From bugzilla at redhat.com Tue Sep 3 20:39:55 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:39:55 +0000 Subject: [RHSA-2013:1192-01] Moderate: spice-server security update Message-ID: <201309032039.r83KdtlE001520@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: spice-server security update Advisory ID: RHSA-2013:1192-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1192.html Issue date: 2013-09-03 CVE Names: CVE-2013-4130 ===================================================================== 1. Summary: An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A flaw was found in the way concurrent access to the clients ring buffer was performed in the spice-server library. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4130) This issue was discovered by David Gibson of Red Hat. Users of spice-server are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Applications acting as a SPICE server must be restarted for this update to take effect. Note that QEMU-KVM guests providing SPICE console access must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 984769 - CVE-2013-4130 spice: unsafe clients ring access abort 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-0.12.0-12.el6_4.3.x86_64.rpm spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-0.12.0-12.el6_4.3.x86_64.rpm spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-0.12.0-12.el6_4.3.x86_64.rpm spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-0.12.0-12.el6_4.3.x86_64.rpm spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-server-0.12.0-12.el6_4.3.src.rpm x86_64: spice-server-debuginfo-0.12.0-12.el6_4.3.x86_64.rpm spice-server-devel-0.12.0-12.el6_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4130.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFSJkkJXlSAg2UNWIIRAsHmAKC/WA24s/iF/b45f1/o2lrIII4Z2gCWMXnc iEQJWum8qhNSsGCpNJhsjA== =DtBN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:42:17 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:42:17 +0000 Subject: [RHSA-2013:1195-01] Important: kernel security and bug fix update Message-ID: <201309032042.r83KgHHC001065@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2013:1195-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1195.html Issue date: 2013-09-03 CVE Names: CVE-2012-6544 CVE-2013-2146 CVE-2013-2206 CVE-2013-2224 CVE-2013-2232 CVE-2013-2237 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash. (CVE-2013-2206, Important) * An invalid free flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-2224, Important) * A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Information leak flaws in the Linux kernel's Bluetooth implementation could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6544, Low) * An information leak flaw in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2237, Low) In addition, the following bugs and features have been addressed: 995409, 995125, 993251, 985838, 975974 More information on the Red Hat Enterprise Linux 6.4 kernel packages upon which these custom kernel packages are based is available in RHSA-2013:1173: https://rhn.redhat.com/errata/RHSA-2013-1173.html All Red Hat OpenStack 3.0 users deploying the OpenStack Networking service are advised to install these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 This Red Hat OpenStack 3.0 kernel may be installed by running this command while logged in as the root user on a system that has the required entitlements and subscriptions attached: # yum install "kernel-2.6.*.openstack.el6.x86_64" Documentation for both stable and preview releases of Red Hat OpenStack is available at: https://access.redhat.com/site/documentation/Red_Hat_OpenStack/ In particular it is highly recommended that all users read the Release Notes document for the relevant Red Hat OpenStack release prior to installation. 5. Bugs fixed (http://bugzilla.redhat.com/): 922414 - CVE-2012-6544 Kernel: Bluetooth: HCI & L2CAP information leaks 971309 - CVE-2013-2146 Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB 976562 - CVE-2013-2206 kernel: sctp: duplicate cookie handling NULL pointer dereference 979936 - CVE-2013-2224 kernel: net: IP_REPOPTS invalid free 981220 - CVE-2013-2237 Kernel: net: af_key: initialize satype in key_notify_policy_flush 981552 - CVE-2013-2232 Kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/kernel-2.6.32-358.118.1.openstack.el6.src.rpm noarch: kernel-doc-2.6.32-358.118.1.openstack.el6.noarch.rpm kernel-firmware-2.6.32-358.118.1.openstack.el6.noarch.rpm x86_64: kernel-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-debug-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-devel-2.6.32-358.118.1.openstack.el6.x86_64.rpm kernel-headers-2.6.32-358.118.1.openstack.el6.x86_64.rpm perf-2.6.32-358.118.1.openstack.el6.x86_64.rpm perf-debuginfo-2.6.32-358.118.1.openstack.el6.x86_64.rpm python-perf-2.6.32-358.118.1.openstack.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.118.1.openstack.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6544.html https://www.redhat.com/security/data/cve/CVE-2013-2146.html https://www.redhat.com/security/data/cve/CVE-2013-2206.html https://www.redhat.com/security/data/cve/CVE-2013-2224.html https://www.redhat.com/security/data/cve/CVE-2013-2232.html https://www.redhat.com/security/data/cve/CVE-2013-2237.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/Red_Hat_OpenStack/ https://rhn.redhat.com/errata/RHSA-2013-1173.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJkmAXlSAg2UNWIIRAnZkAJwPhUOClQLc62NVCY2EKpcGISkzHACfcVhu uUqzzi/796d2hHGH2atgq10= =00rN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:42:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:42:50 +0000 Subject: [RHSA-2013:1196-01] Important: Foreman security update Message-ID: <201309032042.r83Kgoru005720@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Foreman security update Advisory ID: RHSA-2013:1196-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1196.html Issue date: 2013-09-03 CVE Names: CVE-2013-4180 CVE-2013-4182 ===================================================================== 1. Summary: Updated Foreman packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ A flaw was found in the API where insufficient privilege checks were conducted by the hosts controller, allowing any user with API access to control any host. (CVE-2013-4182) A denial of service flaw was found in Foreman in the way user input was converted to a symbol. An authenticated user could create inputs that would lead to excessive memory consumption. (CVE-2013-4180) Red Hat would like to thank Daniel Lobato of CERN IT-PES-PS for reporting CVE-2013-4182. The CVE-2013-4180 issue was discovered by Marek Hul?n of the Red Hat Foreman team. Users of Foreman are advised to upgrade to these updated packages, which correct these issues. In Red Hat OpenStack, Foreman runs on the Apache HTTP Server using mod_passenger. As such, after installing the updated packages, the httpd service must be restarted ("service httpd restart") for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 989755 - CVE-2013-4180 Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS 990374 - CVE-2013-4182 foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-foreman-1.1.10014-1.2.el6ost.src.rpm noarch: ruby193-foreman-1.1.10014-1.2.el6ost.noarch.rpm ruby193-foreman-mysql-1.1.10014-1.2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4180.html https://www.redhat.com/security/data/cve/CVE-2013-4182.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJkm1XlSAg2UNWIIRAnt7AKCrMMY1ONechqDAvLFlLYZd7sGRpwCeNmfq JT/3n85nTbAu4052iubYo8w= =UrJy -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:43:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:43:20 +0000 Subject: [RHSA-2013:1197-01] Moderate: openstack-swift security update Message-ID: <201309032043.r83KhKh6001329@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2013:1197-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1197.html Issue date: 2013-09-03 CVE Names: CVE-2013-4155 ===================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: OpenStack Swift (http://swift.openstack.org) is a highly available, distributed, eventually consistent object/blob store. A denial of service flaw in OpenStack Swift allowed attackers to fill the object server with object tombstones. This could lead to subsequent requests from legitimate users taking an excessive amount of time. (CVE-2013-4155) This issue was discovered by Peter Portante of Red Hat. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Swift services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 991626 - CVE-2013-4155 OpenStack: Swift Denial of Service using superfluous object tombstones 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-swift-1.8.0-7.el6ost.src.rpm noarch: openstack-swift-1.8.0-7.el6ost.noarch.rpm openstack-swift-account-1.8.0-7.el6ost.noarch.rpm openstack-swift-container-1.8.0-7.el6ost.noarch.rpm openstack-swift-doc-1.8.0-7.el6ost.noarch.rpm openstack-swift-object-1.8.0-7.el6ost.noarch.rpm openstack-swift-proxy-1.8.0-7.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4155.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJknUXlSAg2UNWIIRAp+pAJ9wHT2NjlPss2lFhtXF3nyj421R1wCfYyVL kRsLo5Y/9PIJMGjJ2aSIglU= =9cfv -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:43:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:43:56 +0000 Subject: [RHSA-2013:1198-01] Moderate: openstack-cinder security update Message-ID: <201309032043.r83KhumS017495@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security update Advisory ID: RHSA-2013:1198-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1198.html Issue date: 2013-09-03 CVE Names: CVE-2013-4183 CVE-2013-4202 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-cinder packages provide OpenStack Volume (Cinder), which provides services to manage and access block storage volumes for use by virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0658, did not fully correct the issues in the Extensible Markup Language (XML) parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory, or possibly crash. (CVE-2013-4202) A bug in the Cinder LVM driver prevented LVM snapshots from being securely deleted in some cases, potentially leading to information disclosure to other tenants. (CVE-2013-4183) The CVE-2013-4202 issue was discovered by Grant Murphy of the Red Hat Product Security Team. Additionally, openstack-cinder has been rebased to the latest Grizzly stable release 2013.1.3. (BZ#993094) All users of openstack-cinder are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Cinder running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 975916 - cinder thinlvm allocates new snap based volumes outside the pool 991630 - CVE-2013-4202 OpenStack: Cinder Denial of Service using XML entities 994355 - CVE-2013-4183 OpenStack: Cinder LVM volume driver does not support secure deletion 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-cinder-2013.1.3-2.el6ost.src.rpm noarch: openstack-cinder-2013.1.3-2.el6ost.noarch.rpm openstack-cinder-doc-2013.1.3-2.el6ost.noarch.rpm python-cinder-2013.1.3-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4183.html https://www.redhat.com/security/data/cve/CVE-2013-4202.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0658.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJkn2XlSAg2UNWIIRAjToAJ9f3ejkg13a1UHSeyNWohs83b1OVgCfUHxb V7Yd8Oz8Db/Agxxeh8Oi5Ws= =/2rI -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:44:27 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:44:27 +0000 Subject: [RHSA-2013:1199-01] Moderate: openstack-nova security and bug fix update Message-ID: <201309032044.r83KiRVt003406@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-nova security and bug fix update Advisory ID: RHSA-2013:1199-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1199.html Issue date: 2013-09-03 CVE Names: CVE-2013-2256 CVE-2013-4179 CVE-2013-4185 CVE-2013-4261 ===================================================================== 1. Summary: Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-nova packages provide OpenStack Compute (Nova), which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible Markup Language (XML) parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory, or possibly crash. (CVE-2013-4179) A denial of service flaw was found in the way Nova handled network source security group policy updates. An authenticated user could send a large number of server creation operations, causing nova-network to become unresponsive. (CVE-2013-4185) An information disclosure flaw and a resource limit bypass were found in the way Nova handled virtual hardware templates (flavors). These allowed tenants to show and boot other tenants' flavors and bypass resource limits enforced via the os-flavor-access:is_public property. (CVE-2013-2256) It was discovered that, in some configurations, certain messages in console-log could cause nova-compute to become unresponsive, resulting in a denial of service. (CVE-2013-4261) Red Hat would like to thank the OpenStack project for reporting CVE-2013-2256 and CVE-2013-4185. Upstream acknowledges hzrandd from NetEase as the original reporter of CVE-2013-2256, and Vishvananda Ishaya from Nebula as the original reporter of CVE-2013-4185. Upstream also acknowledges Ken'ichi Ohmichi from NEC for providing a corrected fix for CVE-2013-2256. The CVE-2013-4179 issue was discovered by Grant Murphy of the Red Hat Product Security Team, and CVE-2013-4261 was discovered by Jaroslav Henner of Red Hat. This update also fixes a number of bugs in openstack-nova. Additionally, openstack-nova has been rebased to the latest stable release 2013.1.3. (BZ#993100) All users of openstack-nova are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the running Nova services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 971188 - Console log lacks dashes. 