From bugzilla at redhat.com Tue Aug 5 03:39:37 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Aug 2014 03:39:37 +0000 Subject: [RHSA-2014:1004-01] Important: yum-updatesd security update Message-ID: <201408050339.s753dPFm006280@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: yum-updatesd security update Advisory ID: RHSA-2014:1004-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1004.html Issue date: 2014-08-05 CVE Names: CVE-2014-0022 ===================================================================== 1. Summary: An updated yum-updatesd package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop (v. 5 client) - noarch 3. Description: The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. (CVE-2014-0022) All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1057377 - CVE-2014-0022 yum: yum-cron installs unsigned packages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: yum-updatesd-0.9-6.el5_10.src.rpm noarch: yum-updatesd-0.9-6.el5_10.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: yum-updatesd-0.9-6.el5_10.src.rpm noarch: yum-updatesd-0.9-6.el5_10.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0022.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4FHSXlSAg2UNWIIRAkDGAJ9VMvVYr74qD8k30j3fYJAfw5I92gCfbL06 vrVTwBKj0j8tghF3XAZ7MF8= =f4BT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 5 20:05:43 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Aug 2014 20:05:43 +0000 Subject: [RHSA-2014:1008-01] Important: samba security and bug fix update Message-ID: <201408052005.s75K5hOP031808@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba security and bug fix update Advisory ID: RHSA-2014:1008-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1008.html Issue date: 2014-08-05 CVE Names: CVE-2014-3560 ===================================================================== 1. Summary: Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) This update also fixes the following bug: * Prior to this update, Samba incorrectly used the O_TRUNC flag when using the open(2) system call to access the contents of a file that was already opened by a different process, causing the file's previous contents to be removed. With this update, the O_TRUNC flag is no longer used in the above scenario, and file corruption no longer occurs. (BZ#1115490) All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1115490 - Samba file corruption as a result of failed lock check 1126010 - CVE-2014-3560 samba: remote code execution in nmbd 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.1.1-37.el7_0.src.rpm x86_64: libsmbclient-4.1.1-37.el7_0.i686.rpm libsmbclient-4.1.1-37.el7_0.x86_64.rpm libwbclient-4.1.1-37.el7_0.i686.rpm libwbclient-4.1.1-37.el7_0.x86_64.rpm samba-client-4.1.1-37.el7_0.x86_64.rpm samba-common-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-libs-4.1.1-37.el7_0.i686.rpm samba-libs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-4.1.1-37.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-37.el7_0.i686.rpm samba-winbind-modules-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-37.el7_0.i686.rpm libsmbclient-devel-4.1.1-37.el7_0.x86_64.rpm libwbclient-devel-4.1.1-37.el7_0.i686.rpm libwbclient-devel-4.1.1-37.el7_0.x86_64.rpm samba-4.1.1-37.el7_0.x86_64.rpm samba-dc-4.1.1-37.el7_0.x86_64.rpm samba-dc-libs-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-devel-4.1.1-37.el7_0.i686.rpm samba-devel-4.1.1-37.el7_0.x86_64.rpm samba-pidl-4.1.1-37.el7_0.x86_64.rpm samba-python-4.1.1-37.el7_0.x86_64.rpm samba-test-4.1.1-37.el7_0.x86_64.rpm samba-test-devel-4.1.1-37.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-37.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.1.1-37.el7_0.src.rpm x86_64: libsmbclient-4.1.1-37.el7_0.i686.rpm libsmbclient-4.1.1-37.el7_0.x86_64.rpm libwbclient-4.1.1-37.el7_0.i686.rpm libwbclient-4.1.1-37.el7_0.x86_64.rpm samba-client-4.1.1-37.el7_0.x86_64.rpm samba-common-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-libs-4.1.1-37.el7_0.i686.rpm samba-libs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-4.1.1-37.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-37.el7_0.i686.rpm samba-winbind-modules-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-37.el7_0.i686.rpm libsmbclient-devel-4.1.1-37.el7_0.x86_64.rpm libwbclient-devel-4.1.1-37.el7_0.i686.rpm libwbclient-devel-4.1.1-37.el7_0.x86_64.rpm samba-4.1.1-37.el7_0.x86_64.rpm samba-dc-4.1.1-37.el7_0.x86_64.rpm samba-dc-libs-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-devel-4.1.1-37.el7_0.i686.rpm samba-devel-4.1.1-37.el7_0.x86_64.rpm samba-pidl-4.1.1-37.el7_0.x86_64.rpm samba-python-4.1.1-37.el7_0.x86_64.rpm samba-test-4.1.1-37.el7_0.x86_64.rpm samba-test-devel-4.1.1-37.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-37.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.1.1-37.el7_0.src.rpm ppc64: libsmbclient-4.1.1-37.el7_0.ppc.rpm libsmbclient-4.1.1-37.el7_0.ppc64.rpm libwbclient-4.1.1-37.el7_0.ppc.rpm libwbclient-4.1.1-37.el7_0.ppc64.rpm samba-4.1.1-37.el7_0.ppc64.rpm samba-client-4.1.1-37.el7_0.ppc64.rpm samba-common-4.1.1-37.el7_0.ppc64.rpm samba-debuginfo-4.1.1-37.el7_0.ppc.rpm samba-debuginfo-4.1.1-37.el7_0.ppc64.rpm samba-libs-4.1.1-37.el7_0.ppc.rpm samba-libs-4.1.1-37.el7_0.ppc64.rpm samba-winbind-4.1.1-37.el7_0.ppc64.rpm samba-winbind-modules-4.1.1-37.el7_0.ppc.rpm samba-winbind-modules-4.1.1-37.el7_0.ppc64.rpm s390x: libsmbclient-4.1.1-37.el7_0.s390.rpm libsmbclient-4.1.1-37.el7_0.s390x.rpm libwbclient-4.1.1-37.el7_0.s390.rpm libwbclient-4.1.1-37.el7_0.s390x.rpm samba-4.1.1-37.el7_0.s390x.rpm samba-client-4.1.1-37.el7_0.s390x.rpm samba-common-4.1.1-37.el7_0.s390x.rpm samba-debuginfo-4.1.1-37.el7_0.s390.rpm samba-debuginfo-4.1.1-37.el7_0.s390x.rpm samba-libs-4.1.1-37.el7_0.s390.rpm samba-libs-4.1.1-37.el7_0.s390x.rpm samba-winbind-4.1.1-37.el7_0.s390x.rpm samba-winbind-modules-4.1.1-37.el7_0.s390.rpm samba-winbind-modules-4.1.1-37.el7_0.s390x.rpm x86_64: libsmbclient-4.1.1-37.el7_0.i686.rpm libsmbclient-4.1.1-37.el7_0.x86_64.rpm libwbclient-4.1.1-37.el7_0.i686.rpm libwbclient-4.1.1-37.el7_0.x86_64.rpm samba-4.1.1-37.el7_0.x86_64.rpm samba-client-4.1.1-37.el7_0.x86_64.rpm samba-common-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-libs-4.1.1-37.el7_0.i686.rpm samba-libs-4.1.1-37.el7_0.x86_64.rpm samba-python-4.1.1-37.el7_0.x86_64.rpm samba-winbind-4.1.1-37.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-37.el7_0.i686.rpm samba-winbind-modules-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsmbclient-devel-4.1.1-37.el7_0.ppc.rpm libsmbclient-devel-4.1.1-37.el7_0.ppc64.rpm libwbclient-devel-4.1.1-37.el7_0.ppc.rpm libwbclient-devel-4.1.1-37.el7_0.ppc64.rpm samba-dc-4.1.1-37.el7_0.ppc64.rpm samba-dc-libs-4.1.1-37.el7_0.ppc64.rpm samba-debuginfo-4.1.1-37.el7_0.ppc.rpm samba-debuginfo-4.1.1-37.el7_0.ppc64.rpm samba-devel-4.1.1-37.el7_0.ppc.rpm samba-devel-4.1.1-37.el7_0.ppc64.rpm samba-pidl-4.1.1-37.el7_0.ppc64.rpm samba-python-4.1.1-37.el7_0.ppc64.rpm samba-test-4.1.1-37.el7_0.ppc64.rpm samba-test-devel-4.1.1-37.el7_0.ppc64.rpm samba-winbind-clients-4.1.1-37.el7_0.ppc64.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.ppc64.rpm s390x: libsmbclient-devel-4.1.1-37.el7_0.s390.rpm libsmbclient-devel-4.1.1-37.el7_0.s390x.rpm libwbclient-devel-4.1.1-37.el7_0.s390.rpm libwbclient-devel-4.1.1-37.el7_0.s390x.rpm samba-dc-4.1.1-37.el7_0.s390x.rpm samba-dc-libs-4.1.1-37.el7_0.s390x.rpm samba-debuginfo-4.1.1-37.el7_0.s390.rpm samba-debuginfo-4.1.1-37.el7_0.s390x.rpm samba-devel-4.1.1-37.el7_0.s390.rpm samba-devel-4.1.1-37.el7_0.s390x.rpm samba-pidl-4.1.1-37.el7_0.s390x.rpm samba-python-4.1.1-37.el7_0.s390x.rpm samba-test-4.1.1-37.el7_0.s390x.rpm samba-test-devel-4.1.1-37.el7_0.s390x.rpm samba-winbind-clients-4.1.1-37.el7_0.s390x.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.s390x.rpm x86_64: libsmbclient-devel-4.1.1-37.el7_0.i686.rpm libsmbclient-devel-4.1.1-37.el7_0.x86_64.rpm libwbclient-devel-4.1.1-37.el7_0.i686.rpm libwbclient-devel-4.1.1-37.el7_0.x86_64.rpm samba-dc-4.1.1-37.el7_0.x86_64.rpm samba-dc-libs-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-devel-4.1.1-37.el7_0.i686.rpm samba-devel-4.1.1-37.el7_0.x86_64.rpm samba-pidl-4.1.1-37.el7_0.x86_64.rpm samba-test-4.1.1-37.el7_0.x86_64.rpm samba-test-devel-4.1.1-37.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-37.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.1.1-37.el7_0.src.rpm x86_64: libsmbclient-4.1.1-37.el7_0.i686.rpm libsmbclient-4.1.1-37.el7_0.x86_64.rpm libwbclient-4.1.1-37.el7_0.i686.rpm libwbclient-4.1.1-37.el7_0.x86_64.rpm samba-4.1.1-37.el7_0.x86_64.rpm samba-client-4.1.1-37.el7_0.x86_64.rpm samba-common-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-libs-4.1.1-37.el7_0.i686.rpm samba-libs-4.1.1-37.el7_0.x86_64.rpm samba-python-4.1.1-37.el7_0.x86_64.rpm samba-winbind-4.1.1-37.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-37.el7_0.i686.rpm samba-winbind-modules-4.1.1-37.