From bugzilla at redhat.com Mon Nov 4 18:21:22 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Nov 2013 18:21:22 +0000 Subject: [RHSA-2013:1500-01] Moderate: gc security update Message-ID: <201311041821.rA4ILMfB011328@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gc security update Advisory ID: RHSA-2013:1500-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1500.html Issue date: 2013-11-04 CVE Names: CVE-2012-2673 ===================================================================== 1. Summary: Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application. (CVE-2012-2673) Users of gc are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Applications using gc must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 828878 - CVE-2012-2673 gc: malloc() and calloc() overflows 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm x86_64: gc-7.1-12.el6_4.x86_64.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-debuginfo-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.i686.rpm x86_64: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm gc-devel-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm x86_64: gc-7.1-12.el6_4.i686.rpm gc-7.1-12.el6_4.x86_64.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm gc-devel-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm ppc64: gc-7.1-12.el6_4.ppc64.rpm gc-debuginfo-7.1-12.el6_4.ppc64.rpm s390x: gc-7.1-12.el6_4.s390x.rpm gc-debuginfo-7.1-12.el6_4.s390x.rpm x86_64: gc-7.1-12.el6_4.x86_64.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-debuginfo-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.i686.rpm ppc64: gc-7.1-12.el6_4.ppc.rpm gc-debuginfo-7.1-12.el6_4.ppc.rpm gc-debuginfo-7.1-12.el6_4.ppc64.rpm gc-devel-7.1-12.el6_4.ppc.rpm gc-devel-7.1-12.el6_4.ppc64.rpm s390x: gc-7.1-12.el6_4.s390.rpm gc-debuginfo-7.1-12.el6_4.s390.rpm gc-debuginfo-7.1-12.el6_4.s390x.rpm gc-devel-7.1-12.el6_4.s390.rpm gc-devel-7.1-12.el6_4.s390x.rpm x86_64: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm gc-devel-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm x86_64: gc-7.1-12.el6_4.x86_64.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gc-7.1-12.el6_4.src.rpm i386: gc-debuginfo-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.i686.rpm x86_64: gc-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.i686.rpm gc-debuginfo-7.1-12.el6_4.x86_64.rpm gc-devel-7.1-12.el6_4.i686.rpm gc-devel-7.1-12.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2673.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSd+WTXlSAg2UNWIIRAmX7AJ49PV3EOFF1T25T+NRTu9+gjkZqdACggayQ /qIA8TtBiBXNBkja+HT5U1o= =E9XU -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 5 18:58:26 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Nov 2013 18:58:26 +0000 Subject: [RHSA-2013:1505-01] Important: java-1.6.0-openjdk security update Message-ID: <201311051858.rA5IwQJq017113@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:1505-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1505.html Issue date: 2013-11-05 CVE Names: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782) The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830) Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850) Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809) The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802) Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823) Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784) It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778) Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797) Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780) The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772) The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019176 - CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4002.html https://www.redhat.com/security/data/cve/CVE-2013-5772.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5784.html https://www.redhat.com/security/data/cve/CVE-2013-5790.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5820.html https://www.redhat.com/security/data/cve/CVE-2013-5823.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://www.redhat.com/security/data/cve/CVE-2013-5850.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSeT/AXlSAg2UNWIIRAvBKAJ9vGve+1MyOR8lyLQffhBtOlcmxrgCfVKad ebAHvPvYFmwsG11PQeLu+bI= =+ckf -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 7 17:07:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Nov 2013 17:07:20 +0000 Subject: [RHSA-2013:1507-01] Critical: java-1.7.0-ibm security update Message-ID: <201311071707.rA7H7EeR022517@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2013:1507-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1507.html Issue date: 2013-11-07 CVE Names: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018755 - CVE-2013-5800 OpenJDK: default keytab path information leak (JGSS, 8022931) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018977 - CVE-2013-5851 OpenJDK: XML stream factory finder information leak (JAXP, 8013502) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019300 - CVE-2013-5838 OpenJDK: Vulnerability in Libraries component (Libraries, 7023639) 1019691 - CVE-2013-5824 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019692 - CVE-2013-5788 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019693 - CVE-2013-5787 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019697 - CVE-2013-5789 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019701 - CVE-2013-5843 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019702 - CVE-2013-5832 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019706 - CVE-2013-5812 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019710 - CVE-2013-5801 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019712 - CVE-2013-5776 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019713 - CVE-2013-5818 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019715 - CVE-2013-5819 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019716 - CVE-2013-5831 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019720 - CVE-2013-5848 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1027748 - CVE-2013-5456 IBM JDK: unspecified sandbox bypass (ORB) 1027754 - CVE-2013-5458 IBM JDK: unspecified sandbox bypass (XML) 1027760 - CVE-2013-5457 IBM JDK: unspecified sandbox bypass (ORB) 1027764 - CVE-2013-4041 IBM JDK: unspecified sandbox bypass (JVM) 1027768 - CVE-2013-5375 IBM JDK: unspecified sandbox bypass (XML) 1027825 - CVE-2013-5372 IBM JDK: XML4J xml entity expansion excessive memory use (XML) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm ppc: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4041.html https://www.redhat.com/security/data/cve/CVE-2013-5372.html https://www.redhat.com/security/data/cve/CVE-2013-5375.html https://www.redhat.com/security/data/cve/CVE-2013-5456.html https://www.redhat.com/security/data/cve/CVE-2013-5457.html https://www.redhat.com/security/data/cve/CVE-2013-5458.html https://www.redhat.com/security/data/cve/CVE-2013-5772.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5776.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5784.html https://www.redhat.com/security/data/cve/CVE-2013-5787.html https://www.redhat.com/security/data/cve/CVE-2013-5788.html https://www.redhat.com/security/data/cve/CVE-2013-5789.html https://www.redhat.com/security/data/cve/CVE-2013-5790.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5800.html https://www.redhat.com/security/data/cve/CVE-2013-5801.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5812.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5818.html https://www.redhat.com/security/data/cve/CVE-2013-5819.html https://www.redhat.com/security/data/cve/CVE-2013-5820.html https://www.redhat.com/security/data/cve/CVE-2013-5823.html https://www.redhat.com/security/data/cve/CVE-2013-5824.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5831.html https://www.redhat.com/security/data/cve/CVE-2013-5832.html https://www.redhat.com/security/data/cve/CVE-2013-5838.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5843.html https://www.redhat.com/security/data/cve/CVE-2013-5848.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://www.redhat.com/security/data/cve/CVE-2013-5850.html https://www.redhat.com/security/data/cve/CVE-2013-5851.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSe8ghXlSAg2UNWIIRAgQCAJ9O3UvBG+vhMICXle9blDKNTBc/OQCfWgVS R6qJKc835R+WrpHDdTVcaWk= =dGn4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 7 17:08:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Nov 2013 17:08:35 +0000 Subject: [RHSA-2013:1508-01] Critical: java-1.6.0-ibm security update Message-ID: <201311071708.rA7H8TBs023157@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2013:1508-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1508.html Issue date: 2013-11-07 CVE Names: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5457 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5789 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR15 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018977 - CVE-2013-5851 OpenJDK: XML stream factory finder information leak (JAXP, 8013502) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019691 - CVE-2013-5824 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019693 - CVE-2013-5787 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019697 - CVE-2013-5789 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019701 - CVE-2013-5843 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019702 - CVE-2013-5832 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019706 - CVE-2013-5812 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019710 - CVE-2013-5801 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019712 - CVE-2013-5776 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019713 - CVE-2013-5818 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019715 - CVE-2013-5819 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019716 - CVE-2013-5831 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019720 - CVE-2013-5848 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1027760 - CVE-2013-5457 IBM JDK: unspecified sandbox bypass (ORB) 1027764 - CVE-2013-4041 IBM JDK: unspecified sandbox bypass (JVM) 1027768 - CVE-2013-5375 IBM JDK: unspecified sandbox bypass (XML) 1027825 - CVE-2013-5372 IBM JDK: XML4J xml entity expansion excessive memory use (XML) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.i386.rpm ppc: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.s390.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4041.html https://www.redhat.com/security/data/cve/CVE-2013-5372.html https://www.redhat.com/security/data/cve/CVE-2013-5375.html https://www.redhat.com/security/data/cve/CVE-2013-5457.html https://www.redhat.com/security/data/cve/CVE-2013-5772.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5776.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5784.html https://www.redhat.com/security/data/cve/CVE-2013-5787.html https://www.redhat.com/security/data/cve/CVE-2013-5789.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5801.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5812.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5818.html https://www.redhat.com/security/data/cve/CVE-2013-5819.html https://www.redhat.com/security/data/cve/CVE-2013-5820.html https://www.redhat.com/security/data/cve/CVE-2013-5823.html https://www.redhat.com/security/data/cve/CVE-2013-5824.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5831.html https://www.redhat.com/security/data/cve/CVE-2013-5832.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5843.html https://www.redhat.com/security/data/cve/CVE-2013-5848.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://www.redhat.com/security/data/cve/CVE-2013-5850.html https://www.redhat.com/security/data/cve/CVE-2013-5851.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSe8jXXlSAg2UNWIIRAlasAKCF/FTTf0mHlJWUTRoqX/RZHDdHZwCfTn5o l4arnSvYVuv2Iga1N14OzOI= =3iS4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 7 17:09:51 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Nov 2013 17:09:51 +0000 Subject: [RHSA-2013:1509-01] Important: java-1.5.0-ibm security update Message-ID: <201311071709.rA7H9jfE006648@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2013:1509-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1509.html Issue date: 2013-11-07 CVE Names: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5790 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5849 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5849) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP4 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019701 - CVE-2013-5843 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019710 - CVE-2013-5801 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1027764 - CVE-2013-4041 IBM JDK: unspecified sandbox bypass (JVM) 1027768 - CVE-2013-5375 IBM JDK: unspecified sandbox bypass (XML) 1027825 - CVE-2013-5372 IBM JDK: XML4J xml entity expansion excessive memory use (XML) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.s390.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.4-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4041.html https://www.redhat.com/security/data/cve/CVE-2013-5372.html https://www.redhat.com/security/data/cve/CVE-2013-5375.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5790.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5801.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5843.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSe8knXlSAg2UNWIIRAn9MAJ0RhbrOUPlrwnayYPnH2UxjAWpn6gCcDlWa vA3DlMradQm4GX8/YCDVGss= =zzx3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 13 18:57:49 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Nov 2013 18:57:49 +0000 Subject: [RHSA-2013:1518-01] Critical: flash-plugin security update Message-ID: <201311131857.rADIvn0m030203@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1518-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1518.html Issue date: 2013-11-13 CVE Names: CVE-2013-5329 CVE-2013-5330 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-26, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-5329, CVE-2013-5330) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.327. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1029692 - CVE-2013-5329 CVE-2013-5330 flash-plugin: multiple code execution flaws (APSB13-26) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.327-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.327-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.327-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.327-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.327-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.327-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.327-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.327-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.327-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.327-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-5329.html https://www.redhat.com/security/data/cve/CVE-2013-5330.html https://access.redhat.com/security/updates/classification/#critical https://www.adobe.com/support/security/bulletins/apsb13-26.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSg8uMXlSAg2UNWIIRAtEAAKDDrKBaGnCcC0EQOr4jUcOA4YBJpwCgngTF kVbR6FWNRaPAjtWuYd/Rhp4= =iBmt -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 13 18:58:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Nov 2013 18:58:28 +0000 Subject: [RHSA-2013:1519-01] Important: kernel security and bug fix update Message-ID: <201311131858.rADIwTdA023236@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:1519-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1519.html Issue date: 2013-11-13 CVE Names: CVE-2012-4508 CVE-2013-4299 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - noarch, x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508, and Fujitsu for reporting CVE-2013-4299. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. This update also fixes the following bugs: * When the Audit subsystem was under heavy load, it could loop infinitely in the audit_log_start() function instead of failing over to the error recovery code. This would cause soft lockups in the kernel. With this update, the timeout condition in the audit_log_start() function has been modified to properly fail over when necessary. (BZ#1017898) * When handling Memory Type Range Registers (MTRRs), the stop_one_cpu_nowait() function could potentially be executed in parallel with the stop_machine() function, which resulted in a deadlock. The MTRR handling logic now uses the stop_machine() function and makes use of mutual exclusion to avoid the aforementioned deadlock. (BZ#1017902) * Power-limit notification interrupts were enabled by default. This could lead to degradation of system performance or even render the system unusable on certain platforms, such as Dell PowerEdge servers. Power-limit notification interrupts have been disabled by default and a new kernel command line parameter "int_pln_enable" has been added to allow users to observe these events using the existing system counters. Power-limit notification messages are also no longer displayed on the console. The affected platforms no longer suffer from degraded system performance due to this problem. (BZ#1020519) * Package level thermal and power limit events are not defined as MCE errors for the x86 architecture. However, the mcelog utility erroneously reported these events as MCE errors with the following message: kernel: [Hardware Error]: Machine check events logged Package level thermal and power limit events are no longer reported as MCE errors by mcelog. When these events are triggered, they are now reported only in the respective counters in sysfs (specifically, /sys/devices/system/cpu/cpu/thermal_throttle/). (BZ#1021950) * An insufficiently designed calculation in the CPU accelerator could cause an arithmetic overflow in the set_cyc2ns_scale() function if the system uptime exceeded 208 days prior to using kexec to boot into a new kernel. This overflow led to a kernel panic on systems using the Time Stamp Counter (TSC) clock source, primarily systems using Intel Xeon E5 processors that do not reset TSC on soft power cycles. A patch has been applied to modify the calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. (BZ#1024453) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure 1004233 - CVE-2013-4299 kernel: dm: dm-snapshot data leak 6. Package List: Red Hat Enterprise Linux Compute Node EUS (v. 6.2): Source: kernel-2.6.32-220.45.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.45.1.el6.noarch.rpm kernel-firmware-2.6.32-220.45.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.45.1.el6.x86_64.rpm kernel-devel-2.6.32-220.45.1.el6.x86_64.rpm kernel-headers-2.6.32-220.45.1.el6.x86_64.rpm perf-2.6.32-220.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2): Source: kernel-2.6.32-220.45.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm python-perf-2.6.32-220.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: kernel-2.6.32-220.45.1.el6.src.rpm i386: kernel-2.6.32-220.45.1.el6.i686.rpm kernel-debug-2.6.32-220.45.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-220.45.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.45.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.45.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.45.1.el6.i686.rpm kernel-devel-2.6.32-220.45.1.el6.i686.rpm kernel-headers-2.6.32-220.45.1.el6.i686.rpm perf-2.6.32-220.45.1.el6.i686.rpm perf-debuginfo-2.6.32-220.45.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.i686.rpm noarch: kernel-doc-2.6.32-220.45.1.el6.noarch.rpm kernel-firmware-2.6.32-220.45.1.el6.noarch.rpm ppc64: kernel-2.6.32-220.45.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-220.45.1.el6.ppc64.rpm kernel-debug-2.6.32-220.45.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-220.45.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.45.1.el6.ppc64.rpm kernel-devel-2.6.32-220.45.1.el6.ppc64.rpm kernel-headers-2.6.32-220.45.1.el6.ppc64.rpm perf-2.6.32-220.45.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm s390x: kernel-2.6.32-220.45.1.el6.s390x.rpm kernel-debug-2.6.32-220.45.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-220.45.1.el6.s390x.rpm kernel-debug-devel-2.6.32-220.45.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.45.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.45.1.el6.s390x.rpm kernel-devel-2.6.32-220.45.1.el6.s390x.rpm kernel-headers-2.6.32-220.45.1.el6.s390x.rpm kernel-kdump-2.6.32-220.45.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.45.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-220.45.1.el6.s390x.rpm perf-2.6.32-220.45.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.45.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.s390x.rpm x86_64: kernel-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.45.1.el6.x86_64.rpm kernel-devel-2.6.32-220.45.1.el6.x86_64.rpm kernel-headers-2.6.32-220.45.1.el6.x86_64.rpm perf-2.6.32-220.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: kernel-2.6.32-220.45.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-220.45.1.el6.i686.rpm kernel-debuginfo-2.6.32-220.45.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-220.45.1.el6.i686.rpm perf-debuginfo-2.6.32-220.45.1.el6.i686.rpm python-perf-2.6.32-220.45.1.el6.i686.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-220.45.1.el6.ppc64.rpm perf-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm python-perf-2.6.32-220.45.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-220.45.1.el6.s390x.rpm kernel-debuginfo-2.6.32-220.45.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-220.45.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-220.45.1.el6.s390x.rpm perf-debuginfo-2.6.32-220.45.1.el6.s390x.rpm python-perf-2.6.32-220.45.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.45.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm python-perf-2.6.32-220.45.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.45.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4508.html https://www.redhat.com/security/data/cve/CVE-2013-4299.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSg8u/XlSAg2UNWIIRAu11AJ4w9FlzIAQyVEskmkkEiaxxoEQyGwCeIHTE 0iYz3l9OpRfVQj1Ranal8kI= =Su10 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 14 17:51:07 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Nov 2013 17:51:07 +0000 Subject: [RHSA-2013:1520-01] Moderate: kernel security, bug fix, and enhancement update Message-ID: <201311141751.rAEHp8Cp010473@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2013:1520-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1520.html Issue date: 2013-11-14 CVE Names: CVE-2013-4162 CVE-2013-4299 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues, one bug, and add two enhancements are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces; this support is required to facilitate advanced OpenStack Networking deployments. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299. This update also fixes the following bug: * Prior to this update, while performing Generic Routing Encapsulation (GRE), the possibility of having a 802.1Q inner header was not considered during the Generic Segmentation Offloading (GSO). With this update, a check has been added to detect the use of 802.1Q and handle the packet accordingly. (BZ#1005804) In addition, this update adds the following enhancements: * This update adds support for Distributed Overlay Virtual Ethernet (DOVE). (BZ#1009025) * This update adds support for Virtual Extensible LAN (VXLAN) as an Open vSwitch (OVS) tunneling type. (BZ#1009006) More information on the Red Hat Enterprise Linux 6.4 kernel packages upon which these custom kernel packages are based is available in RHSA-2013:1436: https://rhn.redhat.com/errata/RHSA-2013-1436.html All Red Hat OpenStack 3.0 users deploying the OpenStack Networking service are advised to install these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 This Red Hat OpenStack 3.0 kernel may be installed by running this command while logged in as the root user on a system that has the required entitlements and subscriptions attached: # yum install "kernel-2.6.*.openstack.el6.x86_64" Documentation for both stable and preview releases of Red Hat OpenStack is available at: https://access.redhat.com/site/documentation/Red_Hat_OpenStack/ In particular it is highly recommended that all users read the Release Notes document for the relevant Red Hat OpenStack release prior to installation. 