From bugzilla at redhat.com  Thu May  2 15:35:50 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 May 2013 15:35:50 +0000
Subject: [RHSA-2013:0784-01] Low: Red Hat Enterprise Linux 6.1 Extended Update
	Support 1-Month Notice
Message-ID: <201305021535.r42FZpar022231@int-mx02.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat Enterprise Linux 6.1 Extended Update Support 1-Month Notice
Advisory ID:       RHSA-2013:0784-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0784.html
Issue date:        2013-05-02
=====================================================================

1. Summary:

This is the 1-Month notification for the retirement of Red Hat Enterprise
Linux 6.1 Extended Update Support (EUS).

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64

3. Description:

In accordance with the Red Hat Enterprise Linux Errata Support Policy,
Extended Update Support for Red Hat Enterprise Linux 6.1 will be retired on
May 31, 2013, and support will no longer be provided. Accordingly, Red Hat
will no longer provide updated packages, including critical impact security
patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.1 EUS
after that date. In addition, after May 31, 2013, technical support through
Red Hat's Global Support Services will no longer be provided.

Note: This notification applies only to those customers with subscriptions
to the Extended Update Support (EUS) channels for Red Hat Enterprise
Linux 6.1.

We encourage customers to plan their migration from Red Hat Enterprise
Linux 6.1 to a more recent version of Red Hat Enterprise Linux 6. As a
benefit of the Red Hat subscription model, customers can use their active
subscriptions to entitle any system on a currently supported Red Hat
Enterprise Linux 6 release (6.2, 6.3, or 6.4, for which EUS is available).

Details of the Red Hat Enterprise Linux life cycle can be found here:
https://access.redhat.com/support/policy/updates/errata/

4. Solution:

This advisory contains an updated redhat-release-server package that
provides a copy of this notice in the "/usr/share/doc/" directory.

5. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.1):

Source:
redhat-release-server-6Server-6.1.0.4.el6_1.src.rpm

i386:
redhat-release-server-6Server-6.1.0.4.el6_1.i686.rpm

ppc64:
redhat-release-server-6Server-6.1.0.4.el6_1.ppc64.rpm

s390x:
redhat-release-server-6Server-6.1.0.4.el6_1.s390x.rpm

x86_64:
redhat-release-server-6Server-6.1.0.4.el6_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

6. References:

https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/support/policy/updates/errata/

7. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRgoemXlSAg2UNWIIRAn7pAKCG9roOckHo0xdlH8RDj4XBLG9mxwCcDDuy
zEMMvWKlghQcYugw5v6FeH4=
=K82M
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May  6 19:45:19 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 6 May 2013 19:45:19 +0000
Subject: [RHSA-2013:0788-01] Moderate: subscription-manager security update
Message-ID: <201305061945.r46JjJSH029610@int-mx01.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: subscription-manager security update
Advisory ID:       RHSA-2013:0788-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0788.html
Issue date:        2013-05-06
CVE Names:         CVE-2012-6137 
=====================================================================

1. Summary:

Updated subscription-manager packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The subscription-manager packages provide programs and libraries to allow
users to manage subscriptions and yum repositories from the Red Hat
Entitlement platform.

It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify
the Red Hat Network Classic server's X.509 certificate when migrating
system profiles registered with Red Hat Network Classic to
Certificate-based Red Hat Network. An attacker could use this flaw to
conduct man-in-the-middle attacks, allowing them to obtain the user's Red
Hat Network credentials. (CVE-2012-6137)

This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.

All users of subscription-manager are advised to upgrade to these updated
packages, which contain a backported patch to fix this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

885130 - CVE-2012-6137 subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subscription-manager-1.0.24.1-1.el5_9.src.rpm

i386:
subscription-manager-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.i386.rpm

x86_64:
subscription-manager-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subscription-manager-1.0.24.1-1.el5_9.src.rpm

i386:
subscription-manager-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.i386.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.i386.rpm

ia64:
subscription-manager-1.0.24.1-1.el5_9.ia64.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.ia64.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.ia64.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.ia64.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.ia64.rpm

ppc:
subscription-manager-1.0.24.1-1.el5_9.ppc.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.ppc.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.ppc.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.ppc.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.ppc.rpm

s390x:
subscription-manager-1.0.24.1-1.el5_9.s390x.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.s390x.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.s390x.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.s390x.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.s390x.rpm

x86_64:
subscription-manager-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-debuginfo-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-firstboot-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-gui-1.0.24.1-1.el5_9.x86_64.rpm
subscription-manager-migration-1.0.24.1-1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subscription-manager-1.1.23.1-1.el6_4.src.rpm

i386:
subscription-manager-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.i686.rpm

x86_64:
subscription-manager-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subscription-manager-1.1.23.1-1.el6_4.src.rpm

x86_64:
subscription-manager-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subscription-manager-1.1.23.1-1.el6_4.src.rpm

x86_64:
subscription-manager-debuginfo-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subscription-manager-1.1.23.1-1.el6_4.src.rpm

i386:
subscription-manager-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.i686.rpm

ppc64:
subscription-manager-1.1.23.1-1.el6_4.ppc64.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.ppc64.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.ppc64.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.ppc64.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.ppc64.rpm

s390x:
subscription-manager-1.1.23.1-1.el6_4.s390x.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.s390x.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.s390x.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.s390x.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.s390x.rpm

x86_64:
subscription-manager-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subscription-manager-1.1.23.1-1.el6_4.src.rpm

i386:
subscription-manager-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.i686.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.i686.rpm

x86_64:
subscription-manager-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-debuginfo-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-firstboot-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-gui-1.1.23.1-1.el6_4.x86_64.rpm
subscription-manager-migration-1.1.23.1-1.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-6137.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRiAg9XlSAg2UNWIIRAvuAAJ0ZuXlrwi9FEAsdeNrOOxssvY2CeQCgi4cR
uxSqEG7jO4c1h149Ft7tEIs=
=h0hg
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May  9 18:17:33 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 9 May 2013 18:17:33 +0000
Subject: [RHSA-2013:0806-01] Low: openstack-keystone security and bug fix
	update
Message-ID: <201305091817.r49IHXCZ010619@int-mx01.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: openstack-keystone security and bug fix update
Advisory ID:       RHSA-2013:0806-01
Product:           Red Hat OpenStack
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0806.html
Issue date:        2013-05-09
CVE Names:         CVE-2013-2006 
=====================================================================

1. Summary:

Updated openstack-keystone packages that fix one security issue and various
bugs are now available for Red Hat OpenStack Folsom.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

OpenStack Folsom - noarch

3. Description:

The openstack-keystone packages provide Keystone, a Python implementation
of the OpenStack identity service API, which provides Identity, Token,
Catalog, and Policy services.

These updated packages have been upgraded to upstream version 2012.2.4,
which provides a number of bug fixes over the previous version. (BZ#950132)

This update also fixes the following security issue:

In environments using LDAP (Lightweight Directory Access Protocol), if
debug-level logging was enabled (for example, by enabling it in
"/etc/keystone/keystone.conf"), the LDAP server password was logged in
plain text to a world-readable log file. Debug-level logging is not enabled
by default. (CVE-2013-2006)

Additionally, this update also fixes the following bugs:

* If the Keystone service incurred an HTTP error as a result of a transient
network error, authentication tokens were listed as invalid. With this
update, the Keystone service will now retry requests a few times before
failing, which masks transient network errors. (BZ#919526)

* The "/var/log/keystone/" directory was world-readable. With this update,
world-read permissions have been removed. (BZ#956474)

All users of openstack-keystone are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the Keystone service (openstack-keystone) will be restarted
automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

919526 - Temporary network outage results in connection refused and invalid token
956007 - CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files
956474 - OpenStack keystone: /var/log/keystone/ is world readable

6. Package List:

OpenStack Folsom:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.2.4-2.el6ost.src.rpm

noarch:
openstack-keystone-2012.2.4-2.el6ost.noarch.rpm
openstack-keystone-doc-2012.2.4-2.el6ost.noarch.rpm
python-keystone-2012.2.4-2.el6ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2006.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRi+gjXlSAg2UNWIIRAqqCAKDCxKhFK2RZ5G5O+4fk+YAhAMwd9QCfTMIr
xFTj5fOKhpze1wBAu0cD3Pw=
=JQDL
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May  9 18:18:55 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 9 May 2013 18:18:55 +0000
Subject: [RHSA-2013:0807-01] Low: hypervkvpd security and bug fix update
Message-ID: <201305091818.r49IItKe000589@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: hypervkvpd security and bug fix update
Advisory ID:       RHSA-2013:0807-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0807.html
Issue date:        2013-05-09
CVE Names:         CVE-2012-5532 
=====================================================================

1. Summary:

An updated hypervkvpd package that fixes one security issue and one bug is
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Multi OS (v. 5 client) - i386, x86_64
RHEL Virtualization (v. 5 server) - i386, ia64, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V
Key-Value Pair (KVP) daemon. The daemon passes basic information to the
host through VMBus, such as the guest IP address, fully qualified domain
name, operating system name, and operating system release number.

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed, would
cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a "KVP: Failed to open file, pool: 1" error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue. (BZ#953502)

Users of hypervkvpd are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing the
update, it is recommended to reboot all guest machines.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

877572 - CVE-2012-5532 hypervkvpd: Netlink source address validation allows denial of service
953502 - hypervkvpd dies from time to time with "KVP: Failed to open file, pool: 1"

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hypervkvpd-0-0.7.el5_9.3.src.rpm

i386:
hypervkvpd-0-0.7.el5_9.3.i686.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm

x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm

RHEL Desktop Multi OS (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hypervkvpd-0-0.7.el5_9.3.src.rpm

i386:
hypervkvpd-0-0.7.el5_9.3.i686.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm

x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hypervkvpd-0-0.7.el5_9.3.src.rpm

i386:
hypervkvpd-0-0.7.el5_9.3.i686.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm

x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm

RHEL Virtualization (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hypervkvpd-0-0.7.el5_9.3.src.rpm

i386:
hypervkvpd-0-0.7.el5_9.3.i686.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.i686.rpm

ia64:
hypervkvpd-0-0.7.el5_9.3.ia64.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.ia64.rpm

x86_64:
hypervkvpd-0-0.7.el5_9.3.x86_64.rpm
hypervkvpd-debuginfo-0-0.7.el5_9.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-5532.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRi+hZXlSAg2UNWIIRAqiZAKCORIJY1WFimbFJ+TU1FKdy6Ei11QCgvRe9
7pAWShGp4YNtDqBP9P19SLs=
=yPV1
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 13 18:06:36 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 May 2013 18:06:36 +0000
Subject: [RHSA-2013:0815-01] Moderate: httpd security update
Message-ID: <201305131806.r4DI6aRV003255@int-mx01.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2013:0815-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0815.html
Issue date:        2013-05-13
CVE Names:         CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 
=====================================================================

1. Summary:

Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The Apache HTTP Server is a popular web server.

Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a user,
who was logged into the manager web interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's manager interface session. (CVE-2012-4558)

It was found that mod_rewrite did not filter terminal escape sequences from
its log file. If mod_rewrite was configured with the RewriteLog directive,
a remote attacker could use specially-crafted HTTP requests to inject
terminal escape sequences into the mod_rewrite log file. If a victim viewed
the log file with a terminal emulator, it could result in arbitrary command
execution with the privileges of that user. (CVE-2013-1862)

Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could
possibly use these flaws to perform XSS attacks if they were able to make
the victim's browser generate an HTTP request with a specially-crafted Host
header. (CVE-2012-3499)

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames
915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface
953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm

i386:
httpd-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
mod_ssl-2.2.3-78.el5_9.i386.rpm

x86_64:
httpd-2.2.3-78.el5_9.x86_64.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
mod_ssl-2.2.3-78.el5_9.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm

i386:
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-manual-2.2.3-78.el5_9.i386.rpm

x86_64:
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.x86_64.rpm
httpd-manual-2.2.3-78.el5_9.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm

i386:
httpd-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-manual-2.2.3-78.el5_9.i386.rpm
mod_ssl-2.2.3-78.el5_9.i386.rpm

ia64:
httpd-2.2.3-78.el5_9.ia64.rpm
httpd-debuginfo-2.2.3-78.el5_9.ia64.rpm
httpd-devel-2.2.3-78.el5_9.ia64.rpm
httpd-manual-2.2.3-78.el5_9.ia64.rpm
mod_ssl-2.2.3-78.el5_9.ia64.rpm

ppc:
httpd-2.2.3-78.el5_9.ppc.rpm
httpd-debuginfo-2.2.3-78.el5_9.ppc.rpm
httpd-debuginfo-2.2.3-78.el5_9.ppc64.rpm
httpd-devel-2.2.3-78.el5_9.ppc.rpm
httpd-devel-2.2.3-78.el5_9.ppc64.rpm
httpd-manual-2.2.3-78.el5_9.ppc.rpm
mod_ssl-2.2.3-78.el5_9.ppc.rpm

s390x:
httpd-2.2.3-78.el5_9.s390x.rpm
httpd-debuginfo-2.2.3-78.el5_9.s390.rpm
httpd-debuginfo-2.2.3-78.el5_9.s390x.rpm
httpd-devel-2.2.3-78.el5_9.s390.rpm
httpd-devel-2.2.3-78.el5_9.s390x.rpm
httpd-manual-2.2.3-78.el5_9.s390x.rpm
mod_ssl-2.2.3-78.el5_9.s390x.rpm

x86_64:
httpd-2.2.3-78.el5_9.x86_64.rpm
httpd-debuginfo-2.2.3-78.el5_9.i386.rpm
httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm
httpd-devel-2.2.3-78.el5_9.i386.rpm
httpd-devel-2.2.3-78.el5_9.x86_64.rpm
httpd-manual-2.2.3-78.el5_9.x86_64.rpm
mod_ssl-2.2.3-78.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm

x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

i386:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm

noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm

x86_64:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm

x86_64:
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm

noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm

ppc64:
httpd-2.2.15-28.el6_4.ppc64.rpm
httpd-debuginfo-2.2.15-28.el6_4.ppc.rpm
httpd-debuginfo-2.2.15-28.el6_4.ppc64.rpm
httpd-devel-2.2.15-28.el6_4.ppc.rpm
httpd-devel-2.2.15-28.el6_4.ppc64.rpm
httpd-tools-2.2.15-28.el6_4.ppc64.rpm
mod_ssl-2.2.15-28.el6_4.ppc64.rpm

s390x:
httpd-2.2.15-28.el6_4.s390x.rpm
httpd-debuginfo-2.2.15-28.el6_4.s390.rpm
httpd-debuginfo-2.2.15-28.el6_4.s390x.rpm
httpd-devel-2.2.15-28.el6_4.s390.rpm
httpd-devel-2.2.15-28.el6_4.s390x.rpm
httpd-tools-2.2.15-28.el6_4.s390x.rpm
mod_ssl-2.2.15-28.el6_4.s390x.rpm

x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm

i386:
httpd-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-tools-2.2.15-28.el6_4.i686.rpm
mod_ssl-2.2.15-28.el6_4.i686.rpm

noarch:
httpd-manual-2.2.15-28.el6_4.noarch.rpm

x86_64:
httpd-2.2.15-28.el6_4.x86_64.rpm
httpd-debuginfo-2.2.15-28.el6_4.i686.rpm
httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm
httpd-devel-2.2.15-28.el6_4.i686.rpm
httpd-devel-2.2.15-28.el6_4.x86_64.rpm
httpd-tools-2.2.15-28.el6_4.x86_64.rpm
mod_ssl-2.2.15-28.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3499.html
https://www.redhat.com/security/data/cve/CVE-2012-4558.html
https://www.redhat.com/security/data/cve/CVE-2013-1862.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRkStkXlSAg2UNWIIRAjqUAKC32RL1vwpATVk/Br3oSVd4O798twCglqcU
SUNZGJOLZsJPZ1ahPENC8lg=
=9n3X
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 14 20:12:03 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 May 2013 20:12:03 +0000
Subject: [RHSA-2013:0820-01] Critical: firefox security update
Message-ID: <201305142012.r4EKC3Uq017318@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2013:0820-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0820.html
Issue date:        2013-05-14
CVE Names:         CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 
                   CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 
                   CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 
                   CVE-2013-1681 
=====================================================================

1. Summary:

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676,
CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

A flaw was found in the way Firefox handled Content Level Constructors. A
malicious site could use this flaw to perform cross-site scripting (XSS)
attacks. (CVE-2013-1670)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman,
Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews
as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 17.0.6 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

962591 - CVE-2013-0801 Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41)
962596 - CVE-2013-1670 Mozilla: Privileged access for content level constructor (MFSA 2013-42)
962598 - CVE-2013-1674 Mozilla: Use-after-free with video and onresize event (MFSA 2013-46)
962601 - CVE-2013-1675 Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47)
962603 - CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla:  Memory corruption found using Address Sanitizer (MFSA 2013-48)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.6-1.el5_9.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.6-1.el5_9.src.rpm

i386:
firefox-17.0.6-1.el5_9.i386.rpm
firefox-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-17.0.6-1.el5_9.i386.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm

x86_64:
firefox-17.0.6-1.el5_9.i386.rpm
firefox-17.0.6-1.el5_9.x86_64.rpm
firefox-debuginfo-17.0.6-1.el5_9.i386.rpm
firefox-debuginfo-17.0.6-1.el5_9.x86_64.rpm
xulrunner-17.0.6-1.el5_9.i386.rpm
xulrunner-17.0.6-1.el5_9.x86_64.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.6-1.el5_9.src.rpm

i386:
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-devel-17.0.6-1.el5_9.i386.rpm

x86_64:
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.x86_64.rpm
xulrunner-devel-17.0.6-1.el5_9.i386.rpm
xulrunner-devel-17.0.6-1.el5_9.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.6-1.el5_9.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.6-1.el5_9.src.rpm

i386:
firefox-17.0.6-1.el5_9.i386.rpm
firefox-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-17.0.6-1.el5_9.i386.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-devel-17.0.6-1.el5_9.i386.rpm

ia64:
firefox-17.0.6-1.el5_9.ia64.rpm
firefox-debuginfo-17.0.6-1.el5_9.ia64.rpm
xulrunner-17.0.6-1.el5_9.ia64.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.ia64.rpm
xulrunner-devel-17.0.6-1.el5_9.ia64.rpm

ppc:
firefox-17.0.6-1.el5_9.ppc.rpm
firefox-debuginfo-17.0.6-1.el5_9.ppc.rpm
xulrunner-17.0.6-1.el5_9.ppc.rpm
xulrunner-17.0.6-1.el5_9.ppc64.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.ppc.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.ppc64.rpm
xulrunner-devel-17.0.6-1.el5_9.ppc.rpm
xulrunner-devel-17.0.6-1.el5_9.ppc64.rpm

s390x:
firefox-17.0.6-1.el5_9.s390.rpm
firefox-17.0.6-1.el5_9.s390x.rpm
firefox-debuginfo-17.0.6-1.el5_9.s390.rpm
firefox-debuginfo-17.0.6-1.el5_9.s390x.rpm
xulrunner-17.0.6-1.el5_9.s390.rpm
xulrunner-17.0.6-1.el5_9.s390x.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.s390.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.s390x.rpm
xulrunner-devel-17.0.6-1.el5_9.s390.rpm
xulrunner-devel-17.0.6-1.el5_9.s390x.rpm

x86_64:
firefox-17.0.6-1.el5_9.i386.rpm
firefox-17.0.6-1.el5_9.x86_64.rpm
firefox-debuginfo-17.0.6-1.el5_9.i386.rpm
firefox-debuginfo-17.0.6-1.el5_9.x86_64.rpm
xulrunner-17.0.6-1.el5_9.i386.rpm
xulrunner-17.0.6-1.el5_9.x86_64.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.i386.rpm
xulrunner-debuginfo-17.0.6-1.el5_9.x86_64.rpm
xulrunner-devel-17.0.6-1.el5_9.i386.rpm
xulrunner-devel-17.0.6-1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.6-1.el6_4.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm

x86_64:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-17.0.6-1.el6_4.x86_64.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.x86_64.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.x86_64.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm

x86_64:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.6-1.el6_4.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

x86_64:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-17.0.6-1.el6_4.x86_64.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.x86_64.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.x86_64.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.6-1.el6_4.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm

ppc64:
firefox-17.0.6-1.el6_4.ppc.rpm
firefox-17.0.6-1.el6_4.ppc64.rpm
firefox-debuginfo-17.0.6-1.el6_4.ppc.rpm
firefox-debuginfo-17.0.6-1.el6_4.ppc64.rpm
xulrunner-17.0.6-2.el6_4.ppc.rpm
xulrunner-17.0.6-2.el6_4.ppc64.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.ppc.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.ppc64.rpm

s390x:
firefox-17.0.6-1.el6_4.s390.rpm
firefox-17.0.6-1.el6_4.s390x.rpm
firefox-debuginfo-17.0.6-1.el6_4.s390.rpm
firefox-debuginfo-17.0.6-1.el6_4.s390x.rpm
xulrunner-17.0.6-2.el6_4.s390.rpm
xulrunner-17.0.6-2.el6_4.s390x.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.s390.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.s390x.rpm

x86_64:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-17.0.6-1.el6_4.x86_64.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.x86_64.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.x86_64.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm

ppc64:
xulrunner-debuginfo-17.0.6-2.el6_4.ppc.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.ppc64.rpm
xulrunner-devel-17.0.6-2.el6_4.ppc.rpm
xulrunner-devel-17.0.6-2.el6_4.ppc64.rpm

s390x:
xulrunner-debuginfo-17.0.6-2.el6_4.s390.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.s390x.rpm
xulrunner-devel-17.0.6-2.el6_4.s390.rpm
xulrunner-devel-17.0.6-2.el6_4.s390x.rpm

x86_64:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.6-1.el6_4.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm

x86_64:
firefox-17.0.6-1.el6_4.i686.rpm
firefox-17.0.6-1.el6_4.x86_64.rpm
firefox-debuginfo-17.0.6-1.el6_4.i686.rpm
firefox-debuginfo-17.0.6-1.el6_4.x86_64.rpm
xulrunner-17.0.6-2.el6_4.i686.rpm
xulrunner-17.0.6-2.el6_4.x86_64.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.6-2.el6_4.src.rpm

i386:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm

x86_64:
xulrunner-debuginfo-17.0.6-2.el6_4.i686.rpm
xulrunner-debuginfo-17.0.6-2.el6_4.x86_64.rpm
xulrunner-devel-17.0.6-2.el6_4.i686.rpm
xulrunner-devel-17.0.6-2.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0801.html
https://www.redhat.com/security/data/cve/CVE-2013-1670.html
https://www.redhat.com/security/data/cve/CVE-2013-1674.html
https://www.redhat.com/security/data/cve/CVE-2013-1675.html
https://www.redhat.com/security/data/cve/CVE-2013-1676.html
https://www.redhat.com/security/data/cve/CVE-2013-1677.html
https://www.redhat.com/security/data/cve/CVE-2013-1678.html
https://www.redhat.com/security/data/cve/CVE-2013-1679.html
https://www.redhat.com/security/data/cve/CVE-2013-1680.html
https://www.redhat.com/security/data/cve/CVE-2013-1681.html
https://access.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRkpp4XlSAg2UNWIIRApM3AKCsAspbkCu0BAawGdoaMd9Vmgb85gCfVWHz
7JvdXABhT57kkyckwkm1Ya8=
=Ocbc
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 14 20:12:38 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 May 2013 20:12:38 +0000
Subject: [RHSA-2013:0821-01] Important: thunderbird security update
Message-ID: <201305142012.r4EKCccH028902@int-mx01.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2013:0821-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0821.html
Issue date:        2013-05-14
CVE Names:         CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 
                   CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 
                   CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 
                   CVE-2013-1681 
=====================================================================

1. Summary:

An updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Optional Productivity Applications (v. 5 server)	 - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-0801,
CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678,
CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

A flaw was found in the way Thunderbird handled Content Level Constructors.
Malicious content could use this flaw to perform cross-site scripting (XSS)
attacks. (CVE-2013-1670)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman,
Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as
the original reporters of these issues.

Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.

All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 17.0.6 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

962591 - CVE-2013-0801 Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41)
962596 - CVE-2013-1670 Mozilla: Privileged access for content level constructor (MFSA 2013-42)
962598 - CVE-2013-1674 Mozilla: Use-after-free with video and onresize event (MFSA 2013-46)
962601 - CVE-2013-1675 Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47)
962603 - CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla:  Memory corruption found using Address Sanitizer (MFSA 2013-48)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-17.0.6-1.el5_9.src.rpm

i386:
thunderbird-17.0.6-1.el5_9.i386.rpm
thunderbird-debuginfo-17.0.6-1.el5_9.i386.rpm

x86_64:
thunderbird-17.0.6-1.el5_9.x86_64.rpm
thunderbird-debuginfo-17.0.6-1.el5_9.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server)	:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-17.0.6-1.el5_9.src.rpm

i386:
thunderbird-17.0.6-1.el5_9.i386.rpm
thunderbird-debuginfo-17.0.6-1.el5_9.i386.rpm

x86_64:
thunderbird-17.0.6-1.el5_9.x86_64.rpm
thunderbird-debuginfo-17.0.6-1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-17.0.6-2.el6_4.src.rpm

i386:
thunderbird-17.0.6-2.el6_4.i686.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.i686.rpm

x86_64:
thunderbird-17.0.6-2.el6_4.x86_64.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-17.0.6-2.el6_4.src.rpm

i386:
thunderbird-17.0.6-2.el6_4.i686.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.i686.rpm

ppc64:
thunderbird-17.0.6-2.el6_4.ppc64.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.ppc64.rpm

s390x:
thunderbird-17.0.6-2.el6_4.s390x.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.s390x.rpm

x86_64:
thunderbird-17.0.6-2.el6_4.x86_64.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-17.0.6-2.el6_4.src.rpm

i386:
thunderbird-17.0.6-2.el6_4.i686.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.i686.rpm

x86_64:
thunderbird-17.0.6-2.el6_4.x86_64.rpm
thunderbird-debuginfo-17.0.6-2.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0801.html
https://www.redhat.com/security/data/cve/CVE-2013-1670.html
https://www.redhat.com/security/data/cve/CVE-2013-1674.html
https://www.redhat.com/security/data/cve/CVE-2013-1675.html
https://www.redhat.com/security/data/cve/CVE-2013-1676.html
https://www.redhat.com/security/data/cve/CVE-2013-1677.html
https://www.redhat.com/security/data/cve/CVE-2013-1678.html
https://www.redhat.com/security/data/cve/CVE-2013-1679.html
https://www.redhat.com/security/data/cve/CVE-2013-1680.html
https://www.redhat.com/security/data/cve/CVE-2013-1681.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRkpqlXlSAg2UNWIIRAutFAKCd4lx0PL9jKcXaFJhx/Lo/2WJf+wCfdytG
Hq/kk4gMAHewP7RAqWX3NsA=
=r8+E
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 14 20:13:31 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 May 2013 20:13:31 +0000
Subject: [RHSA-2013:0822-01] Critical: java-1.7.0-ibm security update
Message-ID: <201305142013.r4EKDWsx013208@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-ibm security update
Advisory ID:       RHSA-2013:0822-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0822.html
Issue date:        2013-05-14
CVE Names:         CVE-2013-0169 CVE-2013-0401 CVE-2013-1488 
                   CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 
                   CVE-2013-1557 CVE-2013-1558 CVE-2013-1563 
                   CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 
                   CVE-2013-2394 CVE-2013-2415 CVE-2013-2416 
                   CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 
                   CVE-2013-2420 CVE-2013-2422 CVE-2013-2423 
                   CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 
                   CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 
                   CVE-2013-2434 CVE-2013-2435 CVE-2013-2436 
                   CVE-2013-2438 CVE-2013-2440 
=====================================================================

1. Summary:

Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-0169, CVE-2013-0401,
CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,
CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,
CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418,
CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424,
CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433,
CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440)

All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR4-FP2 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920247 - CVE-2013-1488 OpenJDK: JDBC driver manager improper toString calls (CanSecWest 2013, Libraries, 8009814)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952389 - CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
952398 - CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952550 - CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952640 - CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952653 - CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953135 - Oracle JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)
953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953266 - CVE-2013-2416 Oracle JDK: unspecified vulnerability fixed in 7u21 (Deployment)
953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953272 - CVE-2013-2434 Oracle JDK: unspecified vulnerability fixed in 7u21 (2D)
953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.i386.rpm

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.i386.rpm

ppc:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.ppc64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.ppc.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.ppc64.rpm

s390x:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.s390.rpm
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.s390.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.s390.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.s390.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.s390x.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.s390.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.s390x.rpm

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.i386.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.i686.rpm

ppc64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.ppc64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.ppc64.rpm

s390x:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.s390x.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.s390x.rpm

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.i686.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.7.0-ibm-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.4.2-1jpp.1.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-1488.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1540.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1558.html
https://www.redhat.com/security/data/cve/CVE-2013-1563.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2415.html
https://www.redhat.com/security/data/cve/CVE-2013-2416.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2418.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2423.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2426.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://www.redhat.com/security/data/cve/CVE-2013-2433.html
https://www.redhat.com/security/data/cve/CVE-2013-2434.html
https://www.redhat.com/security/data/cve/CVE-2013-2435.html
https://www.redhat.com/security/data/cve/CVE-2013-2436.html
https://www.redhat.com/security/data/cve/CVE-2013-2438.html
https://www.redhat.com/security/data/cve/CVE-2013-2440.html
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRkprMXlSAg2UNWIIRAqgdAKCSdl42n6XyuwcAUxg7lyOyDurFbQCfbwGr
X3eGP6WGu+vsuYBC7HgXi6g=
=jTHe
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 14 20:14:18 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 May 2013 20:14:18 +0000
Subject: [RHSA-2013:0823-01] Critical: java-1.6.0-ibm security update
Message-ID: <201305142014.r4EKEIMM013488@int-mx02.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.6.0-ibm security update
Advisory ID:       RHSA-2013:0823-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0823.html
Issue date:        2013-05-14
CVE Names:         CVE-2013-0169 CVE-2013-0401 CVE-2013-1491 
                   CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 
                   CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 
                   CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 
                   CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 
                   CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 
                   CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 
                   CVE-2013-2435 CVE-2013-2440 
=====================================================================

1. Summary:

Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-0169, CVE-2013-0401,
CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563,
CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2440)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR13-FP2 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.i386.rpm

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.i386.rpm

ppc:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.ppc.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.ppc64.rpm

s390x:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.s390.rpm
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.s390.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.s390.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.s390.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.s390.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.s390x.rpm

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.i686.rpm

ppc64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.ppc64.rpm

s390x:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.s390.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.s390x.rpm

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.6.0-ibm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.i686.rpm
java-1.6.0-ibm-devel-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.13.2-1jpp.1.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1540.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1563.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2418.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://www.redhat.com/security/data/cve/CVE-2013-2433.html
https://www.redhat.com/security/data/cve/CVE-2013-2435.html
https://www.redhat.com/security/data/cve/CVE-2013-2440.html
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRkpsAXlSAg2UNWIIRArHgAJ99lN3GBaglvj3QTq7laft1RtttvQCgglIn
I8ZMWd5AhLgB1TqY/4MQYM0=
=wmpI
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 15 09:05:25 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 May 2013 09:05:25 +0000
Subject: [RHSA-2013:0825-01] Critical: flash-plugin security update
Message-ID: <201305150904.r4F94jfk010678@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: flash-plugin security update
Advisory ID:       RHSA-2013:0825-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date:        2013-05-15
CVE Names:         CVE-2013-2728 CVE-2013-3324 CVE-2013-3325 
                   CVE-2013-3326 CVE-2013-3327 CVE-2013-3328 
                   CVE-2013-3329 CVE-2013-3330 CVE-2013-3331 
                   CVE-2013-3332 CVE-2013-3333 CVE-2013-3334 
                   CVE-2013-3335 
=====================================================================

1. Summary:

An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content. (CVE-2013-2728,
CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328,
CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333,
CVE-2013-3334, CVE-2013-3335)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.285.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

962895 - flash-plugin: multiple code execution flaws (APSB13-14)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm

x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm

x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm

x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm

x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 15 09:06:32 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 May 2013 09:06:32 +0000
Subject: [RHSA-2013:0826-01] Critical: acroread security update
Message-ID: <201305150905.r4F95rZe011527@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: acroread security update
Advisory ID:       RHSA-2013:0826-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0826.html
Issue date:        2013-05-15
CVE Names:         CVE-2013-2549 CVE-2013-2718 CVE-2013-2719 
                   CVE-2013-2720 CVE-2013-2721 CVE-2013-2722 
                   CVE-2013-2723 CVE-2013-2724 CVE-2013-2725 
                   CVE-2013-2726 CVE-2013-2727 CVE-2013-2729 
                   CVE-2013-2730 CVE-2013-2731 CVE-2013-2732 
                   CVE-2013-2733 CVE-2013-2734 CVE-2013-2735 
                   CVE-2013-2736 CVE-2013-2737 CVE-2013-3337 
                   CVE-2013-3338 CVE-2013-3339 CVE-2013-3340 
                   CVE-2013-3341 
=====================================================================

1. Summary:

Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes multiple security flaws in Adobe Reader. These flaws are
detailed in the Adobe Security bulletin APSB13-15, listed in the References
section. A specially-crafted PDF file could cause Adobe Reader to crash or,
potentially, execute arbitrary code as the user running Adobe Reader when
opened. (CVE-2013-2549, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725,
CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731,
CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341)

This update also fixes an information leak flaw in Adobe Reader.
(CVE-2013-2737)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.5.5, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