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsmbclient-devel-4.1.1-37.el7_0.i686.rpm libsmbclient-devel-4.1.1-37.el7_0.x86_64.rpm libwbclient-devel-4.1.1-37.el7_0.i686.rpm libwbclient-devel-4.1.1-37.el7_0.x86_64.rpm samba-dc-4.1.1-37.el7_0.x86_64.rpm samba-dc-libs-4.1.1-37.el7_0.x86_64.rpm samba-debuginfo-4.1.1-37.el7_0.i686.rpm samba-debuginfo-4.1.1-37.el7_0.x86_64.rpm samba-devel-4.1.1-37.el7_0.i686.rpm samba-devel-4.1.1-37.el7_0.x86_64.rpm samba-pidl-4.1.1-37.el7_0.x86_64.rpm samba-test-4.1.1-37.el7_0.x86_64.rpm samba-test-devel-4.1.1-37.el7_0.x86_64.rpm samba-vfs-glusterfs-4.1.1-37.el7_0.x86_64.rpm samba-winbind-clients-4.1.1-37.el7_0.x86_64.rpm samba-winbind-krb5-locator-4.1.1-37.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3560.html https://access.redhat.com/security/updates/classification/#important https://www.samba.org/samba/security/CVE-2014-3560 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4TkGXlSAg2UNWIIRAjeIAKCNyxPHgOVCrcCBUnfD7qB8rRpZKQCfXxMU X+IkQlg8K91fZatbsAcPLzw= =duRj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 5 20:06:18 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Aug 2014 20:06:18 +0000 Subject: [RHSA-2014:1009-01] Important: samba4 security update Message-ID: <201408052006.s75K6IMU021532@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: samba4 security update Advisory ID: RHSA-2014:1009-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1009.html Issue date: 2014-08-05 CVE Names: CVE-2014-3560 ===================================================================== 1. Summary: Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1126010 - CVE-2014-3560 samba: remote code execution in nmbd 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: samba4-4.0.0-63.el6_5.rc4.src.rpm i386: samba4-4.0.0-63.el6_5.rc4.i686.rpm samba4-client-4.0.0-63.el6_5.rc4.i686.rpm samba4-common-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.i686.rpm samba4-devel-4.0.0-63.el6_5.rc4.i686.rpm samba4-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-63.el6_5.rc4.i686.rpm samba4-python-4.0.0-63.el6_5.rc4.i686.rpm samba4-swat-4.0.0-63.el6_5.rc4.i686.rpm samba4-test-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: samba4-4.0.0-63.el6_5.rc4.src.rpm x86_64: samba4-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: samba4-4.0.0-63.el6_5.rc4.src.rpm i386: samba4-4.0.0-63.el6_5.rc4.i686.rpm samba4-client-4.0.0-63.el6_5.rc4.i686.rpm samba4-common-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.i686.rpm samba4-devel-4.0.0-63.el6_5.rc4.i686.rpm samba4-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-63.el6_5.rc4.i686.rpm samba4-python-4.0.0-63.el6_5.rc4.i686.rpm samba4-swat-4.0.0-63.el6_5.rc4.i686.rpm samba4-test-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.i686.rpm ppc64: samba4-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-client-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-common-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-dc-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-devel-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-libs-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-pidl-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-python-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-swat-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-test-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-winbind-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.ppc64.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.ppc64.rpm s390x: samba4-4.0.0-63.el6_5.rc4.s390x.rpm samba4-client-4.0.0-63.el6_5.rc4.s390x.rpm samba4-common-4.0.0-63.el6_5.rc4.s390x.rpm samba4-dc-4.0.0-63.el6_5.rc4.s390x.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.s390x.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.s390x.rpm samba4-devel-4.0.0-63.el6_5.rc4.s390x.rpm samba4-libs-4.0.0-63.el6_5.rc4.s390x.rpm samba4-pidl-4.0.0-63.el6_5.rc4.s390x.rpm samba4-python-4.0.0-63.el6_5.rc4.s390x.rpm samba4-swat-4.0.0-63.el6_5.rc4.s390x.rpm samba4-test-4.0.0-63.el6_5.rc4.s390x.rpm samba4-winbind-4.0.0-63.el6_5.rc4.s390x.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.s390x.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.s390x.rpm x86_64: samba4-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: samba4-4.0.0-63.el6_5.rc4.src.rpm i386: samba4-4.0.0-63.el6_5.rc4.i686.rpm samba4-client-4.0.0-63.el6_5.rc4.i686.rpm samba4-common-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-4.0.0-63.el6_5.rc4.i686.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.i686.rpm samba4-devel-4.0.0-63.el6_5.rc4.i686.rpm samba4-libs-4.0.0-63.el6_5.rc4.i686.rpm samba4-pidl-4.0.0-63.el6_5.rc4.i686.rpm samba4-python-4.0.0-63.el6_5.rc4.i686.rpm samba4-swat-4.0.0-63.el6_5.rc4.i686.rpm samba4-test-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.i686.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.i686.rpm x86_64: samba4-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-client-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-common-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-dc-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-debuginfo-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-devel-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-libs-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-pidl-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-python-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-swat-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-test-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-clients-4.0.0-63.el6_5.rc4.x86_64.rpm samba4-winbind-krb5-locator-4.0.0-63.el6_5.rc4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3560.html https://access.redhat.com/security/updates/classification/#important https://www.samba.org/samba/security/CVE-2014-3560 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4TksXlSAg2UNWIIRAjPmAJ9DvWVDbU6s8PHY1Oj+IxmAlYYp8ACcDBFg FevjRaN1iw3l3AiJn3jrjo4= =roia -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 6 01:04:23 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Aug 2014 01:04:23 +0000 Subject: [RHSA-2014:1011-01] Moderate: resteasy-base security update Message-ID: <201408060104.s7614O5M017589@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: resteasy-base security update Advisory ID: RHSA-2014:1011-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1011.html Issue date: 2014-08-06 CVE Names: CVE-2014-3490 ===================================================================== 1. Summary: Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: resteasy-base-2.3.5-3.el7_0.src.rpm noarch: resteasy-base-2.3.5-3.el7_0.noarch.rpm resteasy-base-atom-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jackson-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-javadoc-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxb-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-all-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-api-2.3.5-3.el7_0.noarch.rpm resteasy-base-jettison-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-providers-pom-2.3.5-3.el7_0.noarch.rpm resteasy-base-tjws-2.3.5-3.el7_0.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: resteasy-base-2.3.5-3.el7_0.src.rpm noarch: resteasy-base-2.3.5-3.el7_0.noarch.rpm resteasy-base-atom-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jackson-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-javadoc-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxb-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-all-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-api-2.3.5-3.el7_0.noarch.rpm resteasy-base-jettison-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-providers-pom-2.3.5-3.el7_0.noarch.rpm resteasy-base-tjws-2.3.5-3.el7_0.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: resteasy-base-2.3.5-3.el7_0.src.rpm noarch: resteasy-base-atom-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxb-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-api-2.3.5-3.el7_0.noarch.rpm resteasy-base-jettison-provider-2.3.5-3.el7_0.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: resteasy-base-2.3.5-3.el7_0.noarch.rpm resteasy-base-jackson-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-javadoc-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-all-2.3.5-3.el7_0.noarch.rpm resteasy-base-providers-pom-2.3.5-3.el7_0.noarch.rpm resteasy-base-tjws-2.3.5-3.el7_0.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: resteasy-base-2.3.5-3.el7_0.src.rpm noarch: resteasy-base-atom-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxb-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-api-2.3.5-3.el7_0.noarch.rpm resteasy-base-jettison-provider-2.3.5-3.el7_0.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: resteasy-base-2.3.5-3.el7_0.noarch.rpm resteasy-base-jackson-provider-2.3.5-3.el7_0.noarch.rpm resteasy-base-javadoc-2.3.5-3.el7_0.noarch.rpm resteasy-base-jaxrs-all-2.3.5-3.el7_0.noarch.rpm resteasy-base-providers-pom-2.3.5-3.el7_0.noarch.rpm resteasy-base-tjws-2.3.5-3.el7_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3490.