5. Bugs fixed (http://bugzilla.redhat.com/): 987627 - CVE-2013-4162 Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK enabled 1004233 - CVE-2013-4299 kernel: dm: dm-snapshot data leak 1005804 - modem-like speed when transmitting TCP to a floating IP 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/kernel-2.6.32-358.123.4.openstack.el6.src.rpm noarch: kernel-doc-2.6.32-358.123.4.openstack.el6.noarch.rpm kernel-firmware-2.6.32-358.123.4.openstack.el6.noarch.rpm x86_64: kernel-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-debug-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-devel-2.6.32-358.123.4.openstack.el6.x86_64.rpm kernel-headers-2.6.32-358.123.4.openstack.el6.x86_64.rpm perf-2.6.32-358.123.4.openstack.el6.x86_64.rpm perf-debuginfo-2.6.32-358.123.4.openstack.el6.x86_64.rpm python-perf-2.6.32-358.123.4.openstack.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.123.4.openstack.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4162.html https://www.redhat.com/security/data/cve/CVE-2013-4299.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-1436.html https://access.redhat.com/site/documentation/Red_Hat_OpenStack/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFShQ17XlSAg2UNWIIRAtzJAJ4wvd5M6ecxXlTrbOTDzZapwIkhpACfff/6 TG5dAEXzTLPrJAQ5e3PMV5o= =jO1u -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 14 17:51:33 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Nov 2013 17:51:33 +0000 Subject: [RHSA-2013:1521-01] Moderate: python-django security update Message-ID: <201311141751.rAEHpXOn017859@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2013:1521-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1521.html Issue date: 2013-11-14 CVE Names: CVE-2013-4315 CVE-2013-6044 ===================================================================== 1. Summary: Updated python-django packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS (for example, "javascript:") as safe. An attacker could potentially use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-6044) A directory traversal flaw was found in Django's "ssi" template tag, which takes a file path as input and outputs that file's contents. An attacker able to alter templates that made use of the "ssi" tag on a site could use this flaw to access any local files accessible to Django. (CVE-2013-4315) Red Hat would like to thank James Bennett of Django for reporting CVE-2013-4315. All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1004969 - CVE-2013-4315 python-django: directory traversal with "ssi" template tag 1016394 - CVE-2013-6044 python-django: xss in is_safe_url function 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/Django14-1.4.8-1.el6ost.src.rpm noarch: Django14-1.4.8-1.el6ost.noarch.rpm Django14-doc-1.4.8-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4315.html https://www.redhat.com/security/data/cve/CVE-2013-6044.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFShQ2TXlSAg2UNWIIRAvVrAJ9l0Q70ky02euwUHjW1iYMTULcrhQCghGRQ l1CQ7Lg10xTVHDBOK8Wq66g= =3cET -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 14 17:51:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Nov 2013 17:51:59 +0000 Subject: [RHSA-2013:1522-01] Moderate: Foreman security update Message-ID: <201311141751.rAEHpxG1010970@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Foreman security update Advisory ID: RHSA-2013:1522-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1522.html Issue date: 2013-11-14 CVE Names: CVE-2013-4386 ===================================================================== 1. Summary: Updated Foreman packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ It was found that Foreman did not correctly sanitize values of the "fqdn" and "hostgroup" parameters, allowing an attacker to provide a specially crafted value for these parameters and perform an SQL injection attack. (CVE-2013-4386) This issue was discovered by Dominic Cleal of Red Hat. Users of Foreman are advised to upgrade to these updated packages, which correct this issue. In Red Hat OpenStack, Foreman runs on the Apache HTTP Server using mod_passenger. As such, after installing the updated packages, the httpd service must be restarted ("service httpd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1013076 - CVE-2013-4386 Foreman: host and host group parameter SQL injection 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-foreman-1.1.10014-1.3.el6ost.src.rpm noarch: ruby193-foreman-1.1.10014-1.3.el6ost.noarch.rpm ruby193-foreman-mysql-1.1.10014-1.3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4386.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFShQ2tXlSAg2UNWIIRAmxjAJ9bjc1c28083loyjYS7w3VzmNL4YgCfVR5Q WoGAvQVyh8EFNuu0UU1AwZs= =HV/Q -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 14 17:52:27 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Nov 2013 17:52:27 +0000 Subject: [RHSA-2013:1523-01] Moderate: ruby193-ruby security update Message-ID: <201311141752.rAEHqRB9011839@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-ruby security update Advisory ID: RHSA-2013:1523-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1523.html Issue date: 2013-11-14 CVE Names: CVE-2013-4287 ===================================================================== 1. Summary: Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) Red Hat would like to thank Rubygems upstream for reporting this issue. Upstream acknowledges Damir Sharipov as the original reporter. Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1002364 - CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-ruby-1.9.3.448-40.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-rubygems-1.8.24-9.el6ost.src.rpm noarch: ruby193-ruby-irb-1.9.3.448-40.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-40.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-40.el6.noarch.rpm ruby193-rubygems-1.8.24-9.el6ost.noarch.rpm ruby193-rubygems-devel-1.8.24-9.el6ost.noarch.rpm x86_64: ruby193-ruby-1.9.3.448-40.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.448-40.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.448-40.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.448-40.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.448-40.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.448-40.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-40.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-40.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-40.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4287.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFShQ3LXlSAg2UNWIIRAjICAKCIqG8/+o32UhzF2gtOPSOYr9X29ACeIwsW xZN4CnRsPvnvI9QAEdvEjn4= =S3Ka -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 18 19:29:19 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Nov 2013 19:29:19 +0000 Subject: [RHSA-2013:1524-01] Moderate: openstack-keystone security and bug fix update Message-ID: <201311181929.rAIJTJRJ026770@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security and bug fix update Advisory ID: RHSA-2013:1524-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1524.html Issue date: 2013-11-18 CVE Names: CVE-2013-4222 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that tokens issued to a tenant were not invalidated when that tenant was disabled in Keystone. This could allow users assigned to a disabled tenant to retain access to resources they should no longer be able to access. (CVE-2013-4222) These updated packages have been upgraded to upstream version 2013.1.4, which provides a number of bug fixes over the previous version. (BZ#1021641) This update also fixes the following bug: * WebOb 1.0 has been removed from the Red Hat Openstack 3.0 package requirements; all packages now use WebOb 1.2.3. (BZ#1012694) All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 995598 - CVE-2013-4222 OpenStack: Keystone disabling a tenant does not disable a user token 1012694 - python-keystone erroneously requires webob1.0 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2013.1.4-1.el6ost.src.rpm noarch: openstack-keystone-2013.1.4-1.el6ost.noarch.rpm openstack-keystone-doc-2013.1.4-1.el6ost.noarch.rpm python-keystone-2013.1.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4222.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSimqCXlSAg2UNWIIRAulbAJ4yG5RVsIJpuespGIFkbIx5yzgNkwCgvrH3 Xz6dh1aYJ14IRWfwhE847pk= =hJjT -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 18 19:29:35 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Nov 2013 19:29:35 +0000 Subject: [RHSA-2013:1525-01] Moderate: openstack-glance security and bug fix update Message-ID: <201311181929.rAIJTZMD029896@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security and bug fix update Advisory ID: RHSA-2013:1525-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1525.html Issue date: 2013-11-18 CVE Names: CVE-2013-4428 ===================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-glance packages provide a service (code name Glance) that acts as a registry for virtual machine images. A flaw was found in the Glance download_image policy enforcement for cached system images. When an image was previously cached by an authorized download, any authenticated user able to determine the image by its UUID could download that image, bypassing the download_image policy. Only setups making use of the download_image policy were affected. (CVE-2013-4428) Red Hat would like to thank the OpenStack Project for reporting this issue. The OpenStack Project acknowledges Stuart McLaren from HP as the original reporter. These updated openstack-glance packages have been upgraded to upstream version 2013.1.4, which provides a number of bug fixes over the previous version. (BZ#1021640) All users of openstack-glance are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the running Glance services must be manually restarted (using "service [service name] restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1019572 - CVE-2013-4428 OpenStack Glance: image_download policy not enforced for cached images 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-glance-2013.1.4-1.el6ost.src.rpm noarch: openstack-glance-2013.1.4-1.el6ost.noarch.rpm openstack-glance-doc-2013.1.4-1.el6ost.noarch.rpm python-glance-2013.1.4-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4428.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSimqWXlSAg2UNWIIRAoQVAKCFlk9fHIAl52SUEg0KO8Ko2Hnk5QCeIJ0T flLkW31ub6f2/1s5CIlEBcU= =pyKL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 18 19:30:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Nov 2013 19:30:14 +0000 Subject: [RHSA-2013:1526-01] Moderate: nagios security update Message-ID: <201311181930.rAIJUEdC010894@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nagios security update Advisory ID: RHSA-2013:1526-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1526.html Issue date: 2013-11-18 CVE Names: CVE-2013-2029 CVE-2013-4214 ===================================================================== 1. Summary: Updated nagios packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - x86_64 3. Description: Nagios is a program that can monitor hosts and services on your network. It can send email or page alerts when problems arise and when problems are resolved. Multiple insecure temporary file creation flaws were found in Nagios. A local attacker could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2029, CVE-2013-4214) These issues were discovered by Grant Murphy of the Red Hat Product Security Team. All users of Nagios are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 958002 - CVE-2013-4214 Nagios core: html/rss-newsfeed.php insecure temporary file usage 958015 - CVE-2013-2029 Nagios core: Insecure temporary file usage in nagios.upgrade_to_v3.sh 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/nagios-3.5.1-2.el6ost.src.rpm x86_64: nagios-3.5.1-2.el6ost.x86_64.rpm nagios-common-3.5.1-2.el6ost.x86_64.rpm nagios-debuginfo-3.5.1-2.el6ost.x86_64.rpm nagios-devel-3.5.1-2.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2029.html https://www.redhat.com/security/data/cve/CVE-2013-4214.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSimqoXlSAg2UNWIIRAhCNAJ0QdH76LO0n6AYxlgcviwSfjpHNlACbBnMi mpULJVQPP3dZZcXvhYu2DnE= =SViK -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:09:13 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:09:13 +0000 Subject: [RHSA-2013:1536-02] Moderate: libguestfs security, bug fix, and enhancement update Message-ID: <201311210405.rAL45eGb001778@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libguestfs security, bug fix, and enhancement update Advisory ID: RHSA-2013:1536-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1536.html Issue date: 2013-11-21 CVE Names: CVE-2013-4419 ===================================================================== 1. Summary: Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials. (CVE-2013-4419) This issue was discovered by Michael Scherer of the Red Hat Regional IT team. These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All libguestfs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 892291 - guestmount: link() incorrectly returns ENOENT, when it should be EXDEV 892834 - guestmount: rename() incorrectly follows symbolic links 908255 - error message didn't translate to user language 909666 - Unexpected non-tail recursion in recv_from_daemon results in stack overflow in very long-running API calls that send progress messages 958183 - Rebase libguestfs in RHEL 6.5 971207 - guestfish aug-init command fails: libguestfs: error: aug_init: Augeas initialization failed 971326 - ntfsresize-opts execute failed when omitted the 'size' option 971664 - Need add some removed commands back into guestfish in RHEL 6.5 972413 - txz-out command produces a bzip2-compressed file (should be xz-compressed) 973425 - lsscsi is not available in 6client 975377 - inspect-get-hostname return unknown for linux guest in rhel6 975572 - virt-sysprep is in the wrong subpackage 975753 - "virt-resize --expand" and "virt-resize --resize" outputs error message for Win2008 32bit OS 975760 - Specifying virtio interface ('iface' parameter) breaks the appliance attach-method - libguestfs hangs 980358 - filesystem-available should return false for xfs in rhel6 980372 - "hivex-commit" should fail with a relative path 980502 - libguestfs is not able to be built with yum cache from multiple repos 983690 - libguestfs double free when kernel link fails during launch 985269 - Can't set acl value for a specified user with 'acl-set-file' 988863 - virt-sysprep --firstboot option writes incorrect "99" (instead of "S99") sysv-init-style start up script 989352 - cap-get-file will return error if the file has not be set capabilities 996039 - guestfish does not work due to conflict of remote and interactive mode 997884 - 9p support should be disabled in libguestfs in RHEL 6 998108 - Let's enable kvmclock in RHEL 6 1000122 - 'sh' command before mount causes daemon to segfault 1016960 - CVE-2013-4419 libguestfs: insecure temporary directory handling for guestfish's network socket 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-1.20.11-2.el6.x86_64.rpm libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-java-1.20.11-2.el6.x86_64.rpm libguestfs-tools-1.20.11-2.el6.x86_64.rpm libguestfs-tools-c-1.20.11-2.el6.x86_64.rpm perl-Sys-Guestfs-1.20.11-2.el6.x86_64.rpm python-libguestfs-1.20.11-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libguestfs-1.20.11-2.el6.src.rpm x86_64: libguestfs-debuginfo-1.20.11-2.el6.x86_64.rpm libguestfs-devel-1.20.11-2.el6.x86_64.rpm libguestfs-java-devel-1.20.11-2.el6.x86_64.rpm libguestfs-javadoc-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-1.20.11-2.el6.x86_64.rpm ocaml-libguestfs-devel-1.20.11-2.el6.x86_64.rpm ruby-libguestfs-1.20.11-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4419.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/libguestfs.html#RHSA-2013-1536 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYZeXlSAg2UNWIIRApOlAJ93mbE4ij0MdlyXKg/PhRORZHG2sQCff+/n uh1BReL9EF9iwz1aWTh2OPE= =WNFJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:09:47 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:09:47 +0000 Subject: [RHSA-2013:1537-02] Low: augeas security, bug fix, and enhancement update Message-ID: <201311210406.rAL46F80002271@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: augeas security, bug fix, and enhancement update Advisory ID: RHSA-2013:1537-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1537.html Issue date: 2013-11-21 CVE Names: CVE-2012-0786 CVE-2012-0787 ===================================================================== 1. Summary: Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753) This update also fixes the following bugs: * Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885) * Prior to this update, Augeas was unable to set up the "require_ssl_reuse" option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022) * Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879) * Previously, Augeas was unable to parse modprobe.conf files with spaces around "=" characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752) All Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 772257 - CVE-2012-0786 augeas: susceptible to symlink attack 772261 - CVE-2012-0787 augeas: susceptible to mountpoint attack 826752 - virsh iface-list produces an error when "options ipv6 disable = 1" is in an /etc/modprobe.d file 855022 - Augeas can't setup "require_ssl_reuse" option in vsftpd.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.i686.rpm x86_64: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-libs-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.i686.rpm x86_64: augeas-1.0.0-5.el6.x86_64.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-devel-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm x86_64: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-libs-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm x86_64: augeas-1.0.0-5.el6.x86_64.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-devel-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.i686.rpm ppc64: augeas-debuginfo-1.0.0-5.el6.ppc.rpm augeas-debuginfo-1.0.0-5.el6.ppc64.rpm augeas-libs-1.0.0-5.el6.ppc.rpm augeas-libs-1.0.0-5.el6.ppc64.rpm s390x: augeas-debuginfo-1.0.0-5.el6.s390.rpm augeas-debuginfo-1.0.0-5.el6.s390x.rpm augeas-libs-1.0.0-5.el6.s390.rpm augeas-libs-1.0.0-5.el6.s390x.rpm x86_64: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-libs-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.i686.rpm ppc64: augeas-1.0.0-5.el6.ppc64.rpm augeas-debuginfo-1.0.0-5.el6.ppc.rpm augeas-debuginfo-1.0.0-5.el6.ppc64.rpm augeas-devel-1.0.0-5.el6.ppc.rpm augeas-devel-1.0.0-5.el6.ppc64.rpm s390x: augeas-1.0.0-5.el6.s390x.rpm augeas-debuginfo-1.0.0-5.el6.s390.rpm augeas-debuginfo-1.0.0-5.el6.s390x.rpm augeas-devel-1.0.0-5.el6.s390.rpm augeas-devel-1.0.0-5.el6.s390x.rpm x86_64: augeas-1.0.0-5.el6.x86_64.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-devel-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.i686.rpm x86_64: augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-libs-1.0.0-5.el6.i686.rpm augeas-libs-1.0.0-5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/augeas-1.0.0-5.el6.src.rpm i386: augeas-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.i686.rpm x86_64: augeas-1.0.0-5.el6.x86_64.rpm augeas-debuginfo-1.0.0-5.el6.i686.rpm augeas-debuginfo-1.0.0-5.el6.x86_64.rpm augeas-devel-1.0.0-5.el6.i686.rpm augeas-devel-1.0.0-5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0786.html https://www.redhat.com/security/data/cve/CVE-2012-0787.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYawXlSAg2UNWIIRAgHXAKCn6sCME5S6bi7ibui/4PeU+Jh0yACgvHoh 5wA0r5DrXU9eqqtbtrn++nQ= =Zhnj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:11:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:11:01 +0000 Subject: [RHSA-2013:1540-02] Low: evolution security, bug fix, and enhancement update Message-ID: <201311210407.rAL47TBn032668@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: evolution security, bug fix, and enhancement update Advisory ID: RHSA-2013:1540-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1540.html Issue date: 2013-11-21 CVE Names: CVE-2013-4166 ===================================================================== 1. Summary: Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug: * The Exchange Calendar could not fetch the "Free" and "Busy" information for meeting attendees when using Microsoft Exchange 2010 servers, and this information thus could not be displayed. This happened because Microsoft Exchange 2010 servers use more strict rules for "Free" and "Busy" information fetching. With this update, the respective code in the openchange packages has been modified so the "Free" and "Busy" information fetching now complies with the fetching rules on Microsoft Exchange 2010 servers. The "Free" and "Busy" information can now be displayed as expected in the Exchange Calendar. (BZ#665967) All Evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Evolution must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 589263 - [PATCH] Google contacts can unlock its cache causing slow updating 602667 - [PATCH] [abrt] evolution-2.28.3-3.el6: camel_msgport_try_pop, camel_operation_cancel_check, regen_list_done 615969 - Whitespaces drop on paste 619842 - Attached email message is empty in forwarded email 624851 - Evolution mail client: Unable to load encryption cert from the smart card to send/receive encrypted messages. 626690 - [mail] HTML format - header 1 size Text becomes Normal after selecting strike, italic, underline format 628174 - [cal] Listview - Copy Paste is not working 630314 - [evol][ml_IN] - Translation Short-cuts are inconsistent 665967 - Free/busy fetch broken 667081 - evo - Crash in alarm-queue.c:display_notification 670917 - Evolution reports cancelled meeting is in disabled calendar 683402 - gnome bug #615384 - Use contact's free/busy URL only when not empty 689429 - Button "Open With" doesn't work 692658 - [PATCH] evolution can't load caldav calendars with a space in their name 694134 - Contacts in evolution-mapi address book are not searchable 694142 - Global Address List is not displayed when it loads for the first time 696620 - Crash in retrieval_done of OnTheWeb calendar 698243 - Alarms can't be set on meetings/appointments filed by others 698246 - Calendar password dialog box has insane default 700726 - [i686] Folders are not migrated 700733 - Folder summary information is not properly updated after migration 700789 - [evol][ml_IN] - Translation Short-cuts are inconsistent 702608 - sending link and close will not kill all evolution processes 724843 - [abrt] evolution-2.28.3-24.el6: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV) 737865 - Accepting invitation of event in Evolution doesn't change its state in Zimbra 739968 - Initialize dbus-glib threading in evolution-data-server 750916 - Evolution should offer TLSv1 for IMAPS handshake 772652 - Evolution picks default account address when it does not make sense 804651 - CalDAV backend doesn't respect "Copy for offline" option 809542 - When auto-moving within message list, move to "most preferred" or "least preferred unread" 810460 - when going to offline mode, evolution shows sync dialog window on top of last opened main window, not actual window 811980 - Adding event to Google calendar reports error in Evolution 813266 - Deadlock on folder search 815363 - RFE: Add Reply to List to toolbar 815371 - When copying & pasting a name with chinese characters via clipboard, quoted-printable text is pasted 832973 - segfault in connect_header() after attempt to save view layout with unicode in its name 838750 - [RFE] Add support for exchange's delegate email feature to Evolution 857003 - bad czech translation string: "Nenalezena ud?lost '$CALENDAR' v kalend??i" 903728 - [abrt] crash in get_server_data, e_cal_backend_mapi_send_objects 905591 - Error while refreshing folder 906267 - [abrt] Use-after-free in impl_ShellView_setButtonIcon() 906341 - Cannot create a new MAPI Book/Calendar 909259 - Accepted meeting gets duplicated 919002 - when there is no message selected, don't select any message after flip of read/important icon in msg list 949610 - Don't block UI while downloading message attachment 950005 - evolution doesn't download some messages from imap, showing their bodies as zero size (and with zero size attachment of text/html) 951118 - Prefer-plain suppresses its own HTML attachments recursively 955587 - Do not consider PGP and S/MIME subparts as attachments 956064 - [abrt] Crash on name-selector's GConf access from multiple threads 956510 - [abrt] Crash in remove_queued_alarm() 962331 - Initialize dbus-glib threading in evolution 962499 - evolution should use information from gpg's status file (descriptor) to determine encryption and signature status 970013 - Workaround QResync Zimbra bug in IMAP+ 971073 - [abrt-caught bug] evolution 2.32 crashed in imapx_command_select_done 971496 - Notify user about question dialogs 971621 - Book factory stuck waiting on WebDAV backend view stop 973276 - Rebuild cheese for evolution-data-server rebase 973279 - Rebuild control-center for evolution-data-server rebase 973281 - Rebuild ekiga for evolution-data-server rebase 973284 - Rebuild gnome-panel for evolution-data-server rebase 973285 - Rebuild gnome-python2-desktop for evolution-data-server rebase 973287 - Rebuild nautilus-sendto for evolution-data-server rebase 973288 - Rebuild pidgin for evolution-data-server rebase 973289 - Rebuild planner for evolution-data-server rebase 973728 - CVE-2013-4166 evolution: incorrect selection of recipient gpg public key for encrypted mail 974234 - [abrt] Crash in try_open_e_book_cb() 974647 - Load extensions in GObject::constructed 975394 - "Can not connect to destination" on webcal calendar produces a pop-up instead of status-bar warning 977292 - 'evolution --force-shutdown' should kill e-d-s processes as well 977395 - 'evolution --force-shutdown' should kill e-d-s processes as well 978525 - CamelSession's network-available never set to TRUE, only to FALSE 983964 - e-calendar-factory performs network io for caldav in the main thread 991074 - [abrt] Unnecessary crash due to g_assert() call 1000323 - Subpackage evolution-devel is no longer multilib-clean for all multilib arches 1000325 - Subpackage evolution-exchange is no longer multilib-clean for s390x vs s390 1005072 - Unable to authenticate to Exchange MAPI server after update 1014677 - Search filter persists when changing folders 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cheese-2.28.1-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ekiga-3.2.6-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-2.32.3-30.