920180 - CVE-2013-2549 acroread: Unspecified vulnerability allows remote attackers to execute arbitrary code (CanSecWest 2013)
962931 - acroread: multiple code execution flaws (APSB13-15)
962940 - CVE-2013-2737 acroread: unspecified information leak issue (APSB13-15)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
acroread-9.5.5-1.el5_9.i386.rpm
acroread-plugin-9.5.5-1.el5_9.i386.rpm

x86_64:
acroread-9.5.5-1.el5_9.i386.rpm
acroread-plugin-9.5.5-1.el5_9.i386.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
acroread-9.5.5-1.el5_9.i386.rpm
acroread-plugin-9.5.5-1.el5_9.i386.rpm

x86_64:
acroread-9.5.5-1.el5_9.i386.rpm
acroread-plugin-9.5.5-1.el5_9.i386.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

x86_64:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

x86_64:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

x86_64:
acroread-9.5.5-1.el6_4.i686.rpm
acroread-plugin-9.5.5-1.el6_4.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2549.html
https://www.redhat.com/security/data/cve/CVE-2013-2718.html
https://www.redhat.com/security/data/cve/CVE-2013-2719.html
https://www.redhat.com/security/data/cve/CVE-2013-2720.html
https://www.redhat.com/security/data/cve/CVE-2013-2721.html
https://www.redhat.com/security/data/cve/CVE-2013-2722.html
https://www.redhat.com/security/data/cve/CVE-2013-2723.html
https://www.redhat.com/security/data/cve/CVE-2013-2724.html
https://www.redhat.com/security/data/cve/CVE-2013-2725.html
https://www.redhat.com/security/data/cve/CVE-2013-2726.html
https://www.redhat.com/security/data/cve/CVE-2013-2727.html
https://www.redhat.com/security/data/cve/CVE-2013-2729.html
https://www.redhat.com/security/data/cve/CVE-2013-2730.html
https://www.redhat.com/security/data/cve/CVE-2013-2731.html
https://www.redhat.com/security/data/cve/CVE-2013-2732.html
https://www.redhat.com/security/data/cve/CVE-2013-2733.html
https://www.redhat.com/security/data/cve/CVE-2013-2734.html
https://www.redhat.com/security/data/cve/CVE-2013-2735.html
https://www.redhat.com/security/data/cve/CVE-2013-2736.html
https://www.redhat.com/security/data/cve/CVE-2013-2737.html
https://www.redhat.com/security/data/cve/CVE-2013-3337.html
https://www.redhat.com/security/data/cve/CVE-2013-3338.html
https://www.redhat.com/security/data/cve/CVE-2013-3339.html
https://www.redhat.com/security/data/cve/CVE-2013-3340.html
https://www.redhat.com/security/data/cve/CVE-2013-3341.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-15.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRk0/MXlSAg2UNWIIRAhqxAJ4gJLAd7fH03Yg3aRcMEMU+Nd0M6ACgp/Gf
8uNniEhkL7uQL8co68bkC2g=
=Ui99
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 15 17:51:50 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 15 May 2013 17:51:50 +0000
Subject: [RHSA-2013:0827-01] Important: openswan security update
Message-ID: <201305151751.r4FHppJs024388@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: openswan security update
Advisory ID:       RHSA-2013:0827-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0827.html
Issue date:        2013-05-15
CVE Names:         CVE-2013-2053 
=====================================================================

1. Summary:

Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. When using Opportunistic
Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain
public RSA keys of itself and its peers.

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption
were enabled ("oe=yes" in "/etc/ipsec.conf") and an RSA key configured, an
attacker able to cause a system to perform a DNS lookup for an
attacker-controlled domain containing malicious records (such as by sending
an email that triggers a DKIM or SPF DNS record lookup) could cause
Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary
code with root privileges. With "oe=yes" but no RSA key configured, the
issue can only be triggered by attackers on the local network who can
control the reverse DNS entry of the target system. Opportunistic
Encryption is disabled by default. (CVE-2013-2053)

This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct this issue. After installing
this update, the ipsec service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

960229 - CVE-2013-2053 Openswan: remote buffer overflow in atodn()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-5.el5_9.src.rpm

i386:
openswan-2.6.32-5.el5_9.i386.rpm
openswan-debuginfo-2.6.32-5.el5_9.i386.rpm
openswan-doc-2.6.32-5.el5_9.i386.rpm

x86_64:
openswan-2.6.32-5.el5_9.x86_64.rpm
openswan-debuginfo-2.6.32-5.el5_9.x86_64.rpm
openswan-doc-2.6.32-5.el5_9.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-5.el5_9.src.rpm

i386:
openswan-2.6.32-5.el5_9.i386.rpm
openswan-debuginfo-2.6.32-5.el5_9.i386.rpm
openswan-doc-2.6.32-5.el5_9.i386.rpm

ia64:
openswan-2.6.32-5.el5_9.ia64.rpm
openswan-debuginfo-2.6.32-5.el5_9.ia64.rpm
openswan-doc-2.6.32-5.el5_9.ia64.rpm

ppc:
openswan-2.6.32-5.el5_9.ppc.rpm
openswan-debuginfo-2.6.32-5.el5_9.ppc.rpm
openswan-doc-2.6.32-5.el5_9.ppc.rpm

s390x:
openswan-2.6.32-5.el5_9.s390x.rpm
openswan-debuginfo-2.6.32-5.el5_9.s390x.rpm
openswan-doc-2.6.32-5.el5_9.s390x.rpm

x86_64:
openswan-2.6.32-5.el5_9.x86_64.rpm
openswan-debuginfo-2.6.32-5.el5_9.x86_64.rpm
openswan-doc-2.6.32-5.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-2.6.32-20.el6_4.i686.rpm
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm

x86_64:
openswan-2.6.32-20.el6_4.x86_64.rpm
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm
openswan-doc-2.6.32-20.el6_4.i686.rpm

x86_64:
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm
openswan-doc-2.6.32-20.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-2.6.32-20.el6_4.i686.rpm
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm

ppc64:
openswan-2.6.32-20.el6_4.ppc64.rpm
openswan-debuginfo-2.6.32-20.el6_4.ppc64.rpm

s390x:
openswan-2.6.32-20.el6_4.s390x.rpm
openswan-debuginfo-2.6.32-20.el6_4.s390x.rpm

x86_64:
openswan-2.6.32-20.el6_4.x86_64.rpm
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm
openswan-doc-2.6.32-20.el6_4.i686.rpm

ppc64:
openswan-debuginfo-2.6.32-20.el6_4.ppc64.rpm
openswan-doc-2.6.32-20.el6_4.ppc64.rpm

s390x:
openswan-debuginfo-2.6.32-20.el6_4.s390x.rpm
openswan-doc-2.6.32-20.el6_4.s390x.rpm

x86_64:
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm
openswan-doc-2.6.32-20.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-2.6.32-20.el6_4.i686.rpm
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm

x86_64:
openswan-2.6.32-20.el6_4.x86_64.rpm
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-20.el6_4.src.rpm

i386:
openswan-debuginfo-2.6.32-20.el6_4.i686.rpm
openswan-doc-2.6.32-20.el6_4.i686.rpm

x86_64:
openswan-debuginfo-2.6.32-20.el6_4.x86_64.rpm
openswan-doc-2.6.32-20.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2053.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRk8sjXlSAg2UNWIIRAjrgAJ9oollH049qJcLrs9MHPTNJ2K3dOwCfV10y
g0WS28nI359E8kmJg7AOxTU=
=iaEV
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 16 15:28:13 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 May 2013 15:28:13 +0000
Subject: [RHSA-2013:0830-01] Important: kernel security update
Message-ID: <201305161528.r4GFSEaC019951@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2013:0830-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0830.html
Issue date:        2013-05-16
CVE Names:         CVE-2013-2094 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the Red Hat Enterprise Linux 6.1 kernel update
(RHSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)

A public exploit that affects Red Hat Enterprise Linux 6 is available.

Refer to Red Hat Knowledge Solution 373743, linked to in the References,
for further information and mitigation instructions for users who are
unable to immediately apply this update.

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
kernel-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-headers-2.6.32-358.6.2.el6.i686.rpm
perf-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

noarch:
kernel-doc-2.6.32-358.6.2.el6.noarch.rpm
kernel-firmware-2.6.32-358.6.2.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
kernel-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-headers-2.6.32-358.6.2.el6.x86_64.rpm
perf-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

noarch:
kernel-doc-2.6.32-358.6.2.el6.noarch.rpm
kernel-firmware-2.6.32-358.6.2.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
kernel-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-headers-2.6.32-358.6.2.el6.x86_64.rpm
perf-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
kernel-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-headers-2.6.32-358.6.2.el6.i686.rpm
perf-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

noarch:
kernel-doc-2.6.32-358.6.2.el6.noarch.rpm
kernel-firmware-2.6.32-358.6.2.el6.noarch.rpm

ppc64:
kernel-2.6.32-358.6.2.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debug-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-358.6.2.el6.ppc64.rpm
kernel-devel-2.6.32-358.6.2.el6.ppc64.rpm
kernel-headers-2.6.32-358.6.2.el6.ppc64.rpm
perf-2.6.32-358.6.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm

s390x:
kernel-2.6.32-358.6.2.el6.s390x.rpm
kernel-debug-2.6.32-358.6.2.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-358.6.2.el6.s390x.rpm
kernel-devel-2.6.32-358.6.2.el6.s390x.rpm
kernel-headers-2.6.32-358.6.2.el6.s390x.rpm
kernel-kdump-2.6.32-358.6.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
kernel-kdump-devel-2.6.32-358.6.2.el6.s390x.rpm
perf-2.6.32-358.6.2.el6.s390x.rpm
perf-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.s390x.rpm

x86_64:
kernel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
kernel-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-headers-2.6.32-358.6.2.el6.x86_64.rpm
perf-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-358.6.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm
python-perf-2.6.32-358.6.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-358.6.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
perf-debuginfo-2.6.32-358.6.2.el6.s390x.rpm
python-perf-2.6.32-358.6.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
kernel-devel-2.6.32-358.6.2.el6.i686.rpm
kernel-headers-2.6.32-358.6.2.el6.i686.rpm
perf-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

noarch:
kernel-doc-2.6.32-358.6.2.el6.noarch.rpm
kernel-firmware-2.6.32-358.6.2.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
kernel-devel-2.6.32-358.6.2.el6.x86_64.rpm
kernel-headers-2.6.32-358.6.2.el6.x86_64.rpm
perf-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-358.6.2.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.6.2.el6.i686.rpm
perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm
python-perf-2.6.32-358.6.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.6.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-2.6.32-358.6.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.6.2.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHSA-2011-0542.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRlPrdXlSAg2UNWIIRAjqDAJ4ymRufOV5CpksZ2O59VDtgeR/1CQCdHSCQ
ZOAfhxWV85rhXtwfc1vLftc=
=Rmu/
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 16 15:29:17 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 May 2013 15:29:17 +0000
Subject: [RHSA-2013:0831-01] Moderate: libvirt security and bug fix update
Message-ID: <201305161529.r4GFTHbL021319@int-mx11.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libvirt security and bug fix update
Advisory ID:       RHSA-2013:0831-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0831.html
Issue date:        2013-05-16
CVE Names:         CVE-2013-1962 
=====================================================================

1. Summary:

Updated libvirt packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64

3. Description:

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

It was found that libvirtd leaked file descriptors when listing all volumes
for a particular pool. A remote attacker able to establish a read-only
connection to libvirtd could use this flaw to cause libvirtd to consume all
available file descriptors, preventing other users from using libvirtd
services (such as starting a new guest) until libvirtd is restarted.
(CVE-2013-1962)

Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.