975882 - Nova doesn't close qpid connections after certain error conditions 989707 - CVE-2013-4179 OpenStack: Nova XML entities DoS 993331 - CVE-2013-4185 OpenStack: Nova network source security groups denial of service 993340 - CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention 997649 - config_drive_cdrom not effective 997840 - live block migration stopped working, claiming DestinationDiskExists 998598 - nova interface-attach fails with HTTP 400; TypeError: get_config() takes exactly 6 arguments... 999271 - CVE-2013-4261 OpenStack: openstack-nova-compute console-log DoS 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-nova-2013.1.3-3.el6ost.src.rpm noarch: openstack-nova-2013.1.3-3.el6ost.noarch.rpm openstack-nova-api-2013.1.3-3.el6ost.noarch.rpm openstack-nova-cells-2013.1.3-3.el6ost.noarch.rpm openstack-nova-cert-2013.1.3-3.el6ost.noarch.rpm openstack-nova-common-2013.1.3-3.el6ost.noarch.rpm openstack-nova-compute-2013.1.3-3.el6ost.noarch.rpm openstack-nova-conductor-2013.1.3-3.el6ost.noarch.rpm openstack-nova-console-2013.1.3-3.el6ost.noarch.rpm openstack-nova-doc-2013.1.3-3.el6ost.noarch.rpm openstack-nova-network-2013.1.3-3.el6ost.noarch.rpm openstack-nova-objectstore-2013.1.3-3.el6ost.noarch.rpm openstack-nova-scheduler-2013.1.3-3.el6ost.noarch.rpm python-nova-2013.1.3-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2256.html https://www.redhat.com/security/data/cve/CVE-2013-4179.html https://www.redhat.com/security/data/cve/CVE-2013-4185.html https://www.redhat.com/security/data/cve/CVE-2013-4261.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2013-0657.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJkoWXlSAg2UNWIIRAmFwAKC8iUUowu05bjzfu436Pj5OOIUbAQCfRnir cvYVLyiF5jGc7F1Ik3woRW0= =tCdS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:44:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:44:57 +0000 Subject: [RHSA-2013:1200-01] Moderate: python-glanceclient security update Message-ID: <201309032044.r83Kiv2R001707@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-glanceclient security update Advisory ID: RHSA-2013:1200-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1200.html Issue date: 2013-09-03 CVE Names: CVE-2013-4111 ===================================================================== 1. Summary: An updated python-glanceclient package that fixes one security issue is now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The python-glanceclient package provides a client for the OpenStack Glance API. It was discovered that the Python Glance client did not properly check SSL certificates. An attacker could use this flaw to conduct man-in-the-middle attacks. (CVE-2013-4111) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Thomas Leaman of HP as the original reporter. All users of python-glanceclient are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 989738 - CVE-2013-4111 OpenStack: python-glanceclient failing SSL certificate check 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/python-glanceclient-0.9.0-2.el6ost.src.rpm noarch: python-glanceclient-0.9.0-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4111.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJko5XlSAg2UNWIIRAqLpAJ9nX12kb+FcntRWLHHjV0SnUJ3GCgCgnG6C ZN9wqp7Bt6rtLAaI/0q25rU= =WYF/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 3 20:45:34 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Sep 2013 20:45:34 +0000 Subject: [RHSA-2013:1201-01] Low: ruby193-v8 security update Message-ID: <201309032045.r83KjYmZ002281@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: ruby193-v8 security update Advisory ID: RHSA-2013:1201-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1201.html Issue date: 2013-09-03 CVE Names: CVE-2013-2882 ===================================================================== 1. Summary: Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - x86_64 3. Description: V8 is Google's open source JavaScript engine. A type confusion issue was found in the V8 JavaScript engine. An attacker could use this flaw to cause a denial of service or, potentially, execute arbitrary code. (CVE-2013-2882) Note: Exploitation of this issue requires, at the least, execution of malicious JavaScript. In the standard use case of ruby193-v8 in Red Hat OpenStack it is unlikely that a scenario exists where this would occur. Users of ruby193-v8 are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 991116 - CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-v8-3.14.5.10-2.el6.src.rpm x86_64: ruby193-v8-3.14.5.10-2.el6.x86_64.rpm ruby193-v8-debuginfo-3.14.5.10-2.el6.x86_64.rpm ruby193-v8-devel-3.14.5.10-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2882.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJkpaXlSAg2UNWIIRAkMjAJ9Qd04FKkS1CcP0ftYwAWJvDXCqpwCeNecd 8jG/yC5YDEFyZdjssTgA2Hk= =KGb0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 4 18:56:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Sep 2013 18:56:59 +0000 Subject: [RHSA-2013:1203-01] Moderate: rubygems security update Message-ID: <201309041856.r84IuxZB017948@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rubygems security update Advisory ID: RHSA-2013:1203-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1203.html Issue date: 2013-09-04 CVE Names: CVE-2012-2125 CVE-2012-2126 ===================================================================== 1. Summary: An updated rubygems package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Client 1.2 - noarch RHOSE Infrastructure 2.1 - noarch Red Hat OpenShift Enterprise Node - noarch 3. Description: RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 814718 - CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 6. Package List: RHOSE Client 1.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygems-1.8.24-4.el6op.src.rpm noarch: rubygems-1.8.24-4.el6op.noarch.rpm RHOSE Infrastructure 2.1: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygems-1.8.24-4.el6op.src.rpm noarch: rubygems-1.8.24-4.el6op.noarch.rpm Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygems-1.8.24-4.el6op.src.rpm noarch: rubygems-1.8.24-4.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-2125.html https://www.redhat.com/security/data/cve/CVE-2012-2126.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJ4JdXlSAg2UNWIIRAuUWAJ9O3Ia3uTmJlOcOLcXilVyl6uqJrACgpmko Mxyx6e1JCu4I4LDwRMyT8N8= =rypJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 4 19:01:29 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Sep 2013 19:01:29 +0000 Subject: [RHSA-2013:1204-01] Moderate: haproxy security update Message-ID: <201309041901.r84J1UfJ020439@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: haproxy security update Advisory ID: RHSA-2013:1204-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1204.html Issue date: 2013-09-04 CVE Names: CVE-2013-2175 ===================================================================== 1. Summary: An updated haproxy package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise Node - x86_64 3. Description: HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration. (CVE-2013-2175) In Red Hat OpenShift Enterprise, the HAProxy cartridge is added to your application when you select to have your application scaled. Red Hat would like to thank HAProxy upstream for reporting this issue. Upstream acknowledges David Torgerson as the original reporter. Users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 974259 - CVE-2013-2175 haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service 6. Package List: Red Hat OpenShift Enterprise Node: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/haproxy-1.4.22-6.el6op.src.rpm x86_64: haproxy-1.4.22-6.el6op.x86_64.rpm haproxy-debuginfo-1.4.22-6.el6op.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2175.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSJ4KDXlSAg2UNWIIRAmrkAJ0QLTHp/kO7mC2uZ8opvxvgbUq+HACgnA9G rXp8MDdGlEYeA3edfky34Is= =VGrj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 5 18:58:48 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Sep 2013 18:58:48 +0000 Subject: [RHSA-2013:1213-01] Important: gdm security update Message-ID: <201309051858.r85Iwmnf024438@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gdm security update Advisory ID: RHSA-2013:1213-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1213.html Issue date: 2013-09-05 CVE Names: CVE-2013-4169 ===================================================================== 1. Summary: Updated gdm and initscripts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. (CVE-2013-4169) Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw. Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. All users should upgrade to these updated packages, which correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 988498 - CVE-2013-4169 gdm: TOCTTOU race condition on /tmp/.X11-unix 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gdm-2.16.0-59.el5_9.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/initscripts-8.45.42-2.el5_9.1.src.rpm i386: gdm-2.16.0-59.el5_9.1.i386.rpm gdm-debuginfo-2.16.0-59.el5_9.1.i386.rpm gdm-docs-2.16.0-59.el5_9.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm x86_64: gdm-2.16.0-59.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.x86_64.rpm gdm-docs-2.16.0-59.el5_9.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gdm-2.16.0-59.el5_9.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/initscripts-8.45.42-2.el5_9.1.src.rpm i386: gdm-2.16.0-59.el5_9.1.i386.rpm gdm-debuginfo-2.16.0-59.el5_9.1.i386.rpm gdm-docs-2.16.0-59.el5_9.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm ia64: gdm-2.16.0-59.el5_9.1.ia64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.ia64.rpm gdm-docs-2.16.0-59.el5_9.1.ia64.rpm initscripts-8.45.42-2.el5_9.1.ia64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.ia64.rpm ppc: gdm-2.16.0-59.el5_9.1.ppc.rpm gdm-debuginfo-2.16.0-59.el5_9.1.ppc.rpm gdm-docs-2.16.0-59.el5_9.1.ppc.rpm initscripts-8.45.42-2.el5_9.1.ppc.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.ppc.rpm s390x: gdm-2.16.0-59.el5_9.1.s390x.rpm gdm-debuginfo-2.16.0-59.el5_9.1.s390x.rpm gdm-docs-2.16.0-59.el5_9.1.s390x.rpm initscripts-8.45.42-2.el5_9.1.s390x.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.s390x.rpm x86_64: gdm-2.16.0-59.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.el5_9.1.x86_64.rpm gdm-docs-2.16.0-59.el5_9.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4169.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSKNRIXlSAg2UNWIIRAj4YAJ9ENwOuMcy+f7ZD8VHFFniU0aoC1gCgqASG /vYNTQOyHL7KlD2svmN+YA0= =NuON -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 11 09:46:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Sep 2013 09:46:57 +0000 Subject: [RHSA-2013:1256-01] Critical: flash-plugin security update Message-ID: <201309110944.r8B9iUQI017073@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1256-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1256.html Issue date: 2013-09-11 CVE Names: CVE-2013-3361 CVE-2013-3362 CVE-2013-3363 CVE-2013-5324 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes four security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes four vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-21, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.310. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006496 - CVE-2013-3361 CVE-2013-3362 CVE-2013-3363 CVE-2013-5324 flash-plugin: multiple code execution flaws (APSB13-21) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.310-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.310-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.310-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.310-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.310-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.310-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.310-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.310-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.310-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.310-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3361.html https://www.redhat.com/security/data/cve/CVE-2013-3362.html https://www.redhat.com/security/data/cve/CVE-2013-3363.html https://www.redhat.com/security/data/cve/CVE-2013-5324.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-21.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSMDtdXlSAg2UNWIIRApPyAJ9973HtxB7TOJako4TThDMGM9OvlgCguz7n tFpetaZIyFZT2IB6Q8j9/uo= =7LOa -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 16 17:05:26 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Sep 2013 17:05:26 +0000 Subject: [RHSA-2013:1264-01] Important: kernel-rt security and bug fix update Message-ID: <201309161705.r8GH5R3b001048@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2013:1264-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1264.html Issue date: 2013-09-16 CVE Names: CVE-2013-2058 CVE-2013-2141 CVE-2013-2146 CVE-2013-2147 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-2852 CVE-2013-3301 CVE-2013-4162 CVE-2013-4163 ===================================================================== 1. Summary: Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. (CVE-2013-2850, Important) * A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Two flaws were found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2013-4162, CVE-2013-4163, Moderate) * A flaw was found in the Linux kernel's Chipidea USB driver. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-2058, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2147, CVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low) * Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, CVE-2013-2148, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2850, CVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting CVE-2013-4162 and CVE-2013-4163. This update also fixes the following bugs: * The following drivers have been updated, fixing a number of bugs: myri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169, be2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe, bfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138) * The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel configuration option enabled. As such, attempting to run the dropwatch command resulted in the following error: Unable to find NET_DM family, dropwatch can't work Cleaning up on socket creation error With this update, the realtime kernel is built with the CONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected. (BZ#979417) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 952197 - CVE-2013-3301 Kernel: tracing: NULL pointer dereference 959210 - CVE-2013-2058 Kernel: usb: chipidea: Allow disabling streaming not just in udc mode 968036 - CVE-2013-2850 kernel: iscsi-target: heap buffer overflow on large key error 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 969518 - CVE-2013-2852 kernel: b43: format string leaking into error msgs 970873 - CVE-2013-2141 Kernel: signal: information leak in tkill/tgkill 971242 - CVE-2013-2147 Kernel: cpqarray/cciss: information leak via ioctl 971258 - CVE-2013-2148 Kernel: fanotify: info leak in copy_event_to_user 971309 - CVE-2013-2146 Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB 973100 - CVE-2013-2164 Kernel: information leak in cdrom driver 974138 - MRG 2.3 kernel drivers update 980995 - CVE-2013-2234 Kernel: net: information leak in AF_KEY notify 981220 - CVE-2013-2237 Kernel: net: af_key: initialize satype in key_notify_policy_flush 981552 - CVE-2013-2232 Kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg 983603 - update RT specfile references of version.h to vermagic.h 987627 - CVE-2013-4162 Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK enabled 987633 - CVE-2013-4163 Kernel: net: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.6.11.5-rt37.55.el6rt.src.rpm noarch: kernel-rt-doc-3.6.11.5-rt37.55.el6rt.noarch.rpm kernel-rt-firmware-3.6.11.5-rt37.55.el6rt.noarch.rpm mrg-rt-release-3.6.11.5-rt37.55.el6rt.noarch.rpm x86_64: kernel-rt-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-debug-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-debug-devel-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-debuginfo-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-devel-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-trace-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-trace-devel-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-vanilla-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.6.11.5-rt37.55.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.6.11.5-rt37.55.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2058.html https://www.redhat.com/security/data/cve/CVE-2013-2141.html https://www.redhat.com/security/data/cve/CVE-2013-2146.html https://www.redhat.com/security/data/cve/CVE-2013-2147.html https://www.redhat.com/security/data/cve/CVE-2013-2148.html https://www.redhat.com/security/data/cve/CVE-2013-2164.html https://www.redhat.com/security/data/cve/CVE-2013-2232.html https://www.redhat.com/security/data/cve/CVE-2013-2234.html https://www.redhat.com/security/data/cve/CVE-2013-2237.html https://www.redhat.com/security/data/cve/CVE-2013-2850.html https://www.redhat.com/security/data/cve/CVE-2013-2851.html https://www.redhat.com/security/data/cve/CVE-2013-2852.html https://www.redhat.com/security/data/cve/CVE-2013-3301.html https://www.redhat.com/security/data/cve/CVE-2013-4162.html https://www.redhat.com/security/data/cve/CVE-2013-4163.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSNzpBXlSAg2UNWIIRArFLAJsHqV97c2DqHCkhsX3pjxpgYd/D/QCfQIUk OhWpIPoF8EMEQxliWpz60bw= =JJc7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 17 19:40:57 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Sep 2013 19:40:57 +0000 Subject: [RHSA-2013:1268-01] Critical: firefox security update Message-ID: <201309171940.r8HJevfA028488@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:1268-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1268.html Issue date: 2013-09-17 CVE Names: CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736) A flaw was found in the way Firefox handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions. (CVE-2013-1737) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andr? Bargull, Scoobidiver, Bobby Holley, Reuben Morais, Abhishek Arya, Ms2ger, Sachin Shinde, Aki Helin, Nils, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.9 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.9 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1009031 - CVE-2013-1718 Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76) 1009032 - CVE-2013-1722 Mozilla: Use-after-free in Animation Manager during stylesheet cloning (MFSA 2013-79) 1009033 - CVE-2013-1725 Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82) 1009036 - CVE-2013-1730 Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88) 1009037 - CVE-2013-1732 Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89) 1009039 - CVE-2013-1735 CVE-2013-1736 Mozilla: Memory corruption involving scrolling (MFSA 2013-90) 1009041 - CVE-2013-1737 Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.9-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.9-1.el5_9.src.rpm i386: firefox-17.0.9-1.el5_9.i386.rpm firefox-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-17.0.9-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm x86_64: firefox-17.0.9-1.el5_9.i386.rpm firefox-17.0.9-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.9-1.el5_9.i386.rpm firefox-debuginfo-17.0.9-1.el5_9.x86_64.rpm xulrunner-17.0.9-1.el5_9.i386.rpm xulrunner-17.0.9-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.9-1.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.9-1.el5_9.src.rpm i386: xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-devel-17.0.9-1.el5_9.i386.rpm x86_64: xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.9-1.el5_9.x86_64.rpm xulrunner-devel-17.0.9-1.el5_9.i386.rpm xulrunner-devel-17.0.9-1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.9-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.9-1.el5_9.src.rpm i386: firefox-17.0.9-1.el5_9.i386.rpm firefox-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-17.0.9-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-devel-17.0.9-1.el5_9.i386.rpm ia64: firefox-17.0.9-1.el5_9.ia64.rpm firefox-debuginfo-17.0.9-1.el5_9.ia64.rpm xulrunner-17.0.9-1.el5_9.ia64.rpm xulrunner-debuginfo-17.0.9-1.el5_9.ia64.rpm xulrunner-devel-17.0.9-1.el5_9.ia64.rpm ppc: firefox-17.0.9-1.el5_9.ppc.rpm firefox-debuginfo-17.0.9-1.el5_9.ppc.rpm xulrunner-17.0.9-1.el5_9.ppc.rpm xulrunner-17.0.9-1.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.9-1.el5_9.ppc.rpm xulrunner-debuginfo-17.0.9-1.el5_9.ppc64.rpm xulrunner-devel-17.0.9-1.el5_9.ppc.rpm xulrunner-devel-17.0.9-1.el5_9.ppc64.rpm s390x: firefox-17.0.9-1.el5_9.s390.rpm firefox-17.0.9-1.el5_9.s390x.rpm firefox-debuginfo-17.0.9-1.el5_9.s390.rpm firefox-debuginfo-17.0.9-1.el5_9.s390x.rpm xulrunner-17.0.9-1.el5_9.s390.rpm xulrunner-17.0.9-1.el5_9.s390x.rpm xulrunner-debuginfo-17.0.9-1.el5_9.s390.rpm xulrunner-debuginfo-17.0.9-1.el5_9.s390x.rpm xulrunner-devel-17.0.9-1.el5_9.s390.rpm xulrunner-devel-17.0.9-1.el5_9.s390x.rpm x86_64: firefox-17.0.9-1.el5_9.i386.rpm firefox-17.0.9-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.9-1.el5_9.i386.rpm firefox-debuginfo-17.0.9-1.el5_9.x86_64.rpm xulrunner-17.0.9-1.el5_9.i386.rpm xulrunner-17.0.9-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.9-1.el5_9.x86_64.rpm xulrunner-devel-17.0.9-1.el5_9.i386.rpm xulrunner-devel-17.0.9-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.9-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: firefox-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm x86_64: firefox-17.0.9-1.el6_4.i686.rpm firefox-17.0.9-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.9-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm x86_64: firefox-17.0.9-1.el6_4.i686.rpm firefox-17.0.9-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.9-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: firefox-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm ppc64: firefox-17.0.9-1.el6_4.ppc.rpm firefox-17.0.9-1.el6_4.ppc64.rpm firefox-debuginfo-17.0.9-1.el6_4.ppc.rpm firefox-debuginfo-17.0.9-1.el6_4.ppc64.rpm xulrunner-17.0.9-1.el6_4.ppc.rpm xulrunner-17.0.9-1.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.9-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.9-1.el6_4.ppc64.rpm s390x: firefox-17.0.9-1.el6_4.s390.rpm firefox-17.0.9-1.el6_4.s390x.rpm firefox-debuginfo-17.0.9-1.el6_4.s390.rpm firefox-debuginfo-17.0.9-1.el6_4.s390x.rpm xulrunner-17.0.9-1.el6_4.s390.rpm xulrunner-17.0.9-1.el6_4.s390x.rpm xulrunner-debuginfo-17.0.9-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.9-1.el6_4.s390x.rpm x86_64: firefox-17.0.9-1.el6_4.i686.rpm firefox-17.0.9-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm ppc64: xulrunner-debuginfo-17.0.9-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.9-1.el6_4.ppc64.rpm xulrunner-devel-17.0.9-1.el6_4.ppc.rpm xulrunner-devel-17.0.9-1.el6_4.ppc64.rpm s390x: xulrunner-debuginfo-17.0.9-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.9-1.el6_4.s390x.rpm xulrunner-devel-17.0.9-1.el6_4.s390.rpm xulrunner-devel-17.0.9-1.el6_4.s390x.rpm x86_64: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.9-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: firefox-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm x86_64: firefox-17.0.9-1.el6_4.i686.rpm firefox-17.0.9-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.9-1.el6_4.i686.rpm firefox-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-17.0.9-1.el6_4.i686.rpm xulrunner-17.0.9-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.9-1.el6_4.src.rpm i386: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm x86_64: xulrunner-debuginfo-17.0.9-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.9-1.el6_4.x86_64.rpm xulrunner-devel-17.0.9-1.el6_4.i686.rpm xulrunner-devel-17.0.9-1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1718.html https://www.redhat.com/security/data/cve/CVE-2013-1722.html https://www.redhat.com/security/data/cve/CVE-2013-1725.html https://www.redhat.com/security/data/cve/CVE-2013-1730.html https://www.redhat.com/security/data/cve/CVE-2013-1732.html https://www.redhat.com/security/data/cve/CVE-2013-1735.html https://www.redhat.com/security/data/cve/CVE-2013-1736.html https://www.redhat.com/security/data/cve/CVE-2013-1737.