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-data-server-2.32.3-18.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-exchange-2.32.3-16.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-mapi-0.32.2-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gtkhtml3-3.32.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libgdata-0.6.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openchange-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-11.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/planner-0.14.4-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: cheese-2.28.1-8.el6.i686.rpm cheese-debuginfo-2.28.1-8.el6.i686.rpm control-center-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-extra-2.28.1-39.el6.i686.rpm control-center-filesystem-2.28.1-39.el6.i686.rpm ekiga-3.2.6-4.el6.i686.rpm ekiga-debuginfo-3.2.6-4.el6.i686.rpm evolution-2.32.3-30.el6.i686.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-mapi-0.32.2-12.el6.i686.rpm evolution-mapi-debuginfo-0.32.2-12.el6.i686.rpm gnome-panel-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-python2-applet-2.28.0-5.el6.i686.rpm gnome-python2-bugbuddy-2.28.0-5.el6.i686.rpm gnome-python2-desktop-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.i686.rpm gnome-python2-libwnck-2.28.0-5.el6.i686.rpm gnome-python2-rsvg-2.28.0-5.el6.i686.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libpurple-2.7.9-11.el6.i686.rpm nautilus-sendto-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm openchange-1.0-6.el6.i686.rpm openchange-debuginfo-1.0-6.el6.i686.rpm pidgin-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm planner-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm totem-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-mozplugin-2.28.6-4.el6.i686.rpm totem-nautilus-2.28.6-4.el6.i686.rpm totem-upnp-2.28.6-4.el6.i686.rpm noarch: evolution-help-2.32.3-30.el6.noarch.rpm x86_64: cheese-2.28.1-8.el6.x86_64.rpm cheese-debuginfo-2.28.1-8.el6.x86_64.rpm control-center-2.28.1-39.el6.i686.rpm control-center-2.28.1-39.el6.x86_64.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-extra-2.28.1-39.el6.x86_64.rpm control-center-filesystem-2.28.1-39.el6.x86_64.rpm ekiga-3.2.6-4.el6.x86_64.rpm ekiga-debuginfo-3.2.6-4.el6.x86_64.rpm evolution-2.32.3-30.el6.i686.rpm evolution-2.32.3-30.el6.x86_64.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-2.32.3-18.el6.x86_64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.x86_64.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.x86_64.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-2.32.3-16.el6.x86_64.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.x86_64.rpm evolution-mapi-0.32.2-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.x86_64.rpm gnome-panel-2.30.2-15.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.x86_64.rpm gnome-python2-applet-2.28.0-5.el6.x86_64.rpm gnome-python2-bugbuddy-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.x86_64.rpm gnome-python2-libwnck-2.28.0-5.el6.x86_64.rpm gnome-python2-rsvg-2.28.0-5.el6.x86_64.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-3.32.2-2.el6.x86_64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.x86_64.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-0.6.4-2.el6.x86_64.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.x86_64.rpm libpurple-2.7.9-11.el6.i686.rpm libpurple-2.7.9-11.el6.x86_64.rpm nautilus-sendto-2.28.2-4.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm openchange-1.0-6.el6.x86_64.rpm openchange-debuginfo-1.0-6.el6.x86_64.rpm pidgin-2.7.9-11.el6.x86_64.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.x86_64.rpm planner-0.14.4-10.el6.i686.rpm planner-0.14.4-10.el6.x86_64.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.x86_64.rpm totem-2.28.6-4.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-mozplugin-2.28.6-4.el6.x86_64.rpm totem-nautilus-2.28.6-4.el6.x86_64.rpm totem-upnp-2.28.6-4.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-2.32.3-30.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-data-server-2.32.3-18.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/evolution-mapi-0.32.2-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gtkhtml3-3.32.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libgdata-0.6.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openchange-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/pidgin-2.7.9-11.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/planner-0.14.4-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-mapi-debuginfo-0.32.2-12.el6.i686.rpm evolution-mapi-devel-0.32.2-12.el6.i686.rpm evolution-perl-2.32.3-30.el6.i686.rpm evolution-pst-2.32.3-30.el6.i686.rpm evolution-spamassassin-2.32.3-30.el6.i686.rpm finch-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-python2-brasero-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-evince-2.28.0-5.el6.i686.rpm gnome-python2-evolution-2.28.0-5.el6.i686.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.i686.rpm gnome-python2-gnomeprint-2.28.0-5.el6.i686.rpm gnome-python2-gtksourceview-2.28.0-5.el6.i686.rpm gnome-python2-libgtop2-2.28.0-5.el6.i686.rpm gnome-python2-metacity-2.28.0-5.el6.i686.rpm gnome-python2-totem-2.28.0-5.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-perl-2.7.9-11.el6.i686.rpm libpurple-tcl-2.7.9-11.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm openchange-client-1.0-6.el6.i686.rpm openchange-debuginfo-1.0-6.el6.i686.rpm openchange-devel-1.0-6.el6.i686.rpm openchange-devel-docs-1.0-6.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-docs-2.7.9-11.el6.i686.rpm pidgin-perl-2.7.9-11.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-eds-0.14.4-10.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-jamendo-2.28.6-4.el6.i686.rpm totem-youtube-2.28.6-4.el6.i686.rpm noarch: evolution-data-server-doc-2.32.3-18.el6.noarch.rpm evolution-devel-docs-2.32.3-30.el6.noarch.rpm x86_64: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-devel-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.x86_64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.x86_64.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.x86_64.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.x86_64.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.x86_64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.x86_64.rpm evolution-mapi-devel-0.32.2-12.el6.x86_64.rpm evolution-perl-2.32.3-30.el6.x86_64.rpm evolution-pst-2.32.3-30.el6.x86_64.rpm evolution-spamassassin-2.32.3-30.el6.x86_64.rpm finch-2.7.9-11.el6.i686.rpm finch-2.7.9-11.el6.x86_64.rpm finch-devel-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.x86_64.rpm gnome-python2-brasero-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-evince-2.28.0-5.el6.x86_64.rpm gnome-python2-evolution-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomeprint-2.28.0-5.el6.x86_64.rpm gnome-python2-gtksourceview-2.28.0-5.el6.x86_64.rpm gnome-python2-libgtop2-2.28.0-5.el6.x86_64.rpm gnome-python2-metacity-2.28.0-5.el6.x86_64.rpm gnome-python2-totem-2.28.0-5.el6.x86_64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.x86_64.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.x86_64.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.x86_64.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.x86_64.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-devel-2.7.9-11.el6.x86_64.rpm libpurple-perl-2.7.9-11.el6.x86_64.rpm libpurple-tcl-2.7.9-11.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.x86_64.rpm openchange-client-1.0-6.el6.x86_64.rpm openchange-debuginfo-1.0-6.el6.x86_64.rpm openchange-devel-1.0-6.el6.x86_64.rpm openchange-devel-docs-1.0-6.el6.x86_64.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.x86_64.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.x86_64.rpm pidgin-docs-2.7.9-11.el6.x86_64.rpm pidgin-perl-2.7.9-11.el6.x86_64.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.x86_64.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.x86_64.rpm planner-eds-0.14.4-10.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.x86_64.rpm totem-jamendo-2.28.6-4.el6.x86_64.rpm totem-youtube-2.28.6-4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm x86_64: gnome-python2-desktop-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/evolution-data-server-2.32.3-18.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libgdata-0.6.4-2.el6.src.rpm noarch: evolution-data-server-doc-2.32.3-18.el6.noarch.rpm x86_64: control-center-2.28.1-39.el6.i686.rpm control-center-2.28.1-39.el6.x86_64.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-devel-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.x86_64.rpm control-center-extra-2.28.1-39.el6.x86_64.rpm control-center-filesystem-2.28.1-39.el6.x86_64.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-2.32.3-18.el6.x86_64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.x86_64.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.x86_64.rpm gnome-panel-2.30.2-15.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.x86_64.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.x86_64.rpm gnome-python2-applet-2.28.0-5.el6.x86_64.rpm gnome-python2-brasero-2.28.0-5.el6.x86_64.rpm gnome-python2-bugbuddy-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-evince-2.28.0-5.el6.x86_64.rpm gnome-python2-evolution-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomeprint-2.28.0-5.el6.x86_64.rpm gnome-python2-gtksourceview-2.28.0-5.el6.x86_64.rpm gnome-python2-libgtop2-2.28.0-5.el6.x86_64.rpm gnome-python2-libwnck-2.28.0-5.el6.x86_64.rpm gnome-python2-metacity-2.28.0-5.el6.x86_64.rpm gnome-python2-rsvg-2.28.0-5.el6.x86_64.rpm gnome-python2-totem-2.28.0-5.el6.x86_64.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-0.6.4-2.el6.x86_64.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.x86_64.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cheese-2.28.1-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-data-server-2.32.3-18.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libgdata-0.6.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: cheese-2.28.1-8.el6.i686.rpm cheese-debuginfo-2.28.1-8.el6.i686.rpm control-center-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-extra-2.28.1-39.el6.i686.rpm control-center-filesystem-2.28.1-39.el6.i686.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm gnome-panel-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-python2-applet-2.28.0-5.el6.i686.rpm gnome-python2-bugbuddy-2.28.0-5.el6.i686.rpm gnome-python2-desktop-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.i686.rpm gnome-python2-libwnck-2.28.0-5.el6.i686.rpm gnome-python2-rsvg-2.28.0-5.el6.i686.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.i686.rpm nautilus-sendto-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm totem-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-mozplugin-2.28.6-4.el6.i686.rpm totem-nautilus-2.28.6-4.el6.i686.rpm totem-upnp-2.28.6-4.el6.i686.rpm noarch: evolution-data-server-doc-2.32.3-18.el6.noarch.rpm ppc64: cheese-2.28.1-8.el6.ppc64.rpm cheese-debuginfo-2.28.1-8.el6.ppc64.rpm control-center-2.28.1-39.el6.ppc.rpm control-center-2.28.1-39.el6.ppc64.rpm control-center-debuginfo-2.28.1-39.el6.ppc.rpm control-center-debuginfo-2.28.1-39.el6.ppc64.rpm control-center-extra-2.28.1-39.el6.ppc64.rpm control-center-filesystem-2.28.1-39.el6.ppc64.rpm evolution-data-server-2.32.3-18.el6.ppc.rpm evolution-data-server-2.32.3-18.el6.ppc64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.ppc.rpm evolution-data-server-debuginfo-2.32.3-18.el6.ppc64.rpm evolution-data-server-devel-2.32.3-18.el6.ppc.rpm evolution-data-server-devel-2.32.3-18.el6.ppc64.rpm gnome-panel-2.30.2-15.el6.ppc64.rpm gnome-panel-debuginfo-2.30.2-15.el6.ppc.rpm gnome-panel-debuginfo-2.30.2-15.el6.ppc64.rpm gnome-panel-libs-2.30.2-15.el6.ppc.rpm gnome-panel-libs-2.30.2-15.el6.ppc64.rpm gnome-python2-applet-2.28.0-5.el6.ppc64.rpm gnome-python2-bugbuddy-2.28.0-5.el6.ppc64.rpm gnome-python2-desktop-2.28.0-5.el6.ppc64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.ppc64.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.ppc64.rpm gnome-python2-libwnck-2.28.0-5.el6.ppc64.rpm gnome-python2-rsvg-2.28.0-5.el6.ppc64.rpm libgdata-0.6.4-2.el6.ppc.rpm libgdata-0.6.4-2.el6.ppc64.rpm libgdata-debuginfo-0.6.4-2.el6.ppc.rpm libgdata-debuginfo-0.6.4-2.el6.ppc64.rpm libgdata-devel-0.6.4-2.el6.ppc.rpm libgdata-devel-0.6.4-2.el6.ppc64.rpm nautilus-sendto-2.28.2-4.el6.ppc64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.ppc64.rpm totem-2.28.6-4.el6.ppc64.rpm totem-debuginfo-2.28.6-4.el6.ppc64.rpm totem-mozplugin-2.28.6-4.el6.ppc64.rpm totem-nautilus-2.28.6-4.el6.ppc64.rpm totem-upnp-2.28.6-4.el6.ppc64.rpm s390x: cheese-2.28.1-8.el6.s390x.rpm cheese-debuginfo-2.28.1-8.el6.s390x.rpm control-center-2.28.1-39.el6.s390.rpm control-center-2.28.1-39.el6.s390x.rpm control-center-debuginfo-2.28.1-39.el6.s390.rpm control-center-debuginfo-2.28.1-39.el6.s390x.rpm control-center-extra-2.28.1-39.el6.s390x.rpm control-center-filesystem-2.28.1-39.el6.s390x.rpm evolution-data-server-2.32.3-18.el6.s390.rpm evolution-data-server-2.32.3-18.el6.s390x.rpm evolution-data-server-debuginfo-2.32.3-18.el6.s390.rpm evolution-data-server-debuginfo-2.32.3-18.el6.s390x.rpm evolution-data-server-devel-2.32.3-18.el6.s390.rpm evolution-data-server-devel-2.32.3-18.el6.s390x.rpm gnome-panel-2.30.2-15.el6.s390x.rpm gnome-panel-debuginfo-2.30.2-15.el6.s390.rpm gnome-panel-debuginfo-2.30.2-15.el6.s390x.rpm gnome-panel-libs-2.30.2-15.el6.s390.rpm gnome-panel-libs-2.30.2-15.el6.s390x.rpm gnome-python2-applet-2.28.0-5.el6.s390x.rpm gnome-python2-bugbuddy-2.28.0-5.el6.s390x.rpm gnome-python2-desktop-2.28.0-5.el6.s390x.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.s390x.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.s390x.rpm gnome-python2-libwnck-2.28.0-5.el6.s390x.rpm gnome-python2-rsvg-2.28.0-5.el6.s390x.rpm libgdata-0.6.4-2.el6.s390.rpm libgdata-0.6.4-2.el6.s390x.rpm libgdata-debuginfo-0.6.4-2.el6.s390.rpm libgdata-debuginfo-0.6.4-2.el6.s390x.rpm libgdata-devel-0.6.4-2.el6.s390.rpm libgdata-devel-0.6.4-2.el6.s390x.rpm nautilus-sendto-2.28.2-4.el6.s390x.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.s390x.rpm totem-2.28.6-4.el6.s390x.rpm totem-debuginfo-2.28.6-4.el6.s390x.rpm totem-mozplugin-2.28.6-4.el6.s390x.rpm totem-nautilus-2.28.6-4.el6.s390x.rpm totem-upnp-2.28.6-4.el6.s390x.rpm x86_64: cheese-2.28.1-8.el6.x86_64.rpm cheese-debuginfo-2.28.1-8.el6.x86_64.rpm control-center-2.28.1-39.el6.i686.rpm control-center-2.28.1-39.el6.x86_64.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-extra-2.28.1-39.el6.x86_64.rpm control-center-filesystem-2.28.1-39.el6.x86_64.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-2.32.3-18.el6.x86_64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.x86_64.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.x86_64.rpm gnome-panel-2.30.2-15.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.x86_64.rpm gnome-python2-applet-2.28.0-5.el6.x86_64.rpm gnome-python2-bugbuddy-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.x86_64.rpm gnome-python2-libwnck-2.28.0-5.el6.x86_64.rpm gnome-python2-rsvg-2.28.0-5.el6.x86_64.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-0.6.4-2.el6.x86_64.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.x86_64.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.x86_64.rpm nautilus-sendto-2.28.2-4.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm totem-2.28.6-4.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-mozplugin-2.28.6-4.el6.x86_64.rpm totem-nautilus-2.28.6-4.el6.x86_64.rpm totem-upnp-2.28.6-4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ekiga-3.2.6-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-2.32.3-30.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-exchange-2.32.3-16.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/evolution-mapi-0.32.2-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gtkhtml3-3.32.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openchange-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pidgin-2.7.9-11.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/planner-0.14.4-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.i686.rpm ekiga-3.2.6-4.el6.i686.rpm ekiga-debuginfo-3.2.6-4.el6.i686.rpm evolution-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-mapi-0.32.2-12.el6.i686.rpm evolution-mapi-debuginfo-0.32.2-12.el6.i686.rpm evolution-mapi-devel-0.32.2-12.el6.i686.rpm evolution-perl-2.32.3-30.el6.i686.rpm evolution-pst-2.32.3-30.el6.i686.rpm evolution-spamassassin-2.32.3-30.el6.i686.rpm finch-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-python2-brasero-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-evince-2.28.0-5.el6.i686.rpm gnome-python2-evolution-2.28.0-5.el6.i686.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.i686.rpm gnome-python2-gnomeprint-2.28.0-5.el6.i686.rpm gnome-python2-gtksourceview-2.28.0-5.el6.i686.rpm gnome-python2-libgtop2-2.28.0-5.el6.i686.rpm gnome-python2-metacity-2.28.0-5.el6.i686.rpm gnome-python2-totem-2.28.0-5.el6.i686.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm libpurple-2.7.9-11.el6.i686.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-perl-2.7.9-11.el6.i686.rpm libpurple-tcl-2.7.9-11.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm openchange-1.0-6.el6.i686.rpm openchange-client-1.0-6.el6.i686.rpm openchange-debuginfo-1.0-6.el6.i686.rpm openchange-devel-1.0-6.el6.i686.rpm openchange-devel-docs-1.0-6.el6.i686.rpm pidgin-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-docs-2.7.9-11.el6.i686.rpm pidgin-perl-2.7.9-11.el6.i686.rpm planner-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-eds-0.14.4-10.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-jamendo-2.28.6-4.el6.i686.rpm totem-youtube-2.28.6-4.el6.i686.rpm noarch: evolution-devel-docs-2.32.3-30.el6.noarch.rpm evolution-help-2.32.3-30.el6.noarch.rpm ppc64: control-center-debuginfo-2.28.1-39.el6.ppc.rpm control-center-debuginfo-2.28.1-39.el6.ppc64.rpm control-center-devel-2.28.1-39.el6.ppc.rpm control-center-devel-2.28.1-39.el6.ppc64.rpm ekiga-3.2.6-4.el6.ppc64.rpm ekiga-debuginfo-3.2.6-4.el6.ppc64.rpm evolution-2.32.3-30.el6.ppc.rpm evolution-2.32.3-30.el6.ppc64.rpm evolution-debuginfo-2.32.3-30.el6.ppc.rpm evolution-debuginfo-2.32.3-30.el6.ppc64.rpm evolution-devel-2.32.3-30.el6.ppc.rpm evolution-devel-2.32.3-30.el6.ppc64.rpm evolution-exchange-2.32.3-16.el6.ppc.rpm evolution-exchange-2.32.3-16.el6.ppc64.rpm evolution-exchange-debuginfo-2.32.3-16.el6.ppc.rpm evolution-exchange-debuginfo-2.32.3-16.el6.ppc64.rpm evolution-mapi-0.32.2-12.el6.ppc64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.ppc64.rpm evolution-mapi-devel-0.32.2-12.el6.ppc64.rpm evolution-perl-2.32.3-30.el6.ppc64.rpm evolution-pst-2.32.3-30.el6.ppc64.rpm evolution-spamassassin-2.32.3-30.el6.ppc64.rpm finch-2.7.9-11.el6.ppc.rpm finch-2.7.9-11.el6.ppc64.rpm finch-devel-2.7.9-11.el6.ppc.rpm finch-devel-2.7.9-11.el6.ppc64.rpm gnome-panel-debuginfo-2.30.2-15.el6.ppc.rpm gnome-panel-debuginfo-2.30.2-15.el6.ppc64.rpm gnome-panel-devel-2.30.2-15.el6.ppc.rpm gnome-panel-devel-2.30.2-15.el6.ppc64.rpm gnome-python2-brasero-2.28.0-5.el6.ppc64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.ppc64.rpm gnome-python2-evince-2.28.0-5.el6.ppc64.rpm gnome-python2-evolution-2.28.0-5.el6.ppc64.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.ppc64.rpm gnome-python2-gnomeprint-2.28.0-5.el6.ppc64.rpm gnome-python2-gtksourceview-2.28.0-5.el6.ppc64.rpm gnome-python2-libgtop2-2.28.0-5.el6.ppc64.rpm gnome-python2-metacity-2.28.0-5.el6.ppc64.rpm gnome-python2-totem-2.28.0-5.el6.ppc64.rpm gtkhtml3-3.32.2-2.el6.ppc.rpm gtkhtml3-3.32.2-2.el6.ppc64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.ppc.rpm gtkhtml3-debuginfo-3.32.2-2.el6.ppc64.rpm gtkhtml3-devel-3.32.2-2.el6.ppc.rpm gtkhtml3-devel-3.32.2-2.el6.ppc64.rpm libpurple-2.7.9-11.el6.ppc.rpm libpurple-2.7.9-11.el6.ppc64.rpm libpurple-devel-2.7.9-11.el6.ppc.rpm libpurple-devel-2.7.9-11.el6.ppc64.rpm libpurple-perl-2.7.9-11.el6.ppc64.rpm libpurple-tcl-2.7.9-11.el6.ppc64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.ppc.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.ppc64.rpm nautilus-sendto-devel-2.28.2-4.el6.ppc.rpm nautilus-sendto-devel-2.28.2-4.el6.ppc64.rpm openchange-1.0-6.el6.ppc64.rpm openchange-client-1.0-6.el6.ppc64.rpm openchange-debuginfo-1.0-6.el6.ppc64.rpm openchange-devel-1.0-6.el6.ppc64.rpm openchange-devel-docs-1.0-6.el6.ppc64.rpm pidgin-2.7.9-11.el6.ppc64.rpm pidgin-debuginfo-2.7.9-11.el6.ppc.rpm pidgin-debuginfo-2.7.9-11.el6.ppc64.rpm pidgin-devel-2.7.9-11.el6.ppc.rpm pidgin-devel-2.7.9-11.el6.ppc64.rpm pidgin-docs-2.7.9-11.el6.ppc64.rpm pidgin-perl-2.7.9-11.el6.ppc64.rpm planner-0.14.4-10.el6.ppc.rpm planner-0.14.4-10.el6.ppc64.rpm planner-debuginfo-0.14.4-10.el6.ppc.rpm planner-debuginfo-0.14.4-10.el6.ppc64.rpm planner-devel-0.14.4-10.el6.ppc.rpm planner-devel-0.14.4-10.el6.ppc64.rpm planner-eds-0.14.4-10.el6.ppc64.rpm totem-debuginfo-2.28.6-4.el6.ppc.rpm totem-debuginfo-2.28.6-4.el6.ppc64.rpm totem-devel-2.28.6-4.el6.ppc.rpm totem-devel-2.28.6-4.el6.ppc64.rpm totem-jamendo-2.28.6-4.el6.ppc64.rpm totem-youtube-2.28.6-4.el6.ppc64.rpm s390x: control-center-debuginfo-2.28.1-39.el6.s390.rpm control-center-debuginfo-2.28.1-39.el6.s390x.rpm control-center-devel-2.28.1-39.el6.s390.rpm control-center-devel-2.28.1-39.el6.s390x.rpm ekiga-3.2.6-4.el6.s390x.rpm ekiga-debuginfo-3.2.6-4.el6.s390x.rpm evolution-2.32.3-30.el6.s390.rpm evolution-2.32.3-30.el6.s390x.rpm evolution-debuginfo-2.32.3-30.el6.s390.rpm evolution-debuginfo-2.32.3-30.el6.s390x.rpm evolution-devel-2.32.3-30.el6.s390.rpm evolution-devel-2.32.3-30.el6.s390x.rpm evolution-exchange-2.32.3-16.el6.s390.rpm evolution-exchange-2.32.3-16.el6.s390x.rpm evolution-exchange-debuginfo-2.32.3-16.el6.s390.rpm evolution-exchange-debuginfo-2.32.3-16.el6.s390x.rpm evolution-mapi-0.32.2-12.el6.s390x.rpm evolution-mapi-debuginfo-0.32.2-12.el6.s390x.rpm evolution-mapi-devel-0.32.2-12.el6.s390x.rpm evolution-perl-2.32.3-30.el6.s390x.rpm evolution-pst-2.32.3-30.el6.s390x.rpm evolution-spamassassin-2.32.3-30.el6.s390x.rpm gnome-panel-debuginfo-2.30.2-15.el6.s390.rpm gnome-panel-debuginfo-2.30.2-15.el6.s390x.rpm gnome-panel-devel-2.30.2-15.el6.s390.rpm gnome-panel-devel-2.30.2-15.el6.s390x.rpm gnome-python2-brasero-2.28.0-5.el6.s390x.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.s390x.rpm gnome-python2-evince-2.28.0-5.el6.s390x.rpm gnome-python2-evolution-2.28.0-5.el6.s390x.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.s390x.rpm gnome-python2-gnomeprint-2.28.0-5.el6.s390x.rpm gnome-python2-gtksourceview-2.28.0-5.el6.s390x.rpm gnome-python2-libgtop2-2.28.0-5.el6.s390x.rpm gnome-python2-metacity-2.28.0-5.el6.s390x.rpm gnome-python2-totem-2.28.0-5.el6.s390x.rpm gtkhtml3-3.32.2-2.el6.s390.rpm gtkhtml3-3.32.2-2.el6.s390x.rpm gtkhtml3-debuginfo-3.32.2-2.el6.s390.rpm gtkhtml3-debuginfo-3.32.2-2.el6.s390x.rpm gtkhtml3-devel-3.32.2-2.el6.s390.rpm gtkhtml3-devel-3.32.2-2.el6.s390x.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.s390.