This update also fixes the following bugs:

* Previously, libvirt made control group (cgroup) requests on files that
it should not have. With older kernels, such nonsensical cgroup requests
were ignored; however, newer kernels are stricter, resulting in libvirt
logging spurious warnings and failures to the libvirtd and audit logs. The
audit log failures displayed by the ausearch tool were similar to the
following:

root    [date] - failed     cgroup     allow     path     rw     /dev/kqemu

With this update, libvirt no longer attempts the nonsensical cgroup
actions, leaving only valid attempts in the libvirtd and audit logs (making
it easier to search for real cases of failure). (BZ#958837)

* Previously, libvirt used the wrong variable when constructing audit
messages. This led to invalid audit messages, causing ausearch to format
certain entries as having "path=(null)" instead of the correct path. This
could prevent ausearch from locating events related to cgroup device ACL
modifications for guests managed by libvirt. With this update, the audit
messages are generated correctly, preventing loss of audit coverage.
(BZ#958839)

All users of libvirt are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, libvirtd will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

953107 - CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool
958837 - libvirt spams audit log with unneeded failures
958839 - Cgroup audit events with path are not escaped

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

i386:
libvirt-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-python-0.10.2-18.el6_4.5.i686.rpm

x86_64:
libvirt-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

i386:
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

x86_64:
libvirt-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

i386:
libvirt-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-python-0.10.2-18.el6_4.5.i686.rpm

ppc64:
libvirt-0.10.2-18.el6_4.5.ppc64.rpm
libvirt-client-0.10.2-18.el6_4.5.ppc.rpm
libvirt-client-0.10.2-18.el6_4.5.ppc64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.ppc.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.ppc64.rpm
libvirt-devel-0.10.2-18.el6_4.5.ppc.rpm
libvirt-devel-0.10.2-18.el6_4.5.ppc64.rpm
libvirt-python-0.10.2-18.el6_4.5.ppc64.rpm

s390x:
libvirt-0.10.2-18.el6_4.5.s390x.rpm
libvirt-client-0.10.2-18.el6_4.5.s390.rpm
libvirt-client-0.10.2-18.el6_4.5.s390x.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.s390.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.s390x.rpm
libvirt-devel-0.10.2-18.el6_4.5.s390.rpm
libvirt-devel-0.10.2-18.el6_4.5.s390x.rpm
libvirt-python-0.10.2-18.el6_4.5.s390x.rpm

x86_64:
libvirt-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

i386:
libvirt-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-python-0.10.2-18.el6_4.5.i686.rpm

x86_64:
libvirt-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.5.i686.rpm
libvirt-client-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.5.i686.rpm
libvirt-devel-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6_4.5.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.5.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-1962.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRlPsqXlSAg2UNWIIRAsvPAKC5kJLtRjDgo3pLldnkLUGDMoULbgCfRRMV
1ddcytVM9R7IfyXz9ek9AkY=
=1gJK
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri May 17 15:19:50 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 17 May 2013 15:19:50 +0000
Subject: [RHSA-2013:0832-01] Important: kernel security update
Message-ID: <201305171519.r4HFJpOm028960@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2013:0832-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0832.html
Issue date:        2013-05-17
CVE Names:         CVE-2013-2094 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the Red Hat Enterprise Linux 6.1 kernel update
(RHSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)

A public exploit that affects Red Hat Enterprise Linux 6 is available.

Refer to Red Hat Knowledge Solution 373743, linked to in the References,
for further information and mitigation instructions for users who are
unable to immediately apply this update.

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.3):

Source:
kernel-2.6.32-279.25.2.el6.src.rpm

i386:
kernel-2.6.32-279.25.2.el6.i686.rpm
kernel-debug-2.6.32-279.25.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.25.2.el6.i686.rpm
kernel-debug-devel-2.6.32-279.25.2.el6.i686.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.25.2.el6.i686.rpm
kernel-devel-2.6.32-279.25.2.el6.i686.rpm
kernel-headers-2.6.32-279.25.2.el6.i686.rpm
perf-2.6.32-279.25.2.el6.i686.rpm
perf-debuginfo-2.6.32-279.25.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.25.2.el6.noarch.rpm
kernel-firmware-2.6.32-279.25.2.el6.noarch.rpm

ppc64:
kernel-2.6.32-279.25.2.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debug-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debug-devel-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.25.2.el6.ppc64.rpm
kernel-devel-2.6.32-279.25.2.el6.ppc64.rpm
kernel-headers-2.6.32-279.25.2.el6.ppc64.rpm
perf-2.6.32-279.25.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm

s390x:
kernel-2.6.32-279.25.2.el6.s390x.rpm
kernel-debug-2.6.32-279.25.2.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
kernel-debug-devel-2.6.32-279.25.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.25.2.el6.s390x.rpm
kernel-devel-2.6.32-279.25.2.el6.s390x.rpm
kernel-headers-2.6.32-279.25.2.el6.s390x.rpm
kernel-kdump-2.6.32-279.25.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
kernel-kdump-devel-2.6.32-279.25.2.el6.s390x.rpm
perf-2.6.32-279.25.2.el6.s390x.rpm
perf-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.s390x.rpm

x86_64:
kernel-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debug-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.25.2.el6.x86_64.rpm
kernel-devel-2.6.32-279.25.2.el6.x86_64.rpm
kernel-headers-2.6.32-279.25.2.el6.x86_64.rpm
perf-2.6.32-279.25.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.3):

Source:
kernel-2.6.32-279.25.2.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.25.2.el6.i686.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.25.2.el6.i686.rpm
perf-debuginfo-2.6.32-279.25.2.el6.i686.rpm
python-perf-2.6.32-279.25.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.25.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm
python-perf-2.6.32-279.25.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.25.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
perf-debuginfo-2.6.32-279.25.2.el6.s390x.rpm
python-perf-2.6.32-279.25.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.25.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm
python-perf-2.6.32-279.25.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.25.2.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHSA-2011-0542.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRlkpMXlSAg2UNWIIRAsWOAJ4p+Xe3FJojyKOsa9sBhiiE20JhFwCfZBje
JNv99hy8Wgl1nqI2Z1FhpUQ=
=dPMa
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 20 19:43:14 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 May 2013 19:43:14 +0000
Subject: [RHSA-2013:0829-01] Important: kernel-rt security and bug fix update
Message-ID: <201305201943.r4KJhEUA032652@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2013:0829-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0829.html
Issue date:        2013-05-20
CVE Names:         CVE-2013-0913 CVE-2013-0914 CVE-2013-1767 
                   CVE-2013-1774 CVE-2013-1792 CVE-2013-1819 
                   CVE-2013-1848 CVE-2013-1860 CVE-2013-1929 
                   CVE-2013-1979 CVE-2013-2094 CVE-2013-2546 
                   CVE-2013-2547 CVE-2013-2548 CVE-2013-2634 
                   CVE-2013-2635 CVE-2013-3076 CVE-2013-3222 
                   CVE-2013-3224 CVE-2013-3225 CVE-2013-3231 
=====================================================================

1. Summary:

Updated kernel-rt packages that fix several security issues and multiple
bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

Security fixes:

* It was found that the kernel-rt update RHBA-2012:0044 introduced an
integer conversion issue in the Linux kernel's Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could use
this flaw to escalate their privileges. (CVE-2013-2094, Important)

A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is
available. Refer to Red Hat Knowledge Solution 373743, linked to in the
References, for further information and mitigation instructions for users
who are unable to immediately apply this update.

* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913, Important)

* It was found that the Linux kernel used effective user and group IDs
instead of real ones when passing messages with SCM_CREDENTIALS ancillary
data. A local, unprivileged user could leverage this flaw with a set user
ID (setuid) application, allowing them to escalate their privileges.
(CVE-2013-1979, Important)

* A race condition in install_user_keyrings(), leading to a NULL pointer
dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate)

* A NULL pointer dereference flaw was found in the Linux kernel's XFS file
system implementation. A local user who is able to mount an XFS file
system could use this flaw to cause a denial of service. (CVE-2013-1819,
Moderate)

* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's USB
Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device's tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* A format string flaw was found in the ext3_msg() function in the Linux
kernel's ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)

* A heap-based buffer overflow flaw was found in the Linux kernel's
cdc-wdm driver, used for USB CDC WCM device management. An attacker with
physical access to a system could use this flaw to cause a denial of
service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed
the vital product data (VPD) of devices could allow an attacker with
physical access to a system to cause a denial of service or, potentially,
escalate their privileges. (CVE-2013-1929, Low)

* Information leaks in the Linux kernel's cryptographic API could allow a
local user who has the CAP_NET_ADMIN capability to leak kernel stack memory
to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)

* Information leaks in the Linux kernel could allow a local, unprivileged
user to leak kernel stack memory to user-space. (CVE-2013-2634,
CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
CVE-2013-3231, Low)

Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.
CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.

4. Solution:

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix
the bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system
must be rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object
916191 - CVE-2013-1774 Kernel: USB io_ti driver NULL pointer dereference in routine chase_port
916646 - CVE-2013-1792 Kernel: keys: race condition in install_user_keyrings()
918009 - CVE-2013-1819 kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end
918098 - build id problem - needed for systemtap and perf annotations
918512 - kernel: crypto: info leaks in report API
920471 - CVE-2013-0913 Kernel: drm/i915: heap writing overflow
920499 - CVE-2013-0914 Kernel: sa_restorer information leak
920783 - CVE-2013-1848 kernel: ext3: format string issues
921970 - CVE-2013-1860 kernel: usb: cdc-wdm buffer overflow triggered by device
924689 - CVE-2013-2634 kernel: Information leak in the Data Center Bridging (DCB) component
924690 - CVE-2013-2635 kernel: Information leak in the RTNETLINK component
927026 - disable NO_HZ by default missing from v3.6-rt
949932 - CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmware parsing
955216 - CVE-2013-3222 Kernel: atm: update msg_namelen in vcc_recvmsg()
955599 - CVE-2013-3224 Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()
955629 - CVE-2013-1979 kernel: net: incorrect SCM_CREDENTIALS passing
955649 - CVE-2013-3225 Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg
956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg
956162 - CVE-2013-3076 Kernel: crypto: algif - suppress sending source address information in recvmsg
962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.6.11.2-rt33.39.el6rt.src.rpm

noarch:
kernel-rt-doc-3.6.11.2-rt33.39.el6rt.noarch.rpm
kernel-rt-firmware-3.6.11.2-rt33.39.el6rt.noarch.rpm
mrg-rt-release-3.6.11.2-rt33.39.el6rt.noarch.rpm

x86_64:
kernel-rt-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-debug-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-trace-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-vanilla-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.6.11.2-rt33.39.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.6.11.2-rt33.39.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0913.html
https://www.redhat.com/security/data/cve/CVE-2013-0914.html
https://www.redhat.com/security/data/cve/CVE-2013-1767.html
https://www.redhat.com/security/data/cve/CVE-2013-1774.html
https://www.redhat.com/security/data/cve/CVE-2013-1792.html
https://www.redhat.com/security/data/cve/CVE-2013-1819.html
https://www.redhat.com/security/data/cve/CVE-2013-1848.html
https://www.redhat.com/security/data/cve/CVE-2013-1860.html
https://www.redhat.com/security/data/cve/CVE-2013-1929.html
https://www.redhat.com/security/data/cve/CVE-2013-1979.html
https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://www.redhat.com/security/data/cve/CVE-2013-2546.html
https://www.redhat.com/security/data/cve/CVE-2013-2547.html
https://www.redhat.com/security/data/cve/CVE-2013-2548.html
https://www.redhat.com/security/data/cve/CVE-2013-2634.html
https://www.redhat.com/security/data/cve/CVE-2013-2635.html
https://www.redhat.com/security/data/cve/CVE-2013-3076.html
https://www.redhat.com/security/data/cve/CVE-2013-3222.html
https://www.redhat.com/security/data/cve/CVE-2013-3224.html
https://www.redhat.com/security/data/cve/CVE-2013-3225.html
https://www.redhat.com/security/data/cve/CVE-2013-3231.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHBA-2012-0044.html
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0829.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRmnzAXlSAg2UNWIIRAvJ7AKC428Ce47dQtZQ/bTBUpdT9cpm82ACfQSSN
Sr7YJe65ver6tzKU4Xm/Dx0=
=jOf2
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 20 20:41:14 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 May 2013 20:41:14 +0000
Subject: [RHSA-2013:0840-01] Important: kernel security update
Message-ID: <201305202041.r4KKfEIJ032659@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2013:0840-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0840.html
Issue date:        2013-05-20
CVE Names:         CVE-2013-2094 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the Red Hat Enterprise Linux 6.1 kernel update
(RHSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)

A public exploit that affects Red Hat Enterprise Linux 6 is available.

