86_64: bind97-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-utils-9.7.0-17.P2.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-17.P2.el5_9.1.src.rpm i386: bind97-9.7.0-17.P2.el5_9.1.i386.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm bind97-utils-9.7.0-17.P2.el5_9.1.i386.rpm ia64: bind97-9.7.0-17.P2.el5_9.1.ia64.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.ia64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.ia64.rpm bind97-devel-9.7.0-17.P2.el5_9.1.ia64.rpm bind97-libs-9.7.0-17.P2.el5_9.1.ia64.rpm bind97-utils-9.7.0-17.P2.el5_9.1.ia64.rpm ppc: bind97-9.7.0-17.P2.el5_9.1.ppc.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.ppc.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.ppc.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.ppc64.rpm bind97-devel-9.7.0-17.P2.el5_9.1.ppc.rpm bind97-devel-9.7.0-17.P2.el5_9.1.ppc64.rpm bind97-libs-9.7.0-17.P2.el5_9.1.ppc.rpm bind97-libs-9.7.0-17.P2.el5_9.1.ppc64.rpm bind97-utils-9.7.0-17.P2.el5_9.1.ppc.rpm s390x: bind97-9.7.0-17.P2.el5_9.1.s390x.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.s390x.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.s390.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.s390x.rpm bind97-devel-9.7.0-17.P2.el5_9.1.s390.rpm bind97-devel-9.7.0-17.P2.el5_9.1.s390x.rpm bind97-libs-9.7.0-17.P2.el5_9.1.s390.rpm bind97-libs-9.7.0-17.P2.el5_9.1.s390x.rpm bind97-utils-9.7.0-17.P2.el5_9.1.s390x.rpm x86_64: bind97-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-chroot-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.i386.rpm bind97-debuginfo-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm bind97-devel-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm bind97-libs-9.7.0-17.P2.el5_9.1.x86_64.rpm bind97-utils-9.7.0-17.P2.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2266.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2013-2266 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRVMMIXlSAg2UNWIIRAjfEAJ0cm5ty7l/kIT+0ZRMi0FCNrIkYKACdE1dB RIINsXnGUltgGxoL3WgweG8= =O7Zy -----END PGP SIGNATURE-----