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.s390x.rpm nautilus-sendto-devel-2.28.2-4.el6.s390.rpm nautilus-sendto-devel-2.28.2-4.el6.s390x.rpm openchange-1.0-6.el6.s390x.rpm openchange-client-1.0-6.el6.s390x.rpm openchange-debuginfo-1.0-6.el6.s390x.rpm openchange-devel-1.0-6.el6.s390x.rpm openchange-devel-docs-1.0-6.el6.s390x.rpm planner-0.14.4-10.el6.s390.rpm planner-0.14.4-10.el6.s390x.rpm planner-debuginfo-0.14.4-10.el6.s390.rpm planner-debuginfo-0.14.4-10.el6.s390x.rpm planner-devel-0.14.4-10.el6.s390.rpm planner-devel-0.14.4-10.el6.s390x.rpm planner-eds-0.14.4-10.el6.s390x.rpm totem-debuginfo-2.28.6-4.el6.s390.rpm totem-debuginfo-2.28.6-4.el6.s390x.rpm totem-devel-2.28.6-4.el6.s390.rpm totem-devel-2.28.6-4.el6.s390x.rpm totem-jamendo-2.28.6-4.el6.s390x.rpm totem-youtube-2.28.6-4.el6.s390x.rpm x86_64: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-devel-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.x86_64.rpm ekiga-3.2.6-4.el6.x86_64.rpm ekiga-debuginfo-3.2.6-4.el6.x86_64.rpm evolution-2.32.3-30.el6.i686.rpm evolution-2.32.3-30.el6.x86_64.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.x86_64.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.x86_64.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-2.32.3-16.el6.x86_64.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.x86_64.rpm evolution-mapi-0.32.2-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.x86_64.rpm evolution-mapi-devel-0.32.2-12.el6.x86_64.rpm evolution-perl-2.32.3-30.el6.x86_64.rpm evolution-pst-2.32.3-30.el6.x86_64.rpm evolution-spamassassin-2.32.3-30.el6.x86_64.rpm finch-2.7.9-11.el6.i686.rpm finch-2.7.9-11.el6.x86_64.rpm finch-devel-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.x86_64.rpm gnome-python2-brasero-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-evince-2.28.0-5.el6.x86_64.rpm gnome-python2-evolution-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomeprint-2.28.0-5.el6.x86_64.rpm gnome-python2-gtksourceview-2.28.0-5.el6.x86_64.rpm gnome-python2-libgtop2-2.28.0-5.el6.x86_64.rpm gnome-python2-metacity-2.28.0-5.el6.x86_64.rpm gnome-python2-totem-2.28.0-5.el6.x86_64.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-3.32.2-2.el6.x86_64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.x86_64.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.x86_64.rpm libpurple-2.7.9-11.el6.i686.rpm libpurple-2.7.9-11.el6.x86_64.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-devel-2.7.9-11.el6.x86_64.rpm libpurple-perl-2.7.9-11.el6.x86_64.rpm libpurple-tcl-2.7.9-11.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.x86_64.rpm openchange-1.0-6.el6.x86_64.rpm openchange-client-1.0-6.el6.x86_64.rpm openchange-debuginfo-1.0-6.el6.x86_64.rpm openchange-devel-1.0-6.el6.x86_64.rpm openchange-devel-docs-1.0-6.el6.x86_64.rpm pidgin-2.7.9-11.el6.x86_64.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.x86_64.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.x86_64.rpm pidgin-docs-2.7.9-11.el6.x86_64.rpm pidgin-perl-2.7.9-11.el6.x86_64.rpm planner-0.14.4-10.el6.i686.rpm planner-0.14.4-10.el6.x86_64.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.x86_64.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.x86_64.rpm planner-eds-0.14.4-10.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.x86_64.rpm totem-jamendo-2.28.6-4.el6.x86_64.rpm totem-youtube-2.28.6-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cheese-2.28.1-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ekiga-3.2.6-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-2.32.3-30.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-data-server-2.32.3-18.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-exchange-2.32.3-16.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-mapi-0.32.2-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gtkhtml3-3.32.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libgdata-0.6.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openchange-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-11.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/planner-0.14.4-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: cheese-2.28.1-8.el6.i686.rpm cheese-debuginfo-2.28.1-8.el6.i686.rpm control-center-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-extra-2.28.1-39.el6.i686.rpm control-center-filesystem-2.28.1-39.el6.i686.rpm ekiga-3.2.6-4.el6.i686.rpm ekiga-debuginfo-3.2.6-4.el6.i686.rpm evolution-2.32.3-30.el6.i686.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-mapi-0.32.2-12.el6.i686.rpm evolution-mapi-debuginfo-0.32.2-12.el6.i686.rpm gnome-panel-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-python2-applet-2.28.0-5.el6.i686.rpm gnome-python2-bugbuddy-2.28.0-5.el6.i686.rpm gnome-python2-desktop-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.i686.rpm gnome-python2-libwnck-2.28.0-5.el6.i686.rpm gnome-python2-rsvg-2.28.0-5.el6.i686.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libpurple-2.7.9-11.el6.i686.rpm nautilus-sendto-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm openchange-1.0-6.el6.i686.rpm openchange-debuginfo-1.0-6.el6.i686.rpm pidgin-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm planner-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm totem-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-mozplugin-2.28.6-4.el6.i686.rpm totem-nautilus-2.28.6-4.el6.i686.rpm totem-upnp-2.28.6-4.el6.i686.rpm noarch: evolution-data-server-doc-2.32.3-18.el6.noarch.rpm evolution-help-2.32.3-30.el6.noarch.rpm x86_64: cheese-2.28.1-8.el6.x86_64.rpm cheese-debuginfo-2.28.1-8.el6.x86_64.rpm control-center-2.28.1-39.el6.i686.rpm control-center-2.28.1-39.el6.x86_64.rpm control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-extra-2.28.1-39.el6.x86_64.rpm control-center-filesystem-2.28.1-39.el6.x86_64.rpm ekiga-3.2.6-4.el6.x86_64.rpm ekiga-debuginfo-3.2.6-4.el6.x86_64.rpm evolution-2.32.3-30.el6.i686.rpm evolution-2.32.3-30.el6.x86_64.rpm evolution-data-server-2.32.3-18.el6.i686.rpm evolution-data-server-2.32.3-18.el6.x86_64.rpm evolution-data-server-debuginfo-2.32.3-18.el6.i686.rpm evolution-data-server-debuginfo-2.32.3-18.el6.x86_64.rpm evolution-data-server-devel-2.32.3-18.el6.i686.rpm evolution-data-server-devel-2.32.3-18.el6.x86_64.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.x86_64.rpm evolution-exchange-2.32.3-16.el6.i686.rpm evolution-exchange-2.32.3-16.el6.x86_64.rpm evolution-exchange-debuginfo-2.32.3-16.el6.i686.rpm evolution-exchange-debuginfo-2.32.3-16.el6.x86_64.rpm evolution-mapi-0.32.2-12.el6.x86_64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.x86_64.rpm gnome-panel-2.30.2-15.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-libs-2.30.2-15.el6.i686.rpm gnome-panel-libs-2.30.2-15.el6.x86_64.rpm gnome-python2-applet-2.28.0-5.el6.x86_64.rpm gnome-python2-bugbuddy-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomekeyring-2.28.0-5.el6.x86_64.rpm gnome-python2-libwnck-2.28.0-5.el6.x86_64.rpm gnome-python2-rsvg-2.28.0-5.el6.x86_64.rpm gtkhtml3-3.32.2-2.el6.i686.rpm gtkhtml3-3.32.2-2.el6.x86_64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.x86_64.rpm libgdata-0.6.4-2.el6.i686.rpm libgdata-0.6.4-2.el6.x86_64.rpm libgdata-debuginfo-0.6.4-2.el6.i686.rpm libgdata-debuginfo-0.6.4-2.el6.x86_64.rpm libgdata-devel-0.6.4-2.el6.i686.rpm libgdata-devel-0.6.4-2.el6.x86_64.rpm libpurple-2.7.9-11.el6.i686.rpm libpurple-2.7.9-11.el6.x86_64.rpm nautilus-sendto-2.28.2-4.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm openchange-1.0-6.el6.x86_64.rpm openchange-debuginfo-1.0-6.el6.x86_64.rpm pidgin-2.7.9-11.el6.x86_64.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.x86_64.rpm planner-0.14.4-10.el6.i686.rpm planner-0.14.4-10.el6.x86_64.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.x86_64.rpm totem-2.28.6-4.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-mozplugin-2.28.6-4.el6.x86_64.rpm totem-nautilus-2.28.6-4.el6.x86_64.rpm totem-upnp-2.28.6-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/control-center-2.28.1-39.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-2.32.3-30.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/evolution-mapi-0.32.2-12.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnome-panel-2.30.2-15.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gnome-python2-desktop-2.28.0-5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gtkhtml3-3.32.2-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nautilus-sendto-2.28.2-4.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openchange-1.0-6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/pidgin-2.7.9-11.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/planner-0.14.4-10.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/totem-2.28.6-4.el6.src.rpm i386: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-mapi-debuginfo-0.32.2-12.el6.i686.rpm evolution-mapi-devel-0.32.2-12.el6.i686.rpm evolution-perl-2.32.3-30.el6.i686.rpm evolution-pst-2.32.3-30.el6.i686.rpm evolution-spamassassin-2.32.3-30.el6.i686.rpm finch-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-python2-brasero-2.28.0-5.el6.i686.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.i686.rpm gnome-python2-evince-2.28.0-5.el6.i686.rpm gnome-python2-evolution-2.28.0-5.el6.i686.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.i686.rpm gnome-python2-gnomeprint-2.28.0-5.el6.i686.rpm gnome-python2-gtksourceview-2.28.0-5.el6.i686.rpm gnome-python2-libgtop2-2.28.0-5.el6.i686.rpm gnome-python2-metacity-2.28.0-5.el6.i686.rpm gnome-python2-totem-2.28.0-5.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-perl-2.7.9-11.el6.i686.rpm libpurple-tcl-2.7.9-11.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm openchange-client-1.0-6.el6.i686.rpm openchange-debuginfo-1.0-6.el6.i686.rpm openchange-devel-1.0-6.el6.i686.rpm openchange-devel-docs-1.0-6.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-docs-2.7.9-11.el6.i686.rpm pidgin-perl-2.7.9-11.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-eds-0.14.4-10.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-jamendo-2.28.6-4.el6.i686.rpm totem-youtube-2.28.6-4.el6.i686.rpm noarch: evolution-devel-docs-2.32.3-30.el6.noarch.rpm x86_64: control-center-debuginfo-2.28.1-39.el6.i686.rpm control-center-debuginfo-2.28.1-39.el6.x86_64.rpm control-center-devel-2.28.1-39.el6.i686.rpm control-center-devel-2.28.1-39.el6.x86_64.rpm evolution-debuginfo-2.32.3-30.el6.i686.rpm evolution-debuginfo-2.32.3-30.el6.x86_64.rpm evolution-devel-2.32.3-30.el6.i686.rpm evolution-devel-2.32.3-30.el6.x86_64.rpm evolution-mapi-debuginfo-0.32.2-12.el6.x86_64.rpm evolution-mapi-devel-0.32.2-12.el6.x86_64.rpm evolution-perl-2.32.3-30.el6.x86_64.rpm evolution-pst-2.32.3-30.el6.x86_64.rpm evolution-spamassassin-2.32.3-30.el6.x86_64.rpm finch-2.7.9-11.el6.i686.rpm finch-2.7.9-11.el6.x86_64.rpm finch-devel-2.7.9-11.el6.i686.rpm finch-devel-2.7.9-11.el6.x86_64.rpm gnome-panel-debuginfo-2.30.2-15.el6.i686.rpm gnome-panel-debuginfo-2.30.2-15.el6.x86_64.rpm gnome-panel-devel-2.30.2-15.el6.i686.rpm gnome-panel-devel-2.30.2-15.el6.x86_64.rpm gnome-python2-brasero-2.28.0-5.el6.x86_64.rpm gnome-python2-desktop-debuginfo-2.28.0-5.el6.x86_64.rpm gnome-python2-evince-2.28.0-5.el6.x86_64.rpm gnome-python2-evolution-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomedesktop-2.28.0-5.el6.x86_64.rpm gnome-python2-gnomeprint-2.28.0-5.el6.x86_64.rpm gnome-python2-gtksourceview-2.28.0-5.el6.x86_64.rpm gnome-python2-libgtop2-2.28.0-5.el6.x86_64.rpm gnome-python2-metacity-2.28.0-5.el6.x86_64.rpm gnome-python2-totem-2.28.0-5.el6.x86_64.rpm gtkhtml3-debuginfo-3.32.2-2.el6.i686.rpm gtkhtml3-debuginfo-3.32.2-2.el6.x86_64.rpm gtkhtml3-devel-3.32.2-2.el6.i686.rpm gtkhtml3-devel-3.32.2-2.el6.x86_64.rpm libpurple-devel-2.7.9-11.el6.i686.rpm libpurple-devel-2.7.9-11.el6.x86_64.rpm libpurple-perl-2.7.9-11.el6.x86_64.rpm libpurple-tcl-2.7.9-11.el6.x86_64.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.i686.rpm nautilus-sendto-debuginfo-2.28.2-4.el6.x86_64.rpm nautilus-sendto-devel-2.28.2-4.el6.i686.rpm nautilus-sendto-devel-2.28.2-4.el6.x86_64.rpm openchange-client-1.0-6.el6.x86_64.rpm openchange-debuginfo-1.0-6.el6.x86_64.rpm openchange-devel-1.0-6.el6.x86_64.rpm openchange-devel-docs-1.0-6.el6.x86_64.rpm pidgin-debuginfo-2.7.9-11.el6.i686.rpm pidgin-debuginfo-2.7.9-11.el6.x86_64.rpm pidgin-devel-2.7.9-11.el6.i686.rpm pidgin-devel-2.7.9-11.el6.x86_64.rpm pidgin-docs-2.7.9-11.el6.x86_64.rpm pidgin-perl-2.7.9-11.el6.x86_64.rpm planner-debuginfo-0.14.4-10.el6.i686.rpm planner-debuginfo-0.14.4-10.el6.x86_64.rpm planner-devel-0.14.4-10.el6.i686.rpm planner-devel-0.14.4-10.el6.x86_64.rpm planner-eds-0.14.4-10.el6.x86_64.rpm totem-debuginfo-2.28.6-4.el6.i686.rpm totem-debuginfo-2.28.6-4.el6.x86_64.rpm totem-devel-2.28.6-4.el6.i686.rpm totem-devel-2.28.6-4.el6.x86_64.rpm totem-jamendo-2.28.6-4.el6.x86_64.rpm totem-youtube-2.28.6-4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4166.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYb2XlSAg2UNWIIRAvEMAJ94KUsNz4n9V+tEdT1+2iT8pUdCpACgi7Il C3a57c6awe+C+mvfHVRnzKw= =6eXj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:13:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:13:21 +0000 Subject: [RHSA-2013:1542-02] Moderate: samba security, bug fix, and enhancement update Message-ID: <201311210409.rAL49mEF003084@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: RHSA-2013:1542-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1542.html Issue date: 2013-11-21 CVE Names: CVE-2013-0213 CVE-2013-0214 CVE-2013-4124 ===================================================================== 1. Summary: Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 905700 - CVE-2013-0213 samba: clickjacking vulnerability in SWAT 905704 - CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT 984401 - CVE-2013-4124 samba: DoS via integer overflow when reading an EA list 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-3.6.9-164.el6.i686.rpm samba-client-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-winbind-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm x86_64: libsmbclient-3.6.9-164.el6.i686.rpm libsmbclient-3.6.9-164.el6.x86_64.rpm samba-client-3.6.9-164.el6.x86_64.rpm samba-common-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-winbind-3.6.9-164.el6.x86_64.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-devel-3.6.9-164.el6.i686.rpm samba-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-doc-3.6.9-164.el6.i686.rpm samba-domainjoin-gui-3.6.9-164.el6.i686.rpm samba-swat-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-krb5-locator-3.6.9-164.el6.i686.rpm x86_64: libsmbclient-devel-3.6.9-164.el6.i686.rpm libsmbclient-devel-3.6.9-164.el6.x86_64.rpm samba-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-doc-3.6.9-164.el6.x86_64.rpm samba-domainjoin-gui-3.6.9-164.el6.x86_64.rpm samba-swat-3.6.9-164.el6.x86_64.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.x86_64.rpm samba-winbind-krb5-locator-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm x86_64: samba-client-3.6.9-164.el6.x86_64.rpm samba-common-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-winbind-3.6.9-164.el6.x86_64.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm x86_64: libsmbclient-3.6.9-164.el6.i686.rpm libsmbclient-3.6.9-164.el6.x86_64.rpm libsmbclient-devel-3.6.9-164.el6.i686.rpm libsmbclient-devel-3.6.9-164.el6.x86_64.rpm samba-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-doc-3.6.9-164.el6.x86_64.rpm samba-domainjoin-gui-3.6.9-164.el6.x86_64.rpm samba-swat-3.6.9-164.el6.x86_64.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.x86_64.rpm samba-winbind-krb5-locator-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-3.6.9-164.el6.i686.rpm samba-3.6.9-164.el6.i686.rpm samba-client-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-winbind-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm ppc64: libsmbclient-3.6.9-164.el6.ppc.rpm libsmbclient-3.6.9-164.el6.ppc64.rpm samba-3.6.9-164.el6.ppc64.rpm samba-client-3.6.9-164.el6.ppc64.rpm samba-common-3.6.9-164.el6.ppc.rpm samba-common-3.6.9-164.el6.ppc64.rpm samba-debuginfo-3.6.9-164.el6.ppc.rpm samba-debuginfo-3.6.9-164.el6.ppc64.rpm samba-winbind-3.6.9-164.el6.ppc64.rpm samba-winbind-clients-3.6.9-164.el6.ppc.rpm samba-winbind-clients-3.6.9-164.el6.ppc64.rpm s390x: libsmbclient-3.6.9-164.el6.s390.rpm libsmbclient-3.6.9-164.el6.s390x.rpm samba-3.6.9-164.el6.s390x.rpm samba-client-3.6.9-164.el6.s390x.rpm samba-common-3.6.9-164.el6.s390.rpm samba-common-3.6.9-164.el6.s390x.rpm samba-debuginfo-3.6.9-164.el6.s390.rpm samba-debuginfo-3.6.9-164.el6.s390x.rpm samba-winbind-3.6.9-164.el6.s390x.rpm samba-winbind-clients-3.6.9-164.el6.s390.rpm samba-winbind-clients-3.6.9-164.el6.s390x.rpm x86_64: libsmbclient-3.6.9-164.el6.i686.rpm libsmbclient-3.6.9-164.el6.x86_64.rpm samba-3.6.9-164.el6.x86_64.rpm samba-client-3.6.9-164.el6.x86_64.rpm samba-common-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-winbind-3.6.9-164.el6.x86_64.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-devel-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-doc-3.6.9-164.el6.i686.rpm samba-domainjoin-gui-3.6.9-164.el6.i686.rpm samba-swat-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-krb5-locator-3.6.9-164.el6.i686.rpm ppc64: libsmbclient-devel-3.6.9-164.el6.ppc.rpm libsmbclient-devel-3.6.9-164.el6.ppc64.rpm samba-debuginfo-3.6.9-164.el6.ppc.rpm samba-debuginfo-3.6.9-164.el6.ppc64.rpm samba-doc-3.6.9-164.el6.ppc64.rpm samba-domainjoin-gui-3.6.9-164.el6.ppc64.rpm samba-swat-3.6.9-164.el6.ppc64.rpm samba-winbind-devel-3.6.9-164.el6.ppc.rpm samba-winbind-devel-3.6.9-164.el6.ppc64.rpm samba-winbind-krb5-locator-3.6.9-164.el6.ppc64.rpm s390x: libsmbclient-devel-3.6.9-164.el6.s390.rpm libsmbclient-devel-3.6.9-164.el6.s390x.rpm samba-debuginfo-3.6.9-164.el6.s390.rpm samba-debuginfo-3.6.9-164.el6.s390x.rpm samba-doc-3.6.9-164.el6.s390x.rpm samba-domainjoin-gui-3.6.9-164.el6.s390x.rpm samba-swat-3.6.9-164.el6.s390x.rpm samba-winbind-devel-3.6.9-164.el6.s390.rpm samba-winbind-devel-3.6.9-164.el6.s390x.rpm samba-winbind-krb5-locator-3.6.9-164.el6.s390x.rpm x86_64: libsmbclient-devel-3.6.9-164.el6.i686.rpm libsmbclient-devel-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-doc-3.6.9-164.el6.x86_64.rpm samba-domainjoin-gui-3.6.9-164.el6.x86_64.rpm samba-swat-3.6.9-164.el6.x86_64.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.x86_64.rpm samba-winbind-krb5-locator-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-3.6.9-164.el6.i686.rpm samba-3.6.9-164.el6.i686.rpm samba-client-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-winbind-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm x86_64: libsmbclient-3.6.9-164.el6.i686.rpm libsmbclient-3.6.9-164.el6.x86_64.rpm samba-3.6.9-164.el6.x86_64.rpm samba-client-3.6.9-164.el6.x86_64.rpm samba-common-3.6.9-164.el6.i686.rpm samba-common-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-winbind-3.6.9-164.el6.x86_64.rpm samba-winbind-clients-3.6.9-164.el6.i686.rpm samba-winbind-clients-3.6.9-164.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.6.9-164.el6.src.rpm i386: libsmbclient-devel-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-doc-3.6.9-164.el6.i686.rpm samba-domainjoin-gui-3.6.9-164.el6.i686.rpm samba-swat-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-krb5-locator-3.6.9-164.el6.i686.rpm x86_64: libsmbclient-devel-3.6.9-164.el6.i686.rpm libsmbclient-devel-3.6.9-164.el6.x86_64.rpm samba-debuginfo-3.6.9-164.el6.i686.rpm samba-debuginfo-3.6.9-164.el6.x86_64.rpm samba-doc-3.6.9-164.el6.x86_64.rpm samba-domainjoin-gui-3.6.9-164.el6.x86_64.rpm samba-swat-3.6.9-164.el6.x86_64.rpm samba-winbind-devel-3.6.9-164.el6.i686.rpm samba-winbind-devel-3.6.9-164.el6.x86_64.rpm samba-winbind-krb5-locator-3.6.9-164.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0213.html https://www.redhat.com/security/data/cve/CVE-2013-0214.html https://www.redhat.com/security/data/cve/CVE-2013-4124.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/samba.html#RHSA-2013-1542 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYdSXlSAg2UNWIIRAmhCAJ49k7MEswoy/UQq0xDdwTJdZqzWWACeMkYO nvyyrOPDgqF8LmWDubLRPdI= =Yvir -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:25:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:25:11 +0000 Subject: [RHSA-2013:1543-02] Moderate: samba4 security and bug fix update Message-ID: <201311210421.rAL4LdEQ022267@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba4 security and bug fix update Advisory ID: RHSA-2013:1543-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1543.html Issue date: 2013-11-21 CVE Names: CVE-2013-4124 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs: * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 911264 - libreplace.so => not found 984401 - CVE-2013-4124 samba: DoS via integer overflow when reading an EA list 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba4-4.0.0-58.el6.rc4.src.rpm i386: samba4-4.0.0-58.el6.rc4.i686.rpm samba4-client-4.0.0-58.el6.rc4.i686.rpm samba4-common-4.0.0-58.el6.rc4.i686.rpm samba4-dc-4.0.0-58.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-58.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-58.el6.rc4.i686.rpm samba4-devel-4.0.0-58.el6.rc4.i686.rpm samba4-libs-4.0.0-58.el6.rc4.i686.rpm samba4-pidl-4.0.0-58.el6.rc4.i686.rpm samba4-python-4.0.0-58.el6.rc4.i686.rpm samba4-swat-4.0.0-58.el6.rc4.i686.rpm samba4-test-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.i686.rpm x86_64: samba4-4.0.0-58.el6.rc4.x86_64.rpm samba4-client-4.0.0-58.el6.rc4.x86_64.rpm samba4-common-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-58.el6.rc4.x86_64.rpm samba4-devel-4.0.0-58.el6.rc4.x86_64.rpm samba4-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-58.el6.rc4.x86_64.rpm samba4-python-4.0.0-58.el6.rc4.x86_64.rpm samba4-swat-4.0.0-58.el6.rc4.x86_64.rpm samba4-test-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba4-4.0.0-58.el6.rc4.src.rpm x86_64: samba4-4.0.0-58.el6.rc4.x86_64.rpm samba4-client-4.0.0-58.el6.rc4.x86_64.rpm samba4-common-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-58.el6.rc4.x86_64.rpm samba4-devel-4.0.0-58.el6.rc4.x86_64.rpm samba4-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-58.el6.rc4.x86_64.rpm samba4-python-4.0.0-58.el6.rc4.x86_64.rpm samba4-swat-4.0.0-58.el6.rc4.x86_64.rpm samba4-test-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba4-4.0.0-58.el6.rc4.src.rpm i386: samba4-4.0.0-58.el6.rc4.i686.rpm samba4-client-4.0.0-58.el6.rc4.i686.rpm samba4-common-4.0.0-58.el6.rc4.i686.rpm samba4-dc-4.0.0-58.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-58.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-58.el6.rc4.i686.rpm samba4-devel-4.0.0-58.el6.rc4.i686.rpm samba4-libs-4.0.0-58.el6.rc4.i686.rpm samba4-pidl-4.0.0-58.el6.rc4.i686.rpm samba4-python-4.0.0-58.el6.rc4.i686.rpm samba4-swat-4.0.0-58.el6.rc4.i686.rpm samba4-test-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.i686.rpm ppc64: samba4-4.0.0-58.el6.rc4.ppc64.rpm samba4-client-4.0.0-58.el6.rc4.ppc64.rpm samba4-common-4.0.0-58.el6.rc4.ppc64.rpm samba4-dc-4.0.0-58.el6.rc4.ppc64.rpm samba4-dc-libs-4.0.0-58.el6.rc4.ppc64.rpm samba4-debuginfo-4.0.0-58.el6.rc4.ppc64.rpm samba4-devel-4.0.0-58.el6.rc4.ppc64.rpm samba4-libs-4.0.0-58.el6.rc4.ppc64.rpm samba4-pidl-4.0.0-58.el6.rc4.ppc64.rpm samba4-python-4.0.0-58.el6.rc4.ppc64.rpm samba4-swat-4.0.0-58.el6.rc4.ppc64.rpm samba4-test-4.0.0-58.el6.rc4.ppc64.rpm samba4-winbind-4.0.0-58.el6.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.ppc64.rpm s390x: samba4-4.0.0-58.el6.rc4.s390x.rpm samba4-client-4.0.0-58.el6.rc4.s390x.rpm samba4-common-4.0.0-58.el6.rc4.s390x.rpm samba4-dc-4.0.0-58.el6.rc4.s390x.rpm samba4-dc-libs-4.0.0-58.el6.rc4.s390x.rpm samba4-debuginfo-4.0.0-58.el6.rc4.s390x.rpm samba4-devel-4.0.0-58.el6.rc4.s390x.rpm samba4-libs-4.0.0-58.el6.rc4.s390x.rpm samba4-pidl-4.0.0-58.el6.rc4.s390x.rpm samba4-python-4.0.0-58.el6.rc4.s390x.rpm samba4-swat-4.0.0-58.el6.rc4.s390x.rpm samba4-test-4.0.0-58.el6.rc4.s390x.rpm samba4-winbind-4.0.0-58.el6.rc4.s390x.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.s390x.rpm x86_64: samba4-4.0.0-58.el6.rc4.x86_64.rpm samba4-client-4.0.0-58.el6.rc4.x86_64.rpm samba4-common-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-58.el6.rc4.x86_64.rpm samba4-devel-4.0.0-58.el6.rc4.x86_64.rpm samba4-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-58.el6.rc4.x86_64.rpm samba4-python-4.0.0-58.el6.rc4.x86_64.rpm samba4-swat-4.0.0-58.el6.rc4.x86_64.rpm samba4-test-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba4-4.0.0-58.el6.rc4.src.rpm i386: samba4-4.0.0-58.el6.rc4.i686.rpm samba4-client-4.0.0-58.el6.rc4.i686.rpm samba4-common-4.0.0-58.el6.rc4.i686.rpm samba4-dc-4.0.0-58.el6.rc4.i686.rpm samba4-dc-libs-4.0.0-58.el6.rc4.i686.rpm samba4-debuginfo-4.0.0-58.el6.rc4.i686.rpm samba4-devel-4.0.0-58.el6.rc4.i686.rpm samba4-libs-4.0.0-58.el6.rc4.i686.rpm samba4-pidl-4.0.0-58.el6.rc4.i686.rpm samba4-python-4.0.0-58.el6.rc4.i686.rpm samba4-swat-4.0.0-58.el6.rc4.i686.rpm samba4-test-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.i686.rpm x86_64: samba4-4.0.0-58.el6.rc4.x86_64.rpm samba4-client-4.0.0-58.el6.rc4.x86_64.rpm samba4-common-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-4.0.0-58.el6.rc4.x86_64.rpm samba4-dc-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-debuginfo-4.0.0-58.el6.rc4.x86_64.rpm samba4-devel-4.0.0-58.el6.rc4.x86_64.rpm samba4-libs-4.0.0-58.el6.rc4.x86_64.rpm samba4-pidl-4.0.0-58.el6.rc4.x86_64.rpm samba4-python-4.0.0-58.el6.rc4.x86_64.rpm samba4-swat-4.0.0-58.el6.rc4.x86_64.rpm samba4-test-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4124.