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4X73XlSAg2UNWIIRArKVAJ4sJj6WgQ1Teg8mHsIrr8M78C6SHgCdFnSh MeJ2H9i3X1wTe1FWlYcfuSc= =9UlO -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 6 05:23:22 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Aug 2014 05:23:22 +0000 Subject: [RHSA-2014:1012-01] Moderate: php53 and php security update Message-ID: <201408060523.s765N9kg018358@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php53 and php security update Advisory ID: RHSA-2014:1012-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1012.html Issue date: 2014-08-06 CVE Names: CVE-2012-1571 CVE-2013-6712 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721 ===================================================================== 1. Summary: Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 805197 - CVE-2012-1571 file: out of bounds read in CDF parser 1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: php53-5.3.3-23.el5_10.src.rpm i386: php53-5.3.3-23.el5_10.i386.rpm php53-bcmath-5.3.3-23.el5_10.i386.rpm php53-cli-5.3.3-23.el5_10.i386.rpm php53-common-5.3.3-23.el5_10.i386.rpm php53-dba-5.3.3-23.el5_10.i386.rpm php53-debuginfo-5.3.3-23.el5_10.i386.rpm php53-devel-5.3.3-23.el5_10.i386.rpm php53-gd-5.3.3-23.el5_10.i386.rpm php53-imap-5.3.3-23.el5_10.i386.rpm php53-intl-5.3.3-23.el5_10.i386.rpm php53-ldap-5.3.3-23.el5_10.i386.rpm php53-mbstring-5.3.3-23.el5_10.i386.rpm php53-mysql-5.3.3-23.el5_10.i386.rpm php53-odbc-5.3.3-23.el5_10.i386.rpm php53-pdo-5.3.3-23.el5_10.i386.rpm php53-pgsql-5.3.3-23.el5_10.i386.rpm php53-process-5.3.3-23.el5_10.i386.rpm php53-pspell-5.3.3-23.el5_10.i386.rpm php53-snmp-5.3.3-23.el5_10.i386.rpm php53-soap-5.3.3-23.el5_10.i386.rpm php53-xml-5.3.3-23.el5_10.i386.rpm php53-xmlrpc-5.3.3-23.el5_10.i386.rpm x86_64: php53-5.3.3-23.el5_10.x86_64.rpm php53-bcmath-5.3.3-23.el5_10.x86_64.rpm php53-cli-5.3.3-23.el5_10.x86_64.rpm php53-common-5.3.3-23.el5_10.x86_64.rpm php53-dba-5.3.3-23.el5_10.x86_64.rpm php53-debuginfo-5.3.3-23.el5_10.x86_64.rpm php53-devel-5.3.3-23.el5_10.x86_64.rpm php53-gd-5.3.3-23.el5_10.x86_64.rpm php53-imap-5.3.3-23.el5_10.x86_64.rpm php53-intl-5.3.3-23.el5_10.x86_64.rpm php53-ldap-5.3.3-23.el5_10.x86_64.rpm php53-mbstring-5.3.3-23.el5_10.x86_64.rpm php53-mysql-5.3.3-23.el5_10.x86_64.rpm php53-odbc-5.3.3-23.el5_10.x86_64.rpm php53-pdo-5.3.3-23.el5_10.x86_64.rpm php53-pgsql-5.3.3-23.el5_10.x86_64.rpm php53-process-5.3.3-23.el5_10.x86_64.rpm php53-pspell-5.3.3-23.el5_10.x86_64.rpm php53-snmp-5.3.3-23.el5_10.x86_64.rpm php53-soap-5.3.3-23.el5_10.x86_64.rpm php53-xml-5.3.3-23.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-23.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: php53-5.3.3-23.el5_10.src.rpm i386: php53-5.3.3-23.el5_10.i386.rpm php53-bcmath-5.3.3-23.el5_10.i386.rpm php53-cli-5.3.3-23.el5_10.i386.rpm php53-common-5.3.3-23.el5_10.i386.rpm php53-dba-5.3.3-23.el5_10.i386.rpm php53-debuginfo-5.3.3-23.el5_10.i386.rpm php53-devel-5.3.3-23.el5_10.i386.rpm php53-gd-5.3.3-23.el5_10.i386.rpm php53-imap-5.3.3-23.el5_10.i386.rpm php53-intl-5.3.3-23.el5_10.i386.rpm php53-ldap-5.3.3-23.el5_10.i386.rpm php53-mbstring-5.3.3-23.el5_10.i386.rpm php53-mysql-5.3.3-23.el5_10.i386.rpm php53-odbc-5.3.3-23.el5_10.i386.rpm php53-pdo-5.3.3-23.el5_10.i386.rpm php53-pgsql-5.3.3-23.el5_10.i386.rpm php53-process-5.3.3-23.el5_10.i386.rpm php53-pspell-5.3.3-23.el5_10.i386.rpm php53-snmp-5.3.3-23.el5_10.i386.rpm php53-soap-5.3.3-23.el5_10.i386.rpm php53-xml-5.3.3-23.el5_10.i386.rpm php53-xmlrpc-5.3.3-23.el5_10.i386.rpm ia64: php53-5.3.3-23.el5_10.ia64.rpm php53-bcmath-5.3.3-23.el5_10.ia64.rpm php53-cli-5.3.3-23.el5_10.ia64.rpm php53-common-5.3.3-23.el5_10.ia64.rpm php53-dba-5.3.3-23.el5_10.ia64.rpm php53-debuginfo-5.3.3-23.el5_10.ia64.rpm php53-devel-5.3.3-23.el5_10.ia64.rpm php53-gd-5.3.3-23.el5_10.ia64.rpm php53-imap-5.3.3-23.el5_10.ia64.rpm php53-intl-5.3.3-23.el5_10.ia64.rpm php53-ldap-5.3.3-23.el5_10.ia64.rpm php53-mbstring-5.3.3-23.el5_10.ia64.rpm php53-mysql-5.3.3-23.el5_10.ia64.rpm php53-odbc-5.3.3-23.el5_10.ia64.rpm php53-pdo-5.3.3-23.el5_10.ia64.rpm php53-pgsql-5.3.3-23.el5_10.ia64.rpm php53-process-5.3.3-23.el5_10.ia64.rpm php53-pspell-5.3.3-23.el5_10.ia64.rpm php53-snmp-5.3.3-23.el5_10.ia64.rpm php53-soap-5.3.3-23.el5_10.ia64.rpm php53-xml-5.3.3-23.el5_10.ia64.rpm php53-xmlrpc-5.3.3-23.el5_10.ia64.rpm ppc: php53-5.3.3-23.el5_10.ppc.rpm php53-bcmath-5.3.3-23.el5_10.ppc.rpm php53-cli-5.3.3-23.el5_10.ppc.rpm php53-common-5.3.3-23.el5_10.ppc.rpm php53-dba-5.3.3-23.el5_10.ppc.rpm php53-debuginfo-5.3.3-23.el5_10.ppc.rpm php53-devel-5.3.3-23.el5_10.ppc.rpm php53-gd-5.3.3-23.el5_10.ppc.rpm php53-imap-5.3.3-23.el5_10.ppc.rpm php53-intl-5.3.3-23.el5_10.ppc.rpm php53-ldap-5.3.3-23.el5_10.ppc.rpm php53-mbstring-5.3.3-23.el5_10.ppc.rpm php53-mysql-5.3.3-23.el5_10.ppc.rpm php53-odbc-5.3.3-23.el5_10.ppc.rpm php53-pdo-5.3.3-23.el5_10.ppc.rpm php53-pgsql-5.3.3-23.el5_10.ppc.rpm php53-process-5.3.3-23.el5_10.ppc.rpm php53-pspell-5.3.3-23.el5_10.ppc.rpm php53-snmp-5.3.3-23.el5_10.ppc.rpm php53-soap-5.3.3-23.el5_10.ppc.rpm php53-xml-5.3.3-23.el5_10.ppc.rpm php53-xmlrpc-5.3.3-23.el5_10.ppc.rpm s390x: php53-5.3.3-23.el5_10.s390x.rpm php53-bcmath-5.3.3-23.el5_10.s390x.rpm php53-cli-5.3.3-23.el5_10.s390x.rpm php53-common-5.3.3-23.el5_10.s390x.rpm php53-dba-5.3.3-23.el5_10.s390x.rpm php53-debuginfo-5.3.3-23.el5_10.s390x.rpm php53-devel-5.3.3-23.el5_10.s390x.rpm php53-gd-5.3.3-23.el5_10.s390x.rpm php53-imap-5.3.3-23.el5_10.s390x.rpm php53-intl-5.3.3-23.el5_10.s390x.rpm php53-ldap-5.3.3-23.el5_10.s390x.rpm php53-mbstring-5.3.3-23.el5_10.s390x.rpm php53-mysql-5.3.3-23.el5_10.s390x.rpm php53-odbc-5.3.3-23.el5_10.s390x.rpm php53-pdo-5.3.3-23.el5_10.s390x.rpm php53-pgsql-5.3.3-23.el5_10.s390x.rpm php53-process-5.3.3-23.el5_10.s390x.rpm php53-pspell-5.3.3-23.el5_10.s390x.rpm php53-snmp-5.3.3-23.el5_10.s390x.rpm php53-soap-5.3.3-23.el5_10.s390x.rpm php53-xml-5.3.3-23.el5_10.s390x.rpm php53-xmlrpc-5.3.3-23.el5_10.s390x.rpm x86_64: php53-5.3.3-23.el5_10.x86_64.rpm php53-bcmath-5.3.3-23.el5_10.x86_64.rpm php53-cli-5.3.3-23.el5_10.x86_64.rpm php53-common-5.3.3-23.el5_10.x86_64.rpm php53-dba-5.3.3-23.el5_10.x86_64.rpm php53-debuginfo-5.3.3-23.el5_10.x86_64.rpm php53-devel-5.3.3-23.el5_10.x86_64.rpm php53-gd-5.3.3-23.el5_10.x86_64.rpm php53-imap-5.3.3-23.el5_10.x86_64.rpm php53-intl-5.3.3-23.el5_10.x86_64.rpm php53-ldap-5.3.3-23.el5_10.x86_64.rpm php53-mbstring-5.3.3-23.el5_10.x86_64.rpm php53-mysql-5.3.3-23.el5_10.x86_64.rpm php53-odbc-5.3.3-23.el5_10.x86_64.rpm php53-pdo-5.3.3-23.el5_10.x86_64.rpm php53-pgsql-5.3.3-23.el5_10.x86_64.rpm php53-process-5.3.3-23.el5_10.x86_64.rpm php53-pspell-5.3.3-23.el5_10.x86_64.rpm php53-snmp-5.3.3-23.el5_10.x86_64.rpm php53-soap-5.3.3-23.el5_10.x86_64.rpm php53-xml-5.3.3-23.el5_10.x86_64.rpm php53-xmlrpc-5.3.3-23.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm x86_64: php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm ppc64: php-5.3.3-27.el6_5.1.ppc64.rpm php-cli-5.3.3-27.el6_5.1.ppc64.rpm php-common-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-gd-5.3.3-27.el6_5.1.ppc64.rpm php-gd-5.3.3-27.el6_5.1.ppc64.rpm php-ldap-5.3.3-27.el6_5.1.ppc64.rpm php-mysql-5.3.3-27.el6_5.1.ppc64.rpm php-mysql-5.3.3-27.el6_5.1.ppc64.rpm php-odbc-5.3.3-27.el6_5.1.ppc64.rpm php-odbc-5.3.3-27.el6_5.1.ppc64.rpm php-pdo-5.3.3-27.el6_5.1.ppc64.rpm php-pgsql-5.3.3-27.el6_5.1.ppc64.rpm php-soap-5.3.3-27.el6_5.1.ppc64.rpm php-xml-5.3.3-27.el6_5.1.ppc64.rpm php-xml-5.3.3-27.el6_5.1.ppc64.rpm php-xmlrpc-5.3.3-27.el6_5.1.ppc64.rpm s390x: php-5.3.3-27.el6_5.1.s390x.rpm php-cli-5.3.3-27.el6_5.1.s390x.rpm php-common-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-gd-5.3.3-27.el6_5.1.s390x.rpm php-gd-5.3.3-27.el6_5.1.s390x.rpm php-ldap-5.3.3-27.el6_5.1.s390x.rpm php-mysql-5.3.3-27.el6_5.1.s390x.rpm php-mysql-5.3.3-27.el6_5.1.s390x.rpm php-odbc-5.3.3-27.el6_5.1.s390x.rpm php-odbc-5.3.3-27.el6_5.1.s390x.rpm php-pdo-5.3.3-27.el6_5.1.s390x.rpm php-pgsql-5.3.3-27.el6_5.1.s390x.rpm php-soap-5.3.3-27.el6_5.1.s390x.rpm php-xml-5.3.3-27.el6_5.1.s390x.rpm php-xmlrpc-5.3.3-27.el6_5.1.s390x.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm ppc64: php-bcmath-5.3.3-27.el6_5.1.ppc64.rpm php-dba-5.3.3-27.el6_5.1.ppc64.rpm php-debuginfo-5.3.3-27.el6_5.1.ppc64.rpm php-devel-5.3.3-27.el6_5.1.ppc64.rpm php-embedded-5.3.3-27.el6_5.1.ppc64.rpm php-enchant-5.3.3-27.el6_5.1.ppc64.rpm php-fpm-5.3.3-27.el6_5.1.ppc64.rpm php-imap-5.3.3-27.el6_5.1.ppc64.rpm php-intl-5.3.3-27.el6_5.1.ppc64.rpm php-mbstring-5.3.3-27.el6_5.1.ppc64.rpm php-process-5.3.3-27.el6_5.1.ppc64.rpm php-pspell-5.3.3-27.el6_5.1.ppc64.rpm php-recode-5.3.3-27.el6_5.1.ppc64.rpm php-snmp-5.3.3-27.el6_5.1.ppc64.rpm php-tidy-5.3.3-27.el6_5.1.ppc64.rpm php-zts-5.3.3-27.el6_5.1.ppc64.rpm s390x: php-bcmath-5.3.3-27.el6_5.1.s390x.rpm php-dba-5.3.3-27.el6_5.1.s390x.rpm php-debuginfo-5.3.3-27.el6_5.1.s390x.rpm php-devel-5.3.3-27.el6_5.1.s390x.rpm php-embedded-5.3.3-27.el6_5.1.s390x.rpm php-enchant-5.3.3-27.el6_5.1.s390x.rpm php-fpm-5.3.3-27.el6_5.1.s390x.rpm php-imap-5.3.3-27.el6_5.1.s390x.rpm php-intl-5.3.3-27.el6_5.1.s390x.rpm php-mbstring-5.3.3-27.el6_5.1.s390x.rpm php-process-5.3.3-27.el6_5.1.s390x.rpm php-pspell-5.3.3-27.el6_5.1.s390x.rpm php-recode-5.3.3-27.el6_5.1.s390x.rpm php-snmp-5.3.3-27.el6_5.1.s390x.rpm php-tidy-5.3.3-27.el6_5.1.s390x.rpm php-zts-5.3.3-27.el6_5.1.s390x.rpm x86_64: php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-5.3.3-27.el6_5.1.i686.rpm php-cli-5.3.3-27.el6_5.1.i686.rpm php-common-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-gd-5.3.3-27.el6_5.1.i686.rpm php-ldap-5.3.3-27.el6_5.1.i686.rpm php-mysql-5.3.3-27.el6_5.1.i686.rpm php-odbc-5.3.3-27.el6_5.1.i686.rpm php-pdo-5.3.3-27.el6_5.1.i686.rpm php-pgsql-5.3.3-27.el6_5.1.i686.rpm php-soap-5.3.3-27.el6_5.1.i686.rpm php-xml-5.3.3-27.el6_5.1.i686.rpm php-xmlrpc-5.3.3-27.el6_5.1.i686.rpm x86_64: php-5.3.3-27.el6_5.1.x86_64.rpm php-cli-5.3.3-27.el6_5.1.x86_64.rpm php-common-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-gd-5.3.3-27.el6_5.1.x86_64.rpm php-ldap-5.3.3-27.el6_5.1.x86_64.rpm php-mysql-5.3.3-27.el6_5.1.x86_64.rpm php-odbc-5.3.3-27.el6_5.1.x86_64.rpm php-pdo-5.3.3-27.el6_5.1.x86_64.rpm php-pgsql-5.3.3-27.el6_5.1.x86_64.rpm php-soap-5.3.3-27.el6_5.1.x86_64.rpm php-xml-5.3.3-27.el6_5.1.x86_64.rpm php-xmlrpc-5.3.3-27.