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOLA0XlSAg2UNWIIRAr16AKCsG4wxyR5pq/mT3TSFRgPXLF5j3wCfcetI L62lJk9amp4vnKKwvi6j80c= =d0xP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 17 19:41:39 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Sep 2013 19:41:39 +0000 Subject: [RHSA-2013:1269-01] Important: thunderbird security update Message-ID: <201309171941.r8HJfdRZ017932@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2013:1269-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1269.html Issue date: 2013-09-17 CVE Names: CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 ===================================================================== 1. Summary: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736) A flaw was found in the way Thunderbird handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions. (CVE-2013-1737) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andr? Bargull, Scoobidiver, Bobby Holley, Reuben Morais, Abhishek Arya, Ms2ger, Sachin Shinde, Aki Helin, Nils, and Boris Zbarsky as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.9 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1009031 - CVE-2013-1718 Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76) 1009032 - CVE-2013-1722 Mozilla: Use-after-free in Animation Manager during stylesheet cloning (MFSA 2013-79) 1009033 - CVE-2013-1725 Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82) 1009036 - CVE-2013-1730 Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88) 1009037 - CVE-2013-1732 Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89) 1009039 - CVE-2013-1735 CVE-2013-1736 Mozilla: Memory corruption involving scrolling (MFSA 2013-90) 1009041 - CVE-2013-1737 Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-17.0.9-1.el5_9.src.rpm i386: thunderbird-17.0.9-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.9-1.el5_9.i386.rpm x86_64: thunderbird-17.0.9-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.9-1.el5_9.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server) : Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-17.0.9-1.el5_9.src.rpm i386: thunderbird-17.0.9-1.el5_9.i386.rpm thunderbird-debuginfo-17.0.9-1.el5_9.i386.rpm x86_64: thunderbird-17.0.9-1.el5_9.x86_64.rpm thunderbird-debuginfo-17.0.9-1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/thunderbird-17.0.9-1.el6_4.src.rpm i386: thunderbird-17.0.9-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.9-1.el6_4.i686.rpm x86_64: thunderbird-17.0.9-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/thunderbird-17.0.9-1.el6_4.src.rpm i386: thunderbird-17.0.9-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.9-1.el6_4.i686.rpm ppc64: thunderbird-17.0.9-1.el6_4.ppc64.rpm thunderbird-debuginfo-17.0.9-1.el6_4.ppc64.rpm s390x: thunderbird-17.0.9-1.el6_4.s390x.rpm thunderbird-debuginfo-17.0.9-1.el6_4.s390x.rpm x86_64: thunderbird-17.0.9-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.9-1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/thunderbird-17.0.9-1.el6_4.src.rpm i386: thunderbird-17.0.9-1.el6_4.i686.rpm thunderbird-debuginfo-17.0.9-1.el6_4.i686.rpm x86_64: thunderbird-17.0.9-1.el6_4.x86_64.rpm thunderbird-debuginfo-17.0.9-1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1718.html https://www.redhat.com/security/data/cve/CVE-2013-1722.html https://www.redhat.com/security/data/cve/CVE-2013-1725.html https://www.redhat.com/security/data/cve/CVE-2013-1730.html https://www.redhat.com/security/data/cve/CVE-2013-1732.html https://www.redhat.com/security/data/cve/CVE-2013-1735.html https://www.redhat.com/security/data/cve/CVE-2013-1736.html https://www.redhat.com/security/data/cve/CVE-2013-1737.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOLBeXlSAg2UNWIIRAgGqAJwKCMG0umy5AUHdpbi+hL1Q66g4hgCfRhq0 3top1VpwAIDawi0f/kvOZ0E= =M/4I -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 19 18:12:27 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Sep 2013 18:12:27 +0000 Subject: [RHSA-2013:1270-01] Important: polkit security update Message-ID: <201309191812.r8JICSjt010961@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: polkit security update Advisory ID: RHSA-2013:1270-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1270.html Issue date: 2013-09-19 CVE Names: CVE-2013-4288 ===================================================================== 1. Summary: Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. (CVE-2013-4288) Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1002375 - CVE-2013-4288 polkit: unix-process subject for authorization is racy 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm i386: polkit-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm noarch: polkit-desktop-policy-0.96-5.el6_4.noarch.rpm x86_64: polkit-0.96-5.el6_4.i686.rpm polkit-0.96-5.el6_4.x86_64.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm i386: polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-docs-0.96-5.el6_4.i686.rpm x86_64: polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.x86_64.rpm polkit-docs-0.96-5.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm x86_64: polkit-0.96-5.el6_4.i686.rpm polkit-0.96-5.el6_4.x86_64.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm noarch: polkit-desktop-policy-0.96-5.el6_4.noarch.rpm x86_64: polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.x86_64.rpm polkit-docs-0.96-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm i386: polkit-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-docs-0.96-5.el6_4.i686.rpm noarch: polkit-desktop-policy-0.96-5.el6_4.noarch.rpm ppc64: polkit-0.96-5.el6_4.ppc.rpm polkit-0.96-5.el6_4.ppc64.rpm polkit-debuginfo-0.96-5.el6_4.ppc.rpm polkit-debuginfo-0.96-5.el6_4.ppc64.rpm polkit-devel-0.96-5.el6_4.ppc.rpm polkit-devel-0.96-5.el6_4.ppc64.rpm polkit-docs-0.96-5.el6_4.ppc64.rpm s390x: polkit-0.96-5.el6_4.s390.rpm polkit-0.96-5.el6_4.s390x.rpm polkit-debuginfo-0.96-5.el6_4.s390.rpm polkit-debuginfo-0.96-5.el6_4.s390x.rpm polkit-devel-0.96-5.el6_4.s390.rpm polkit-devel-0.96-5.el6_4.s390x.rpm polkit-docs-0.96-5.el6_4.s390x.rpm x86_64: polkit-0.96-5.el6_4.i686.rpm polkit-0.96-5.el6_4.x86_64.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.x86_64.rpm polkit-docs-0.96-5.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/polkit-0.96-5.el6_4.src.rpm i386: polkit-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-docs-0.96-5.el6_4.i686.rpm noarch: polkit-desktop-policy-0.96-5.el6_4.noarch.rpm x86_64: polkit-0.96-5.el6_4.i686.rpm polkit-0.96-5.el6_4.x86_64.rpm polkit-debuginfo-0.96-5.el6_4.i686.rpm polkit-debuginfo-0.96-5.el6_4.x86_64.rpm polkit-devel-0.96-5.el6_4.i686.rpm polkit-devel-0.96-5.el6_4.x86_64.rpm polkit-docs-0.96-5.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4288.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOz5uXlSAg2UNWIIRAk+aAJ9FpgJMIdriFen+bLo24QQH1yuh9gCfQjTY Ya5C56193twCuA7kMnpAV6Q= =j3W9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 19 18:13:38 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Sep 2013 18:13:38 +0000 Subject: [RHSA-2013:1272-01] Important: libvirt security and bug fix update Message-ID: <201309191813.r8JIDcGx027835@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvirt security and bug fix update Advisory ID: RHSA-2013:1272-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1272.html Issue date: 2013-09-19 CVE Names: CVE-2013-4296 CVE-2013-4311 ===================================================================== 1. Summary: Updated libvirt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. (CVE-2013-4311) Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue. An invalid free flaw was found in libvirtd's remoteDispatchDomainMemoryStats function. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd. (CVE-2013-4296) The CVE-2013-4296 issue was discovered by Daniel P. Berrange of Red Hat. This update also fixes the following bugs: * Prior to this update, the libvirtd daemon leaked memory in the virCgroupMoveTask() function. A fix has been provided which prevents libvirtd from incorrect management of memory allocations. (BZ#984556) * Previously, the libvirtd daemon was accessing one byte before the array in the virCgroupGetValueStr() function. This bug has been fixed and libvirtd now stays within the array bounds. (BZ#984561) * When migrating, libvirtd leaked the migration URI (Uniform Resource Identifier) on destination. A patch has been provided to fix this bug and the migration URI is now freed correctly. (BZ#984578) * Updating a network interface using virDomainUpdateDeviceFlags API failed when a boot order was set for that interface. The update failed even if the boot order was set in the provided device XML. The virDomainUpdateDeviceFlags API has been fixed to correctly parse the boot order specification from the provided device XML and updating network interfaces with boot orders now works as expected. (BZ#1003934) Users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 984556 - libvirtd leaks memory in virCgroupMoveTask 984561 - valgrind shows an off-by-one error in virCgroupGetValueStr 984578 - libvirtd leaks URI on destination when migrating 1003934 - vmUpdateDevice fails when nic has boot order set 1005332 - CVE-2013-4311 libvirt: insecure calling of polkit 1006173 - CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm i386: libvirt-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-python-0.10.2-18.el6_4.14.i686.rpm x86_64: libvirt-0.10.2-18.el6_4.14.x86_64.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-python-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm i386: libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm x86_64: libvirt-0.10.2-18.el6_4.14.x86_64.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-python-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm i386: libvirt-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-python-0.10.2-18.el6_4.14.i686.rpm ppc64: libvirt-0.10.2-18.el6_4.14.ppc64.rpm libvirt-client-0.10.2-18.el6_4.14.ppc.rpm libvirt-client-0.10.2-18.el6_4.14.ppc64.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.ppc.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.ppc64.rpm libvirt-devel-0.10.2-18.el6_4.14.ppc.rpm libvirt-devel-0.10.2-18.el6_4.14.ppc64.rpm libvirt-python-0.10.2-18.el6_4.14.ppc64.rpm s390x: libvirt-0.10.2-18.el6_4.14.s390x.rpm libvirt-client-0.10.2-18.el6_4.14.s390.rpm libvirt-client-0.10.2-18.el6_4.14.s390x.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.s390.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.s390x.rpm libvirt-devel-0.10.2-18.el6_4.14.s390.rpm libvirt-devel-0.10.2-18.el6_4.14.s390x.rpm libvirt-python-0.10.2-18.el6_4.14.s390x.rpm x86_64: libvirt-0.10.2-18.el6_4.14.x86_64.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.x86_64.rpm libvirt-python-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm i386: libvirt-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-python-0.10.2-18.el6_4.14.i686.rpm x86_64: libvirt-0.10.2-18.el6_4.14.x86_64.rpm libvirt-client-0.10.2-18.el6_4.14.i686.rpm libvirt-client-0.10.2-18.el6_4.14.x86_64.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.i686.rpm libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-devel-0.10.2-18.el6_4.14.i686.rpm libvirt-devel-0.10.2-18.el6_4.14.x86_64.rpm libvirt-python-0.10.2-18.el6_4.14.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-18.el6_4.14.src.rpm x86_64: libvirt-debuginfo-0.10.2-18.el6_4.14.x86_64.rpm libvirt-lock-sanlock-0.10.2-18.el6_4.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4296.html https://www.redhat.com/security/data/cve/CVE-2013-4311.html https://access.redhat.com/security/updates/classification/#important https://rhn.redhat.com/errata/RHSA-2013-1270.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOz66XlSAg2UNWIIRAn1XAJ4stD4OB/NhiDIwVNz9oUOt7r1KRgCdFL66 LMB3IdDpFCkQd1sysAvom8M= =0DLY -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 19 18:14:26 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Sep 2013 18:14:26 +0000 Subject: [RHSA-2013:1273-01] Important: spice-gtk security update Message-ID: <201309191814.r8JIERw2028396@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: spice-gtk security update Advisory ID: RHSA-2013:1273-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1273.html Issue date: 2013-09-19 CVE Names: CVE-2013-4324 ===================================================================== 1. Summary: Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324) All users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006669 - CVE-2013-4324 spice-gtk: Insecure calling of polkit via polkit_unix_process_new() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-python-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-0.14-7.el6_4.3.i686.rpm spice-glib-0.14-7.el6_4.3.x86_64.