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYpOXlSAg2UNWIIRAmEfAJ0dbmXOBzQ6uMhX9fYLDfkVwU8vCgCgjVlL ctHRXEPTu3F+tq03fBJrQTc= =rATk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:25:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:25:36 +0000 Subject: [RHSA-2013:1553-02] Important: qemu-kvm security, bug fix, and enhancement update Message-ID: <201311210422.rAL4M43J008745@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security, bug fix, and enhancement update Advisory ID: RHSA-2013:1553-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1553.html Issue date: 2013-11-21 CVE Names: CVE-2013-4344 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4344) This issue was discovered by Asias He of Red Hat. These updated qemu-kvm packages include numerous bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 670162 - [RFE] Removing the backing file using qemu-img re-base 796011 - Prompt error of trigger blkdebug: BLKDBG_CLUSTER_FREE event is not the same as expected 817066 - QEMU should disable VNC password auth when in FIPS 140-2 mode 821741 - (re-)enable SEP flag on CPU models 843797 - qemu-kvm core dumps when virtio-net(w/ tx=timer and vhost=on) RHEL.6(w/ msi-x enabled) guest shutting down 848070 - [RHEL 6.5] Add glusterfs support to qemu 856505 - Missing error message in bdrv_commit to read-only backing file 864378 - qemu-img convert fails with Floating Point Exception with zero length source image 869496 - screendump wont save PPM image file if qemu-kvm booted with '-S' 869586 - core dump happens when quitting qemu via monitor 879096 - qemu should disable hot-unplug usb-ehci controller and give a prompt if not support 882834 - no warning while check the lacked cpuid_7_0_ebx_feature_name flag 884590 - ovs-ifup affect but ovs-ifdown not affect when run a guest with a wrong netdriver(e.g. ... -device virtio-pci-net,...) 886080 - Qemu segmentation fault when resume VM from stop at rebooting process after do some hot-plug/unplug and S3 886878 - atapi: tray statuses (locked and open) are not reset on boot/reboot of guest 888008 - RFE: qemu-img should be able to report the amount of space used by a qcow2 image stored on a block device 888297 - qemu-ga should be enabled right after installation 889135 - core trace/dump if specify the value of physical_block_size/logical_block_size is not multiple of 512 bytes 889255 - Monitor command acl_remove messes up the ACL 890011 - flooding with 'scsi-generic: execute_command: read failed !' error if eject the pass-through SCSI CD-ROM 890265 - change the mac of virtio_net device temporary but will effect forever after reboot guest 892996 - qemu-ga leaks fds to exec()ed processes [TestOnly] 893344 - "info qtree" output for qxl-vga does not match between rhel6.0 host and rhel6.4 host with -M rhel6.0.0 895399 - Fail to boot win7 guest with x-data-plane=on for the system disk 895402 - Fail to install windows guest with 'Setup was unable to create a new system partiotion or locate an existing system partition' error 902688 - incorrect committed_memory if set_process_name=1 903123 - The value of steal time in "top" command always is "0.0% st" after guest migration 903204 - don't boot from un-selected devices (add a boot option 'strict' to qemu) 903454 - kvm guest crash after long stop/cont cycle 905851 - Fail to start guest which contains more than 51 usbs disk with multifunction 907397 - Patch "e1000: no need auto-negotiation if link was down" may break e1000 guest 907716 - use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest 909059 - Switch to upstream solution for chardev flow control 914802 - Support backup vendors in qemu to access qcow disk readonly (qemu-img metadata dump) 917860 - Smartcard emulation with Windows guest fails 924165 - qemu-img convert -s is silently ignored 925170 - MSI routing for 1553 card to guest stops working 927336 - QMP event shows incorrect balloon value when balloon size is grater than or equal to 4G 947416 - fail to specify the serial number for usb storage device 952240 - hot-plugging multi-func devices caused: qemu: hardware error: register_ioport_write: invalid opaque 952873 - [RH Engineering 6.5 FEAT] Synchronize qemu guest agent with upstream 953108 - qemu-img man page still mentions host_device 956929 - /usr/libexec/qemu-kvm was killed by signal 6 (SIGABRT) when SCSI inquiry is sent to unsupported page inside the KVM guest 957319 - Guest w/ vhost=on over virtio-net-pci, under hmp, 'set_link $id_of_netdev off', then migrate, migrate failed, src qemu-kvm process core dumped 961850 - RFE: add -spice disable-agent-file-transfer cmdline option 962669 - Windows guest agent service failed to be started 963420 - [RHEL-6.5] Backport support for vhd(x) image format 963773 - scsi-cd: tray statuses (locked and open) are not reset on boot/reboot of guest 970159 - qemu-kvm-rhevm [race]: vm pauses with 'block I/O error in device '': No medium found (123)' when hounplug a disk and cannot be resumed 970516 - Monitor command acl_add can't insert before last list element 972314 - Every upgrade starts 'ksmd' due to broken initscript 'status' function 974617 - qcow2 corruption bug in cluster allocation code 977760 - fail to boot guest attaching with vmdk format data disk(virito/virtio-scsi interface) 977767 - there is wrong backing file specified for making external snapshot with vmdk format disk 981235 - RFE: Request detail migration statistics output for live migration on RHEL6.5 983635 - QMP: bad input crashes QEMU 985205 - QEMU core dumped when do hot-unplug virtio serial port during transfer file between host to guest with virtio serial through TCP socket 985334 - query mem info from monitor would cause qemu-kvm hang [RHEL-6.5] 987025 - enable MSI-X for virtio-scsi 989585 - crash command can not read the dump-guest-memory file when paging=false [RHEL-6] 990225 - [RHEV/RHEL] Integrate dynamic offloads into virtio-net device 990237 - qemu-kvm exits when hotplugging a cpu with --no-acpi 990316 - QMP: possible memory leaks on commands failure 994374 - boot up guest failed, hung in "booting from hard disk" 994804 - qemu-kvm should verify image header fields before opening VMDK 994891 - duplicate chardev reported after chardev-remove 995341 - hot-unplug chardev with pty backend caused qemu Segmentation fault 995530 - dataplane: refuse to start if device is already in use 996814 - boot image with gluster native mode cant work with attach another device from local file system 996829 - qemu-kvm segmentation fault while boot guest from glusterfs with wrong host name 997220 - Race in gluster_finish_aiocb 999358 - do live migration with used VMDK format disk should fail with a friendly message prompt 999779 - Add vpc file format support in qemu-kvm 999788 - qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk 1002888 - usb hub doesn't work properly (win2012 sees downstream port #1 only) 1003232 - qemu-kvm core dumped when hot plug virtio-serial and transfer character [TestOnly] 1007224 - Introduce bs->zero_beyond_eof 1007330 - CVE-2013-4344 qemu: buffer overflow in scsi_target_emulate_report_luns 1010610 - Backport option "--output=json|human" to qemu-img info command 1013478 - -device usb-storage,serial=... crashes with SCSI generic drive 1016736 - CPU migration data has version_id 12 but version 11 format 1022821 - live-migration from RHEL6.5 to RHEL6.4.z fails with "error while loading state for instance 0x0 of device 'cpu'" 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/qemu-kvm-0.12.1.2-2.415.el6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm qemu-img-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qemu-kvm-0.12.1.2-2.415.el6.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm qemu-img-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qemu-kvm-0.12.1.2-2.415.el6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm qemu-img-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qemu-kvm-0.12.1.2-2.415.el6.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6.x86_64.rpm qemu-img-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4344.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/qemu-kvm.html##RHSA-2013-1553 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYplXlSAg2UNWIIRAp2ZAJ0WINaMFY3RYJmCEuKB5WPauCVtBwCfYcT1 QHUWIxcg3Y7agrOM5Ua+j3Q= =xA/6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:26:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:26:08 +0000 Subject: [RHSA-2013:1569-02] Moderate: wireshark security, bug fix, and enhancement update Message-ID: <201311210422.rAL4MaFu006034@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wireshark security, bug fix, and enhancement update Advisory ID: RHSA-2013:1569-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1569.html Issue date: 2013-11-21 Keywords: Rebase CVE Names: CVE-2012-2392 CVE-2012-3825 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-5595 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-6056 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-3559 CVE-2013-3561 CVE-2013-4081 CVE-2013-4083 CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5721 ===================================================================== 1. Summary: Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs: * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The "tshark -D" command returned output to STDERR instead of STDOUT, which could break scripts that are parsing the "tshark -D" output. This bug has been fixed, and the "tshark -D" command now writes output data to a correct standard stream. (BZ#1004636) * Due to an array overrun, Wireshark could experience undefined program behavior or could unexpectedly terminate. With this update, proper array handling ensures Wireshark no longer crashes in the described scenario. (BZ#715560) * Previously, the dftest and randpkt command line utilities lacked manual pages. This update adds proper manual pages for both utilities. (BZ#659661) In addition, this update adds the following enhancements: * With this update, Wireshark is able to properly dissect and handle InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976) All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 659661 - dftest and randpkt does not have a man page 711024 - Rebase wireshark to latest upstream stable release 715560 - Defects revealed by Coverity scan 750712 - NFS4.1: parse RECLAIM_COMPLETE opcode 824411 - CVE-2012-2392 wireshark: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors (wnpa-sec-2012-08) 832021 - Frame arrival times (pcap) are 1 hour more than timestamps in txt 836960 - CVE-2012-3825 wireshark: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS (wnpa-sec-2012-08) 848541 - CVE-2012-4285 wireshark: crash due to zero division in DCP ETSI dissector (wnpa-sec-2012-13) 848548 - CVE-2012-4288 wireshark: DoS via excessive resource consumption in XTP dissector (wnpa-sec-2012-15) 848561 - CVE-2012-4289 wireshark: DoS via excessive CPU consumption in AFP dissector (wnpa-sec-2012-17) 848572 - CVE-2012-4291 wireshark: DoS via excessive system resource consumption in CIP dissector (wnpa-sec-2012-20) 848575 - CVE-2012-4292 wireshark: crash in STUN dissector (wnpa-sec-2012-21) 848578 - CVE-2012-4290 wireshark: DoS via excessive CPU consumption in CTDB dissector (wnpa-sec-2012-23) 881742 - CVE-2012-5600 CVE-2012-6062 wireshark: DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38) 881748 - CVE-2012-5599 CVE-2012-6061 wireshark: DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37) 881771 - CVE-2012-5598 CVE-2012-6060 wireshark: DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36) 881790 - CVE-2012-5597 CVE-2012-6059 wireshark: DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35) 881809 - CVE-2012-5595 CVE-2012-6056 wireshark: DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33) 889346 - The NFSv4.1dissectors need to updated to the latest upstream release 965190 - CVE-2013-3559 wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541) 965193 - CVE-2013-3557 wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599) 966331 - CVE-2013-3561 wireshark: Multiple Denial of Service flaws 972686 - CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39) 972688 - CVE-2013-4083 wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41) 990166 - CVE-2013-4927 wireshark: Integer signedness error in the Bluetooth SDP dissector (wnpa-sec-2013-45) 990170 - CVE-2013-4931 wireshark: DoS (infinite loop) in the GSM RR dissector (wnpa-sec-2013-49) 990172 - CVE-2013-4932 wireshark: Multiple array index errors in the GSM A Common dissector (wnpa-sec-2013-50) 990175 - CVE-2013-4933 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) 990178 - CVE-2013-4934 wireshark: DoS (application crash) in the Netmon file parser (wnpa-sec-2013-51) (A different flaw than CVE-2013-4933) 990179 - CVE-2013-4935 wireshark: DoS (application crash) in the ASN.1 PER dissector (wnpa-sec-2013-52) 990180 - CVE-2013-4936 wireshark: DoS (NULL pointer dereference, crash) in the PROFINET Real-Time dissector (wnpa-sec-2013-53) 1007197 - CVE-2013-5721 wireshark: MQ dissector crash (wnpa-sec-2013-58, upstream bug 9079) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-gnome-1.8.10-4.el6.i686.rpm x86_64: wireshark-1.8.10-4.el6.i686.rpm wireshark-1.8.10-4.el6.x86_64.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-gnome-1.8.10-4.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.i686.rpm x86_64: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-devel-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-gnome-1.8.10-4.el6.i686.rpm ppc64: wireshark-1.8.10-4.el6.ppc.rpm wireshark-1.8.10-4.el6.ppc64.rpm wireshark-debuginfo-1.8.10-4.el6.ppc.rpm wireshark-debuginfo-1.8.10-4.el6.ppc64.rpm wireshark-gnome-1.8.10-4.el6.ppc64.rpm s390x: wireshark-1.8.10-4.el6.s390.rpm wireshark-1.8.10-4.el6.s390x.rpm wireshark-debuginfo-1.8.10-4.el6.s390.rpm wireshark-debuginfo-1.8.10-4.el6.s390x.rpm wireshark-gnome-1.8.10-4.el6.s390x.rpm x86_64: wireshark-1.8.10-4.el6.i686.rpm wireshark-1.8.10-4.el6.x86_64.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-gnome-1.8.10-4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.i686.rpm ppc64: wireshark-debuginfo-1.8.10-4.el6.ppc.rpm wireshark-debuginfo-1.8.10-4.el6.ppc64.rpm wireshark-devel-1.8.10-4.el6.ppc.rpm wireshark-devel-1.8.10-4.el6.ppc64.rpm s390x: wireshark-debuginfo-1.8.10-4.el6.s390.rpm wireshark-debuginfo-1.8.10-4.el6.s390x.rpm wireshark-devel-1.8.10-4.el6.s390.rpm wireshark-devel-1.8.10-4.el6.s390x.rpm x86_64: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-devel-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-gnome-1.8.10-4.el6.i686.rpm x86_64: wireshark-1.8.10-4.el6.i686.rpm wireshark-1.8.10-4.el6.x86_64.rpm wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-gnome-1.8.10-4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/wireshark-1.8.10-4.el6.src.rpm i386: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.i686.rpm x86_64: wireshark-debuginfo-1.8.10-4.el6.i686.rpm wireshark-debuginfo-1.8.10-4.el6.x86_64.rpm wireshark-devel-1.8.10-4.el6.i686.rpm wireshark-devel-1.8.10-4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2392.html https://www.redhat.com/security/data/cve/CVE-2012-3825.html https://www.redhat.com/security/data/cve/CVE-2012-4285.html https://www.redhat.com/security/data/cve/CVE-2012-4288.html https://www.redhat.com/security/data/cve/CVE-2012-4289.html https://www.redhat.com/security/data/cve/CVE-2012-4290.html https://www.redhat.com/security/data/cve/CVE-2012-4291.html https://www.redhat.com/security/data/cve/CVE-2012-4292.html https://www.redhat.com/security/data/cve/CVE-2012-5595.html https://www.redhat.com/security/data/cve/CVE-2012-5597.html https://www.redhat.com/security/data/cve/CVE-2012-5598.html https://www.redhat.com/security/data/cve/CVE-2012-5599.html https://www.redhat.com/security/data/cve/CVE-2012-5600.html https://www.redhat.com/security/data/cve/CVE-2012-6056.html https://www.redhat.com/security/data/cve/CVE-2012-6059.html https://www.redhat.com/security/data/cve/CVE-2012-6060.html https://www.redhat.com/security/data/cve/CVE-2012-6061.html https://www.redhat.com/security/data/cve/CVE-2012-6062.html https://www.redhat.com/security/data/cve/CVE-2013-3557.html https://www.redhat.com/security/data/cve/CVE-2013-3559.html https://www.redhat.com/security/data/cve/CVE-2013-3561.html https://www.redhat.com/security/data/cve/CVE-2013-4081.html https://www.redhat.com/security/data/cve/CVE-2013-4083.html https://www.redhat.com/security/data/cve/CVE-2013-4927.html https://www.redhat.com/security/data/cve/CVE-2013-4931.html https://www.redhat.com/security/data/cve/CVE-2013-4932.html https://www.redhat.com/security/data/cve/CVE-2013-4933.html https://www.redhat.com/security/data/cve/CVE-2013-4934.html https://www.redhat.com/security/data/cve/CVE-2013-4935.html https://www.redhat.com/security/data/cve/CVE-2013-4936.html https://www.redhat.com/security/data/cve/CVE-2013-5721.html https://access.redhat.com/security/updates/classification/#moderate http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.0.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYqGXlSAg2UNWIIRAnatAJ4hcxmq2lZTiFc7BQntM4OiVMjOSwCgpBbh XDje1WsK1vLhvQ0dMlB3Bho= =ni2z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:26:45 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:26:45 +0000 Subject: [RHSA-2013:1582-02] Moderate: python security, bug fix, and enhancement update Message-ID: <201311210423.rAL4NCf6006203@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security, bug fix, and enhancement update Advisory ID: RHSA-2013:1582-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1582.html Issue date: 2013-11-21 CVE Names: CVE-2013-4238 ===================================================================== 1. Summary: Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238) These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 521898 - Fix instances of #!/usr/bin/env python in python-tools 841937 - RHEL 6 installation fails when Turkish language is selected 845802 - python prepends UTF-8 BOM syslog messages - causes messages to be treated a EMERG level 893034 - yum traceback with python-2.6.6-29.el6_2.2 and higher + missing /dev/urandom 919163 - python logging problem - when rotating to new log file, logger checks file's stat when the file does not exist 928390 - Python SSLSocket.getpeercert() incorrectly returns an empty Subject Alternative Name from peer certificate. 948025 - SocketServer doesn't handle syscall interruption 958868 - Downstream added "timeout=None" keyword argument causes regression in eventlet 960168 - failed incoming SSL connection stays open 978129 - Please consider to backport patch: issue9374 urlparse should parse query and fragment for arbitrary schemes 996381 - CVE-2013-4238 python: hostname check bypassing vulnerability in SSL module 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-2.6.6-51.el6.i686.rpm python-debuginfo-2.6.6-51.el6.i686.rpm python-libs-2.6.6-51.el6.i686.rpm tkinter-2.6.6-51.el6.i686.rpm x86_64: python-2.6.6-51.el6.x86_64.rpm python-debuginfo-2.6.6-51.el6.x86_64.rpm python-libs-2.6.6-51.el6.x86_64.rpm tkinter-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-debuginfo-2.6.6-51.el6.i686.rpm python-devel-2.6.6-51.el6.i686.rpm python-test-2.6.6-51.el6.i686.rpm python-tools-2.6.6-51.el6.i686.rpm x86_64: python-debuginfo-2.6.6-51.el6.x86_64.rpm python-devel-2.6.6-51.el6.x86_64.rpm python-test-2.6.6-51.el6.x86_64.rpm python-tools-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-51.el6.src.rpm x86_64: python-2.6.6-51.el6.x86_64.rpm python-debuginfo-2.6.6-51.el6.x86_64.rpm python-devel-2.6.6-51.el6.x86_64.rpm python-libs-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/python-2.6.6-51.el6.src.rpm x86_64: python-debuginfo-2.6.6-51.el6.x86_64.rpm python-test-2.6.6-51.el6.x86_64.rpm python-tools-2.6.6-51.el6.x86_64.rpm tkinter-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-2.6.6-51.el6.i686.rpm python-debuginfo-2.6.6-51.el6.i686.rpm python-devel-2.6.6-51.el6.i686.rpm python-libs-2.6.6-51.el6.i686.rpm tkinter-2.6.6-51.el6.i686.rpm ppc64: python-2.6.6-51.el6.ppc64.rpm python-debuginfo-2.6.6-51.el6.ppc64.rpm python-devel-2.6.6-51.el6.ppc64.rpm python-libs-2.6.6-51.el6.ppc64.rpm tkinter-2.6.6-51.el6.ppc64.rpm s390x: python-2.6.6-51.el6.s390x.rpm python-debuginfo-2.6.6-51.el6.s390x.rpm python-devel-2.6.6-51.el6.s390x.rpm python-libs-2.6.6-51.el6.s390x.rpm x86_64: python-2.6.6-51.el6.x86_64.rpm python-debuginfo-2.6.6-51.el6.x86_64.rpm python-devel-2.6.6-51.el6.x86_64.rpm python-libs-2.6.6-51.el6.x86_64.rpm tkinter-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-debuginfo-2.6.6-51.el6.i686.rpm python-test-2.6.6-51.el6.i686.rpm python-tools-2.6.6-51.el6.i686.rpm ppc64: python-debuginfo-2.6.6-51.el6.ppc64.rpm python-test-2.6.6-51.el6.ppc64.rpm python-tools-2.6.6-51.el6.ppc64.rpm s390x: python-debuginfo-2.6.6-51.el6.s390x.rpm python-test-2.6.6-51.el6.s390x.rpm python-tools-2.6.6-51.el6.s390x.rpm tkinter-2.6.6-51.el6.s390x.rpm x86_64: python-debuginfo-2.6.6-51.el6.x86_64.rpm python-test-2.6.6-51.el6.x86_64.rpm python-tools-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-2.6.6-51.el6.i686.rpm python-debuginfo-2.6.6-51.el6.i686.rpm python-devel-2.6.6-51.el6.i686.rpm python-libs-2.6.6-51.el6.i686.rpm tkinter-2.6.6-51.el6.i686.rpm x86_64: python-2.6.6-51.el6.x86_64.rpm python-debuginfo-2.6.6-51.el6.x86_64.rpm python-devel-2.6.6-51.el6.x86_64.rpm python-libs-2.6.6-51.el6.x86_64.rpm tkinter-2.6.6-51.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/python-2.6.6-51.el6.src.rpm i386: python-debuginfo-2.6.6-51.el6.i686.rpm python-test-2.6.6-51.el6.i686.rpm python-tools-2.6.6-51.el6.i686.rpm x86_64: python-debuginfo-2.6.6-51.el6.x86_64.rpm python-test-2.6.6-51.el6.x86_64.rpm python-tools-2.6.6-51.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4238.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/python.html#RHSA-2013-1582 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYqsXlSAg2UNWIIRAuMMAJwM8jw9rPAfeyuTRa3MRzo4uld8KACfQjmk XBl65OiG/woL4p1WaTgJdK0= =MrR1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:32:11 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:32:11 +0000 Subject: [RHSA-2013:1591-02] Low: openssh security, bug fix, and enhancement update Message-ID: <201311210428.rAL4Sc6k032763@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2013:1591-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1591.html Issue date: 2013-11-21 CVE Names: CVE-2010-5107 ===================================================================== 1. Summary: Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks 974096 - Kerberos ticket forwarding does not work if /tmp is polyinstantiated 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm x86_64: openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm ppc64: openssh-5.3p1-94.el6.ppc64.rpm openssh-askpass-5.3p1-94.el6.ppc64.rpm openssh-clients-5.3p1-94.el6.ppc64.rpm openssh-debuginfo-5.3p1-94.el6.ppc64.rpm openssh-server-5.3p1-94.el6.ppc64.rpm s390x: openssh-5.3p1-94.el6.s390x.rpm openssh-askpass-5.3p1-94.el6.s390x.rpm openssh-clients-5.3p1-94.el6.s390x.rpm openssh-debuginfo-5.3p1-94.el6.s390x.rpm openssh-server-5.3p1-94.el6.s390x.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm ppc64: openssh-debuginfo-5.3p1-94.el6.ppc.rpm openssh-debuginfo-5.3p1-94.el6.ppc64.rpm openssh-ldap-5.3p1-94.el6.ppc64.rpm pam_ssh_agent_auth-0.9.3-94.el6.ppc.rpm pam_ssh_agent_auth-0.9.3-94.el6.ppc64.rpm s390x: openssh-debuginfo-5.3p1-94.el6.s390.rpm openssh-debuginfo-5.3p1-94.el6.s390x.rpm openssh-ldap-5.3p1-94.el6.s390x.rpm pam_ssh_agent_auth-0.9.3-94.el6.s390.rpm pam_ssh_agent_auth-0.9.3-94.el6.s390x.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-5.3p1-94.el6.i686.rpm openssh-askpass-5.3p1-94.el6.i686.rpm openssh-clients-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-server-5.3p1-94.el6.i686.rpm x86_64: openssh-5.3p1-94.el6.x86_64.rpm openssh-askpass-5.3p1-94.el6.x86_64.rpm openssh-clients-5.3p1-94.el6.x86_64.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-server-5.3p1-94.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssh-5.3p1-94.el6.src.rpm i386: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-ldap-5.3p1-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm x86_64: openssh-debuginfo-5.3p1-94.el6.i686.rpm openssh-debuginfo-5.3p1-94.el6.x86_64.rpm openssh-ldap-5.3p1-94.