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: php-5.3.3-27.el6_5.1.src.rpm i386: php-bcmath-5.3.3-27.el6_5.1.i686.rpm php-dba-5.3.3-27.el6_5.1.i686.rpm php-debuginfo-5.3.3-27.el6_5.1.i686.rpm php-devel-5.3.3-27.el6_5.1.i686.rpm php-embedded-5.3.3-27.el6_5.1.i686.rpm php-enchant-5.3.3-27.el6_5.1.i686.rpm php-fpm-5.3.3-27.el6_5.1.i686.rpm php-imap-5.3.3-27.el6_5.1.i686.rpm php-intl-5.3.3-27.el6_5.1.i686.rpm php-mbstring-5.3.3-27.el6_5.1.i686.rpm php-process-5.3.3-27.el6_5.1.i686.rpm php-pspell-5.3.3-27.el6_5.1.i686.rpm php-recode-5.3.3-27.el6_5.1.i686.rpm php-snmp-5.3.3-27.el6_5.1.i686.rpm php-tidy-5.3.3-27.el6_5.1.i686.rpm php-zts-5.3.3-27.el6_5.1.i686.rpm x86_64: php-bcmath-5.3.3-27.el6_5.1.x86_64.rpm php-dba-5.3.3-27.el6_5.1.x86_64.rpm php-debuginfo-5.3.3-27.el6_5.1.x86_64.rpm php-devel-5.3.3-27.el6_5.1.x86_64.rpm php-embedded-5.3.3-27.el6_5.1.x86_64.rpm php-enchant-5.3.3-27.el6_5.1.x86_64.rpm php-fpm-5.3.3-27.el6_5.1.x86_64.rpm php-imap-5.3.3-27.el6_5.1.x86_64.rpm php-intl-5.3.3-27.el6_5.1.x86_64.rpm php-mbstring-5.3.3-27.el6_5.1.x86_64.rpm php-process-5.3.3-27.el6_5.1.x86_64.rpm php-pspell-5.3.3-27.el6_5.1.x86_64.rpm php-recode-5.3.3-27.el6_5.1.x86_64.rpm php-snmp-5.3.3-27.el6_5.1.x86_64.rpm php-tidy-5.3.3-27.el6_5.1.x86_64.rpm php-zts-5.3.3-27.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1571.html https://www.redhat.com/security/data/cve/CVE-2013-6712.html https://www.redhat.com/security/data/cve/CVE-2014-0237.html https://www.redhat.com/security/data/cve/CVE-2014-0238.html https://www.redhat.com/security/data/cve/CVE-2014-1943.html https://www.redhat.com/security/data/cve/CVE-2014-2270.html https://www.redhat.com/security/data/cve/CVE-2014-3479.html https://www.redhat.com/security/data/cve/CVE-2014-3480.html https://www.redhat.com/security/data/cve/CVE-2014-3515.html https://www.redhat.com/security/data/cve/CVE-2014-4049.html https://www.redhat.com/security/data/cve/CVE-2014-4721.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4bujXlSAg2UNWIIRAjupAJ48N95gPfI5/pzaIYdf4przuZNdmwCgjE/L x544JALirz19qNQAHQ4sjzQ= =t3Ft -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 6 06:11:32 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Aug 2014 06:11:32 +0000 Subject: [RHSA-2014:1013-01] Moderate: php security update Message-ID: <201408060611.s766BJK2010091@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2014:1013-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1013.html Issue date: 2014-08-06 CVE Names: CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: php-5.4.16-23.el7_0.src.rpm x86_64: php-5.4.16-23.el7_0.x86_64.rpm php-bcmath-5.4.16-23.el7_0.x86_64.rpm php-cli-5.4.16-23.el7_0.x86_64.rpm php-common-5.4.16-23.el7_0.x86_64.rpm php-dba-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-devel-5.4.16-23.el7_0.x86_64.rpm php-embedded-5.4.16-23.el7_0.x86_64.rpm php-enchant-5.4.16-23.el7_0.x86_64.rpm php-fpm-5.4.16-23.el7_0.x86_64.rpm php-gd-5.4.16-23.el7_0.x86_64.rpm php-intl-5.4.16-23.el7_0.x86_64.rpm php-ldap-5.4.16-23.el7_0.x86_64.rpm php-mbstring-5.4.16-23.el7_0.x86_64.rpm php-mysql-5.4.16-23.el7_0.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm php-odbc-5.4.16-23.el7_0.x86_64.rpm php-pdo-5.4.16-23.el7_0.x86_64.rpm php-pgsql-5.4.16-23.el7_0.x86_64.rpm php-process-5.4.16-23.el7_0.x86_64.rpm php-pspell-5.4.16-23.el7_0.x86_64.rpm php-recode-5.4.16-23.el7_0.x86_64.rpm php-snmp-5.4.16-23.el7_0.x86_64.rpm php-soap-5.4.16-23.el7_0.x86_64.rpm php-xml-5.4.16-23.el7_0.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: php-5.4.16-23.el7_0.src.rpm x86_64: php-5.4.16-23.el7_0.x86_64.rpm php-bcmath-5.4.16-23.el7_0.x86_64.rpm php-cli-5.4.16-23.el7_0.x86_64.rpm php-common-5.4.16-23.el7_0.x86_64.rpm php-dba-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-devel-5.4.16-23.el7_0.x86_64.rpm php-embedded-5.4.16-23.el7_0.x86_64.rpm php-enchant-5.4.16-23.el7_0.x86_64.rpm php-fpm-5.4.16-23.el7_0.x86_64.rpm php-gd-5.4.16-23.el7_0.x86_64.rpm php-intl-5.4.16-23.el7_0.x86_64.rpm php-ldap-5.4.16-23.el7_0.x86_64.rpm php-mbstring-5.4.16-23.el7_0.x86_64.rpm php-mysql-5.4.16-23.el7_0.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm php-odbc-5.4.16-23.el7_0.x86_64.rpm php-pdo-5.4.16-23.el7_0.x86_64.rpm php-pgsql-5.4.16-23.el7_0.x86_64.rpm php-process-5.4.16-23.el7_0.x86_64.rpm php-pspell-5.4.16-23.el7_0.x86_64.rpm php-recode-5.4.16-23.el7_0.x86_64.rpm php-snmp-5.4.16-23.el7_0.x86_64.rpm php-soap-5.4.16-23.el7_0.x86_64.rpm php-xml-5.4.16-23.el7_0.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: php-5.4.16-23.el7_0.src.rpm ppc64: php-5.4.16-23.el7_0.ppc64.rpm php-cli-5.4.16-23.el7_0.ppc64.rpm php-common-5.4.16-23.el7_0.ppc64.rpm php-debuginfo-5.4.16-23.el7_0.ppc64.rpm php-gd-5.4.16-23.el7_0.ppc64.rpm php-ldap-5.4.16-23.el7_0.ppc64.rpm php-mysql-5.4.16-23.el7_0.ppc64.rpm php-odbc-5.4.16-23.el7_0.ppc64.rpm php-pdo-5.4.16-23.el7_0.ppc64.rpm php-pgsql-5.4.16-23.el7_0.ppc64.rpm php-process-5.4.16-23.el7_0.ppc64.rpm php-recode-5.4.16-23.el7_0.ppc64.rpm php-soap-5.4.16-23.el7_0.ppc64.rpm php-xml-5.4.16-23.el7_0.ppc64.rpm php-xmlrpc-5.4.16-23.el7_0.ppc64.rpm s390x: php-5.4.16-23.el7_0.s390x.rpm php-cli-5.4.16-23.el7_0.s390x.rpm php-common-5.4.16-23.el7_0.s390x.rpm php-debuginfo-5.4.16-23.el7_0.s390x.rpm php-gd-5.4.16-23.el7_0.s390x.rpm php-ldap-5.4.16-23.el7_0.s390x.rpm php-mysql-5.4.16-23.el7_0.s390x.rpm php-odbc-5.4.16-23.el7_0.s390x.rpm php-pdo-5.4.16-23.el7_0.s390x.rpm php-pgsql-5.4.16-23.el7_0.s390x.rpm php-process-5.4.16-23.el7_0.s390x.rpm php-recode-5.4.16-23.el7_0.s390x.rpm php-soap-5.4.16-23.el7_0.s390x.rpm php-xml-5.4.16-23.el7_0.s390x.rpm php-xmlrpc-5.4.16-23.el7_0.s390x.rpm x86_64: php-5.4.16-23.el7_0.x86_64.rpm php-cli-5.4.16-23.el7_0.x86_64.rpm php-common-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-gd-5.4.16-23.el7_0.x86_64.rpm php-ldap-5.4.16-23.el7_0.x86_64.rpm php-mysql-5.4.16-23.el7_0.x86_64.rpm php-odbc-5.4.16-23.el7_0.x86_64.rpm php-pdo-5.4.16-23.el7_0.x86_64.rpm php-pgsql-5.4.16-23.el7_0.x86_64.rpm php-process-5.4.16-23.el7_0.x86_64.rpm php-recode-5.4.16-23.el7_0.x86_64.rpm php-soap-5.4.16-23.el7_0.x86_64.rpm php-xml-5.4.16-23.el7_0.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: php-bcmath-5.4.16-23.el7_0.ppc64.rpm php-dba-5.4.16-23.el7_0.ppc64.rpm php-debuginfo-5.4.16-23.el7_0.ppc64.rpm php-devel-5.4.16-23.el7_0.ppc64.rpm php-embedded-5.4.16-23.el7_0.ppc64.rpm php-enchant-5.4.16-23.el7_0.ppc64.rpm php-fpm-5.4.16-23.el7_0.ppc64.rpm php-intl-5.4.16-23.el7_0.ppc64.rpm php-mbstring-5.4.16-23.el7_0.ppc64.rpm php-mysqlnd-5.4.16-23.el7_0.ppc64.rpm php-pspell-5.4.16-23.el7_0.ppc64.rpm php-snmp-5.4.16-23.el7_0.ppc64.rpm s390x: php-bcmath-5.4.16-23.el7_0.s390x.rpm php-dba-5.4.16-23.el7_0.s390x.rpm php-debuginfo-5.4.16-23.el7_0.s390x.rpm php-devel-5.4.16-23.el7_0.s390x.rpm php-embedded-5.4.16-23.el7_0.s390x.rpm php-enchant-5.4.16-23.el7_0.s390x.rpm php-fpm-5.4.16-23.el7_0.s390x.rpm php-intl-5.4.16-23.el7_0.s390x.rpm php-mbstring-5.4.16-23.el7_0.s390x.rpm php-mysqlnd-5.4.16-23.el7_0.s390x.rpm php-pspell-5.4.16-23.el7_0.s390x.rpm php-snmp-5.4.16-23.el7_0.s390x.rpm x86_64: php-bcmath-5.4.16-23.el7_0.x86_64.rpm php-dba-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-devel-5.4.16-23.el7_0.x86_64.rpm php-embedded-5.4.16-23.el7_0.x86_64.rpm php-enchant-5.4.16-23.el7_0.x86_64.rpm php-fpm-5.4.16-23.el7_0.x86_64.rpm php-intl-5.4.16-23.el7_0.x86_64.rpm php-mbstring-5.4.16-23.el7_0.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm php-pspell-5.4.16-23.el7_0.x86_64.rpm php-snmp-5.4.16-23.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: php-5.4.16-23.el7_0.src.rpm x86_64: php-5.4.16-23.el7_0.x86_64.rpm php-cli-5.4.16-23.el7_0.x86_64.rpm php-common-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-gd-5.4.16-23.el7_0.x86_64.rpm php-ldap-5.4.16-23.el7_0.x86_64.rpm php-mysql-5.4.16-23.el7_0.x86_64.rpm php-odbc-5.4.16-23.el7_0.x86_64.rpm php-pdo-5.4.16-23.el7_0.x86_64.rpm php-pgsql-5.4.16-23.el7_0.x86_64.rpm php-process-5.4.16-23.el7_0.x86_64.rpm php-recode-5.4.16-23.el7_0.x86_64.rpm php-soap-5.4.16-23.el7_0.x86_64.rpm php-xml-5.4.16-23.el7_0.x86_64.rpm php-xmlrpc-5.4.16-23.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: php-bcmath-5.4.16-23.el7_0.x86_64.rpm php-dba-5.4.16-23.el7_0.x86_64.rpm php-debuginfo-5.4.16-23.el7_0.x86_64.rpm php-devel-5.4.16-23.el7_0.x86_64.rpm php-embedded-5.4.16-23.el7_0.x86_64.rpm php-enchant-5.4.16-23.el7_0.x86_64.rpm php-fpm-5.4.16-23.el7_0.x86_64.rpm php-intl-5.4.16-23.el7_0.x86_64.rpm php-mbstring-5.4.16-23.el7_0.x86_64.rpm php-mysqlnd-5.4.16-23.el7_0.x86_64.rpm php-pspell-5.4.16-23.el7_0.x86_64.rpm php-snmp-5.4.16-23.