Refer to Red Hat Knowledge Solution 373743, linked to in the References,
for further information and mitigation instructions for users who are
unable to immediately apply this update.

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.2):

Source:
kernel-2.6.32-220.34.2.el6.src.rpm

i386:
kernel-2.6.32-220.34.2.el6.i686.rpm
kernel-debug-2.6.32-220.34.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.34.2.el6.i686.rpm
kernel-debug-devel-2.6.32-220.34.2.el6.i686.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.34.2.el6.i686.rpm
kernel-devel-2.6.32-220.34.2.el6.i686.rpm
kernel-headers-2.6.32-220.34.2.el6.i686.rpm
perf-2.6.32-220.34.2.el6.i686.rpm
perf-debuginfo-2.6.32-220.34.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.34.2.el6.noarch.rpm
kernel-firmware-2.6.32-220.34.2.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.34.2.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debug-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.34.2.el6.ppc64.rpm
kernel-devel-2.6.32-220.34.2.el6.ppc64.rpm
kernel-headers-2.6.32-220.34.2.el6.ppc64.rpm
perf-2.6.32-220.34.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.34.2.el6.s390x.rpm
kernel-debug-2.6.32-220.34.2.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.34.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.34.2.el6.s390x.rpm
kernel-devel-2.6.32-220.34.2.el6.s390x.rpm
kernel-headers-2.6.32-220.34.2.el6.s390x.rpm
kernel-kdump-2.6.32-220.34.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.34.2.el6.s390x.rpm
perf-2.6.32-220.34.2.el6.s390x.rpm
perf-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debug-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.34.2.el6.x86_64.rpm
kernel-devel-2.6.32-220.34.2.el6.x86_64.rpm
kernel-headers-2.6.32-220.34.2.el6.x86_64.rpm
perf-2.6.32-220.34.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.2):

Source:
kernel-2.6.32-220.34.2.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.34.2.el6.i686.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.34.2.el6.i686.rpm
perf-debuginfo-2.6.32-220.34.2.el6.i686.rpm
python-perf-2.6.32-220.34.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.34.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm
python-perf-2.6.32-220.34.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.34.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
perf-debuginfo-2.6.32-220.34.2.el6.s390x.rpm
python-perf-2.6.32-220.34.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.34.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm
python-perf-2.6.32-220.34.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.34.2.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHSA-2011-0542.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRmopJXlSAg2UNWIIRAoK0AJsGEfVLTXW9U21v3O1y4tOL+eHRdACfWMHX
JmNc3aReedulrHrQn/jpnVI=
=+1VG
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon May 20 20:42:08 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 May 2013 20:42:08 +0000
Subject: [RHSA-2013:0841-01] Important: kernel security update
Message-ID: <201305202042.r4KKg8rF009105@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2013:0841-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0841.html
Issue date:        2013-05-20
CVE Names:         CVE-2013-2094 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the Red Hat Enterprise Linux 6.1 kernel update
(RHSA-2011:0542) introduced an integer conversion issue in the Linux
kernel's Performance Events implementation. This led to a user-supplied
index into the perf_swevent_enabled array not being validated properly,
resulting in out-of-bounds kernel memory access. A local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2013-2094,
Important)

A public exploit that affects Red Hat Enterprise Linux 6 is available.

Refer to Red Hat Knowledge Solution 373743, linked to in the References,
for further information and mitigation instructions for users who are
unable to immediately apply this update.

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

962792 - CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.1):

Source:
kernel-2.6.32-131.39.1.el6.src.rpm

i386:
kernel-2.6.32-131.39.1.el6.i686.rpm
kernel-debug-2.6.32-131.39.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.39.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.39.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.39.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.39.1.el6.i686.rpm
kernel-devel-2.6.32-131.39.1.el6.i686.rpm
kernel-headers-2.6.32-131.39.1.el6.i686.rpm
perf-2.6.32-131.39.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.39.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.39.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.39.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-131.39.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.39.1.el6.ppc64.rpm
kernel-debug-2.6.32-131.39.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.39.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.39.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.39.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.39.1.el6.ppc64.rpm
kernel-devel-2.6.32-131.39.1.el6.ppc64.rpm
kernel-headers-2.6.32-131.39.1.el6.ppc64.rpm
perf-2.6.32-131.39.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.39.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-131.39.1.el6.s390x.rpm
kernel-debug-2.6.32-131.39.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.39.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.39.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.39.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.39.1.el6.s390x.rpm
kernel-devel-2.6.32-131.39.1.el6.s390x.rpm
kernel-headers-2.6.32-131.39.1.el6.s390x.rpm
kernel-kdump-2.6.32-131.39.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.39.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.39.1.el6.s390x.rpm
perf-2.6.32-131.39.1.el6.s390x.rpm
perf-debuginfo-2.6.32-131.39.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-131.39.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.39.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.39.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.39.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.39.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.39.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.39.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.39.1.el6.x86_64.rpm
perf-2.6.32-131.39.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.39.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHSA-2011-0542.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRmoqBXlSAg2UNWIIRAgc3AJ9506ZlwggOCPMdr1Q3YYyYGF7CnwCgiCUK
lvIq+8gEDVRJm2StrqA+T/0=
=BCle
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 21 19:34:18 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 21 May 2013 19:34:18 +0000
Subject: [RHSA-2013:0847-01] Moderate: kernel security and bug fix update
Message-ID: <201305211934.r4LJYIK6005267@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2013:0847-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0847.html
Issue date:        2013-05-21
CVE Names:         CVE-2013-0153 
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue and multiple bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled
interrupt remapping entries. By default, a single interrupt remapping
table is used, and old interrupt remapping entries are not cleared,
potentially allowing a privileged guest user in a guest that has a
passed-through, bus-mastering capable PCI device to inject interrupt
entries into others guests, including the privileged management domain
(Dom0), leading to a denial of service. (CVE-2013-0153, Moderate)

Red Hat would like to thank the Xen project for reporting the CVE-2013-0153
issue.

This update also fixes the following bugs:

* When a process is opening a file over NFSv4, sometimes an OPEN call can
succeed while the following GETATTR operation fails with an NFS4ERR_DELAY
error. The NFSv4 code did not handle such a situation correctly and allowed
an NFSv4 client to attempt to use the buffer that should contain the
GETATTR information. However, the buffer did not contain the valid GETATTR
information, which caused the client to return a "-ENOTDIR" error.
Consequently, the process failed to open the requested file. This update
backports a patch that adds a test condition verifying validity of the
GETATTR information. If the GETATTR information is invalid, it is obtained
later and the process opens the requested file as expected. (BZ#947736)

* Previously, the xdr routines in NFS version 2 and 3 conditionally updated
the res->count variable. Read retry attempts after a short NFS read() call
could fail to update the res->count variable, resulting in truncated read
data being returned. With this update, the res->count variable is updated
unconditionally so this bug can no longer occur. (BZ#952098)

* When handling requests from Intelligent Platform Management Interface
(IPMI) clients, the IPMI driver previously used two different locks for an
IPMI request. If two IPMI clients sent their requests at the same time,
each request could receive one of the locks and then wait for the second
lock to become available. This resulted in a deadlock situation and the
system became unresponsive. The problem could occur more likely in
environments with many IPMI clients. This update modifies the IPMI driver
to handle the received messages using tasklets so the driver now uses a
safe locking technique when handling IPMI requests and the mentioned
deadlock can no longer occur. (BZ#953435)

* Incorrect locking around the cl_state_owners list could cause the NFSv4
state reclaimer thread to enter an infinite loop while holding the Big
Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive.
With this update, safe list iteration is used, which prevents the NFSv4
client from hanging in this scenario. (BZ#954296)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

910903 - CVE-2013-0153 kernel: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.6.1.el5.src.rpm

i386:
kernel-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.i686.rpm
kernel-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-headers-2.6.18-348.6.1.el5.i386.rpm
kernel-xen-2.6.18-348.6.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-xen-devel-2.6.18-348.6.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-348.6.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.x86_64.rpm
kernel-devel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-headers-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-348.6.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.6.1.el5.src.rpm

i386:
kernel-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.i686.rpm
kernel-devel-2.6.18-348.6.1.el5.i686.rpm
kernel-headers-2.6.18-348.6.1.el5.i386.rpm
kernel-xen-2.6.18-348.6.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-348.6.1.el5.i686.rpm
kernel-xen-devel-2.6.18-348.6.1.el5.i686.rpm

ia64:
kernel-2.6.18-348.6.1.el5.ia64.rpm
kernel-debug-2.6.18-348.6.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.ia64.rpm
kernel-devel-2.6.18-348.6.1.el5.ia64.rpm
kernel-headers-2.6.18-348.6.1.el5.ia64.rpm
kernel-xen-2.6.18-348.6.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-348.6.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-348.6.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-348.6.1.el5.noarch.rpm

ppc:
kernel-2.6.18-348.6.1.el5.ppc64.rpm
kernel-debug-2.6.18-348.6.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.ppc64.rpm
kernel-devel-2.6.18-348.6.1.el5.ppc64.rpm
kernel-headers-2.6.18-348.6.1.el5.ppc.rpm
kernel-headers-2.6.18-348.6.1.el5.ppc64.rpm
kernel-kdump-2.6.18-348.6.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-348.6.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-348.6.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-348.6.1.el5.s390x.rpm
kernel-debug-2.6.18-348.6.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.s390x.rpm
kernel-devel-2.6.18-348.6.1.el5.s390x.rpm
kernel-headers-2.6.18-348.6.1.el5.s390x.rpm
kernel-kdump-2.6.18-348.6.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-348.6.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-348.6.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-348.6.1.el5.x86_64.rpm
kernel-devel-2.6.18-348.6.1.el5.x86_64.rpm
kernel-headers-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-348.6.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-348.6.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0153.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRm8wnXlSAg2UNWIIRAk+3AJ98GghB1sBl/bs6J7ReGvd0M8McgQCgkFnu
nf9JSk3PIMuE0Zqzxyh/b50=
=+lSs
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed May 22 19:10:16 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 22 May 2013 19:10:16 +0000
Subject: [RHSA-2013:0855-01] Important: java-1.5.0-ibm security update
Message-ID: <201305221910.r4MJAGr4006949@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.5.0-ibm security update
Advisory ID:       RHSA-2013:0855-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0855.html
Issue date:        2013-05-22
CVE Names:         CVE-2013-0169 CVE-2013-0401 CVE-2013-1491 
                   CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 
                   CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 
                   CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 
                   CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 
                   CVE-2013-2432 
=====================================================================