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-python-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-tools-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-glib-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-tools-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm x86_64: spice-glib-0.14-7.el6_4.3.i686.rpm spice-glib-0.14-7.el6_4.3.x86_64.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-python-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm x86_64: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-glib-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-tools-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-python-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-0.14-7.el6_4.3.i686.rpm spice-glib-0.14-7.el6_4.3.x86_64.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-python-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-tools-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-glib-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-tools-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-python-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-0.14-7.el6_4.3.i686.rpm spice-glib-0.14-7.el6_4.3.x86_64.rpm spice-gtk-0.14-7.el6_4.3.i686.rpm spice-gtk-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-python-0.14-7.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/spice-gtk-0.14-7.el6_4.3.src.rpm i386: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-tools-0.14-7.el6_4.3.i686.rpm x86_64: spice-glib-devel-0.14-7.el6_4.3.i686.rpm spice-glib-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.i686.rpm spice-gtk-debuginfo-0.14-7.el6_4.3.x86_64.rpm spice-gtk-devel-0.14-7.el6_4.3.i686.rpm spice-gtk-devel-0.14-7.el6_4.3.x86_64.rpm spice-gtk-tools-0.14-7.el6_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4324.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOz7uXlSAg2UNWIIRApbnAKC09MzZ06ygimF2tCsANXe+SLXXAgCfSxRo sHELjGX6AKAqvd6Kt8ZjY2g= =+2SQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 19 18:15:07 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Sep 2013 18:15:07 +0000 Subject: [RHSA-2013:1274-01] Important: hplip security update Message-ID: <201309191815.r8JIF8sd022566@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: hplip security update Advisory ID: RHSA-2013:1274-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1274.html Issue date: 2013-09-19 CVE Names: CVE-2013-4325 ===================================================================== 1. Summary: Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006674 - CVE-2013-4325 hplip: Insecure calling of polkit 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/hplip-3.12.4-4.el6_4.1.src.rpm i386: hpijs-3.12.4-4.el6_4.1.i686.rpm hplip-3.12.4-4.el6_4.1.i686.rpm hplip-common-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-gui-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm libsane-hpaio-3.12.4-4.el6_4.1.i686.rpm x86_64: hpijs-3.12.4-4.el6_4.1.x86_64.rpm hplip-3.12.4-4.el6_4.1.x86_64.rpm hplip-common-3.12.4-4.el6_4.1.x86_64.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.x86_64.rpm hplip-gui-3.12.4-4.el6_4.1.x86_64.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.x86_64.rpm libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/hplip-3.12.4-4.el6_4.1.src.rpm i386: hpijs-3.12.4-4.el6_4.1.i686.rpm hplip-3.12.4-4.el6_4.1.i686.rpm hplip-common-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-gui-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm libsane-hpaio-3.12.4-4.el6_4.1.i686.rpm ppc64: hpijs-3.12.4-4.el6_4.1.ppc64.rpm hplip-3.12.4-4.el6_4.1.ppc64.rpm hplip-common-3.12.4-4.el6_4.1.ppc64.rpm hplip-debuginfo-3.12.4-4.el6_4.1.ppc.rpm hplip-debuginfo-3.12.4-4.el6_4.1.ppc64.rpm hplip-gui-3.12.4-4.el6_4.1.ppc64.rpm hplip-libs-3.12.4-4.el6_4.1.ppc.rpm hplip-libs-3.12.4-4.el6_4.1.ppc64.rpm libsane-hpaio-3.12.4-4.el6_4.1.ppc64.rpm x86_64: hpijs-3.12.4-4.el6_4.1.x86_64.rpm hplip-3.12.4-4.el6_4.1.x86_64.rpm hplip-common-3.12.4-4.el6_4.1.x86_64.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.x86_64.rpm hplip-gui-3.12.4-4.el6_4.1.x86_64.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.x86_64.rpm libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/hplip-3.12.4-4.el6_4.1.src.rpm i386: hpijs-3.12.4-4.el6_4.1.i686.rpm hplip-3.12.4-4.el6_4.1.i686.rpm hplip-common-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-gui-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm libsane-hpaio-3.12.4-4.el6_4.1.i686.rpm x86_64: hpijs-3.12.4-4.el6_4.1.x86_64.rpm hplip-3.12.4-4.el6_4.1.x86_64.rpm hplip-common-3.12.4-4.el6_4.1.x86_64.rpm hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm hplip-debuginfo-3.12.4-4.el6_4.1.x86_64.rpm hplip-gui-3.12.4-4.el6_4.1.x86_64.rpm hplip-libs-3.12.4-4.el6_4.1.i686.rpm hplip-libs-3.12.4-4.el6_4.1.x86_64.rpm libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4325.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSOz8VXlSAg2UNWIIRAjXfAJ48C3Yb+RucNepp0O42L/MkQLiz9QCfWPAD D6dVv7mOKWi3Qwpbft9dB+A= =POL6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 24 18:16:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Sep 2013 18:16:23 +0000 Subject: [RHSA-2013:1282-01] Important: rtkit security update Message-ID: <201309241816.r8OIGNWK023355@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rtkit security update Advisory ID: RHSA-2013:1282-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1282.html Issue date: 2013-09-24 CVE Names: CVE-2013-4326 ===================================================================== 1. Summary: An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkit users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006677 - CVE-2013-4326 rtkit: insecure calling of polkit 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/rtkit-0.5-2.el6_4.src.rpm i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/rtkit-0.5-2.el6_4.src.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/rtkit-0.5-2.el6_4.src.rpm i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm ppc64: rtkit-0.5-2.el6_4.ppc64.rpm rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm s390x: rtkit-0.5-2.el6_4.s390x.rpm rtkit-debuginfo-0.5-2.el6_4.s390x.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/rtkit-0.5-2.el6_4.src.rpm i386: rtkit-0.5-2.el6_4.i686.rpm rtkit-debuginfo-0.5-2.el6_4.i686.rpm x86_64: rtkit-0.5-2.el6_4.x86_64.rpm rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4326.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSQdboXlSAg2UNWIIRAjICAKDAaBBYvK8YQ0/Q7wfMv44GLAe0LACeMdIh K62cK5RA4ipEAdwrPp+lmtM= =CwFi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 24 18:17:06 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Sep 2013 18:17:06 +0000 Subject: [RHSA-2013:1283-01] Moderate: puppet security update Message-ID: <201309241817.r8OIH6bE023558@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: puppet security update Advisory ID: RHSA-2013:1283-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1283.html Issue date: 2013-09-24 CVE Names: CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 ===================================================================== 1. Summary: Updated puppet packages that fix several security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch, x86_64 3. Description: Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer (REST) API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. (CVE-2013-3567) It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master. (CVE-2013-4761) It was found that Puppet Module Tool (that is, running "puppet module" commands from the command line) applied incorrect permissions to installed modules. If a malicious, local user had write access to the Puppet module directory, they could use this flaw to modify the modules and therefore execute arbitrary code with the privileges of the Puppet master. (CVE-2013-4956) Red Hat would like to thank Puppet Labs for reporting these issues. Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-3567. Note: OpenStack uses these puppet packages with PackStack, a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. The Puppet master is not used in this configuration, and as such, CVE-2013-3567 and CVE-2013-4761 are not exploitable in this OpenStack use case. Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 974649 - CVE-2013-3567 puppet: remote code execution on master from unauthenticated clients 996855 - CVE-2013-4956 Puppet: Local Privilege Escalation/Arbitrary Code Execution 996856 - CVE-2013-4761 Puppet: resource_type service code execution 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/facter-1.6.6-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/hiera-1.0.0-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/puppet-3.2.4-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby-augeas-0.4.1-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby-shadow-1.4.1-13.el6_4.src.rpm noarch: hiera-1.0.0-3.el6_4.noarch.rpm puppet-3.2.4-1.el6_4.noarch.rpm puppet-server-3.2.4-1.el6_4.noarch.rpm x86_64: facter-1.6.6-1.el6_4.x86_64.rpm ruby-augeas-0.4.1-1.el6_4.x86_64.rpm ruby-augeas-debuginfo-0.4.1-1.el6_4.x86_64.rpm ruby-shadow-1.4.1-13.el6_4.x86_64.rpm ruby-shadow-debuginfo-1.4.1-13.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3567.html https://www.redhat.com/security/data/cve/CVE-2013-4761.html https://www.redhat.com/security/data/cve/CVE-2013-4956.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSQdcEXlSAg2UNWIIRAhmVAKC3sRBDSTHdHNJmuzfvQW1sbWIQPACdGZ/O ep5GAYws8xL4sNzYq2M144Y= =4lIY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Sep 24 18:17:34 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Sep 2013 18:17:34 +0000 Subject: [RHSA-2013:1284-01] Critical: ruby193-puppet security update Message-ID: <201309241817.r8OIHY1Q023663@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: ruby193-puppet security update Advisory ID: RHSA-2013:1284-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1284.html Issue date: 2013-09-24 CVE Names: CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 ===================================================================== 1. Summary: Updated ruby193-puppet packages that fix three security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer (REST) API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. (CVE-2013-3567) It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master. (CVE-2013-4761) It was found that Puppet Module Tool (that is, running "puppet module" commands from the command line) applied incorrect permissions to installed modules. If a malicious, local user had write access to the Puppet module directory, they could use this flaw to modify the modules and therefore execute arbitrary code with the privileges of the Puppet master. (CVE-2013-4956) Red Hat would like to thank Puppet Labs for reporting these issues. Upstream acknowledges Ben Murphy as the original reporter of CVE-2013-3567. These ruby193-puppet packages are used by Foreman, which provides facilities for rapidly deploying Red Hat OpenStack 3.0. In this use case, Puppet master is used and exposed to these issues. Note that Foreman is provided as a Technology Preview. For more information on the scope and nature of support for items marked as Technology Preview, refer to https://access.redhat.com/support/offerings/techpreview/ Users of Red Hat OpenStack 3.0 are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 974649 - CVE-2013-3567 puppet: remote code execution on master from unauthenticated clients 996855 - CVE-2013-4956 Puppet: Local Privilege Escalation/Arbitrary Code Execution 996856 - CVE-2013-4761 Puppet: resource_type service code execution 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-puppet-3.1.1-11.1.el6ost.src.rpm noarch: ruby193-puppet-3.1.1-11.1.el6ost.noarch.rpm ruby193-puppet-server-3.1.1-11.1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3567.html https://www.redhat.com/security/data/cve/CVE-2013-4761.html https://www.redhat.com/security/data/cve/CVE-2013-4956.html https://access.redhat.com/security/updates/classification/#critical http://puppetlabs.com/security/cve/cve-2013-3567 http://puppetlabs.com/security/cve/cve-2013-4761 http://puppetlabs.com/security/cve/cve-2013-4956 https://access.redhat.com/support/offerings/techpreview/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSQdcyXlSAg2UNWIIRAsm1AJ4kDgxzr7vYeSK0Y63WpHq3NPQGgQCeISx9 XEHYmRExEVYQFoNArdYhNHA= =vYab -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Sep 25 16:20:07 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Sep 2013 16:20:07 +0000 Subject: [RHSA-2013:1285-01] Moderate: openstack-keystone security update Message-ID: <201309251620.r8PGK8MD005515@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security update Advisory ID: RHSA-2013:1285-01 Product: Red Hat OpenStack Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1285.html Issue date: 2013-09-25 CVE Names: CVE-2013-4294 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack 3 - noarch 3. Description: The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. This issue only affected systems using PKI tokens with the memcache or KVS token back ends. (CVE-2013-4294) Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Kieran Spear of University of Melbourne as the original reporter. All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1004452 - CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends 6. Package List: OpenStack 3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2013.1.3-2.el6ost.src.rpm noarch: openstack-keystone-2013.1.3-2.el6ost.noarch.rpm openstack-keystone-doc-2013.1.3-2.el6ost.noarch.rpm python-keystone-2013.1.3-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4294.