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-7345.html https://www.redhat.com/security/data/cve/CVE-2014-0207.html https://www.redhat.com/security/data/cve/CVE-2014-0237.html https://www.redhat.com/security/data/cve/CVE-2014-0238.html https://www.redhat.com/security/data/cve/CVE-2014-3479.html https://www.redhat.com/security/data/cve/CVE-2014-3480.html https://www.redhat.com/security/data/cve/CVE-2014-3487.html https://www.redhat.com/security/data/cve/CVE-2014-3515.html https://www.redhat.com/security/data/cve/CVE-2014-4049.html https://www.redhat.com/security/data/cve/CVE-2014-4721.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4cb1XlSAg2UNWIIRAjRkAJ9BeZVlj1+yPWopV+9lCs0W3bnYSgCgtekN nfYLKmS5xPL7EXPYTmuDEgQ= =GVs3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 6 17:14:28 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Aug 2014 17:14:28 +0000 Subject: [RHSA-2014:1023-01] Important: kernel security and bug fix update Message-ID: <201408061714.s76HESHu008253@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1023-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1023.html Issue date: 2014-08-06 CVE Names: CVE-2014-0181 CVE-2014-2672 CVE-2014-2673 CVE-2014-2706 CVE-2014-3534 CVE-2014-4667 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. (CVE-2014-3534, Important) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. (CVE-2014-2673, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Martin Schwidefsky of IBM for reporting CVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. This update also fixes the following bugs: * Due to a NULL pointer dereference bug in the IPIP and SIT tunneling code, a kernel panic could be triggered when using IPIP or SIT tunnels with IPsec. This update restructures the related code to avoid a NULL pointer dereference and the kernel no longer panics when using IPIP or SIT tunnels with IPsec. (BZ#1114957) * Previously, an IBM POWER8 system could terminate unexpectedly when the kernel received an IRQ while handling a transactional memory re-checkpoint critical section. This update ensures that IRQs are disabled in this situation and the problem no longer occurs. (BZ#1113150) * A missing read memory barrier, rmb(), in the bnx2x driver caused the kernel to crash under various circumstances. This problem has been fixed by adding an rmb() call to the relevant place in the bnx2x code. (BZ#1107721) * The hpwdt driver previously emitted a panic message that was misleading on certain HP systems. This update ensures that upon a kernel panic, hpwdt displays information valid on all HP systems. (BZ#1096961) * The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3, which provides a number of bug fixes over the previous version in order to correct various timeout problems with the mailbox commands. (BZ#1112389) * The SCSI mid-layer could retry an I/O operation indefinitely if a storage array repeatedly returned a CHECK CONDITION status to that I/O operation but the sense data was invalid. This update fixes the problem by limiting a time for which is such an I/O operation retried. (BZ#1114468) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1083213 - CVE-2014-2673 kernel: powerpc: tm: crash when forking inside a transaction 1083246 - CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep() 1083512 - CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race 1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages 1113967 - CVE-2014-4667 kernel: sctp: sk_ack_backlog wrap-around problem 1114089 - CVE-2014-3534 kernel: s390: ptrace: insufficient sanitization when setting psw mask 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-headers-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.6.3.el7.x86_64.rpm perf-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-headers-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.6.3.el7.x86_64.rpm perf-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.6.3.el7.noarch.rpm ppc64: kernel-3.10.0-123.6.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.6.3.el7.ppc64.rpm kernel-debug-3.10.0-123.6.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.6.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.6.3.el7.ppc64.rpm kernel-devel-3.10.0-123.6.3.el7.ppc64.rpm kernel-headers-3.10.0-123.6.3.el7.ppc64.rpm kernel-tools-3.10.0-123.6.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.6.3.el7.ppc64.rpm perf-3.10.0-123.6.3.el7.ppc64.rpm perf-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm s390x: kernel-3.10.0-123.6.3.el7.s390x.rpm kernel-debug-3.10.0-123.6.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.s390x.rpm kernel-debug-devel-3.10.0-123.6.3.el7.s390x.rpm kernel-debuginfo-3.10.0-123.6.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.6.3.el7.s390x.rpm kernel-devel-3.10.0-123.6.3.el7.s390x.rpm kernel-headers-3.10.0-123.6.3.el7.s390x.rpm kernel-kdump-3.10.0-123.6.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.6.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.6.3.el7.s390x.rpm perf-3.10.0-123.6.3.el7.s390x.rpm perf-debuginfo-3.10.0-123.6.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.s390x.rpm x86_64: kernel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-headers-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.6.3.el7.x86_64.rpm perf-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.6.3.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.6.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.6.3.el7.ppc64.rpm perf-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm python-perf-3.10.0-123.6.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.6.3.el7.s390x.rpm kernel-debuginfo-3.10.0-123.6.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.6.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.6.3.el7.s390x.rpm perf-debuginfo-3.10.0-123.6.3.el7.s390x.rpm python-perf-3.10.0-123.6.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.6.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-devel-3.10.0-123.6.3.el7.x86_64.rpm kernel-headers-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.6.3.el7.x86_64.rpm perf-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.6.3.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.6.3.el7.x86_64.rpm perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm python-perf-3.10.0-123.6.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.6.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0181.html https://www.redhat.com/security/data/cve/CVE-2014-2672.html https://www.redhat.com/security/data/cve/CVE-2014-2673.html https://www.redhat.com/security/data/cve/CVE-2014-2706.html https://www.redhat.com/security/data/cve/CVE-2014-3534.html https://www.redhat.com/security/data/cve/CVE-2014-4667.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4mJhXlSAg2UNWIIRAhsFAJ96uOuaYRW0mxhX77xwkW2T+7zTNgCfUFqB 4OF7mJuTVfVkG4HQMNyuZP0= =5k7H -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 6 17:14:53 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Aug 2014 17:14:53 +0000 Subject: [RHSA-2014:1025-01] Important: kernel security and bug fix update Message-ID: <201408061714.s76HErLS028116@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1025-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1025.html Issue date: 2014-08-06 CVE Names: CVE-2014-4943 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Sasha Levin for reporting this issue. This update also fixes the following bug: * When a device was registered to a bus, a race condition could occur between the device being added to the list of devices of the bus and binding the device to a driver. As a result, the device could already be bound to a driver which led to a warning and incorrect reference counting, and consequently to a kernel panic on device removal. To avoid the race condition, this update adds a check to identify an already bound device. (BZ#1114409) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1119458 - CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt() 6. Package List: Red Hat Enterprise Linux AUS (v. 6.2 server): Source: kernel-2.6.32-220.54.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.54.1.el6.noarch.rpm kernel-firmware-2.6.32-220.54.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.54.1.el6.x86_64.rpm kernel-debug-2.6.32-220.54.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.54.1.el6.x86_64.rpm kernel-devel-2.6.32-220.54.1.el6.x86_64.rpm kernel-headers-2.6.32-220.54.1.el6.x86_64.rpm perf-2.6.32-220.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.54.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.54.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm python-perf-2.6.32-220.54.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4943.