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-5107.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/openssh.html#RHSA-2013-1591 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYvjXlSAg2UNWIIRAuU/AJ4wr1i9ZSphULSlLu3xmWuaGMBl5ACfUWHK MEHMZ48whd4ndP5GYfbR0nE= =62cY -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:32:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:32:43 +0000 Subject: [RHSA-2013:1603-02] Moderate: luci security, bug fix, and enhancement update Message-ID: <201311210429.rAL4TBBL010982@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: luci security, bug fix, and enhancement update Advisory ID: RHSA-2013:1603-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1603.html Issue date: 2013-11-21 CVE Names: CVE-2013-4481 CVE-2013-4482 ===================================================================== 1. Summary: Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64 3. Description: Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorn? of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 878149 - Cluster model unexpectedly empty when no node can be contacted 880363 - Error message displayed with letters separated by commas 883008 - Update support for "cmd_prompt", "login_timeout", "power_timeout", "retry_on", "shell_timeout", and "delay" fence agent attributes 886517 - luci should chkconfig ricci on as part of "enabling cluster services" 886576 - "Remove this instance" button has no effect 917747 - idrac, ilo2, ilo3, ilo4, and imm fence agents are not honored in luci 988998 - CVE-2013-4481 luci: short exposure of authentication secrets while generating configuration file 990321 - CVE-2013-4482 luci: paster hidden untrusted path and "command" (callable association) injection 1001835 - module_name parameter for fence_drac5 is optional, not required 1001836 - fence_ilo denoted as HP iLO / iLO2, but the latter has a separate entry 6. Package List: Red Hat Enterprise Linux High Availability (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/luci-0.26.0-48.el6.src.rpm i386: luci-0.26.0-48.el6.i686.rpm luci-debuginfo-0.26.0-48.el6.i686.rpm x86_64: luci-0.26.0-48.el6.x86_64.rpm luci-debuginfo-0.26.0-48.el6.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/luci-0.26.0-48.el6.src.rpm i386: luci-0.26.0-48.el6.i686.rpm luci-debuginfo-0.26.0-48.el6.i686.rpm x86_64: luci-0.26.0-48.el6.x86_64.rpm luci-debuginfo-0.26.0-48.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4481.html https://www.redhat.com/security/data/cve/CVE-2013-4482.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/luci.html#RHSA-2013-1603 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYwLXlSAg2UNWIIRAikwAJ43C2/cIdG7lVkcI+xMd++6GtExlgCfaBZw GHImUDx7gKas5ZufopZKJ9o= =Nf7Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:33:24 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:33:24 +0000 Subject: [RHSA-2013:1605-02] Moderate: glibc security, bug fix, and enhancement update Message-ID: <201311210429.rAL4TpaD000526@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2013:1605-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1605.html Issue date: 2013-11-21 CVE Names: CVE-2013-0242 CVE-2013-1914 CVE-2013-4332 ===================================================================== 1. Summary: Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug: * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 552960 - Possible deadlock in pthread_mutex_lock/pthread_cond_wait 848748 - Malformed xdr request causes reading uninitialize memory and can cause huge memory leaks 903754 - Rename glibc release engineering related directory from `fedora' to `releng' 905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters 929388 - serious CPU time regressions in the glibc math library 947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures 952422 - sysconf(_SC_NPROCESSORS_ONLN) performance problem 966775 - [RHEL 6.4] BUG glibc causing double-whetstone performance degradation when compared to RHEL 6.3. 1007545 - CVE-2013-4332 glibc: three integer overflows in memory allocator 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-2.12-1.132.el6.i686.rpm glibc-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-headers-2.12-1.132.el6.i686.rpm glibc-utils-2.12-1.132.el6.i686.rpm nscd-2.12-1.132.el6.i686.rpm x86_64: glibc-2.12-1.132.el6.i686.rpm glibc-2.12-1.132.el6.x86_64.rpm glibc-common-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.x86_64.rpm glibc-headers-2.12-1.132.el6.x86_64.rpm glibc-utils-2.12-1.132.el6.x86_64.rpm nscd-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-static-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm x86_64: glibc-2.12-1.132.el6.i686.rpm glibc-2.12-1.132.el6.x86_64.rpm glibc-common-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.x86_64.rpm glibc-headers-2.12-1.132.el6.x86_64.rpm glibc-utils-2.12-1.132.el6.x86_64.rpm nscd-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-static-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-2.12-1.132.el6.i686.rpm glibc-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-headers-2.12-1.132.el6.i686.rpm glibc-utils-2.12-1.132.el6.i686.rpm nscd-2.12-1.132.el6.i686.rpm ppc64: glibc-2.12-1.132.el6.ppc.rpm glibc-2.12-1.132.el6.ppc64.rpm glibc-common-2.12-1.132.el6.ppc64.rpm glibc-debuginfo-2.12-1.132.el6.ppc.rpm glibc-debuginfo-2.12-1.132.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6.ppc64.rpm glibc-devel-2.12-1.132.el6.ppc.rpm glibc-devel-2.12-1.132.el6.ppc64.rpm glibc-headers-2.12-1.132.el6.ppc64.rpm glibc-utils-2.12-1.132.el6.ppc64.rpm nscd-2.12-1.132.el6.ppc64.rpm s390x: glibc-2.12-1.132.el6.s390.rpm glibc-2.12-1.132.el6.s390x.rpm glibc-common-2.12-1.132.el6.s390x.rpm glibc-debuginfo-2.12-1.132.el6.s390.rpm glibc-debuginfo-2.12-1.132.el6.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6.s390.rpm glibc-debuginfo-common-2.12-1.132.el6.s390x.rpm glibc-devel-2.12-1.132.el6.s390.rpm glibc-devel-2.12-1.132.el6.s390x.rpm glibc-headers-2.12-1.132.el6.s390x.rpm glibc-utils-2.12-1.132.el6.s390x.rpm nscd-2.12-1.132.el6.s390x.rpm x86_64: glibc-2.12-1.132.el6.i686.rpm glibc-2.12-1.132.el6.x86_64.rpm glibc-common-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.x86_64.rpm glibc-headers-2.12-1.132.el6.x86_64.rpm glibc-utils-2.12-1.132.el6.x86_64.rpm nscd-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.i686.rpm ppc64: glibc-debuginfo-2.12-1.132.el6.ppc.rpm glibc-debuginfo-2.12-1.132.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6.ppc64.rpm glibc-static-2.12-1.132.el6.ppc.rpm glibc-static-2.12-1.132.el6.ppc64.rpm s390x: glibc-debuginfo-2.12-1.132.el6.s390.rpm glibc-debuginfo-2.12-1.132.el6.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6.s390.rpm glibc-debuginfo-common-2.12-1.132.el6.s390x.rpm glibc-static-2.12-1.132.el6.s390.rpm glibc-static-2.12-1.132.el6.s390x.rpm x86_64: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-static-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-2.12-1.132.el6.i686.rpm glibc-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-headers-2.12-1.132.el6.i686.rpm glibc-utils-2.12-1.132.el6.i686.rpm nscd-2.12-1.132.el6.i686.rpm x86_64: glibc-2.12-1.132.el6.i686.rpm glibc-2.12-1.132.el6.x86_64.rpm glibc-common-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-devel-2.12-1.132.el6.i686.rpm glibc-devel-2.12-1.132.el6.x86_64.rpm glibc-headers-2.12-1.132.el6.x86_64.rpm glibc-utils-2.12-1.132.el6.x86_64.rpm nscd-2.12-1.132.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/glibc-2.12-1.132.el6.src.rpm i386: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.132.el6.i686.rpm glibc-debuginfo-2.12-1.132.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6.i686.rpm glibc-debuginfo-common-2.12-1.132.el6.x86_64.rpm glibc-static-2.12-1.132.el6.i686.rpm glibc-static-2.12-1.132.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0242.html https://www.redhat.com/security/data/cve/CVE-2013-1914.html https://www.redhat.com/security/data/cve/CVE-2013-4332.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/glibc.html#RHSA-2013-1605 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYw0XlSAg2UNWIIRAtQrAJ9vyQiYqZ9q90J6A/hRm0ZT6bVZ3QCgqDXo 0mUR11YMlUrH9f2DfBTMopQ= =i5v5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:34:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:34:15 +0000 Subject: [RHSA-2013:1615-02] Moderate: php security, bug fix, and enhancement update Message-ID: <201311210430.rAL4UhS5021681@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security, bug fix, and enhancement update Advisory ID: RHSA-2013:1615-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1615.html Issue date: 2013-11-21 CVE Names: CVE-2006-7243 CVE-2013-1643 CVE-2013-4248 ===================================================================== 1. Summary: Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) This update fixes the following bugs: * Previously, when the allow_call_time_pass_reference setting was disabled, a virtual host on the Apache server could terminate with a segmentation fault when attempting to process certain PHP content. This bug has been fixed and virtual hosts no longer crash when allow_call_time_pass_reference is off. (BZ#892158, BZ#910466) * Prior to this update, if an error occurred during the operation of the fclose(), file_put_contents(), or copy() function, the function did not report it. This could have led to data loss. With this update, the aforementioned functions have been modified to properly report any errors. (BZ#947429) * The internal buffer for the SQLSTATE error code can store maximum of 5 characters. Previously, when certain calls exceeded this limit, a buffer overflow occurred. With this update, messages longer than 5 characters are automatically replaced with the default "HY000" string, thus preventing the overflow. (BZ#969110) In addition, this update adds the following enhancement: * This update adds the following rpm macros to the php package: %__php, %php_inidir, %php_incldir. (BZ#953814) Users of php are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 662707 - CVE-2006-7243 php: paths with NULL character were considered valid 892158 - Apache 2.2.15 on RHEL 6.3 segfaults with certain PHP content 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 953814 - Please provide %php_inidir, %php_incldir and %__php 997097 - CVE-2013-4248 php: hostname check bypassing vulnerability in SSL client 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-26.el6.src.rpm i386: php-5.3.3-26.el6.i686.rpm php-bcmath-5.3.3-26.el6.i686.rpm php-cli-5.3.3-26.el6.i686.rpm php-common-5.3.3-26.el6.i686.rpm php-dba-5.3.3-26.el6.i686.rpm php-debuginfo-5.3.3-26.el6.i686.rpm php-devel-5.3.3-26.el6.i686.rpm php-embedded-5.3.3-26.el6.i686.rpm php-enchant-5.3.3-26.el6.i686.rpm php-fpm-5.3.3-26.el6.i686.rpm php-gd-5.3.3-26.el6.i686.rpm php-imap-5.3.3-26.el6.i686.rpm php-intl-5.3.3-26.el6.i686.rpm php-ldap-5.3.3-26.el6.i686.rpm php-mbstring-5.3.3-26.el6.i686.rpm php-mysql-5.3.3-26.el6.i686.rpm php-odbc-5.3.3-26.el6.i686.rpm php-pdo-5.3.3-26.el6.i686.rpm php-pgsql-5.3.3-26.el6.i686.rpm php-process-5.3.3-26.el6.i686.rpm php-pspell-5.3.3-26.el6.i686.rpm php-recode-5.3.3-26.el6.i686.rpm php-snmp-5.3.3-26.el6.i686.rpm php-soap-5.3.3-26.el6.i686.rpm php-tidy-5.3.3-26.el6.i686.rpm php-xml-5.3.3-26.el6.i686.rpm php-xmlrpc-5.3.3-26.el6.i686.rpm php-zts-5.3.3-26.el6.i686.rpm x86_64: php-5.3.3-26.el6.x86_64.rpm php-bcmath-5.3.3-26.el6.x86_64.rpm php-cli-5.3.3-26.el6.x86_64.rpm php-common-5.3.3-26.el6.x86_64.rpm php-dba-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-devel-5.3.3-26.el6.x86_64.rpm php-embedded-5.3.3-26.el6.x86_64.rpm php-enchant-5.3.3-26.el6.x86_64.rpm php-fpm-5.3.3-26.el6.x86_64.rpm php-gd-5.3.3-26.el6.x86_64.rpm php-imap-5.3.3-26.el6.x86_64.rpm php-intl-5.3.3-26.el6.x86_64.rpm php-ldap-5.3.3-26.el6.x86_64.rpm php-mbstring-5.3.3-26.el6.x86_64.rpm php-mysql-5.3.3-26.el6.x86_64.rpm php-odbc-5.3.3-26.el6.x86_64.rpm php-pdo-5.3.3-26.el6.x86_64.rpm php-pgsql-5.3.3-26.el6.x86_64.rpm php-process-5.3.3-26.el6.x86_64.rpm php-pspell-5.3.3-26.el6.x86_64.rpm php-recode-5.3.3-26.el6.x86_64.rpm php-snmp-5.3.3-26.el6.x86_64.rpm php-soap-5.3.3-26.el6.x86_64.rpm php-tidy-5.3.3-26.el6.x86_64.rpm php-xml-5.3.3-26.el6.x86_64.rpm php-xmlrpc-5.3.3-26.el6.x86_64.rpm php-zts-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-26.el6.src.rpm x86_64: php-cli-5.3.3-26.el6.x86_64.rpm php-common-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-26.el6.src.rpm x86_64: php-5.3.3-26.el6.x86_64.rpm php-bcmath-5.3.3-26.el6.x86_64.rpm php-dba-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-devel-5.3.3-26.el6.x86_64.rpm php-embedded-5.3.3-26.el6.x86_64.rpm php-enchant-5.3.3-26.el6.x86_64.rpm php-fpm-5.3.3-26.el6.x86_64.rpm php-gd-5.3.3-26.el6.x86_64.rpm php-imap-5.3.3-26.el6.x86_64.rpm php-intl-5.3.3-26.el6.x86_64.rpm php-ldap-5.3.3-26.el6.x86_64.rpm php-mbstring-5.3.3-26.el6.x86_64.rpm php-mysql-5.3.3-26.el6.x86_64.rpm php-odbc-5.3.3-26.el6.x86_64.rpm php-pdo-5.3.3-26.el6.x86_64.rpm php-pgsql-5.3.3-26.el6.x86_64.rpm php-process-5.3.3-26.el6.x86_64.rpm php-pspell-5.3.3-26.el6.x86_64.rpm php-recode-5.3.3-26.el6.x86_64.rpm php-snmp-5.3.3-26.el6.x86_64.rpm php-soap-5.3.3-26.el6.x86_64.rpm php-tidy-5.3.3-26.el6.x86_64.rpm php-xml-5.3.3-26.el6.x86_64.rpm php-xmlrpc-5.3.3-26.el6.x86_64.rpm php-zts-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-26.el6.src.rpm i386: php-5.3.3-26.el6.i686.rpm php-cli-5.3.3-26.el6.i686.rpm php-common-5.3.3-26.el6.i686.rpm php-debuginfo-5.3.3-26.el6.i686.rpm php-gd-5.3.3-26.el6.i686.rpm php-ldap-5.3.3-26.el6.i686.rpm php-mysql-5.3.3-26.el6.i686.rpm php-odbc-5.3.3-26.el6.i686.rpm php-pdo-5.3.3-26.el6.i686.rpm php-pgsql-5.3.3-26.el6.i686.rpm php-soap-5.3.3-26.el6.i686.rpm php-xml-5.3.3-26.el6.i686.rpm php-xmlrpc-5.3.3-26.el6.i686.rpm ppc64: php-5.3.3-26.el6.ppc64.rpm php-cli-5.3.3-26.el6.ppc64.rpm php-common-5.3.3-26.el6.ppc64.rpm php-debuginfo-5.3.3-26.el6.ppc64.rpm php-gd-5.3.3-26.el6.ppc64.rpm php-ldap-5.3.3-26.el6.ppc64.rpm php-mysql-5.3.3-26.el6.ppc64.rpm php-odbc-5.3.3-26.el6.ppc64.rpm php-pdo-5.3.3-26.el6.ppc64.rpm php-pgsql-5.3.3-26.el6.ppc64.rpm php-soap-5.3.3-26.el6.ppc64.rpm php-xml-5.3.3-26.el6.ppc64.rpm php-xmlrpc-5.3.3-26.el6.ppc64.rpm s390x: php-5.3.3-26.el6.s390x.rpm php-cli-5.3.3-26.el6.s390x.rpm php-common-5.3.3-26.el6.s390x.rpm php-debuginfo-5.3.3-26.el6.s390x.rpm php-gd-5.3.3-26.el6.s390x.rpm php-ldap-5.3.3-26.el6.s390x.rpm php-mysql-5.3.3-26.el6.s390x.rpm php-odbc-5.3.3-26.el6.s390x.rpm php-pdo-5.3.3-26.el6.s390x.rpm php-pgsql-5.3.3-26.el6.s390x.rpm php-soap-5.3.3-26.el6.s390x.rpm php-xml-5.3.3-26.el6.s390x.rpm php-xmlrpc-5.3.3-26.el6.s390x.rpm x86_64: php-5.3.3-26.el6.x86_64.rpm php-cli-5.3.3-26.el6.x86_64.rpm php-common-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-gd-5.3.3-26.el6.x86_64.rpm php-ldap-5.3.3-26.el6.x86_64.rpm php-mysql-5.3.3-26.el6.x86_64.rpm php-odbc-5.3.3-26.el6.x86_64.rpm php-pdo-5.3.3-26.el6.x86_64.rpm php-pgsql-5.3.3-26.el6.x86_64.rpm php-soap-5.3.3-26.el6.x86_64.rpm php-xml-5.3.3-26.el6.x86_64.rpm php-xmlrpc-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-26.el6.src.rpm i386: php-bcmath-5.3.3-26.el6.i686.rpm php-dba-5.3.3-26.el6.i686.rpm php-debuginfo-5.3.3-26.el6.i686.rpm php-devel-5.3.3-26.el6.i686.rpm php-embedded-5.3.3-26.el6.i686.rpm php-enchant-5.3.3-26.el6.i686.rpm php-fpm-5.3.3-26.el6.i686.rpm php-imap-5.3.3-26.el6.i686.rpm php-intl-5.3.3-26.el6.i686.rpm php-mbstring-5.3.3-26.el6.i686.rpm php-process-5.3.3-26.el6.i686.rpm php-pspell-5.3.3-26.el6.i686.rpm php-recode-5.3.3-26.el6.i686.rpm php-snmp-5.3.3-26.el6.i686.rpm php-tidy-5.3.3-26.el6.i686.rpm php-zts-5.3.3-26.el6.i686.rpm ppc64: php-bcmath-5.3.3-26.el6.ppc64.rpm php-dba-5.3.3-26.el6.ppc64.rpm php-debuginfo-5.3.3-26.el6.ppc64.rpm php-devel-5.3.3-26.el6.ppc64.rpm php-embedded-5.3.3-26.el6.ppc64.rpm php-enchant-5.3.3-26.el6.ppc64.rpm php-fpm-5.3.3-26.el6.ppc64.rpm php-imap-5.3.3-26.el6.ppc64.rpm php-intl-5.3.3-26.el6.ppc64.rpm php-mbstring-5.3.3-26.el6.ppc64.rpm php-process-5.3.3-26.el6.ppc64.rpm php-pspell-5.3.3-26.el6.ppc64.rpm php-recode-5.3.3-26.el6.ppc64.rpm php-snmp-5.3.3-26.el6.ppc64.rpm php-tidy-5.3.3-26.el6.ppc64.rpm php-zts-5.3.3-26.el6.ppc64.rpm s390x: php-bcmath-5.3.3-26.el6.s390x.rpm php-dba-5.3.3-26.el6.s390x.rpm php-debuginfo-5.3.3-26.el6.s390x.rpm php-devel-5.3.3-26.el6.s390x.rpm php-embedded-5.3.3-26.el6.s390x.rpm php-enchant-5.3.3-26.el6.s390x.rpm php-fpm-5.3.3-26.el6.s390x.rpm php-imap-5.3.3-26.el6.s390x.rpm php-intl-5.3.3-26.el6.s390x.rpm php-mbstring-5.3.3-26.el6.s390x.rpm php-process-5.3.3-26.el6.s390x.rpm php-pspell-5.3.3-26.el6.s390x.rpm php-recode-5.3.3-26.el6.s390x.rpm php-snmp-5.3.3-26.el6.s390x.rpm php-tidy-5.3.3-26.el6.s390x.rpm php-zts-5.3.3-26.el6.s390x.rpm x86_64: php-bcmath-5.3.3-26.el6.x86_64.rpm php-dba-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-devel-5.3.3-26.el6.x86_64.rpm php-embedded-5.3.3-26.el6.x86_64.rpm php-enchant-5.3.3-26.el6.x86_64.rpm php-fpm-5.3.3-26.el6.x86_64.rpm php-imap-5.3.3-26.el6.x86_64.rpm php-intl-5.3.3-26.el6.x86_64.rpm php-mbstring-5.3.3-26.el6.x86_64.rpm php-process-5.3.3-26.el6.x86_64.rpm php-pspell-5.3.3-26.el6.x86_64.rpm php-recode-5.3.3-26.el6.x86_64.rpm php-snmp-5.3.3-26.el6.x86_64.rpm php-tidy-5.3.3-26.el6.x86_64.rpm php-zts-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-26.el6.src.rpm i386: php-5.3.3-26.el6.i686.rpm php-cli-5.3.3-26.el6.i686.rpm php-common-5.3.3-26.el6.i686.rpm php-debuginfo-5.3.3-26.el6.i686.rpm php-gd-5.3.3-26.el6.i686.rpm php-ldap-5.3.3-26.el6.i686.rpm php-mysql-5.3.3-26.el6.i686.rpm php-odbc-5.3.3-26.el6.i686.rpm php-pdo-5.3.3-26.el6.i686.rpm php-pgsql-5.3.3-26.el6.i686.rpm php-soap-5.3.3-26.el6.i686.rpm php-xml-5.3.3-26.el6.i686.rpm php-xmlrpc-5.3.3-26.el6.i686.rpm x86_64: php-5.3.3-26.el6.x86_64.rpm php-cli-5.3.3-26.el6.x86_64.rpm php-common-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-gd-5.3.3-26.el6.x86_64.rpm php-ldap-5.3.3-26.el6.x86_64.rpm php-mysql-5.3.3-26.el6.x86_64.rpm php-odbc-5.3.3-26.el6.x86_64.rpm php-pdo-5.3.3-26.el6.x86_64.rpm php-pgsql-5.3.3-26.el6.x86_64.rpm php-soap-5.3.3-26.el6.x86_64.rpm php-xml-5.3.3-26.el6.x86_64.rpm php-xmlrpc-5.3.3-26.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-26.el6.src.rpm i386: php-bcmath-5.3.3-26.el6.i686.rpm php-dba-5.3.3-26.el6.i686.rpm php-debuginfo-5.3.3-26.el6.i686.rpm php-devel-5.3.3-26.el6.i686.rpm php-embedded-5.3.3-26.el6.i686.rpm php-enchant-5.3.3-26.el6.i686.rpm php-fpm-5.3.3-26.el6.i686.rpm php-imap-5.3.3-26.el6.i686.rpm php-intl-5.3.3-26.el6.i686.rpm php-mbstring-5.3.3-26.el6.i686.rpm php-process-5.3.3-26.el6.i686.rpm php-pspell-5.3.3-26.el6.i686.rpm php-recode-5.3.3-26.el6.i686.rpm php-snmp-5.3.3-26.el6.i686.rpm php-tidy-5.3.3-26.el6.i686.rpm php-zts-5.3.3-26.el6.i686.rpm x86_64: php-bcmath-5.3.3-26.el6.x86_64.rpm php-dba-5.3.3-26.el6.x86_64.rpm php-debuginfo-5.3.3-26.el6.x86_64.rpm php-devel-5.3.3-26.el6.x86_64.rpm php-embedded-5.3.3-26.el6.x86_64.rpm php-enchant-5.3.3-26.el6.x86_64.rpm php-fpm-5.3.3-26.el6.x86_64.rpm php-imap-5.3.3-26.el6.x86_64.rpm php-intl-5.3.3-26.el6.x86_64.rpm php-mbstring-5.3.3-26.el6.x86_64.rpm php-process-5.3.3-26.el6.x86_64.rpm php-pspell-5.3.3-26.el6.x86_64.rpm php-recode-5.3.3-26.el6.x86_64.rpm php-snmp-5.3.3-26.el6.x86_64.rpm php-tidy-5.3.3-26.el6.x86_64.rpm php-zts-5.3.3-26.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2006-7243.html https://www.redhat.com/security/data/cve/CVE-2013-1643.html https://www.redhat.com/security/data/cve/CVE-2013-4248.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjYxmXlSAg2UNWIIRAl1+AJ9vPpwdogOJpYaIcbwDpeXfGRHWVQCfYE1I OWnAZ97KkosNrB1oR+Ajats= =bEm2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:40:39 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:40:39 +0000 Subject: [RHSA-2013:1620-02] Low: xorg-x11-server security and bug fix update Message-ID: <201311210437.rAL4b70Z003753@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: xorg-x11-server security and bug fix update Advisory ID: RHSA-2013:1620-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1620.html Issue date: 2013-11-21 CVE Names: CVE-2013-1940 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure. (CVE-2013-1940) This issue was found by David Airlie and Peter Hutterer of Red Hat. This update also fixes the following bugs: * A previous upstream patch modified the Xephyr X server to be resizeable, however, it did not enable the resize functionality by default. As a consequence, X sandboxes were not resizeable on Red Hat Enterprise Linux 6.4 and later. This update enables the resize functionality by default so that X sandboxes can now be resized as expected. (BZ#915202) * In Red Hat Enterprise Linux 6, the X Security extension (XC-SECURITY) has been disabled and replaced by X Access Control Extension (XACE). However, XACE does not yet include functionality that was previously available in XC-SECURITY. With this update, XC-SECURITY is enabled in the xorg-x11-server spec file on Red Hat Enterprise Linux 6. (BZ#957298) * Upstream code changes to extension initialization accidentally disabled the GLX extension in Xvfb (the X virtual frame buffer), rendering headless 3D applications not functional. An upstream patch to this problem has been backported so the GLX extension is enabled again, and applications relying on this extension work as expected. (BZ#969538) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 795858 - X server crashes with segfault at startup when using X font server 915202 - X-sandboxes are not resizeable 950438 - CVE-2013-1940 xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled 1016854 - regression: Xorg -configure stopped working 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.el6.i686.rpm xorg-x11-server-Xorg-1.13.0-23.el6.i686.rpm xorg-x11-server-common-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.el6.x86_64.rpm xorg-x11-server-common-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.el6.i686.rpm xorg-x11-server-Xnest-1.13.0-23.el6.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm noarch: xorg-x11-server-source-1.13.0-23.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xephyr-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.x86_64.rpm xorg-x11-server-common-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.el6.i686.rpm xorg-x11-server-Xorg-1.13.0-23.el6.i686.rpm xorg-x11-server-common-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm ppc64: xorg-x11-server-Xephyr-1.13.0-23.el6.ppc64.rpm xorg-x11-server-Xorg-1.13.0-23.el6.ppc64.rpm xorg-x11-server-common-1.13.0-23.el6.ppc64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.13.0-23.el6.s390x.rpm xorg-x11-server-common-1.13.0-23.el6.s390x.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.el6.x86_64.rpm xorg-x11-server-common-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.el6.i686.rpm xorg-x11-server-Xnest-1.13.0-23.el6.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.el6.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.13.0-23.el6.ppc64.rpm xorg-x11-server-Xnest-1.13.0-23.el6.ppc64.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.ppc64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.ppc.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.ppc64.rpm xorg-x11-server-devel-1.13.0-23.el6.ppc.rpm xorg-x11-server-devel-1.13.0-23.el6.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.13.0-23.el6.s390x.rpm xorg-x11-server-Xnest-1.13.0-23.el6.s390x.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.s390x.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xephyr-1.13.0-23.el6.i686.rpm xorg-x11-server-Xorg-1.13.0-23.el6.i686.rpm xorg-x11-server-common-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xorg-1.13.0-23.el6.x86_64.rpm xorg-x11-server-common-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.13.0-23.el6.src.rpm i386: xorg-x11-server-Xdmx-1.13.0-23.el6.i686.rpm xorg-x11-server-Xnest-1.13.0-23.el6.i686.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm noarch: xorg-x11-server-source-1.13.0-23.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xnest-1.13.0-23.el6.x86_64.rpm xorg-x11-server-Xvfb-1.13.0-23.el6.x86_64.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.i686.rpm xorg-x11-server-debuginfo-1.13.0-23.el6.x86_64.rpm xorg-x11-server-devel-1.13.0-23.el6.i686.rpm xorg-x11-server-devel-1.13.0-23.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1940.