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSQw0iXlSAg2UNWIIRAnmyAJ4iAkMhCtBcGxWaXHWzjmgY6inATwCZAQVj 9ETqOu7awdR5AJHgvGMRtcM= =Y5l8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Sep 26 17:45:20 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Sep 2013 17:45:20 +0000 Subject: [RHSA-2013:1292-01] Moderate: kernel security and bug fix update Message-ID: <201309261745.r8QHjKMQ027734@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2013:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1292.html Issue date: 2013-09-26 CVE Names: CVE-2012-3511 CVE-2013-2141 CVE-2013-4162 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs: * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as "not in use". Consequently, automount attempted to unmount the tree and failed with a "failed to umount offset" error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 849734 - CVE-2012-3511 kernel: mm: use-after-free in madvise_remove() 970873 - CVE-2013-2141 Kernel: signal: information leak in tkill/tgkill 987627 - CVE-2013-4162 Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK enabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-348.18.1.el5.src.rpm i386: kernel-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.18.1.el5.i686.rpm kernel-debug-2.6.18-348.18.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.18.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.i686.rpm kernel-devel-2.6.18-348.18.1.el5.i686.rpm kernel-headers-2.6.18-348.18.1.el5.i386.rpm kernel-xen-2.6.18-348.18.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.18.1.el5.i686.rpm noarch: kernel-doc-2.6.18-348.18.1.el5.noarch.rpm x86_64: kernel-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.18.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.x86_64.rpm kernel-devel-2.6.18-348.18.1.el5.x86_64.rpm kernel-headers-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.18.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-348.18.1.el5.src.rpm i386: kernel-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.18.1.el5.i686.rpm kernel-debug-2.6.18-348.18.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.18.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.i686.rpm kernel-devel-2.6.18-348.18.1.el5.i686.rpm kernel-headers-2.6.18-348.18.1.el5.i386.rpm kernel-xen-2.6.18-348.18.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.18.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.18.1.el5.i686.rpm ia64: kernel-2.6.18-348.18.1.el5.ia64.rpm kernel-debug-2.6.18-348.18.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.18.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.18.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.ia64.rpm kernel-devel-2.6.18-348.18.1.el5.ia64.rpm kernel-headers-2.6.18-348.18.1.el5.ia64.rpm kernel-xen-2.6.18-348.18.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.18.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.18.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.18.1.el5.noarch.rpm ppc: kernel-2.6.18-348.18.1.el5.ppc64.rpm kernel-debug-2.6.18-348.18.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.18.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.18.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.ppc64.rpm kernel-devel-2.6.18-348.18.1.el5.ppc64.rpm kernel-headers-2.6.18-348.18.1.el5.ppc.rpm kernel-headers-2.6.18-348.18.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.18.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.18.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.18.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.18.1.el5.s390x.rpm kernel-debug-2.6.18-348.18.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.18.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.18.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.s390x.rpm kernel-devel-2.6.18-348.18.1.el5.s390x.rpm kernel-headers-2.6.18-348.18.1.el5.s390x.rpm kernel-kdump-2.6.18-348.18.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.18.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.18.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.18.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.18.1.el5.x86_64.rpm kernel-devel-2.6.18-348.18.1.el5.x86_64.rpm kernel-headers-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.18.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.18.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3511.html https://www.redhat.com/security/data/cve/CVE-2013-2141.html https://www.redhat.com/security/data/cve/CVE-2013-4162.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSRHKHXlSAg2UNWIIRAn9oAJ9KIOnIA/s9cHaxLzh+9Q3nvLpgWwCgwHXb qCSerwzCTpzBXHUr8EBv0no= =lUqx -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 18:44:06 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 18:44:06 +0000 Subject: [RHSA-2013:1376-01] Low: Red Hat Enterprise Linux 5.3 Advanced Mission Critical 6-month Notice Message-ID: <201309301844.r8UIi7K0018499@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 5.3 Advanced Mission Critical 6-month Notice Advisory ID: RHSA-2013:1376-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1376.html Issue date: 2013-09-30 ===================================================================== 1. Summary: This is the 6-month notification for the retirement of Red Hat Enterprise Linux 5.3 Advanced Mission Critical (AMC). 2. Relevant releases/architectures: Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after March 31, 2014. Note: This notification applies only to those customers with subscriptions for Advanced Mission Critical Support (AMC) channels for Red Hat Enterprise Linux 5.3. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.3 to a more recent release of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release (AMC is available on 5.9) or Red Hat Enterprise Linux 6 release (AMC is available on 6.2 and 6.4, and planned for 6.6). Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release package, that provides a copy of this notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: redhat-release-5Server-5.3.0.6.src.rpm i386: redhat-release-5Server-5.3.0.6.i386.rpm redhat-release-debuginfo-5Server-5.3.0.6.i386.rpm ia64: redhat-release-5Server-5.3.0.6.ia64.rpm redhat-release-debuginfo-5Server-5.3.0.6.ia64.rpm x86_64: redhat-release-5Server-5.3.0.6.x86_64.rpm redhat-release-debuginfo-5Server-5.3.0.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSScZtXlSAg2UNWIIRAsyXAJ4rP45r0FKnMpICtQveeSW/3ZCPUACbB0sD 3T6NxtRfRS2rU1QSuRLXyCs= =d3v6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:34:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:34:23 +0000 Subject: [RHSA-2013:1302-01] Low: xinetd security and bug fix update Message-ID: <201309302334.r8UNYNKm029235@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: xinetd security and bug fix update Advisory ID: RHSA-2013:1302-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1302.html Issue date: 2013-09-30 Keywords: xinetd CVE Names: CVE-2012-0862 ===================================================================== 1. Summary: An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 790940 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xinetd-2.3.14-19.el5.src.rpm i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xinetd-2.3.14-19.el5.src.rpm i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm ia64: xinetd-2.3.14-19.el5.ia64.rpm xinetd-debuginfo-2.3.14-19.el5.ia64.rpm ppc: xinetd-2.3.14-19.el5.ppc.rpm xinetd-debuginfo-2.3.14-19.el5.ppc.rpm s390x: xinetd-2.3.14-19.el5.s390x.rpm xinetd-debuginfo-2.3.14-19.el5.s390x.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0862.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgpqXlSAg2UNWIIRAvpLAKCbKbjE5Ply5EtEBPXTPPxHFrIxRwCgrg3J ttoX9ugY0CfQfNkr1AiTFF0= =edRB -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:35:02 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:35:02 +0000 Subject: [RHSA-2013:1307-01] Moderate: php53 security, bug fix and enhancement update Message-ID: <201309302335.r8UNZ2FB003855@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 security, bug fix and enhancement update Advisory ID: RHSA-2013:1307-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1307.html Issue date: 2013-09-30 CVE Names: CVE-2006-7243 CVE-2011-1398 CVE-2012-0831 CVE-2012-2688 CVE-2013-1643 CVE-2013-4248 ===================================================================== 1. Summary: Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) These updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 662707 - CVE-2006-7243 php: paths with NULL character were considered valid 789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 837044 - add php(language) virtual provide 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 869691 - setDate, setISODate, setTime works wrong when DateTime created from timestamp 869693 - PDOStatement execute segfaults for pdo_mysql driver 869697 - fileinfo extension: use stat function from stream wrapper 892695 - $this becomes a non-object 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 951075 - Apache 2.2.15 on RHEL 6.3 segfaults with certain PHP content 953818 - Bad memset call in libzip 997097 - CVE-2013-4248 php: hostname check bypassing vulnerability in SSL client 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php53-5.3.3-21.el5.src.rpm i386: php53-5.3.3-21.el5.i386.rpm php53-bcmath-5.3.3-21.el5.i386.rpm php53-cli-5.3.3-21.el5.i386.rpm php53-common-5.3.3-21.el5.i386.rpm php53-dba-5.3.3-21.el5.i386.rpm php53-debuginfo-5.3.3-21.el5.i386.rpm php53-devel-5.3.3-21.el5.i386.rpm php53-gd-5.3.3-21.el5.i386.rpm php53-imap-5.3.3-21.el5.i386.rpm php53-intl-5.3.3-21.el5.i386.rpm php53-ldap-5.3.3-21.el5.i386.rpm php53-mbstring-5.3.3-21.el5.i386.rpm php53-mysql-5.3.3-21.el5.i386.rpm php53-odbc-5.3.3-21.el5.i386.rpm php53-pdo-5.3.3-21.el5.i386.rpm php53-pgsql-5.3.3-21.el5.i386.rpm php53-process-5.3.3-21.el5.i386.rpm php53-pspell-5.3.3-21.el5.i386.rpm php53-snmp-5.3.3-21.el5.i386.rpm php53-soap-5.3.3-21.el5.i386.rpm php53-xml-5.3.3-21.el5.i386.rpm php53-xmlrpc-5.3.3-21.el5.i386.rpm x86_64: php53-5.3.3-21.el5.x86_64.rpm php53-bcmath-5.3.3-21.el5.x86_64.rpm php53-cli-5.3.3-21.el5.x86_64.rpm php53-common-5.3.3-21.el5.x86_64.rpm php53-dba-5.3.3-21.el5.x86_64.rpm php53-debuginfo-5.3.3-21.el5.x86_64.rpm php53-devel-5.3.3-21.el5.x86_64.rpm php53-gd-5.3.3-21.el5.x86_64.rpm php53-imap-5.3.3-21.el5.x86_64.rpm php53-intl-5.3.3-21.el5.x86_64.rpm php53-ldap-5.3.3-21.el5.x86_64.rpm php53-mbstring-5.3.3-21.el5.x86_64.rpm php53-mysql-5.3.3-21.el5.x86_64.rpm php53-odbc-5.3.3-21.el5.x86_64.rpm php53-pdo-5.3.3-21.el5.x86_64.rpm php53-pgsql-5.3.3-21.el5.x86_64.rpm php53-process-5.3.3-21.el5.x86_64.rpm php53-pspell-5.3.3-21.el5.x86_64.rpm php53-snmp-5.3.3-21.el5.x86_64.rpm php53-soap-5.3.3-21.el5.x86_64.rpm php53-xml-5.3.3-21.el5.x86_64.rpm php53-xmlrpc-5.3.3-21.