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4mKCXlSAg2UNWIIRAhDoAKCyS/CBc45TAYHvCvWvyfwGzxPTDACeIoyA tpd07Qb1JbU8oAflcYPEttQ= =z/mU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 7 18:42:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Aug 2014 18:42:16 +0000 Subject: [RHSA-2014:1031-01] Important: 389-ds-base security update Message-ID: <201408071842.s77IgIIL031987@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: 389-ds-base security update Advisory ID: RHSA-2014:1031-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1031.html Issue date: 2014-08-07 CVE Names: CVE-2014-3562 ===================================================================== 1. Summary: Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. (CVE-2014-3562) This issue was discovered by Ludwig Krispenz of Red Hat. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123477 - CVE-2014-3562 389-ds: unauthenticated information disclosure 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm x86_64: 389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm i386: 389-ds-base-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm x86_64: 389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: 389-ds-base-1.2.11.15-34.el6_5.src.rpm i386: 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm x86_64: 389-ds-base-debuginfo-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-debuginfo-1.2.11.15-34.el6_5.x86_64.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm 389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: 389-ds-base-1.3.1.6-26.el7_0.src.rpm x86_64: 389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: 389-ds-base-1.3.1.6-26.el7_0.src.rpm x86_64: 389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: 389-ds-base-1.3.1.6-26.el7_0.src.rpm x86_64: 389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: 389-ds-base-1.3.1.6-26.el7_0.src.rpm x86_64: 389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: 389-ds-base-debuginfo-1.3.1.6-26.el7_0.x86_64.rpm 389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3562.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFT48h5XlSAg2UNWIIRAhVYAKCXhh4wZD+MVg3vtukAMbf4ittfIACWMt8A Vev7+UB/qqBK7gXYkzPHUQ== =MzUU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 7 18:44:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Aug 2014 18:44:36 +0000 Subject: [RHSA-2014:1033-01] Critical: java-1.6.0-ibm security update Message-ID: <201408071844.s77IiaJp000450@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2014:1033-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1033.html Issue date: 2014-08-07 CVE Names: CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075795 - CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) 1119475 - CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) 1119476 - CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) 1119596 - CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) 1119608 - CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) 1119611 - CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) 1119613 - CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) 1119912 - CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119913 - CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.1-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4209.html https://www.redhat.com/security/data/cve/CVE-2014-4218.html https://www.redhat.com/security/data/cve/CVE-2014-4219.html https://www.redhat.com/security/data/cve/CVE-2014-4227.html https://www.redhat.com/security/data/cve/CVE-2014-4244.html https://www.redhat.com/security/data/cve/CVE-2014-4252.html https://www.redhat.com/security/data/cve/CVE-2014-4262.html https://www.redhat.com/security/data/cve/CVE-2014-4263.html https://www.redhat.com/security/data/cve/CVE-2014-4265.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT48kAXlSAg2UNWIIRAvZUAJ47LMLLZcx+yy732201WL2etaM+3ACeI6D9 H/gbOUvlYloW1XP1d6sivlk= =BdLn -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 7 18:45:42 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Aug 2014 18:45:42 +0000 Subject: [RHSA-2014:1034-01] Low: tomcat security update Message-ID: <201408071845.s77IjgSd000722@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: tomcat security update Advisory ID: RHSA-2014:1034-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1034.html Issue date: 2014-08-07 CVE Names: CVE-2014-0119 ===================================================================== 1. Summary: Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.42-8.el7_0.src.rpm noarch: tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.42-8.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-8.el7_0.noarch.rpm tomcat-docs-webapp-7.0.42-8.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-javadoc-7.0.42-8.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-jsvc-7.0.42-8.el7_0.noarch.rpm tomcat-lib-7.0.42-8.el7_0.noarch.rpm tomcat-webapps-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.42-8.el7_0.src.rpm noarch: tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.42-8.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-8.el7_0.noarch.rpm tomcat-docs-webapp-7.0.42-8.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-javadoc-7.0.42-8.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-jsvc-7.0.42-8.el7_0.noarch.rpm tomcat-lib-7.0.42-8.el7_0.noarch.rpm tomcat-webapps-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.42-8.el7_0.src.rpm noarch: tomcat-7.0.42-8.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-8.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-lib-7.0.42-8.el7_0.noarch.rpm tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch.rpm tomcat-webapps-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.42-8.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-8.el7_0.noarch.rpm tomcat-docs-webapp-7.0.42-8.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-javadoc-7.0.42-8.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-jsvc-7.0.42-8.el7_0.noarch.rpm tomcat-lib-7.0.42-8.el7_0.noarch.rpm tomcat-webapps-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.42-8.el7_0.src.rpm noarch: tomcat-7.0.42-8.el7_0.noarch.rpm tomcat-admin-webapps-7.0.42-8.el7_0.noarch.rpm tomcat-el-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch.rpm tomcat-lib-7.0.42-8.el7_0.noarch.rpm tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch.rpm tomcat-webapps-7.0.42-8.el7_0.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.42-8.el7_0.noarch.rpm tomcat-javadoc-7.0.42-8.el7_0.noarch.rpm tomcat-jsvc-7.0.42-8.el7_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#low https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT48kzXlSAg2UNWIIRAn20AJ45q0idrnczXGHkJjgcnQXoIPYEzACeIU3N 3PDa2mjEuz2Ww24Y4dDqTO0= =SQSl -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 7 21:34:25 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Aug 2014 21:34:25 +0000 Subject: [RHSA-2014:1036-01] Important: java-1.5.0-ibm security update Message-ID: <201408072134.s77LYPhl021093@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2014:1036-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1036.html Issue date: 2014-08-07 CVE Names: CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP7 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075795 - CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) 1119475 - CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) 1119476 - CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) 1119596 - CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) 1119608 - CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) 1119611 - CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) 1119613 - CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el6_5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.7-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4209.html https://www.redhat.com/security/data/cve/CVE-2014-4218.html https://www.redhat.com/security/data/cve/CVE-2014-4219.html https://www.redhat.com/security/data/cve/CVE-2014-4244.html https://www.redhat.com/security/data/cve/CVE-2014-4252.html https://www.redhat.com/security/data/cve/CVE-2014-4262.html https://www.redhat.com/security/data/cve/CVE-2014-4263.html https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT4/BmXlSAg2UNWIIRAuB3AJsG/oScy5MgqyXkcpqYAhJpEgkIrgCfZpS6 ZXY4AMZs/2gnICS2ES5Y0Rw= =WJfL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:22:28 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2014 17:22:28 +0000 Subject: [RHSA-2014:1038-01] Low: tomcat6 security update Message-ID: <201408111722.s7BHMTSt024072@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: tomcat6 security update Advisory ID: RHSA-2014:1038-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1038.html Issue date: 2014-08-11 CVE Names: CVE-2013-4590 CVE-2014-0119 ===================================================================== 1. Summary: Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1069911 - CVE-2013-4590 tomcat: information disclosure via XXE when running untrusted web applications 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-6.0.24-78.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-78.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-78.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-78.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-lib-6.0.24-78.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch.rpm tomcat6-webapps-6.0.24-78.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-6.0.24-78.