1. Summary:

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-0169, CVE-2013-0401,
CVE-2013-1491, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420,
CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16-FP2 release. All running
instances of IBM Java must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.i386.rpm

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.i386.rpm

ppc:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.ppc64.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.ppc64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.ppc64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.ppc64.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.ppc.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.ppc64.rpm

s390x:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.s390.rpm
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.s390x.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.s390x.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.s390.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.s390x.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.s390.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.s390x.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.s390.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.s390.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.s390x.rpm

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-accessibility-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.i386.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el5_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.i686.rpm

ppc64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.ppc64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.ppc64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.ppc.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.ppc64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.ppc64.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el6_4.ppc.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el6_4.ppc.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.ppc64.rpm

s390x:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.s390x.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.s390x.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.s390.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.s390x.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el6_4.s390.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.s390x.rpm

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-jdbc-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-plugin-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.i686.rpm

x86_64:
java-1.5.0-ibm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.i686.rpm
java-1.5.0-ibm-devel-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.16.2-1jpp.1.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://access.redhat.com/security/updates/classification/#important
https://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRnRf4XlSAg2UNWIIRAkgXAKC3XOHpMMmH1iqHxKGhYqT7F0cSDACeKj2k
Hr051ACk3XscdPny5y5+vec=
=yQq5
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 23 13:58:42 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 May 2013 13:58:42 +0000
Subject: [RHSA-2013:0849-01] Important: KVM image security update
Message-ID: <201305231358.r4NDwg87018041@int-mx09.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: KVM image security update
Advisory ID:       RHSA-2013:0849-01
Product:           Red Hat Common
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0849.html
Issue date:        2013-05-23
CVE Names:         CVE-2013-2069 
=====================================================================

1. Summary:

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had
an empty root password by default.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Description:

Red Hat provides a Red Hat Enterprise Linux 6.4 KVM Guest Image for
cloud instances. This image is provided as a minimally configured system
image which is available for use as-is or for configuration and
customization as required by end users.

The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an
empty root password by default. To address this, Red Hat has created an
updated image that locks the root password by default. This updated image
is now available on RHN.

To correct existing Red Hat Enterprise Linux 6.4 KVM Guest Images, any
images or systems built using this Red Hat Enterprise Linux 6.4 KVM Guest
Image, or any currently running Red Hat Enterprise Linux instances
instantiated from this image, users can lock the root password by issuing,
as root, the command:

passwd -l root

Note: The default OpenSSH configuration disallows password logins when
the password is empty, preventing a remote attacker from logging in
without a password.

Root Cause

Kickstart can be used to automate operating system installations. A
Kickstart file specifies settings for an installation. Once the
installation system boots, it can read a Kickstart file and carry out the
installation process without any further input from a user. Kickstart is
used as part of the process of creating Images of Red Hat Enterprise Linux
for cloud providers.

It was discovered that when no 'rootpw' command was specified in a
Kickstart file, the image creator tools gave the root user an empty
password rather than leaving the password locked, which could allow a local
user to gain access to the root account (CVE-2013-2069).

We have corrected this issue by updating the Kickstart file used to build
affected images to lock the password file.

This issue was caused by the way a tool was used to create Images, and not
due to a security vulnerability in Red Hat Enterprise Linux.

To import the image into an OpenStack environment, download the image from
Red Hat Network to a system that has the python-glanceclient package
installed. Refer to the OpenStack Getting Started Guide, linked to in the
References, for information on importing the image into an OpenStack
environment. After successfully importing, it is also highly recommended
that the "glance delete" command is used to delete any previous versions of
the image that exist in the Glance image registry.

3. Solution:

The updated image is available from RHN, linked to in the References.

4. Bugs fixed (http://bugzilla.redhat.com/):

964299 - CVE-2013-2069 livecd-tools: improper handling of passwords

5. References:

https://www.redhat.com/security/data/cve/CVE-2013-2069.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952
https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/2/html/Getting_Started_Guide/ch09s02.html

6. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRniBxXlSAg2UNWIIRApctAJ4pgh+eBx9yhMkVFSx4jaZbHBTs6ACgxWaQ
Q3S06teWs2skOC1AcFJjkqc=
=3f+H
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 28 17:47:56 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 28 May 2013 17:47:56 +0000
Subject: [RHSA-2013:0868-01] Moderate: haproxy security update
Message-ID: <201305281747.r4SHluu5004592@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: haproxy security update
Advisory ID:       RHSA-2013:0868-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0868.html
Issue date:        2013-05-28
CVE Names:         CVE-2013-1912 
=====================================================================

1. Summary:

An updated haproxy package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Load Balancer (v. 6) - i386, x86_64

3. Description:

HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.

A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP
requests. A remote attacker could send pipelined HTTP requests that would
cause HAProxy to crash or, potentially, execute arbitrary code with the
privileges of the user running HAProxy. This issue only affected systems
using all of the following combined configuration options: HTTP keep alive
enabled, HTTP keywords in TCP inspection rules, and request appending
rules. (CVE-2013-1912)

Red Hat would like to thank Willy Tarreau of HAProxy upstream for reporting
this issue. Upstream acknowledges Yves Lafon from the W3C as the original
reporter.

HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6.
More information about Red Hat Technology Previews is available at
https://access.redhat.com/support/offerings/techpreview/

All users of haproxy are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

947581 - CVE-2013-1912 haproxy: rewrite rules flaw can lead to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux Load Balancer (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/haproxy-1.4.22-4.el6_4.src.rpm

i386:
haproxy-1.4.22-4.el6_4.i686.rpm
haproxy-debuginfo-1.4.22-4.el6_4.i686.rpm

x86_64:
haproxy-1.4.22-4.el6_4.x86_64.rpm
haproxy-debuginfo-1.4.22-4.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-1912.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/support/offerings/techpreview/

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRpO11XlSAg2UNWIIRAhmIAJ9T4wPnja3eQqAy2t1jym3D1g89IwCfS8oI
T79h2PGl4VwxuFsxXlBN/5I=
=94Pe
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 28 17:48:39 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 28 May 2013 17:48:39 +0000
Subject: [RHSA-2013:0869-01] Important: tomcat6 security update
Message-ID: <201305281748.r4SHmdRx031087@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: tomcat6 security update
Advisory ID:       RHSA-2013:0869-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0869.html
Issue date:        2013-05-28
CVE Names:         CVE-2013-1976 CVE-2013-2051 
=====================================================================

1. Summary:

Updated tomcat6 packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way the tomcat6 init script handled the
tomcat6-initd.log log file. A malicious web application deployed on Tomcat
could use this flaw to perform a symbolic link attack to change the
ownership of an arbitrary system file to that of the tomcat user, allowing
them to escalate their privileges to root. (CVE-2013-1976)

Note: With this update, tomcat6-initd.log has been moved from
/var/log/tomcat6/ to the /var/log/ directory.

It was found that the RHSA-2013:0623 update did not correctly fix
CVE-2012-5887, a weakness in the Tomcat DIGEST authentication
implementation. A remote attacker could use this flaw to perform replay
attacks in some circumstances. Additionally, this problem also prevented
users from being able to authenticate using DIGEST authentication.
(CVE-2013-2051)

Red Hat would like to thank Simon Fayer of Imperial College London for
reporting the CVE-2013-1976 issue.

Users of Tomcat are advised to upgrade to these updated packages, which
correct these issues. Tomcat must be restarted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)
959047 - CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-6.0.24-55.el6_4.noarch.rpm
tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm
tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm
tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-lib-6.0.24-55.el6_4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-6.0.24-55.el6_4.noarch.rpm
tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm
tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm
tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-lib-6.0.24-55.el6_4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-6.0.24-55.el6_4.noarch.rpm
tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-lib-6.0.24-55.el6_4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm
tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm
tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm
tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-6.0.24-55.el6_4.noarch.rpm
tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm
tomcat6-lib-6.0.24-55.el6_4.noarch.rpm
tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/tomcat6-6.0.24-55.el6_4.src.rpm

noarch:
tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm
tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm
tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm
tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-1976.html
https://www.redhat.com/security/data/cve/CVE-2013-2051.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/errata/RHSA-2013-0623.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRpO3jXlSAg2UNWIIRAgkWAJ4qV0pSfxgVYdLvOh+E5Ebef8oxcQCgoNt8
H0fJvQl+bJb42R/zAlye4aQ=
=2iUZ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue May 28 17:49:43 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 28 May 2013 17:49:43 +0000
Subject: [RHSA-2013:0870-01] Important: tomcat5 security update
Message-ID: <201305281749.r4SHnht6031356@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: tomcat5 security update
Advisory ID:       RHSA-2013:0870-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0870.html
Issue date:        2013-05-28
CVE Names:         CVE-2013-1976 
=====================================================================

1. Summary:

Updated tomcat5 packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way the tomcat5 init script handled the
catalina.out log file. A malicious web application deployed on Tomcat
could use this flaw to perform a symbolic link attack to change the
ownership of an arbitrary system file to that of the tomcat user, allowing
them to escalate their privileges to root. (CVE-2013-1976)

Note: With this update, /var/log/tomcat5/catalina.out has been moved to the
/var/log/tomcat5-initd.log file.

Red Hat would like to thank Simon Fayer of Imperial College London for
reporting this issue.

Users of Tomcat are advised to upgrade to these updated packages, which
correct this issue. Tomcat must be restarted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.40.el5_9.src.rpm

i386:
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.i386.rpm

x86_64:
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.40.el5_9.src.rpm

i386:
tomcat5-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpm

x86_64:
tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tomcat5-5.5.23-0jpp.40.el5_9.src.rpm

i386:
tomcat5-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.i386.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpm

ia64:
tomcat5-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.ia64.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.ia64.rpm

ppc:
tomcat5-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-5.5.23-0jpp.40.el5_9.ppc64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.ppc64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.ppc.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.ppc.rpm

s390x:
tomcat5-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.s390x.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.s390x.rpm

x86_64:
tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-debuginfo-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpm
tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-1976.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRpO4PXlSAg2UNWIIRArnIAJoDS0lw805oZDgHP90wq40yutNaxACbB6Gz
HvpIsHVJEjNo8+C1YeTbyeE=
=oRO+
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 30 18:37:11 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 30 May 2013 18:37:11 +0000
Subject: [RHSA-2013:0882-01] Important: kernel security and bug fix update
Message-ID: <201305301837.r4UIbBRT008572@int-mx02.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2013:0882-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0882.html
Issue date:        2013-05-30
CVE Names:         CVE-2012-4461 CVE-2012-4542 CVE-2013-0311 
                   CVE-2013-1767 
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the vhost kernel module handled descriptors
that spanned multiple regions. A privileged guest user in a KVM
(Kernel-based Virtual Machine) guest could use this flaw to crash the host
or, potentially, escalate their privileges on the host. (CVE-2013-0311,
Important)

* A flaw was found in the way the KVM subsystem handled guests attempting
to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the
XSAVE CPU feature, a local, unprivileged user could use this flaw to crash
the host system. (The "grep --color xsave /proc/cpuinfo" command can be
used to verify if your system has the XSAVE CPU feature.) (CVE-2012-4461,
Moderate)

* It was found that the default SCSI command filter does not accommodate
commands that overlap across device classes. A privileged guest user could
potentially use this flaw to write arbitrary data to a LUN that is
passed-through as read-only. (CVE-2012-4542, Moderate)

* A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)

Red Hat would like to thank Jon Howell for reporting CVE-2012-4461.
CVE-2012-4542 was discovered by Paolo Bonzini of Red Hat.