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php53-5.3.3-21.el5.src.rpm i386: php53-5.3.3-21.el5.i386.rpm php53-bcmath-5.3.3-21.el5.i386.rpm php53-cli-5.3.3-21.el5.i386.rpm php53-common-5.3.3-21.el5.i386.rpm php53-dba-5.3.3-21.el5.i386.rpm php53-debuginfo-5.3.3-21.el5.i386.rpm php53-devel-5.3.3-21.el5.i386.rpm php53-gd-5.3.3-21.el5.i386.rpm php53-imap-5.3.3-21.el5.i386.rpm php53-intl-5.3.3-21.el5.i386.rpm php53-ldap-5.3.3-21.el5.i386.rpm php53-mbstring-5.3.3-21.el5.i386.rpm php53-mysql-5.3.3-21.el5.i386.rpm php53-odbc-5.3.3-21.el5.i386.rpm php53-pdo-5.3.3-21.el5.i386.rpm php53-pgsql-5.3.3-21.el5.i386.rpm php53-process-5.3.3-21.el5.i386.rpm php53-pspell-5.3.3-21.el5.i386.rpm php53-snmp-5.3.3-21.el5.i386.rpm php53-soap-5.3.3-21.el5.i386.rpm php53-xml-5.3.3-21.el5.i386.rpm php53-xmlrpc-5.3.3-21.el5.i386.rpm ia64: php53-5.3.3-21.el5.ia64.rpm php53-bcmath-5.3.3-21.el5.ia64.rpm php53-cli-5.3.3-21.el5.ia64.rpm php53-common-5.3.3-21.el5.ia64.rpm php53-dba-5.3.3-21.el5.ia64.rpm php53-debuginfo-5.3.3-21.el5.ia64.rpm php53-devel-5.3.3-21.el5.ia64.rpm php53-gd-5.3.3-21.el5.ia64.rpm php53-imap-5.3.3-21.el5.ia64.rpm php53-intl-5.3.3-21.el5.ia64.rpm php53-ldap-5.3.3-21.el5.ia64.rpm php53-mbstring-5.3.3-21.el5.ia64.rpm php53-mysql-5.3.3-21.el5.ia64.rpm php53-odbc-5.3.3-21.el5.ia64.rpm php53-pdo-5.3.3-21.el5.ia64.rpm php53-pgsql-5.3.3-21.el5.ia64.rpm php53-process-5.3.3-21.el5.ia64.rpm php53-pspell-5.3.3-21.el5.ia64.rpm php53-snmp-5.3.3-21.el5.ia64.rpm php53-soap-5.3.3-21.el5.ia64.rpm php53-xml-5.3.3-21.el5.ia64.rpm php53-xmlrpc-5.3.3-21.el5.ia64.rpm ppc: php53-5.3.3-21.el5.ppc.rpm php53-bcmath-5.3.3-21.el5.ppc.rpm php53-cli-5.3.3-21.el5.ppc.rpm php53-common-5.3.3-21.el5.ppc.rpm php53-dba-5.3.3-21.el5.ppc.rpm php53-debuginfo-5.3.3-21.el5.ppc.rpm php53-devel-5.3.3-21.el5.ppc.rpm php53-gd-5.3.3-21.el5.ppc.rpm php53-imap-5.3.3-21.el5.ppc.rpm php53-intl-5.3.3-21.el5.ppc.rpm php53-ldap-5.3.3-21.el5.ppc.rpm php53-mbstring-5.3.3-21.el5.ppc.rpm php53-mysql-5.3.3-21.el5.ppc.rpm php53-odbc-5.3.3-21.el5.ppc.rpm php53-pdo-5.3.3-21.el5.ppc.rpm php53-pgsql-5.3.3-21.el5.ppc.rpm php53-process-5.3.3-21.el5.ppc.rpm php53-pspell-5.3.3-21.el5.ppc.rpm php53-snmp-5.3.3-21.el5.ppc.rpm php53-soap-5.3.3-21.el5.ppc.rpm php53-xml-5.3.3-21.el5.ppc.rpm php53-xmlrpc-5.3.3-21.el5.ppc.rpm s390x: php53-5.3.3-21.el5.s390x.rpm php53-bcmath-5.3.3-21.el5.s390x.rpm php53-cli-5.3.3-21.el5.s390x.rpm php53-common-5.3.3-21.el5.s390x.rpm php53-dba-5.3.3-21.el5.s390x.rpm php53-debuginfo-5.3.3-21.el5.s390x.rpm php53-devel-5.3.3-21.el5.s390x.rpm php53-gd-5.3.3-21.el5.s390x.rpm php53-imap-5.3.3-21.el5.s390x.rpm php53-intl-5.3.3-21.el5.s390x.rpm php53-ldap-5.3.3-21.el5.s390x.rpm php53-mbstring-5.3.3-21.el5.s390x.rpm php53-mysql-5.3.3-21.el5.s390x.rpm php53-odbc-5.3.3-21.el5.s390x.rpm php53-pdo-5.3.3-21.el5.s390x.rpm php53-pgsql-5.3.3-21.el5.s390x.rpm php53-process-5.3.3-21.el5.s390x.rpm php53-pspell-5.3.3-21.el5.s390x.rpm php53-snmp-5.3.3-21.el5.s390x.rpm php53-soap-5.3.3-21.el5.s390x.rpm php53-xml-5.3.3-21.el5.s390x.rpm php53-xmlrpc-5.3.3-21.el5.s390x.rpm x86_64: php53-5.3.3-21.el5.x86_64.rpm php53-bcmath-5.3.3-21.el5.x86_64.rpm php53-cli-5.3.3-21.el5.x86_64.rpm php53-common-5.3.3-21.el5.x86_64.rpm php53-dba-5.3.3-21.el5.x86_64.rpm php53-debuginfo-5.3.3-21.el5.x86_64.rpm php53-devel-5.3.3-21.el5.x86_64.rpm php53-gd-5.3.3-21.el5.x86_64.rpm php53-imap-5.3.3-21.el5.x86_64.rpm php53-intl-5.3.3-21.el5.x86_64.rpm php53-ldap-5.3.3-21.el5.x86_64.rpm php53-mbstring-5.3.3-21.el5.x86_64.rpm php53-mysql-5.3.3-21.el5.x86_64.rpm php53-odbc-5.3.3-21.el5.x86_64.rpm php53-pdo-5.3.3-21.el5.x86_64.rpm php53-pgsql-5.3.3-21.el5.x86_64.rpm php53-process-5.3.3-21.el5.x86_64.rpm php53-pspell-5.3.3-21.el5.x86_64.rpm php53-snmp-5.3.3-21.el5.x86_64.rpm php53-soap-5.3.3-21.el5.x86_64.rpm php53-xml-5.3.3-21.el5.x86_64.rpm php53-xmlrpc-5.3.3-21.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2006-7243.html https://www.redhat.com/security/data/cve/CVE-2011-1398.html https://www.redhat.com/security/data/cve/CVE-2012-0831.html https://www.redhat.com/security/data/cve/CVE-2012-2688.html https://www.redhat.com/security/data/cve/CVE-2013-1643.html https://www.redhat.com/security/data/cve/CVE-2013-4248.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.10_Technical_Notes/php53.html#RHSA-2013-1307 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgqRXlSAg2UNWIIRAgPAAJ9QIvl3kqR8cyMBWxFFEy1lyc0zogCfea0J z81OX5qQgnb1Mt44sOoOZ3E= =Iej1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:36:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:36:12 +0000 Subject: [RHSA-2013:1310-01] Moderate: samba3x security and bug fix update Message-ID: <201309302336.r8UNaCgA004786@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: samba3x security and bug fix update Advisory ID: RHSA-2013:1310-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1310.html Issue date: 2013-09-30 CVE Names: CVE-2013-0213 CVE-2013-0214 CVE-2013-4124 ===================================================================== 1. Summary: Updated samba3x packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 905700 - CVE-2013-0213 samba: clickjacking vulnerability in SWAT 905704 - CVE-2013-0214 samba: cross-site request forgery vulnerability in SWAT 984401 - CVE-2013-4124 samba: DoS via integer overflow when reading an EA list 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.6.6-0.136.el5.src.rpm i386: samba3x-3.6.6-0.136.el5.i386.rpm samba3x-client-3.6.6-0.136.el5.i386.rpm samba3x-common-3.6.6-0.136.el5.i386.rpm samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-doc-3.6.6-0.136.el5.i386.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.i386.rpm samba3x-swat-3.6.6-0.136.el5.i386.rpm samba3x-winbind-3.6.6-0.136.el5.i386.rpm x86_64: samba3x-3.6.6-0.136.el5.x86_64.rpm samba3x-client-3.6.6-0.136.el5.x86_64.rpm samba3x-common-3.6.6-0.136.el5.x86_64.rpm samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-debuginfo-3.6.6-0.136.el5.x86_64.rpm samba3x-doc-3.6.6-0.136.el5.x86_64.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.x86_64.rpm samba3x-swat-3.6.6-0.136.el5.x86_64.rpm samba3x-winbind-3.6.6-0.136.el5.i386.rpm samba3x-winbind-3.6.6-0.136.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba3x-3.6.6-0.136.el5.src.rpm i386: samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-winbind-devel-3.6.6-0.136.el5.i386.rpm x86_64: samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-debuginfo-3.6.6-0.136.el5.x86_64.rpm samba3x-winbind-devel-3.6.6-0.136.el5.i386.rpm samba3x-winbind-devel-3.6.6-0.136.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba3x-3.6.6-0.136.el5.src.rpm i386: samba3x-3.6.6-0.136.el5.i386.rpm samba3x-client-3.6.6-0.136.el5.i386.rpm samba3x-common-3.6.6-0.136.el5.i386.rpm samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-doc-3.6.6-0.136.el5.i386.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.i386.rpm samba3x-swat-3.6.6-0.136.el5.i386.rpm samba3x-winbind-3.6.6-0.136.el5.i386.rpm samba3x-winbind-devel-3.6.6-0.136.el5.i386.rpm ia64: samba3x-3.6.6-0.136.el5.ia64.rpm samba3x-client-3.6.6-0.136.el5.ia64.rpm samba3x-common-3.6.6-0.136.el5.ia64.rpm samba3x-debuginfo-3.6.6-0.136.el5.ia64.rpm samba3x-doc-3.6.6-0.136.el5.ia64.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.ia64.rpm samba3x-swat-3.6.6-0.136.el5.ia64.rpm samba3x-winbind-3.6.6-0.136.el5.ia64.rpm samba3x-winbind-devel-3.6.6-0.136.el5.ia64.rpm ppc: samba3x-3.6.6-0.136.el5.ppc.rpm samba3x-client-3.6.6-0.136.el5.ppc.rpm samba3x-common-3.6.6-0.136.el5.ppc.rpm samba3x-debuginfo-3.6.6-0.136.el5.ppc.rpm samba3x-debuginfo-3.6.6-0.136.el5.ppc64.rpm samba3x-doc-3.6.6-0.136.el5.ppc.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.ppc.rpm samba3x-swat-3.6.6-0.136.el5.ppc.rpm samba3x-winbind-3.6.6-0.136.el5.ppc.rpm samba3x-winbind-3.6.6-0.136.el5.ppc64.rpm samba3x-winbind-devel-3.6.6-0.136.el5.ppc.rpm samba3x-winbind-devel-3.6.6-0.136.el5.ppc64.rpm s390x: samba3x-3.6.6-0.136.el5.s390x.rpm samba3x-client-3.6.6-0.136.el5.s390x.rpm samba3x-common-3.6.6-0.136.el5.s390x.rpm samba3x-debuginfo-3.6.6-0.136.el5.s390.rpm samba3x-debuginfo-3.6.6-0.136.el5.s390x.rpm samba3x-doc-3.6.6-0.136.el5.s390x.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.s390x.rpm samba3x-swat-3.6.6-0.136.el5.s390x.rpm samba3x-winbind-3.6.6-0.136.el5.s390.rpm samba3x-winbind-3.6.6-0.136.el5.s390x.rpm samba3x-winbind-devel-3.6.6-0.136.el5.s390.rpm samba3x-winbind-devel-3.6.6-0.136.el5.s390x.rpm x86_64: samba3x-3.6.6-0.136.el5.x86_64.rpm samba3x-client-3.6.6-0.136.el5.x86_64.rpm samba3x-common-3.6.6-0.136.el5.x86_64.rpm samba3x-debuginfo-3.6.6-0.136.el5.i386.rpm samba3x-debuginfo-3.6.6-0.136.el5.x86_64.rpm samba3x-doc-3.6.6-0.136.el5.x86_64.rpm samba3x-domainjoin-gui-3.6.6-0.136.el5.x86_64.rpm samba3x-swat-3.6.6-0.136.el5.x86_64.rpm samba3x-winbind-3.6.6-0.136.el5.i386.rpm samba3x-winbind-3.6.6-0.136.el5.x86_64.rpm samba3x-winbind-devel-3.6.6-0.136.el5.i386.rpm samba3x-winbind-devel-3.6.6-0.136.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0213.html https://www.redhat.com/security/data/cve/CVE-2013-0214.html https://www.redhat.com/security/data/cve/CVE-2013-4124.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.10_Technical_Notes/samba3x.html#RHSA-2013-1310 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgrAXlSAg2UNWIIRAlx+AKCeoCbczV9PHUxwJQOBE4KHNwFBTgCdFPZl MvNvcnLItxG7JugGvCTJ+m0= =AGGB -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:37:23 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:37:23 +0000 Subject: [RHSA-2013:1319-01] Low: sssd security and bug fix update Message-ID: <201309302337.r8UNbN7N023066@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sssd security and bug fix update Advisory ID: RHSA-2013:1319-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1319.html Issue date: 2013-09-30 CVE Names: CVE-2013-0219 ===================================================================== 1. Summary: Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) The CVE-2013-0219 issue war discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bugs: * After a paging control was used, memory in the sssd_be process was never freed which led to the growth of the sssd_be process memory usage over time. To fix this bug, the paging control was deallocated after use, and thus the memory usage of the sssd_be process no longer grows. (BZ#820908) * If the sssd_be process was terminated and recreated while there were authentication requests pending, the sssd_pam process did not recover correctly and did not reconnect to the new sssd_be process. Consequently, the sssd_pam process was seemingly blocked and did not accept any new authentication requests. The sssd_pam process has been fixes so that it reconnects to the new instance of the sssd_be process after the original one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam process now accepts new authentication requests. (BZ#882414) * When the sssd_be process hung for a while, it was terminated and a new instance was created. If the old instance did not respond to the TERM signal and continued running, SSSD terminated unexpectedly. As a consequence, the user could not log in. SSSD now keeps track of sssd_be subprocesses more effectively, making the restarts of sssd_be more reliable in such scenarios. Users can now log in whenever the sssd_be is restarted and becomes unresponsive. (BZ#886165) * In case the processing of an LDAP request took longer than the client timeout upon completing the request (60 seconds by default), the PAM client could have accessed memory that was previously freed due to the client timeout being reached. As a result, the sssd_pam process terminated unexpectedly with a segmentation fault. SSSD now ignores an LDAP request result when it detects that the set timeout of this request has been reached. The sssd_pam process no longer crashes in the aforementioned scenario. (BZ#923813) * When there was a heavy load of users and groups to be saved in cache, SSSD experienced a timeout. Consequently, NSS did not start the backup process properly and it was impossible to log in. A patch has been provided to fix this bug. The SSSD daemon now remains responsive and the login continues as expected. (BZ#805729) * SSSD kept the file descriptors to the log files open. Consequently, on occasions like moving the actual log file and restarting the back end, SSSD still kept the file descriptors open. SSSD now closes the file descriptor after the child process execution; after a successful back end start, the file descriptor to log files is closed. (BZ#961680) * While performing access control in the Identity Management back end, SSSD erroneously downloaded the "member" attribute from the server and then attempted to use it in the cache verbatim. Consequently, the cache attempted to use the "member" attribute values as if they were pointing to the local cache which was CPU intensive. The member attribute when processing host groups is no longer downloaded and processed. Moreover, the login process is reasonably fast even with large host groups. (BZ#979047) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 884254 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees 961680 - sssd components seem to mishandle sighup 974036 - sssd core process keeps running after backends quit 979047 - sssd_be goes to 99% CPU and causes significant login delays when client is under load 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sssd-1.5.1-70.el5.src.rpm i386: libipa_hbac-1.5.1-70.el5.i386.rpm libipa_hbac-devel-1.5.1-70.el5.i386.rpm libipa_hbac-python-1.5.1-70.el5.i386.rpm sssd-1.5.1-70.el5.i386.rpm sssd-client-1.5.1-70.el5.i386.rpm sssd-debuginfo-1.5.1-70.el5.i386.rpm sssd-tools-1.5.1-70.el5.i386.rpm x86_64: libipa_hbac-1.5.1-70.el5.i386.rpm libipa_hbac-1.5.1-70.el5.x86_64.rpm libipa_hbac-devel-1.5.1-70.el5.i386.rpm libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm libipa_hbac-python-1.5.1-70.el5.x86_64.rpm sssd-1.5.1-70.el5.x86_64.rpm sssd-client-1.5.1-70.el5.i386.rpm sssd-client-1.5.1-70.el5.x86_64.rpm sssd-debuginfo-1.5.1-70.el5.i386.rpm sssd-debuginfo-1.5.1-70.el5.x86_64.rpm sssd-tools-1.5.1-70.