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY3uXlSAg2UNWIIRAi2TAJ4tJdRxNZmZLmqBtweTYUCkGEWwsgCfcFog TvsE+KxWwMIfOu5svSnSMRk= =ys8g -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:41:36 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:41:36 +0000 Subject: [RHSA-2013:1635-02] Low: pacemaker security, bug fix, and enhancement update Message-ID: <201311210438.rAL4c4ix013843@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: pacemaker security, bug fix, and enhancement update Advisory ID: RHSA-2013:1635-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1635.html Issue date: 2013-11-21 CVE Names: CVE-2013-0281 ===================================================================== 1. Summary: Updated pacemaker packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 3. Description: Pacemaker is a high-availability cluster resource manager with a powerful policy engine. A denial of service flaw was found in the way Pacemaker performed authentication and processing of remote connections in certain circumstances. When Pacemaker was configured to allow remote Cluster Information Base (CIB) configuration or resource management, a remote attacker could use this flaw to cause Pacemaker to block indefinitely (preventing it from serving other requests). (CVE-2013-0281) Note: The default Pacemaker configuration in Red Hat Enterprise Linux 6 has the remote CIB management functionality disabled. The pacemaker package has been upgraded to upstream version 1.1.10, which provides a number of bug fixes and enhancements over the previous version: * Pacemaker no longer assumes unknown cman nodes are safely stopped. * The core dump file now converts all exit codes into positive 'errno' values. * Pacemaker ensures a return to a stable state after too many fencing failures, and initiates a shutdown if a node claimed to be fenced is still active. * The crm_error tool adds the ability to list and print error symbols. * The crm_resource command allows individual resources to be reprobed, and implements the "--ban" option for moving resources away from nodes. The "--clear" option has replaced the "--unmove" option. Also, crm_resource now supports OCF tracing when using the "--force" option. * The IPC mechanism restores the ability for members of the haclient group to connect to the cluster. * The Policy Engine daemon allows active nodes in the current membership to be fenced without quorum. * Policy Engine now suppresses meaningless IDs when displaying anonymous clone status, supports maintenance mode for a single node, and correctly handles the recovered resources before they are operated on. * XML configuration files are now checked for non-printing characters and replaced with their octal equivalent when exporting XML text. Also, a more reliable buffer allocation strategy has been implemented to prevent lockups. (BZ#987355) Additional bug fixes: * The "crm_resource --move" command was designed for atomic resources and could not handle resources on clones, masters, or slaves present on multiple nodes. Consequently, crm_resource could not obtain enough information to move a resource and did not perform any action. The "--ban" and "--clear" options have been added to allow the administrator to instruct the cluster unambiguously. Clone, master, and slave resources can now be navigated within the cluster as expected. (BZ#902407) * The hacluster user account did not have a user identification (UID) or group identification (GID) number reserved on the system. Thus, UID and GID values were picked randomly during the installation process. The UID and GID number 189 was reserved for hacluster and is now used consistently for all installations. (BZ#908450) * Certain clusters used node host names that did not match the output of the "uname -n" command. Thus, the default node name used by the crm_standby and crm_failcount commands was incorrect and caused the cluster to ignore the update by the administrator. The crm_node command is now used instead of the uname utility in helper scripts. As a result, the cluster behaves as expected. (BZ#913093) * Due to incorrect return code handling, internal recovery logic of the crm_mon utility was not executed when a configuration updated failed to apply, leading to an assertion failure. Return codes are now checked correctly, and the recovery of an expected error state is now handled transparently. (BZ#951371) * cman's automatic unfencing feature failed when combined with Pacemaker. Support for automated unfencing in Pacemaker has been added, and the unwanted behavior no longer occurs. (BZ#996850) All pacemaker users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 891922 - CVE-2013-0281 pacemaker: remote DoS when CIB management is enabled caused by use of blocking sockets 902407 - Different results when moving Master/Slave resources 902459 - Persistent resource-related data after the resource is deleted 996850 - Unfence at cluster startup with fence_scsi 997346 - pacemaker enables itself on boot during installation 1011618 - Slave roles inconsistent in pcs status xml (or crm_mon) 6. Package List: Red Hat Enterprise Linux High Availability (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pacemaker-1.1.10-14.el6.src.rpm i386: pacemaker-1.1.10-14.el6.i686.rpm pacemaker-cli-1.1.10-14.el6.i686.rpm pacemaker-cluster-libs-1.1.10-14.el6.i686.rpm pacemaker-cts-1.1.10-14.el6.i686.rpm pacemaker-debuginfo-1.1.10-14.el6.i686.rpm pacemaker-doc-1.1.10-14.el6.i686.rpm pacemaker-libs-1.1.10-14.el6.i686.rpm pacemaker-libs-devel-1.1.10-14.el6.i686.rpm x86_64: pacemaker-1.1.10-14.el6.x86_64.rpm pacemaker-cli-1.1.10-14.el6.x86_64.rpm pacemaker-cluster-libs-1.1.10-14.el6.i686.rpm pacemaker-cluster-libs-1.1.10-14.el6.x86_64.rpm pacemaker-cts-1.1.10-14.el6.x86_64.rpm pacemaker-debuginfo-1.1.10-14.el6.i686.rpm pacemaker-debuginfo-1.1.10-14.el6.x86_64.rpm pacemaker-doc-1.1.10-14.el6.x86_64.rpm pacemaker-libs-1.1.10-14.el6.i686.rpm pacemaker-libs-1.1.10-14.el6.x86_64.rpm pacemaker-libs-devel-1.1.10-14.el6.i686.rpm pacemaker-libs-devel-1.1.10-14.el6.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pacemaker-1.1.10-14.el6.src.rpm i386: pacemaker-1.1.10-14.el6.i686.rpm pacemaker-cli-1.1.10-14.el6.i686.rpm pacemaker-cluster-libs-1.1.10-14.el6.i686.rpm pacemaker-cts-1.1.10-14.el6.i686.rpm pacemaker-debuginfo-1.1.10-14.el6.i686.rpm pacemaker-doc-1.1.10-14.el6.i686.rpm pacemaker-libs-1.1.10-14.el6.i686.rpm pacemaker-libs-devel-1.1.10-14.el6.i686.rpm x86_64: pacemaker-1.1.10-14.el6.x86_64.rpm pacemaker-cli-1.1.10-14.el6.x86_64.rpm pacemaker-cluster-libs-1.1.10-14.el6.i686.rpm pacemaker-cluster-libs-1.1.10-14.el6.x86_64.rpm pacemaker-cts-1.1.10-14.el6.x86_64.rpm pacemaker-debuginfo-1.1.10-14.el6.i686.rpm pacemaker-debuginfo-1.1.10-14.el6.x86_64.rpm pacemaker-doc-1.1.10-14.el6.x86_64.rpm pacemaker-libs-1.1.10-14.el6.i686.rpm pacemaker-libs-1.1.10-14.el6.x86_64.rpm pacemaker-libs-devel-1.1.10-14.el6.i686.rpm pacemaker-libs-devel-1.1.10-14.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/pacemaker-1.1.10-14.el6.src.rpm i386: pacemaker-debuginfo-1.1.10-14.el6.i686.rpm pacemaker-remote-1.1.10-14.el6.i686.rpm x86_64: pacemaker-debuginfo-1.1.10-14.el6.x86_64.rpm pacemaker-remote-1.1.10-14.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0281.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY4fXlSAg2UNWIIRAh/NAJ0aE95vq2J06nTLQqnwLhV9yWrM5wCeIN9t CSiV2AI7kFPkupLOCP2BBSM= =he1w -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:42:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:42:23 +0000 Subject: [RHSA-2013:1645-02] Important: Red Hat Enterprise Linux 6 kernel update Message-ID: <201311210438.rAL4cp4q014114@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 6 kernel update Advisory ID: RHSA-2013:1645-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1645.html Issue date: 2013-11-21 CVE Names: CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1928 CVE-2013-1929 CVE-2013-2164 CVE-2013-2234 CVE-2013-2851 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-3231 CVE-2013-4345 CVE-2013-4387 CVE-2013-4591 CVE-2013-4592 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 627128 - kernel spec: devel_post macro: hardlink fc typo 734728 - cifs: asynchronous readpages support 796364 - sbc_fitpc2_wdt NULL pointer dereference 815908 - NFSv4 server support for numeric IDs 831158 - dm-crypt: Fix possible mempool deadlock 834919 - JBD: Spotted dirty metadata buffer 851269 - kernel-debug: enable CONFIG_JBD_DEBUG 856764 - RHEL 6.5 Common Network Backports Tracker 859562 - DM RAID: 'sync' table argument is ineffective. 873659 - virt: Clocksource tsc unstable (delta = 474712882 ns). Enable clocksource failover by adding clocksource_failover kernel parameter. 876528 - Set-group-ID (SGID) bit not inherited on XFS file system with ACLs on directory 889973 - "kernel: device-mapper: table: 253:3: snapshot-origin: unknown target type" 903297 - FCoE target: backport drivers/target from upstream 908093 - gfs2: withdraw does not wait for gfs_controld 913660 - nfs client crashes during open 914664 - CVE-2013-0343 kernel: handling of IPv6 temporary addresses 918239 - kernel-2.6.32-358.0.1 doesn't boot at virtual machine on Xen Cloud Platform 920752 - cannot open device nodes for writing on RO filesystems 922322 - CVE-2012-6542 Kernel: llc: information leak via getsockname 922404 - CVE-2012-6545 Kernel: Bluetooth: RFCOMM - information leak 928207 - transfer data using two port from guest to host,guest hang and call trace 949567 - CVE-2013-1928 Kernel: information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE 949932 - CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmware parsing 953097 - virtio-rng, boot the guest with two rng device, cat /dev/hwrng in guest, guest will call trace 956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 973100 - CVE-2013-2164 Kernel: information leak in cdrom driver 980995 - CVE-2013-2234 Kernel: net: information leak in AF_KEY notify 990806 - BUG: soft lockup - CPU#0 stuck for 63s! [killall5:7385] 999890 - CVE-2013-2889 Kernel: HID: zeroplus: heap overflow flaw 1000429 - CVE-2013-2892 Kernel: HID: pantherlord: heap overflow flaw 1000451 - CVE-2013-2888 Kernel: HID: memory corruption flaw 1007690 - CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request 1011927 - CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface 1014867 - xfssyncd and flush device threads hang in xlog_grant_head_wait 1031678 - CVE-2013-4591 kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached 1031702 - CVE-2013-4592 kernel: kvm: memory leak when memory slot is moved with assigned device 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm ppc64: kernel-2.6.32-431.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.el6.ppc64.rpm kernel-debug-2.6.32-431.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.el6.ppc64.rpm kernel-devel-2.6.32-431.el6.ppc64.rpm kernel-headers-2.6.32-431.el6.ppc64.rpm perf-2.6.32-431.el6.ppc64.rpm perf-debuginfo-2.6.32-431.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.el6.ppc64.rpm s390x: kernel-2.6.32-431.el6.s390x.rpm kernel-debug-2.6.32-431.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debug-devel-2.6.32-431.el6.s390x.rpm kernel-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.el6.s390x.rpm kernel-devel-2.6.32-431.el6.s390x.rpm kernel-headers-2.6.32-431.el6.s390x.rpm kernel-kdump-2.6.32-431.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.el6.s390x.rpm perf-2.6.32-431.el6.s390x.rpm perf-debuginfo-2.6.32-431.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.el6.s390x.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.el6.ppc64.rpm perf-debuginfo-2.6.32-431.el6.ppc64.rpm python-perf-2.6.32-431.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.el6.s390x.rpm perf-debuginfo-2.6.32-431.el6.s390x.rpm python-perf-2.6.32-431.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6542.html https://www.redhat.com/security/data/cve/CVE-2012-6545.html https://www.redhat.com/security/data/cve/CVE-2013-0343.html https://www.redhat.com/security/data/cve/CVE-2013-1928.html https://www.redhat.com/security/data/cve/CVE-2013-1929.html https://www.redhat.com/security/data/cve/CVE-2013-2164.html https://www.redhat.com/security/data/cve/CVE-2013-2234.html https://www.redhat.com/security/data/cve/CVE-2013-2851.html https://www.redhat.com/security/data/cve/CVE-2013-2888.html https://www.redhat.com/security/data/cve/CVE-2013-2889.html https://www.redhat.com/security/data/cve/CVE-2013-2892.html https://www.redhat.com/security/data/cve/CVE-2013-3231.html https://www.redhat.com/security/data/cve/CVE-2013-4345.html https://www.redhat.com/security/data/cve/CVE-2013-4387.html https://www.redhat.com/security/data/cve/CVE-2013-4591.html https://www.redhat.com/security/data/cve/CVE-2013-4592.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.5_Release_Notes/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html#RHSA-2013-1645 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY5WXlSAg2UNWIIRAuHSAJ4zspC6c0F3dA1sbYegYTGXWG0APwCeODoR Za69iTI1KBy4b8uFSqU5p4A= =Mkqs -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:43:18 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:43:18 +0000 Subject: [RHSA-2013:1652-02] Low: coreutils security, bug fix, and enhancement update Message-ID: <201311210439.rAL4djwm004492@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: coreutils security, bug fix, and enhancement update Advisory ID: RHSA-2013:1652-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1652.html Issue date: 2013-11-21 CVE Names: CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 ===================================================================== 1. Summary: Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223) These updated coreutils packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All coreutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 747592 - segfault message supressed with su -c 816708 - id and groups commands sometimes lie 827199 - [RHEL6] tail -f doesn't work on panasas file systems 836557 - du gives bogus warning if named service is running 842040 - df -P gives new lines when where '\n' is in any of the /proc/mounts fields. 903464 - CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input 903465 - CVE-2013-0222 coreutils: segfault in uniq with long line input 903466 - CVE-2013-0223 coreutils: segfault in "join -i" with long line input 908980 - Provide the conv=sparse option in dd 965654 - dd option status=noxfer is ignored 980061 - mv: fails to overwrite directory on cross-filesystem copy with EISDIR 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/coreutils-8.4-31.el6.src.rpm i386: coreutils-8.4-31.el6.i686.rpm coreutils-debuginfo-8.4-31.el6.i686.rpm coreutils-libs-8.4-31.el6.i686.rpm x86_64: coreutils-8.4-31.el6.x86_64.rpm coreutils-debuginfo-8.4-31.el6.x86_64.rpm coreutils-libs-8.4-31.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/coreutils-8.4-31.el6.src.rpm x86_64: coreutils-8.4-31.el6.x86_64.rpm coreutils-debuginfo-8.4-31.el6.x86_64.rpm coreutils-libs-8.4-31.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/coreutils-8.4-31.el6.src.rpm i386: coreutils-8.4-31.el6.i686.rpm coreutils-debuginfo-8.4-31.el6.i686.rpm coreutils-libs-8.4-31.el6.i686.rpm ppc64: coreutils-8.4-31.el6.ppc64.rpm coreutils-debuginfo-8.4-31.el6.ppc64.rpm coreutils-libs-8.4-31.el6.ppc64.rpm s390x: coreutils-8.4-31.el6.s390x.rpm coreutils-debuginfo-8.4-31.el6.s390x.rpm coreutils-libs-8.4-31.el6.s390x.rpm x86_64: coreutils-8.4-31.el6.x86_64.rpm coreutils-debuginfo-8.4-31.el6.x86_64.rpm coreutils-libs-8.4-31.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/coreutils-8.4-31.el6.src.rpm i386: coreutils-8.4-31.el6.i686.rpm coreutils-debuginfo-8.4-31.el6.i686.rpm coreutils-libs-8.4-31.el6.i686.rpm x86_64: coreutils-8.4-31.el6.x86_64.rpm coreutils-debuginfo-8.4-31.el6.x86_64.rpm coreutils-libs-8.4-31.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0221.html https://www.redhat.com/security/data/cve/CVE-2013-0222.html https://www.redhat.com/security/data/cve/CVE-2013-0223.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/coreutils.html#RHSA-2013-1652 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY6DXlSAg2UNWIIRAntkAJ0UHjNH8AA2aKtwutmx9W1sGqh5qgCeJYGT dxaKnzL0+uGcNc+0OOcfXxY= =lg0c -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:47:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:47:56 +0000 Subject: [RHSA-2013:1661-02] Moderate: RDMA stack security, bug fix, and enhancement update Message-ID: <201311210444.rAL4iN0D016843@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: RDMA stack security, bug fix, and enhancement update Advisory ID: RHSA-2013:1661-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1661.html Issue date: 2013-11-21 Keywords: rdma libibverbs mlx4 InfiniBand iWARP RoCE IBoE CVE Names: CVE-2012-4516 CVE-2013-2561 ===================================================================== 1. Summary: Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions: * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following: * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 865483 - CVE-2012-4516 librdmacm: Tried to connect to port 6125 if ibacm.port was not found 927430 - CVE-2013-2561 ibutils: insecure handling of files in the /tmp directory 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openmpi-1.5.4-2.el6.src.rpm i386: libibverbs-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm x86_64: infinipath-psm-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-1.1.7-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-1.0.17-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm openmpi-1.5.4-2.el6.x86_64.rpm openmpi-debuginfo-1.5.4-2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openmpi-1.5.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rdma-3.10-3.el6.src.rpm i386: libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-devel-static-1.1.7-1.el6.i686.rpm libibverbs-utils-1.1.7-1.el6.i686.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-static-1.0.5-4.el6.1.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-static-1.0.17-1.el6.i686.rpm librdmacm-utils-1.0.17-1.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.i686.rpm noarch: rdma-3.10-3.el6.noarch.rpm x86_64: infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.x86_64.rpm libibverbs-devel-static-1.1.7-1.el6.x86_64.rpm libibverbs-utils-1.1.7-1.el6.x86_64.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-1.0.5-4.el6.1.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm libmlx4-static-1.0.5-4.el6.1.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.x86_64.rpm librdmacm-static-1.0.17-1.el6.x86_64.rpm librdmacm-utils-1.0.17-1.el6.x86_64.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.x86_64.rpm openmpi-devel-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mstflint-3.0-0.6.g6961daa.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openmpi-1.5.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/perftest-2.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/qperf-0.4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rdma-3.10-3.el6.src.rpm noarch: rdma-3.10-3.el6.noarch.rpm x86_64: ibutils-1.5.7-8.el6.x86_64.rpm ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-libs-1.5.7-8.el6.i686.rpm ibutils-libs-1.5.7-8.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-1.1.7-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.x86_64.rpm libibverbs-utils-1.1.7-1.el6.x86_64.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-1.0.5-4.el6.1.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-1.0.17-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.x86_64.rpm librdmacm-utils-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-3.2-9.el6.x86_64.rpm mpitests-mvapich2-3.2-9.el6.x86_64.rpm mpitests-openmpi-3.2-9.el6.x86_64.rpm mstflint-3.0-0.6.g6961daa.1.el6.x86_64.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.x86_64.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-1.5.4-2.el6.x86_64.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.x86_64.rpm openmpi-devel-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.x86_64.rpm perftest-2.0-2.el6.x86_64.rpm perftest-debuginfo-2.0-2.el6.x86_64.rpm qperf-0.4.9-1.el6.x86_64.rpm qperf-debuginfo-0.4.9-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm x86_64: ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-devel-1.5.7-8.el6.i686.rpm ibutils-devel-1.5.7-8.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-static-1.1.7-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm libmlx4-static-1.0.5-4.el6.1.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-static-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-psm-3.2-9.el6.x86_64.rpm mpitests-mvapich2-psm-3.2-9.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mstflint-3.0-0.6.g6961daa.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openmpi-1.5.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/perftest-2.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/qperf-0.4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rdma-3.10-3.el6.src.rpm i386: ibutils-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-libs-1.5.7-8.el6.i686.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-utils-1.1.7-1.el6.i686.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-utils-1.0.17-1.el6.i686.rpm mpitests-debuginfo-3.2-9.el6.i686.rpm mpitests-mvapich-3.2-9.el6.i686.rpm mpitests-mvapich2-3.2-9.el6.i686.rpm mpitests-openmpi-3.2-9.el6.i686.rpm mstflint-3.0-0.6.g6961daa.1.el6.i686.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.i686.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.i686.rpm perftest-2.0-2.el6.i686.rpm perftest-debuginfo-2.0-2.el6.i686.rpm qperf-0.4.9-1.el6.i686.rpm qperf-debuginfo-0.4.9-1.el6.i686.rpm noarch: rdma-3.10-3.el6.noarch.rpm ppc64: ibutils-1.5.7-8.el6.ppc64.rpm ibutils-debuginfo-1.5.7-8.el6.ppc.rpm ibutils-debuginfo-1.5.7-8.el6.ppc64.rpm ibutils-libs-1.5.7-8.el6.ppc.rpm ibutils-libs-1.5.7-8.el6.ppc64.rpm libibverbs-1.1.7-1.el6.ppc.rpm libibverbs-1.1.7-1.el6.ppc64.rpm libibverbs-debuginfo-1.1.7-1.el6.ppc.rpm libibverbs-debuginfo-1.1.7-1.el6.ppc64.rpm libibverbs-devel-1.1.7-1.el6.ppc.rpm libibverbs-devel-1.1.7-1.el6.ppc64.rpm libibverbs-utils-1.1.7-1.el6.ppc64.rpm libmlx4-1.0.5-4.el6.1.ppc.rpm libmlx4-1.0.5-4.el6.1.ppc64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.ppc.rpm libmlx4-debuginfo-1.0.5-4.el6.1.ppc64.rpm librdmacm-1.0.17-1.el6.ppc.rpm librdmacm-1.0.17-1.el6.ppc64.rpm librdmacm-debuginfo-1.0.17-1.el6.ppc.rpm librdmacm-debuginfo-1.0.17-1.el6.ppc64.rpm librdmacm-utils-1.0.17-1.el6.ppc64.rpm mstflint-3.0-0.6.g6961daa.1.el6.ppc64.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.ppc64.rpm openmpi-1.5.4-2.el6.ppc.rpm openmpi-1.5.4-2.el6.ppc64.rpm openmpi-debuginfo-1.5.4-2.el6.ppc.rpm openmpi-debuginfo-1.5.4-2.el6.ppc64.rpm openmpi-devel-1.5.4-2.el6.ppc.rpm openmpi-devel-1.5.4-2.el6.ppc64.rpm perftest-2.0-2.el6.ppc64.rpm perftest-debuginfo-2.0-2.el6.ppc64.rpm qperf-0.4.9-1.el6.ppc64.rpm qperf-debuginfo-0.4.9-1.el6.ppc64.rpm x86_64: ibutils-1.5.7-8.el6.x86_64.rpm ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-libs-1.5.7-8.el6.i686.rpm ibutils-libs-1.5.7-8.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-1.1.7-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.x86_64.rpm libibverbs-utils-1.1.7-1.el6.x86_64.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-1.0.5-4.el6.1.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-1.0.17-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.x86_64.rpm librdmacm-utils-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-3.2-9.el6.x86_64.rpm mpitests-mvapich2-3.2-9.el6.x86_64.rpm mpitests-openmpi-3.2-9.el6.x86_64.rpm mstflint-3.0-0.6.g6961daa.1.el6.x86_64.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.x86_64.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-1.5.4-2.el6.x86_64.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.x86_64.rpm openmpi-devel-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.x86_64.rpm perftest-2.0-2.el6.x86_64.rpm perftest-debuginfo-2.0-2.el6.x86_64.rpm qperf-0.4.9-1.el6.x86_64.rpm qperf-debuginfo-0.4.9-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm i386: ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-devel-1.5.7-8.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-devel-static-1.1.7-1.el6.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-static-1.0.5-4.el6.1.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-static-1.0.17-1.el6.i686.rpm ppc64: ibutils-debuginfo-1.5.7-8.el6.ppc.rpm ibutils-debuginfo-1.5.7-8.el6.ppc64.rpm ibutils-devel-1.5.7-8.el6.ppc.rpm ibutils-devel-1.5.7-8.el6.ppc64.rpm libibverbs-debuginfo-1.1.7-1.el6.ppc64.rpm libibverbs-devel-static-1.1.7-1.el6.ppc64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.ppc64.rpm libmlx4-static-1.0.5-4.el6.1.ppc64.rpm librdmacm-debuginfo-1.0.17-1.el6.ppc.rpm librdmacm-debuginfo-1.0.17-1.el6.ppc64.rpm librdmacm-devel-1.0.17-1.el6.ppc.rpm librdmacm-devel-1.0.17-1.el6.ppc64.rpm librdmacm-static-1.0.17-1.el6.ppc64.rpm x86_64: ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-devel-1.5.7-8.el6.i686.rpm ibutils-devel-1.5.7-8.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-static-1.1.7-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm libmlx4-static-1.0.5-4.el6.1.