This update also fixes the following bugs:

* Previously, when open(2) system calls were processed, the GETATTR
routine did not check to see if valid attributes were also returned. As a
result, the open() call succeeded with invalid attributes instead of
failing in such a case. This update adds the missing check, and the open()
call succeeds only when valid attributes are returned. (BZ#960409)

* Previously, the fsync(2) system call incorrectly returned the EIO
(Input/Output) error instead of the ENOSPC (No space left on device) error.
This was due to incorrect error handling in the page cache. This problem
has been fixed and the correct error value is now returned. (BZ#960418)

* In the RPC code, when a network socket backed up due to high network
traffic, a timer was set causing a retransmission, which in turn could
cause an even larger amount of network traffic to be generated. To prevent
this problem, the RPC code now waits for the socket to empty instead of
setting the timer. (BZ#960423)

* This update fixes a number of bugs in the be2iscsi driver for
ServerEngines BladeEngine 2 Open iSCSI devices. (BZ#955502)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

862900 - CVE-2012-4461 kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set
875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes
912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor
915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.2):

Source:
kernel-2.6.32-220.38.1.el6.src.rpm

i386:
kernel-2.6.32-220.38.1.el6.i686.rpm
kernel-debug-2.6.32-220.38.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.38.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.38.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.38.1.el6.i686.rpm
kernel-devel-2.6.32-220.38.1.el6.i686.rpm
kernel-headers-2.6.32-220.38.1.el6.i686.rpm
perf-2.6.32-220.38.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.38.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.38.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.38.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.38.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debug-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.38.1.el6.ppc64.rpm
kernel-devel-2.6.32-220.38.1.el6.ppc64.rpm
kernel-headers-2.6.32-220.38.1.el6.ppc64.rpm
perf-2.6.32-220.38.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.38.1.el6.s390x.rpm
kernel-debug-2.6.32-220.38.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.38.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.38.1.el6.s390x.rpm
kernel-devel-2.6.32-220.38.1.el6.s390x.rpm
kernel-headers-2.6.32-220.38.1.el6.s390x.rpm
kernel-kdump-2.6.32-220.38.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.38.1.el6.s390x.rpm
perf-2.6.32-220.38.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.38.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.38.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.38.1.el6.x86_64.rpm
perf-2.6.32-220.38.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.2):

Source:
kernel-2.6.32-220.38.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.38.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.38.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.38.1.el6.i686.rpm
python-perf-2.6.32-220.38.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.38.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm
python-perf-2.6.32-220.38.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.38.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.38.1.el6.s390x.rpm
python-perf-2.6.32-220.38.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.38.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm
python-perf-2.6.32-220.38.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.38.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-4461.html
https://www.redhat.com/security/data/cve/CVE-2012-4542.html
https://www.redhat.com/security/data/cve/CVE-2013-0311.html
https://www.redhat.com/security/data/cve/CVE-2013-1767.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRp5wuXlSAg2UNWIIRApsLAJ96SOYHyLqT8Df1Uh8IyruBIoKMOwCcCe3o
0BmYZDMNzaes+Vqfw0/pYQs=
=duON
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 30 18:38:12 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 30 May 2013 18:38:12 +0000
Subject: [RHSA-2013:0883-01] Important: gnutls security update
Message-ID: <201305301838.r4UIcCb1012282@int-mx12.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: gnutls security update
Advisory ID:       RHSA-2013:0883-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0883.html
Issue date:        2013-05-30
CVE Names:         CVE-2013-2116 
=====================================================================

1. Summary:

Updated gnutls packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

It was discovered that the fix for the CVE-2013-1619 issue released via
RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL
encrypted records when CBC-mode cipher suites were used. A remote attacker
could possibly use this flaw to crash a server or client application that
uses GnuTLS. (CVE-2013-2116)

Users of GnuTLS are advised to upgrade to these updated packages, which
correct this issue. For the update to take effect, all applications linked
to the GnuTLS library must be restarted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

966754 - CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-10.el5_9.2.src.rpm

i386:
gnutls-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-utils-1.4.1-10.el5_9.2.i386.rpm

x86_64:
gnutls-1.4.1-10.el5_9.2.i386.rpm
gnutls-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-utils-1.4.1-10.el5_9.2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnutls-1.4.1-10.el5_9.2.src.rpm

i386:
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-devel-1.4.1-10.el5_9.2.i386.rpm

x86_64:
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-devel-1.4.1-10.el5_9.2.i386.rpm
gnutls-devel-1.4.1-10.el5_9.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnutls-1.4.1-10.el5_9.2.src.rpm

i386:
gnutls-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-devel-1.4.1-10.el5_9.2.i386.rpm
gnutls-utils-1.4.1-10.el5_9.2.i386.rpm

ia64:
gnutls-1.4.1-10.el5_9.2.i386.rpm
gnutls-1.4.1-10.el5_9.2.ia64.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.ia64.rpm
gnutls-devel-1.4.1-10.el5_9.2.ia64.rpm
gnutls-utils-1.4.1-10.el5_9.2.ia64.rpm

ppc:
gnutls-1.4.1-10.el5_9.2.ppc.rpm
gnutls-1.4.1-10.el5_9.2.ppc64.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.ppc.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.ppc64.rpm
gnutls-devel-1.4.1-10.el5_9.2.ppc.rpm
gnutls-devel-1.4.1-10.el5_9.2.ppc64.rpm
gnutls-utils-1.4.1-10.el5_9.2.ppc.rpm

s390x:
gnutls-1.4.1-10.el5_9.2.s390.rpm
gnutls-1.4.1-10.el5_9.2.s390x.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.s390.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.s390x.rpm
gnutls-devel-1.4.1-10.el5_9.2.s390.rpm
gnutls-devel-1.4.1-10.el5_9.2.s390x.rpm
gnutls-utils-1.4.1-10.el5_9.2.s390x.rpm

x86_64:
gnutls-1.4.1-10.el5_9.2.i386.rpm
gnutls-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-devel-1.4.1-10.el5_9.2.i386.rpm
gnutls-devel-1.4.1-10.el5_9.2.x86_64.rpm
gnutls-utils-1.4.1-10.el5_9.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-utils-2.8.5-10.el6_4.2.i686.rpm

x86_64:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm

x86_64:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

x86_64:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

x86_64:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-utils-2.8.5-10.el6_4.2.i686.rpm

ppc64:
gnutls-2.8.5-10.el6_4.2.ppc.rpm
gnutls-2.8.5-10.el6_4.2.ppc64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.ppc.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.ppc64.rpm
gnutls-devel-2.8.5-10.el6_4.2.ppc.rpm
gnutls-devel-2.8.5-10.el6_4.2.ppc64.rpm
gnutls-utils-2.8.5-10.el6_4.2.ppc64.rpm

s390x:
gnutls-2.8.5-10.el6_4.2.s390.rpm
gnutls-2.8.5-10.el6_4.2.s390x.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.s390.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.s390x.rpm
gnutls-devel-2.8.5-10.el6_4.2.s390.rpm
gnutls-devel-2.8.5-10.el6_4.2.s390x.rpm
gnutls-utils-2.8.5-10.el6_4.2.s390x.rpm

x86_64:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm

ppc64:
gnutls-debuginfo-2.8.5-10.el6_4.2.ppc.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.ppc64.rpm
gnutls-guile-2.8.5-10.el6_4.2.ppc.rpm
gnutls-guile-2.8.5-10.el6_4.2.ppc64.rpm

s390x:
gnutls-debuginfo-2.8.5-10.el6_4.2.s390.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.s390x.rpm
gnutls-guile-2.8.5-10.el6_4.2.s390.rpm
gnutls-guile-2.8.5-10.el6_4.2.s390x.rpm

x86_64:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-utils-2.8.5-10.el6_4.2.i686.rpm

x86_64:
gnutls-2.8.5-10.el6_4.2.i686.rpm
gnutls-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-devel-2.8.5-10.el6_4.2.i686.rpm
gnutls-devel-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-utils-2.8.5-10.el6_4.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnutls-2.8.5-10.el6_4.2.src.rpm

i386:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm

x86_64:
gnutls-debuginfo-2.8.5-10.el6_4.2.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.2.x86_64.rpm
gnutls-guile-2.8.5-10.el6_4.2.i686.rpm
gnutls-guile-2.8.5-10.el6_4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-2116.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/errata/RHSA-2013-0588.html

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRp5x7XlSAg2UNWIIRAs++AJ0ZoAHUqcqY+Zqz3CAG5obsL/WdJgCeNhtD
w3Y9Mu8rjL4WWKPKc9ZAv6U=
=rTdV
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu May 30 18:39:06 2013
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 30 May 2013 18:39:06 +0000
Subject: [RHSA-2013:0884-01] Moderate: libtirpc security update
Message-ID: <201305301839.r4UId7k5021645@int-mx10.intmail.prod.int.phx2.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: libtirpc security update
Advisory ID:       RHSA-2013:0884-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0884.html
Issue date:        2013-05-30
CVE Names:         CVE-2013-1950 
=====================================================================

1. Summary:

Updated libtirpc packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

These packages provide a transport-independent RPC (remote procedure call)
implementation.

A flaw was found in the way libtirpc decoded RPC requests. A
specially-crafted RPC request could cause libtirpc to attempt to free a
buffer provided by an application using the library, even when the buffer
was not dynamically allocated. This could cause an application using
libtirpc, such as rpcbind, to crash. (CVE-2013-1950)

Red Hat would like to thank Michael Armstrong for reporting this issue.

Users of libtirpc should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libtirpc must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

948378 - CVE-2013-1950 libtirpc: invalid pointer free leads to rpcbind daemon crash

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm

x86_64:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-0.2.1-6.el6_4.x86_64.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm

x86_64:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

x86_64:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-0.2.1-6.el6_4.x86_64.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

x86_64:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm

ppc64:
libtirpc-0.2.1-6.el6_4.ppc.rpm
libtirpc-0.2.1-6.el6_4.ppc64.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.ppc.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.ppc64.rpm

s390x:
libtirpc-0.2.1-6.el6_4.s390.rpm
libtirpc-0.2.1-6.el6_4.s390x.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.s390.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.s390x.rpm

x86_64:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-0.2.1-6.el6_4.x86_64.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm

ppc64:
libtirpc-debuginfo-0.2.1-6.el6_4.ppc.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.ppc64.rpm
libtirpc-devel-0.2.1-6.el6_4.ppc.rpm
libtirpc-devel-0.2.1-6.el6_4.ppc64.rpm

s390x:
libtirpc-debuginfo-0.2.1-6.el6_4.s390.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.s390x.rpm
libtirpc-devel-0.2.1-6.el6_4.s390.rpm
libtirpc-devel-0.2.1-6.el6_4.s390x.rpm

x86_64:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm

x86_64:
libtirpc-0.2.1-6.el6_4.i686.rpm
libtirpc-0.2.1-6.el6_4.x86_64.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libtirpc-0.2.1-6.el6_4.src.rpm

i386:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm

x86_64:
libtirpc-debuginfo-0.2.1-6.el6_4.i686.rpm
libtirpc-debuginfo-0.2.1-6.el6_4.x86_64.rpm
libtirpc-devel-0.2.1-6.el6_4.i686.rpm
libtirpc-devel-0.2.1-6.el6_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-1950.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFRp5ytXlSAg2UNWIIRAsebAJwPLGha/aFqOSvnNkYIJ/3eGRjNBACgmsih
oxZn+9c34eUu1zQ+3+4vdW4=
=km53
-----END PGP SIGNATURE-----