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sssd-1.5.1-70.el5.src.rpm i386: libipa_hbac-1.5.1-70.el5.i386.rpm libipa_hbac-devel-1.5.1-70.el5.i386.rpm libipa_hbac-python-1.5.1-70.el5.i386.rpm sssd-1.5.1-70.el5.i386.rpm sssd-client-1.5.1-70.el5.i386.rpm sssd-debuginfo-1.5.1-70.el5.i386.rpm sssd-tools-1.5.1-70.el5.i386.rpm ia64: libipa_hbac-1.5.1-70.el5.ia64.rpm libipa_hbac-devel-1.5.1-70.el5.ia64.rpm libipa_hbac-python-1.5.1-70.el5.ia64.rpm sssd-1.5.1-70.el5.ia64.rpm sssd-client-1.5.1-70.el5.i386.rpm sssd-client-1.5.1-70.el5.ia64.rpm sssd-debuginfo-1.5.1-70.el5.i386.rpm sssd-debuginfo-1.5.1-70.el5.ia64.rpm sssd-tools-1.5.1-70.el5.ia64.rpm ppc: libipa_hbac-1.5.1-70.el5.ppc.rpm libipa_hbac-1.5.1-70.el5.ppc64.rpm libipa_hbac-devel-1.5.1-70.el5.ppc.rpm libipa_hbac-devel-1.5.1-70.el5.ppc64.rpm libipa_hbac-python-1.5.1-70.el5.ppc.rpm sssd-1.5.1-70.el5.ppc.rpm sssd-client-1.5.1-70.el5.ppc.rpm sssd-client-1.5.1-70.el5.ppc64.rpm sssd-debuginfo-1.5.1-70.el5.ppc.rpm sssd-debuginfo-1.5.1-70.el5.ppc64.rpm sssd-tools-1.5.1-70.el5.ppc.rpm s390x: libipa_hbac-1.5.1-70.el5.s390.rpm libipa_hbac-1.5.1-70.el5.s390x.rpm libipa_hbac-devel-1.5.1-70.el5.s390.rpm libipa_hbac-devel-1.5.1-70.el5.s390x.rpm libipa_hbac-python-1.5.1-70.el5.s390x.rpm sssd-1.5.1-70.el5.s390x.rpm sssd-client-1.5.1-70.el5.s390.rpm sssd-client-1.5.1-70.el5.s390x.rpm sssd-debuginfo-1.5.1-70.el5.s390.rpm sssd-debuginfo-1.5.1-70.el5.s390x.rpm sssd-tools-1.5.1-70.el5.s390x.rpm x86_64: libipa_hbac-1.5.1-70.el5.i386.rpm libipa_hbac-1.5.1-70.el5.x86_64.rpm libipa_hbac-devel-1.5.1-70.el5.i386.rpm libipa_hbac-devel-1.5.1-70.el5.x86_64.rpm libipa_hbac-python-1.5.1-70.el5.x86_64.rpm sssd-1.5.1-70.el5.x86_64.rpm sssd-client-1.5.1-70.el5.i386.rpm sssd-client-1.5.1-70.el5.x86_64.rpm sssd-debuginfo-1.5.1-70.el5.i386.rpm sssd-debuginfo-1.5.1-70.el5.x86_64.rpm sssd-tools-1.5.1-70.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0219.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgslXlSAg2UNWIIRAiYNAJ9N9YNaoqZxar9nh71o+G05kUp9iACePU3g kFL/nYMyyNwBYVY1No5hLE0= =Nmnt -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:37:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:37:59 +0000 Subject: [RHSA-2013:1323-01] Low: ccid security and bug fix update Message-ID: <201309302338.r8UNc0Pa023221@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: ccid security and bug fix update Advisory ID: RHSA-2013:1323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1323.html Issue date: 2013-09-30 CVE Names: CVE-2010-4530 ===================================================================== 1. Summary: An updated ccid package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4530) This update also fixes the following bug: * The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a "IFDHPowerICC() PowerUp failed" error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected. (BZ#907821) All ccid users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 664986 - CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ccid-1.3.8-2.el5.src.rpm i386: ccid-1.3.8-2.el5.i386.rpm ccid-debuginfo-1.3.8-2.el5.i386.rpm x86_64: ccid-1.3.8-2.el5.x86_64.rpm ccid-debuginfo-1.3.8-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ccid-1.3.8-2.el5.src.rpm i386: ccid-1.3.8-2.el5.i386.rpm ccid-debuginfo-1.3.8-2.el5.i386.rpm ia64: ccid-1.3.8-2.el5.ia64.rpm ccid-debuginfo-1.3.8-2.el5.ia64.rpm ppc: ccid-1.3.8-2.el5.ppc.rpm ccid-debuginfo-1.3.8-2.el5.ppc.rpm x86_64: ccid-1.3.8-2.el5.x86_64.rpm ccid-debuginfo-1.3.8-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4530.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgtFXlSAg2UNWIIRAk8AAJwMuvxGK76hDAKhDZl/EXok+h0tFQCdHi9x yBwSU2uUzLuAX4EgTsSzARU= =gCbJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:38:40 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:38:40 +0000 Subject: [RHSA-2013:1348-01] Moderate: Red Hat Enterprise Linux 5 kernel update Message-ID: <201309302338.r8UNcexs023555@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Linux 5 kernel update Advisory ID: RHSA-2013:1348-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1348.html Issue date: 2013-09-30 CVE Names: CVE-2012-4398 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the tenth regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) Red Hat would like to thank Tetsuo Handa for reporting this issue. This update also fixes numerous bugs and adds various enhancements. Refer to the Red Hat Enterprise Linux 5.10 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct this issue, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 5.10 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 709658 - Bad build req: No Package Found for kernel-debug-devel-x86_64 756309 - extN: new file created even if open(2) returned -EPERM 853474 - CVE-2012-4398 kernel: request_module() OOM local DoS 862862 - long ixgbevf interface name crashes kernel 865292 - [Hyper-V] storvsc: Account for in-transit packets in the RESET path 865736 - Only 2 VF can be seen in RHEL5.9 PV guest 894360 - starting a F18 install as a CentOS5 xen guest 961667 - xen: numa: guest crash on second restore 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-371.el5.src.rpm i386: kernel-2.6.18-371.el5.i686.rpm kernel-PAE-2.6.18-371.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.el5.i686.rpm kernel-PAE-devel-2.6.18-371.el5.i686.rpm kernel-debug-2.6.18-371.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.el5.i686.rpm kernel-debug-devel-2.6.18-371.el5.i686.rpm kernel-debuginfo-2.6.18-371.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.el5.i686.rpm kernel-devel-2.6.18-371.el5.i686.rpm kernel-headers-2.6.18-371.el5.i386.rpm kernel-xen-2.6.18-371.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.el5.i686.rpm kernel-xen-devel-2.6.18-371.el5.i686.rpm noarch: kernel-doc-2.6.18-371.el5.noarch.rpm x86_64: kernel-2.6.18-371.el5.x86_64.rpm kernel-debug-2.6.18-371.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.el5.x86_64.rpm kernel-devel-2.6.18-371.el5.x86_64.rpm kernel-headers-2.6.18-371.el5.x86_64.rpm kernel-xen-2.6.18-371.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-371.el5.src.rpm i386: kernel-2.6.18-371.el5.i686.rpm kernel-PAE-2.6.18-371.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.el5.i686.rpm kernel-PAE-devel-2.6.18-371.el5.i686.rpm kernel-debug-2.6.18-371.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.el5.i686.rpm kernel-debug-devel-2.6.18-371.el5.i686.rpm kernel-debuginfo-2.6.18-371.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.el5.i686.rpm kernel-devel-2.6.18-371.el5.i686.rpm kernel-headers-2.6.18-371.el5.i386.rpm kernel-xen-2.6.18-371.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.el5.i686.rpm kernel-xen-devel-2.6.18-371.el5.i686.rpm ia64: kernel-2.6.18-371.el5.ia64.rpm kernel-debug-2.6.18-371.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-371.el5.ia64.rpm kernel-debug-devel-2.6.18-371.el5.ia64.rpm kernel-debuginfo-2.6.18-371.el5.ia64.rpm kernel-debuginfo-common-2.6.18-371.el5.ia64.rpm kernel-devel-2.6.18-371.el5.ia64.rpm kernel-headers-2.6.18-371.el5.ia64.rpm kernel-xen-2.6.18-371.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-371.el5.ia64.rpm kernel-xen-devel-2.6.18-371.el5.ia64.rpm noarch: kernel-doc-2.6.18-371.el5.noarch.rpm ppc: kernel-2.6.18-371.el5.ppc64.rpm kernel-debug-2.6.18-371.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-371.el5.ppc64.rpm kernel-debug-devel-2.6.18-371.el5.ppc64.rpm kernel-debuginfo-2.6.18-371.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-371.el5.ppc64.rpm kernel-devel-2.6.18-371.el5.ppc64.rpm kernel-headers-2.6.18-371.el5.ppc.rpm kernel-headers-2.6.18-371.el5.ppc64.rpm kernel-kdump-2.6.18-371.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-371.el5.ppc64.rpm kernel-kdump-devel-2.6.18-371.el5.ppc64.rpm s390x: kernel-2.6.18-371.el5.s390x.rpm kernel-debug-2.6.18-371.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-371.el5.s390x.rpm kernel-debug-devel-2.6.18-371.el5.s390x.rpm kernel-debuginfo-2.6.18-371.el5.s390x.rpm kernel-debuginfo-common-2.6.18-371.el5.s390x.rpm kernel-devel-2.6.18-371.el5.s390x.rpm kernel-headers-2.6.18-371.el5.s390x.rpm kernel-kdump-2.6.18-371.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-371.el5.s390x.rpm kernel-kdump-devel-2.6.18-371.el5.s390x.rpm x86_64: kernel-2.6.18-371.el5.x86_64.rpm kernel-debug-2.6.18-371.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.el5.x86_64.rpm kernel-devel-2.6.18-371.el5.x86_64.rpm kernel-headers-2.6.18-371.el5.x86_64.rpm kernel-xen-2.6.18-371.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4398.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html-single/5.10_Release_Notes/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html-single/5.10_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgtqXlSAg2UNWIIRAilKAJ4hyFSQIW8+WfgNbkj/vrjGws7hvACgmjZz F/16dibAwzV9XYGxiUoWy5M= =rh72 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Sep 30 23:39:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 30 Sep 2013 23:39:21 +0000 Subject: [RHSA-2013:1353-01] Low: sudo security and bug fix update Message-ID: <201309302339.r8UNdLuV007375@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: sudo security and bug fix update Advisory ID: RHSA-2013:1353-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1353.html Issue date: 2013-09-30 CVE Names: CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 ===================================================================== 1. Summary: An updated sudo package that fixes multiple security issues and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1776, CVE-2013-2776) This update also fixes the following bugs: * Due to a bug in the cycle detection algorithm of the visudo utility, visudo incorrectly evaluated certain alias definitions in the /etc/sudoers file as cycles. Consequently, a warning message about undefined aliases appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by visudo and the warning message no longer appears. (BZ#849679) * Previously, the 'sudo -l' command did not parse the /etc/sudoers file correctly if it contained an Active Directory (AD) group. The file was parsed only up to the first AD group information and then the parsing failed with the following message: sudo: unable to cache group ADDOM\admingroup, already exists With this update, the underlying code has been modified and 'sudo -l' now parses /etc/sudoers containing AD groups correctly. (BZ#855836) * Previously, the sudo utility did not escape the backslash characters contained in user names properly. Consequently, if a system used sudo integrated with LDAP or Active Directory (AD) as the primary authentication mechanism, users were not able to authenticate on that system. With this update, sudo has been modified to process LDAP and AD names correctly and the authentication process now works as expected. (BZ#869287) * Prior to this update, the 'visudo -s (strict)' command incorrectly parsed certain alias definitions. Consequently, an error message was issued. The bug has been fixed, and parsing errors no longer occur when using 'visudo - -s'. (BZ#905624) All sudo users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 853203 - Sudo -i isn't passing command arguments containing spaces properly as of sudo-1.7.2p1-14.el5_8.3 856902 - Defauts:! syntax in sudoers doesn't seem to work as expected 916363 - CVE-2013-1775 sudo: authentication bypass via reset system clock 916365 - CVE-2013-1776 sudo: bypass of tty_tickets constraints 949751 - CVE-2013-2776 sudo: bypass of tty_tickets constraints 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.7.2p1-28.el5.src.rpm i386: sudo-1.7.2p1-28.el5.i386.rpm sudo-debuginfo-1.7.2p1-28.el5.i386.rpm x86_64: sudo-1.7.2p1-28.el5.x86_64.rpm sudo-debuginfo-1.7.2p1-28.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.7.2p1-28.el5.src.rpm i386: sudo-1.7.2p1-28.el5.i386.rpm sudo-debuginfo-1.7.2p1-28.el5.i386.rpm ia64: sudo-1.7.2p1-28.el5.ia64.rpm sudo-debuginfo-1.7.2p1-28.el5.ia64.rpm ppc: sudo-1.7.2p1-28.el5.ppc.rpm sudo-debuginfo-1.7.2p1-28.el5.ppc.rpm s390x: sudo-1.7.2p1-28.el5.s390x.rpm sudo-debuginfo-1.7.2p1-28.el5.s390x.rpm x86_64: sudo-1.7.2p1-28.el5.x86_64.rpm sudo-debuginfo-1.7.2p1-28.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1775.html https://www.redhat.com/security/data/cve/CVE-2013-1776.html https://www.redhat.com/security/data/cve/CVE-2013-2776.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSguTXlSAg2UNWIIRAtwlAKCLKk70m9/uWyLEIm1+g318CaucUACfa0Rb YYD4VZy8KV2MT9Qt974bDHg= =BMck -----END PGP SIGNATURE-----