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-static-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-psm-3.2-9.el6.x86_64.rpm mpitests-mvapich2-psm-3.2-9.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mstflint-3.0-0.6.g6961daa.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openmpi-1.5.4-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/perftest-2.0-2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/qperf-0.4.9-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rdma-3.10-3.el6.src.rpm i386: ibutils-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-libs-1.5.7-8.el6.i686.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-utils-1.1.7-1.el6.i686.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-utils-1.0.17-1.el6.i686.rpm mpitests-debuginfo-3.2-9.el6.i686.rpm mpitests-mvapich-3.2-9.el6.i686.rpm mpitests-mvapich2-3.2-9.el6.i686.rpm mpitests-openmpi-3.2-9.el6.i686.rpm mstflint-3.0-0.6.g6961daa.1.el6.i686.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.i686.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.i686.rpm perftest-2.0-2.el6.i686.rpm perftest-debuginfo-2.0-2.el6.i686.rpm qperf-0.4.9-1.el6.i686.rpm qperf-debuginfo-0.4.9-1.el6.i686.rpm noarch: rdma-3.10-3.el6.noarch.rpm x86_64: ibutils-1.5.7-8.el6.x86_64.rpm ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-libs-1.5.7-8.el6.i686.rpm ibutils-libs-1.5.7-8.el6.x86_64.rpm infinipath-psm-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-1.1.7-1.el6.i686.rpm libibverbs-1.1.7-1.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-1.1.7-1.el6.i686.rpm libibverbs-devel-1.1.7-1.el6.x86_64.rpm libibverbs-utils-1.1.7-1.el6.x86_64.rpm libmlx4-1.0.5-4.el6.1.i686.rpm libmlx4-1.0.5-4.el6.1.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm librdmacm-1.0.17-1.el6.i686.rpm librdmacm-1.0.17-1.el6.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.x86_64.rpm librdmacm-utils-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-3.2-9.el6.x86_64.rpm mpitests-mvapich2-3.2-9.el6.x86_64.rpm mpitests-openmpi-3.2-9.el6.x86_64.rpm mstflint-3.0-0.6.g6961daa.1.el6.x86_64.rpm mstflint-debuginfo-3.0-0.6.g6961daa.1.el6.x86_64.rpm openmpi-1.5.4-2.el6.i686.rpm openmpi-1.5.4-2.el6.x86_64.rpm openmpi-debuginfo-1.5.4-2.el6.i686.rpm openmpi-debuginfo-1.5.4-2.el6.x86_64.rpm openmpi-devel-1.5.4-2.el6.i686.rpm openmpi-devel-1.5.4-2.el6.x86_64.rpm perftest-2.0-2.el6.x86_64.rpm perftest-debuginfo-2.0-2.el6.x86_64.rpm qperf-0.4.9-1.el6.x86_64.rpm qperf-debuginfo-0.4.9-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ibutils-1.5.7-8.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/infinipath-psm-3.0.1-115.1015_open.2.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libibverbs-1.1.7-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libmlx4-1.0.5-4.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/librdmacm-1.0.17-1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mpitests-3.2-9.el6.src.rpm i386: ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-devel-1.5.7-8.el6.i686.rpm libibverbs-debuginfo-1.1.7-1.el6.i686.rpm libibverbs-devel-static-1.1.7-1.el6.i686.rpm libmlx4-debuginfo-1.0.5-4.el6.1.i686.rpm libmlx4-static-1.0.5-4.el6.1.i686.rpm librdmacm-debuginfo-1.0.17-1.el6.i686.rpm librdmacm-devel-1.0.17-1.el6.i686.rpm librdmacm-static-1.0.17-1.el6.i686.rpm x86_64: ibutils-debuginfo-1.5.7-8.el6.i686.rpm ibutils-debuginfo-1.5.7-8.el6.x86_64.rpm ibutils-devel-1.5.7-8.el6.i686.rpm ibutils-devel-1.5.7-8.el6.x86_64.rpm infinipath-psm-debuginfo-3.0.1-115.1015_open.2.el6.x86_64.rpm infinipath-psm-devel-3.0.1-115.1015_open.2.el6.x86_64.rpm libibverbs-debuginfo-1.1.7-1.el6.x86_64.rpm libibverbs-devel-static-1.1.7-1.el6.x86_64.rpm libmlx4-debuginfo-1.0.5-4.el6.1.x86_64.rpm libmlx4-static-1.0.5-4.el6.1.x86_64.rpm librdmacm-debuginfo-1.0.17-1.el6.x86_64.rpm librdmacm-static-1.0.17-1.el6.x86_64.rpm mpitests-debuginfo-3.2-9.el6.x86_64.rpm mpitests-mvapich-psm-3.2-9.el6.x86_64.rpm mpitests-mvapich2-psm-3.2-9.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4516.html https://www.redhat.com/security/data/cve/CVE-2013-2561.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY+jXlSAg2UNWIIRAociAKCjnFlqNLKrYnI7qj9RawpVcp+MNwCdEnD9 qeY87l9xVoIzgl8C5DFa2yU= =PfNv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:51:08 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:51:08 +0000 Subject: [RHSA-2013:1674-02] Moderate: dracut security, bug fix, and enhancement update Message-ID: <201311210447.rAL4lZhW000353@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: dracut security, bug fix, and enhancement update Advisory ID: RHSA-2013:1674-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1674.html Issue date: 2013-11-21 CVE Names: CVE-2012-4453 ===================================================================== 1. Summary: Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - noarch Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453) This issue was discovered by Peter Jones of the Red Hat Installer Team. These updated dracut packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All dracut users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 610462 - mkinitrd has no man page 720684 - Booting with snapshot of / requires non user-friendly config 859448 - CVE-2012-4453 dracut: Creates initramfs images with world-readable permissions (information disclosure) 912299 - kernel installation fails if GREP_OPTIONS is set 1012626 - [FIPS140] dracut-fip updates needed for certification 1019104 - Interface renaming via ifname does not work for RHEL-6.5 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-004-336.el6.noarch.rpm dracut-fips-004-336.el6.noarch.rpm dracut-kernel-004-336.el6.noarch.rpm dracut-network-004-336.el6.noarch.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-caps-004-336.el6.noarch.rpm dracut-fips-aesni-004-336.el6.noarch.rpm dracut-generic-004-336.el6.noarch.rpm dracut-tools-004-336.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-004-336.el6.noarch.rpm dracut-fips-004-336.el6.noarch.rpm dracut-kernel-004-336.el6.noarch.rpm dracut-network-004-336.el6.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-caps-004-336.el6.noarch.rpm dracut-fips-aesni-004-336.el6.noarch.rpm dracut-generic-004-336.el6.noarch.rpm dracut-tools-004-336.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-004-336.el6.noarch.rpm dracut-fips-004-336.el6.noarch.rpm dracut-kernel-004-336.el6.noarch.rpm dracut-network-004-336.el6.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-caps-004-336.el6.noarch.rpm dracut-fips-aesni-004-336.el6.noarch.rpm dracut-generic-004-336.el6.noarch.rpm dracut-tools-004-336.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-004-336.el6.noarch.rpm dracut-fips-004-336.el6.noarch.rpm dracut-kernel-004-336.el6.noarch.rpm dracut-network-004-336.el6.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/dracut-004-336.el6.src.rpm noarch: dracut-caps-004-336.el6.noarch.rpm dracut-fips-aesni-004-336.el6.noarch.rpm dracut-generic-004-336.el6.noarch.rpm dracut-tools-004-336.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4453.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/dracut.html#RHSA-2013-1674 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY/DXlSAg2UNWIIRAku4AKCcw5yzjZp3tX9ASlR/wqEl7YYdZACgmEA/ J5hKU5XeI6YXdWsDGAVq+Uc= =GhQn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:51:46 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:51:46 +0000 Subject: [RHSA-2013:1701-02] Low: sudo security, bug fix and enhancement update Message-ID: <201311210448.rAL4mDNP016154@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sudo security, bug fix and enhancement update Advisory ID: RHSA-2013:1701-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1701.html Issue date: 2013-11-21 CVE Names: CVE-2013-1775 CVE-2013-2776 CVE-2013-2777 ===================================================================== 1. Summary: An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-2776, CVE-2013-2777) This update also fixes the following bugs: * Previously, sudo did not support netgroup filtering for sources from the System Security Services Daemon (SSSD). Consequently, SSSD rules were applied to all users even when they did not belong to the specified netgroup. With this update, netgroup filtering for SSSD sources has been implemented. As a result, rules with a netgroup specification are applied only to users that are part of the netgroup. (BZ#880150) * When the sudo utility set up the environment in which it ran a command, it reset the value of the RLIMIT_NPROC resource limit to the parent's value of this limit if both the soft (current) and hard (maximum) values of RLIMIT_NPROC were not limited. An upstream patch has been provided to address this bug and RLIMIT_NPROC can now be set to "unlimited". (BZ#947276) * Due to the refactoring of the sudo code by upstream, the SUDO_USER variable that stores the name of the user running the sudo command was not logged to the /var/log/secure file as before. Consequently, user name "root" was always recorded instead of the real user name. With this update, the previous behavior of sudo has been restored. As a result, the expected user name is now written to /var/log/secure. (BZ#973228) * Due to an error in a loop condition in sudo's rule listing code, a buffer overflow could have occurred in certain cases. This condition has been fixed and the buffer overflow no longer occurs. (BZ#994626) In addition, this update adds the following enhancements: * With this update, sudo has been modified to send debug messages about netgroup matching to the debug log. These messages should provide better understanding of how sudo matches netgroup database records with values from the running system and what the values are exactly. (BZ#848111) * With this update, sudo has been modified to accept the ipa_hostname value from the /etc/sssd/sssd.conf configuration file when matching netgroups. (BZ#853542) All sudo users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 856901 - Defauts:! syntax in sudoers doesn't seem to work as expected 880150 - sssd +netgroup sudoUser is always matched 886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup 916363 - CVE-2013-1775 sudo: authentication bypass via reset system clock 949751 - CVE-2013-2776 sudo: bypass of tty_tickets constraints 949753 - CVE-2013-2777 sudo: bypass of tty_tickets constraints 994563 - Warning in visudo: cycle in Host_Alias even without cycle 994626 - sudo -u sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size: 0x00007f4ae2d10ec0 *** 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.i686.rpm x86_64: sudo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm x86_64: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm x86_64: sudo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm x86_64: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.i686.rpm ppc64: sudo-1.8.6p3-12.el6.ppc64.rpm sudo-debuginfo-1.8.6p3-12.el6.ppc64.rpm s390x: sudo-1.8.6p3-12.el6.s390x.rpm sudo-debuginfo-1.8.6p3-12.el6.s390x.rpm x86_64: sudo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm ppc64: sudo-debuginfo-1.8.6p3-12.el6.ppc.rpm sudo-debuginfo-1.8.6p3-12.el6.ppc64.rpm sudo-devel-1.8.6p3-12.el6.ppc.rpm sudo-devel-1.8.6p3-12.el6.ppc64.rpm s390x: sudo-debuginfo-1.8.6p3-12.el6.s390.rpm sudo-debuginfo-1.8.6p3-12.el6.s390x.rpm sudo-devel-1.8.6p3-12.el6.s390.rpm sudo-devel-1.8.6p3-12.el6.s390x.rpm x86_64: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.i686.rpm x86_64: sudo-1.8.6p3-12.el6.x86_64.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/sudo-1.8.6p3-12.el6.src.rpm i386: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm x86_64: sudo-debuginfo-1.8.6p3-12.el6.i686.rpm sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm sudo-devel-1.8.6p3-12.el6.i686.rpm sudo-devel-1.8.6p3-12.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1775.html https://www.redhat.com/security/data/cve/CVE-2013-2776.html https://www.redhat.com/security/data/cve/CVE-2013-2777.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjZCHXlSAg2UNWIIRAt3IAJ9vk5ycVQ6pYkHYc7uM6YLFvhsSrgCfVHi+ H0zICoykOf4KltShaykk1Wo= =z/lR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 04:52:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 04:52:15 +0000 Subject: [RHSA-2013:1732-02] Low: busybox security and bug fix update Message-ID: <201311210448.rAL4mgdK000793@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: busybox security and bug fix update Advisory ID: RHSA-2013:1732-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1732.html Issue date: 2013-11-21 CVE Names: CVE-2013-1813 ===================================================================== 1. Summary: Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree. (CVE-2013-1813) This update also fixes the following bugs: * Previously, due to a too eager string size optimization on the IBM System z architecture, the "wc" BusyBox command failed after processing standard input with the following error: wc: : No such file or directory This bug was fixed by disabling the string size optimization and the "wc" command works properly on IBM System z architectures. (BZ#820097) * Prior to this update, the "mknod" command was unable to create device nodes with a major or minor number larger than 255. Consequently, the kdump utility failed to handle such a device. The underlying source code has been modified, and it is now possible to use the "mknod" command to create device nodes with a major or minor number larger than 255. (BZ#859817) * If a network installation from an NFS server was selected, the "mount" command used the UDP protocol by default. If only TCP mounts were supported by the server, this led to a failure of the mount command. As a result, Anaconda could not continue with the installation. This bug is now fixed and NFS mount operations default to the TCP protocol. (BZ#855832) All busybox users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 820097 - s390x: wc: : No such file or directory 919608 - CVE-2013-1813 busybox: insecure directory permissions in /dev 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-1.15.1-20.el6.i686.rpm x86_64: busybox-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-petitboot-1.15.1-20.el6.i686.rpm x86_64: busybox-petitboot-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm x86_64: busybox-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm x86_64: busybox-petitboot-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-1.15.1-20.el6.i686.rpm ppc64: busybox-1.15.1-20.el6.ppc64.rpm s390x: busybox-1.15.1-20.el6.s390x.rpm x86_64: busybox-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-petitboot-1.15.1-20.el6.i686.rpm ppc64: busybox-petitboot-1.15.1-20.el6.ppc64.rpm s390x: busybox-petitboot-1.15.1-20.el6.s390x.rpm x86_64: busybox-petitboot-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-1.15.1-20.el6.i686.rpm x86_64: busybox-1.15.1-20.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/busybox-1.15.1-20.el6.src.rpm i386: busybox-petitboot-1.15.1-20.el6.i686.rpm x86_64: busybox-petitboot-1.15.1-20.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1813.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjZCnXlSAg2UNWIIRAiJSAJ0TqYZUa5QB/eJhmFHvQcg82lLB2wCgh2yo aJ1PXAUjIZKdjdMPJ7beUm4= =orqI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 21 05:03:06 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Nov 2013 05:03:06 +0000 Subject: [RHSA-2013:1752-01] Important: 389-ds-base security update Message-ID: <201311210459.rAL4xYiM021038@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: 389-ds-base security update Advisory ID: RHSA-2013:1752-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1752.html Issue date: 2013-11-21 CVE Names: CVE-2013-4485 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash. (CVE-2013-4485) All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1024552 - CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm x86_64: 389-ds-base-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-30.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-30.el6_5.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-30.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4485.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjZMpXlSAg2UNWIIRAvbTAJ4m1qd2EiMtb7osMm9V3k+0RTqPZQCaArkI kT9WsRzDBMfRY2/gTJrhKsc= =D+CY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 25 19:09:16 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Nov 2013 19:09:16 +0000 Subject: [RHSA-2013:1764-01] Critical: ruby security update Message-ID: <201311251909.rAPJ9GUO029690@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1764.html Issue date: 2013-11-25 CVE Names: CVE-2013-4164 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm ppc64: ruby-1.8.7.352-13.el6.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-devel-1.8.7.352-13.el6.ppc.rpm ruby-devel-1.8.7.352-13.el6.ppc64.rpm ruby-irb-1.8.7.352-13.el6.ppc64.rpm ruby-libs-1.8.7.352-13.el6.ppc.rpm ruby-libs-1.8.7.352-13.el6.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-1.8.7.352-13.el6.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6.s390.rpm ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-devel-1.8.7.352-13.el6.s390.rpm ruby-devel-1.8.7.352-13.el6.s390x.rpm ruby-irb-1.8.7.352-13.el6.s390x.rpm ruby-libs-1.8.7.352-13.el6.s390.rpm ruby-libs-1.8.7.352-13.el6.s390x.rpm ruby-rdoc-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-docs-1.8.7.352-13.el6.ppc64.rpm ruby-ri-1.8.7.352-13.el6.ppc64.rpm ruby-static-1.8.7.352-13.el6.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-docs-1.8.7.352-13.el6.s390x.rpm ruby-ri-1.8.7.352-13.el6.s390x.rpm ruby-static-1.8.7.352-13.el6.s390x.rpm ruby-tcltk-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSk6BNXlSAg2UNWIIRAlZiAKDAAPRSZ1H9cccz0veRzTeGoeJjcACcCB69 P78u5S2/0ZOC5eh3GKqWcx0= =VMn2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 26 19:15:04 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Nov 2013 19:15:04 +0000 Subject: [RHSA-2013:1767-01] Critical: ruby security update Message-ID: <201311261915.rAQJF5QY029706@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1767-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1767.html Issue date: 2013-11-26 CVE Names: CVE-2013-4164 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing 6. Package List: Red Hat Enterprise Linux Compute Node EUS (v. 6.2): Source: ruby-1.8.7.352-13.el6_2.src.rpm x86_64: ruby-1.8.7.352-13.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: ruby-1.8.7.352-13.el6_3.src.rpm x86_64: ruby-1.8.7.352-13.el6_3.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: ruby-1.8.7.352-13.el6_4.src.rpm x86_64: ruby-1.8.7.352-13.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2): Source: ruby-1.8.7.352-13.el6_2.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm ruby-static-1.8.7.352-13.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) : Source: ruby-1.8.7.352-13.el6_3.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm ruby-static-1.8.7.352-13.el6_3.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: ruby-1.8.7.352-13.el6_4.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm ruby-static-1.8.7.352-13.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.2): Source: ruby-1.8.7.352-13.el6_2.src.rpm i386: ruby-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-irb-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm ppc64: ruby-1.8.7.352-13.el6_2.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm ruby-devel-1.8.7.352-13.el6_2.ppc.rpm ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm ruby-irb-1.8.7.352-13.el6_2.ppc64.rpm ruby-libs-1.8.7.352-13.el6_2.ppc.rpm ruby-libs-1.8.7.352-13.el6_2.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm s390x: ruby-1.8.7.352-13.el6_2.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm ruby-devel-1.8.7.352-13.el6_2.s390.rpm ruby-devel-1.8.7.352-13.el6_2.s390x.rpm ruby-irb-1.8.7.352-13.el6_2.s390x.rpm ruby-libs-1.8.7.352-13.el6_2.s390.rpm ruby-libs-1.8.7.352-13.el6_2.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm x86_64: ruby-1.8.7.352-13.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: ruby-1.8.7.352-13.el6_3.src.rpm i386: ruby-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-irb-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-rdoc-1.8.7.352-13.el6_3.i686.rpm ppc64: ruby-1.8.7.352-13.el6_3.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm ruby-devel-1.8.7.352-13.el6_3.ppc.rpm ruby-devel-1.8.7.352-13.el6_3.ppc64.rpm ruby-irb-1.8.7.352-13.el6_3.ppc64.rpm ruby-libs-1.8.7.352-13.el6_3.ppc.rpm ruby-libs-1.8.7.352-13.el6_3.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_3.ppc64.rpm s390x: ruby-1.8.7.352-13.el6_3.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_3.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm ruby-devel-1.8.7.352-13.el6_3.s390.rpm ruby-devel-1.8.7.352-13.el6_3.s390x.rpm ruby-irb-1.8.7.352-13.el6_3.s390x.rpm ruby-libs-1.8.7.352-13.el6_3.s390.rpm ruby-libs-1.8.7.352-13.el6_3.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_3.s390x.rpm x86_64: ruby-1.8.7.352-13.el6_3.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ruby-1.8.7.352-13.el6_4.src.rpm i386: ruby-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-irb-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-rdoc-1.8.7.352-13.el6_4.i686.rpm ppc64: ruby-1.8.7.352-13.el6_4.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm ruby-devel-1.8.7.352-13.el6_4.ppc.rpm ruby-devel-1.8.7.352-13.el6_4.ppc64.rpm ruby-irb-1.8.7.352-13.el6_4.ppc64.rpm ruby-libs-1.8.7.352-13.el6_4.ppc.rpm ruby-libs-1.8.7.352-13.el6_4.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_4.ppc64.rpm s390x: ruby-1.8.7.352-13.el6_4.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_4.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm ruby-devel-1.8.7.352-13.el6_4.s390.rpm ruby-devel-1.8.7.352-13.el6_4.s390x.rpm ruby-irb-1.8.7.352-13.el6_4.s390x.rpm ruby-libs-1.8.7.352-13.el6_4.s390.rpm ruby-libs-1.8.7.352-13.el6_4.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_4.s390x.rpm x86_64: ruby-1.8.7.352-13.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.2): Source: ruby-1.8.7.352-13.el6_2.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-docs-1.8.7.352-13.el6_2.i686.rpm ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm ruby-ri-1.8.7.352-13.el6_2.i686.rpm ruby-static-1.8.7.352-13.el6_2.i686.rpm ruby-tcltk-1.8.7.352-13.el6_2.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm ruby-devel-1.8.7.352-13.el6_2.ppc.rpm ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm ruby-docs-1.8.7.352-13.el6_2.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm ruby-ri-1.8.7.352-13.el6_2.ppc64.rpm ruby-static-1.8.7.352-13.el6_2.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_2.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm ruby-devel-1.8.7.352-13.el6_2.s390.rpm ruby-devel-1.8.7.352-13.el6_2.s390x.rpm ruby-docs-1.8.7.352-13.el6_2.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm ruby-ri-1.8.7.352-13.el6_2.s390x.rpm ruby-static-1.8.7.352-13.el6_2.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_2.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm ruby-static-1.8.7.352-13.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: ruby-1.8.7.352-13.el6_3.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-docs-1.8.7.352-13.el6_3.i686.rpm ruby-ri-1.8.7.352-13.el6_3.i686.rpm ruby-static-1.8.7.352-13.el6_3.i686.rpm ruby-tcltk-1.8.7.352-13.el6_3.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm ruby-docs-1.8.7.352-13.el6_3.ppc64.rpm ruby-ri-1.8.7.352-13.el6_3.ppc64.rpm ruby-static-1.8.7.352-13.el6_3.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_3.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm ruby-docs-1.8.7.352-13.el6_3.s390x.rpm ruby-ri-1.8.7.352-13.el6_3.s390x.rpm ruby-static-1.8.7.352-13.el6_3.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_3.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm ruby-static-1.8.7.352-13.el6_3.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: ruby-1.8.7.352-13.el6_4.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-docs-1.8.7.352-13.el6_4.i686.rpm ruby-ri-1.8.7.352-13.el6_4.i686.rpm ruby-static-1.8.7.352-13.el6_4.i686.rpm ruby-tcltk-1.8.7.352-13.el6_4.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm ruby-docs-1.8.7.352-13.el6_4.ppc64.rpm ruby-ri-1.8.7.352-13.el6_4.ppc64.rpm ruby-static-1.8.7.352-13.el6_4.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_4.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm ruby-docs-1.8.7.352-13.el6_4.s390x.rpm ruby-ri-1.8.7.352-13.el6_4.s390x.rpm ruby-static-1.8.7.352-13.el6_4.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_4.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm ruby-static-1.8.7.352-13.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSlPJkXlSAg2UNWIIRAmGVAJ0ftFXiZwwEQYrgDr4bmR7n7pvbtQCbB8VQ Q2wQW0K2XmUcezCSz0pyQ2M= =Cisx -----END PGP SIGNATURE-----