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-78.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-78.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-78.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-lib-6.0.24-78.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch.rpm tomcat6-webapps-6.0.24-78.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-6.0.24-78.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-lib-6.0.24-78.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-78.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-78.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-78.el6_5.noarch.rpm tomcat6-webapps-6.0.24-78.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-6.0.24-78.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-78.el6_5.noarch.rpm tomcat6-lib-6.0.24-78.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-78.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: tomcat6-6.0.24-78.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-78.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-78.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-78.el6_5.noarch.rpm tomcat6-webapps-6.0.24-78.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4590.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#low https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6PstXlSAg2UNWIIRAv2SAJ4mbp2L00af5xen/WIktRpeZZFf7ACgsMya 0K0oLUqW9wnVocdeJ2ItuJw= =HQgP -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:30:18 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2014 17:30:18 +0000 Subject: [RHSA-2014:1041-01] Critical: java-1.7.0-ibm security update Message-ID: <201408111730.s7BHUJjM027994@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2014:1041-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1041.html Issue date: 2014-08-11 CVE Names: CVE-2014-4208 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4266 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075795 - CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) 1119475 - CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) 1119476 - CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) 1119483 - CVE-2014-4221 OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788) 1119596 - CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) 1119608 - CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) 1119611 - CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) 1119613 - CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) 1119615 - CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301) 1119912 - CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119913 - CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119914 - CVE-2014-4220 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) 1119915 - CVE-2014-4208 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.i386.rpm ppc: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.1-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4208.html https://www.redhat.com/security/data/cve/CVE-2014-4209.html https://www.redhat.com/security/data/cve/CVE-2014-4218.html https://www.redhat.com/security/data/cve/CVE-2014-4219.html https://www.redhat.com/security/data/cve/CVE-2014-4220.html https://www.redhat.com/security/data/cve/CVE-2014-4221.html https://www.redhat.com/security/data/cve/CVE-2014-4227.html https://www.redhat.com/security/data/cve/CVE-2014-4244.html https://www.redhat.com/security/data/cve/CVE-2014-4252.html https://www.redhat.com/security/data/cve/CVE-2014-4262.html https://www.redhat.com/security/data/cve/CVE-2014-4263.html https://www.redhat.com/security/data/cve/CVE-2014-4265.html https://www.redhat.com/security/data/cve/CVE-2014-4266.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6P1/XlSAg2UNWIIRAuRjAKCO/F0R56rO2aH85iH50C+oT3BWsgCeLJYq mMwmmrO3XR0weUdYqjn7G4Y= =3f0Y -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 11 17:31:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 11 Aug 2014 17:31:17 +0000 Subject: [RHSA-2014:1042-01] Critical: java-1.7.1-ibm security update Message-ID: <201408111731.s7BHVHAc001579@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2014:1042-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1042.html Issue date: 2014-08-11 CVE Names: CVE-2014-4208 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4266 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1075795 - CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) 1119475 - CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) 1119476 - CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) 1119483 - CVE-2014-4221 OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788) 1119596 - CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) 1119608 - CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) 1119611 - CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) 1119613 - CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) 1119615 - CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301) 1119912 - CVE-2014-4227 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119913 - CVE-2014-4265 Oracle JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment) 1119914 - CVE-2014-4220 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) 1119915 - CVE-2014-4208 Oracle JDK: unspecified vulnerability fixed in 7u65 and 8u11 (Deployment) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.ppc.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.ppc.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.1.1-1jpp.1.el7_0.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.1.1-1jpp.1.el7_0.ppc.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.s390.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.s390x.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.s390x.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.s390.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.1.1-1jpp.1.el7_0.s390x.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.1.1-1jpp.1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4208.html https://www.redhat.com/security/data/cve/CVE-2014-4209.html https://www.redhat.com/security/data/cve/CVE-2014-4218.html https://www.redhat.com/security/data/cve/CVE-2014-4219.html https://www.redhat.com/security/data/cve/CVE-2014-4220.html https://www.redhat.com/security/data/cve/CVE-2014-4221.html https://www.redhat.com/security/data/cve/CVE-2014-4227.html https://www.redhat.com/security/data/cve/CVE-2014-4244.html https://www.redhat.com/security/data/cve/CVE-2014-4252.html https://www.redhat.com/security/data/cve/CVE-2014-4262.html https://www.redhat.com/security/data/cve/CVE-2014-4263.html https://www.redhat.com/security/data/cve/CVE-2014-4265.html https://www.redhat.com/security/data/cve/CVE-2014-4266.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6P24XlSAg2UNWIIRAmVpAJ0QYJ1zelSB99GxSNooZqhemH8lQgCfUB77 N6pBLJstW0bZCoNpsL/Nap0= =LiCR -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 13 01:38:22 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Aug 2014 01:38:22 +0000 Subject: [RHSA-2014:1050-01] Important: openstack-ceilometer security and bug fix update Message-ID: <201408130138.s7D1cNBN021185@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-ceilometer security and bug fix update Advisory ID: RHSA-2014:1050-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1050.html Issue date: 2014-08-13 CVE Names: CVE-2014-4615 ===================================================================== 1. Summary: Updated OpenStack Telemetry packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Telemetry (ceilometer) collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected. (CVE-2014-4615) This update also fixes the following bug: * An incompatibility issue was found with the recent update of the python-qpid package. This caused several OpenStack services, including OpenStack Telemetry, to malfunction. By updating the RPC code, this issue is now resolved. (BZ#1116462) All OpenStack Telemetry users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1112945 - CVE-2014-4615 pycadf: token leak to message queue 1116462 - RHOSP 4 is incompatible with python-qpid >= 0.18-11 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-ceilometer-2013.2.3-2.el6ost.src.rpm noarch: openstack-ceilometer-alarm-2013.2.3-2.el6ost.noarch.rpm openstack-ceilometer-api-2013.2.3-2.el6ost.noarch.rpm openstack-ceilometer-central-2013.2.3-2.el6ost.noarch.rpm openstack-ceilometer-collector-2013.2.3-2.el6ost.noarch.rpm openstack-ceilometer-common-2013.2.3-2.el6ost.noarch.rpm openstack-ceilometer-compute-2013.2.3-2.el6ost.noarch.rpm python-ceilometer-2013.2.3-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4615.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6sFhXlSAg2UNWIIRAqL3AJwJDurVuiBeZ7BjcC4nWfT8ugNPGwCfWd1H b7zw2FxnRDk6sBCx6ZA3Syc= =3mFZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 13 09:57:54 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Aug 2014 09:57:54 +0000 Subject: [RHSA-2014:1051-01] Critical: flash-plugin security update Message-ID: <201408130950.s7D9oDc9030613@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.400. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 13 21:38:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Aug 2014 21:38:57 +0000 Subject: [RHSA-2014:1052-01] Moderate: openssl security update Message-ID: <201408132138.s7DLcvD1008642@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509) It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507) A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.15.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-34.el7_0.4.src.rpm x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-34.el7_0.4.src.rpm x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-34.el7_0.4.src.rpm ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-34.el7_0.4.src.rpm x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 13 21:39:29 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 13 Aug 2014 21:39:29 +0000 Subject: [RHSA-2014:1053-01] Moderate: openssl security update Message-ID: <201408132139.s7DLdTnu006857@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1053-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1053.html Issue date: 2014-08-13 CVE Names: CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508) Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506) A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: openssl-0.9.8e-27.el5_10.4.src.rpm i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: openssl-0.9.8e-27.el5_10.4.src.rpm i386: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm x86_64: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: openssl-0.9.8e-27.el5_10.4.src.rpm i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm ia64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.ia64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm ppc: openssl-0.9.8e-27.el5_10.4.ppc.rpm openssl-0.9.8e-27.el5_10.4.ppc64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm s390x: openssl-0.9.8e-27.el5_10.4.s390.rpm openssl-0.9.8e-27.el5_10.4.s390x.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm openssl-devel-0.9.8e-27.el5_10.4.s390.rpm openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140605.txt https://www.openssl.org/news/secadv_20140806.txt 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN vrHSSMIJuncazkJWPE/LOyQ= =/f7Y -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 14 18:18:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Aug 2014 18:18:36 +0000 Subject: [RHSA-2014:1060-01] Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Message-ID: <201408141818.s7EIIauh017196@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Advisory ID: RHSA-2014:1060-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1060.html Issue date: 2014-08-14 ===================================================================== 1. Summary: This is the 3-year notification of the target date to migrate systems from Red Hat Network Classic Hosted to Red Hat Subscription Management. All systems using Red Hat Network Classic Hosted must be migrated to Red Hat Subscription Management. 2. Description: Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition. 3. Solution: Determine if your systems are using Red Hat Network Classic Hosted by following the steps outlined in https://access.redhat.com/solutions/472163. Details on how to migrate systems from Red Hat Network Classic Hosted to the new Red Hat Subscription Management service can be found at https://access.redhat.com/solutions/129723. For more details and the latest information on the Red Hat Subscription Management transition, please see https://access.redhat.com/rhn-to-rhsm. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/solutions/472163 https://access.redhat.com/solutions/129723 https://access.redhat.com/rhn-to-rhsm 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT7P1rXlSAg2UNWIIRAt7AAJkBOpoPV9wfpPV6ay5H4ABcHUuM4ACgrUz5 t25V6mRxsA8cFsrzNX8vyiw= =T3BN -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 15 17:03:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 15 Aug 2014 17:03:57 +0000 Subject: [RHSA-2014:1061-01] Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Message-ID: <201408151703.s7FH3wTP020693@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Advisory ID: RHSA-2014:1061-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1061.html Issue date: 2014-08-15 ===================================================================== 1. Summary: This is the 3-year notification of the target date to migrate systems from Red Hat Network Classic Hosted to Red Hat Subscription Management. All systems using Red Hat Network Classic Hosted must be migrated to Red Hat Subscription Management. 2. Description: Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition. 3. Solution: Determine if your systems are using Red Hat Network Classic Hosted by following the steps outlined in https://access.redhat.com/solutions/472163. Details on how to migrate systems from Red Hat Network Classic Hosted to the new Red Hat Subscription Management service can be found at https://access.redhat.com/solutions/129723. For more details and the latest information on the Red Hat Subscription Management transition, please see https://access.redhat.com/rhn-to-rhsm. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/solutions/472163 https://access.redhat.com/solutions/129723 https://access.redhat.com/rhn-to-rhsm 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT7j11XlSAg2UNWIIRAh3MAJ0VKAZNHyMuLgxWKbZ9iQxGe5RpXgCgjrL+ twAtiRp5ETS9fy56101x0HU= =T4nx -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 15 17:04:52 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 15 Aug 2014 17:04:52 +0000 Subject: [RHSA-2014:1063-01] Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Message-ID: <201408151704.s7FH4qvp018747@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management Advisory ID: RHSA-2014:1063-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1063.html Issue date: 2014-08-15 ===================================================================== 1. Summary: This is the 3-year notification of the target date to migrate systems from Red Hat Network Classic Hosted to Red Hat Subscription Management. All systems using Red Hat Network Classic Hosted must be migrated to Red Hat Subscription Management. 2. Description: Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition. 3. Solution: Determine if your systems are using Red Hat Network Classic Hosted by following the steps outlined in https://access.redhat.com/solutions/472163. Details on how to migrate systems from Red Hat Network Classic Hosted to the new Red Hat Subscription Management service can be found at https://access.redhat.com/solutions/129723. For more details and the latest information on the Red Hat Subscription Management transition, please see https://access.redhat.com/rhn-to-rhsm. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/solutions/472163 https://access.redhat.com/solutions/129723 https://access.redhat.com/rhn-to-rhsm 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT7j2vXlSAg2UNWIIRAgIEAJ91vbbJu1wBymEtZ8NfSMZHpEJwoQCgmC1E 1spPNI6myZAUzdyWUhqiIhk= =2vdR -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 18 13:58:39 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Aug 2014 13:58:39 +0000 Subject: [RHSA-2014:1073-01] Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update Message-ID: <201408181350.s7IDoo1u020332@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update Advisory ID: RHSA-2014:1073-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1073.html Issue date: 2014-08-18 CVE Names: CVE-2014-1492 ===================================================================== 1. Summary: Updated nss, nss-util, and nss-softokn packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1079851 - CVE-2014-1492 nss: IDNA hostname matching code does not follow RFC 6125 recommendation (MFSA 2014-45) 1124659 - Rebase RHEL 7.0.Z to at least NSS 3.16.1 (FF 31) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nss-3.16.2-2.el7_0.src.rpm nss-softokn-3.16.2-1.el7_0.src.rpm nss-util-3.16.2-1.el7_0.src.rpm x86_64: nss-3.16.2-2.el7_0.i686.rpm nss-3.16.2-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-softokn-3.16.2-1.el7_0.i686.rpm nss-softokn-3.16.2-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2-1.el7_0.x86_64.rpm nss-sysinit-3.16.2-2.el7_0.x86_64.rpm nss-tools-3.16.2-2.el7_0.x86_64.rpm nss-util-3.16.2-1.el7_0.i686.rpm nss-util-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-devel-3.16.2-2.el7_0.i686.rpm nss-devel-3.16.2-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2-2.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-devel-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-util-devel-3.16.2-1.el7_0.i686.rpm nss-util-devel-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.16.2-2.el7_0.src.rpm nss-softokn-3.16.2-1.el7_0.src.rpm nss-util-3.16.2-1.el7_0.src.rpm x86_64: nss-3.16.2-2.el7_0.i686.rpm nss-3.16.2-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-softokn-3.16.2-1.el7_0.i686.rpm nss-softokn-3.16.2-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2-1.el7_0.x86_64.rpm nss-sysinit-3.16.2-2.el7_0.x86_64.rpm nss-tools-3.16.2-2.el7_0.x86_64.rpm nss-util-3.16.2-1.el7_0.i686.rpm nss-util-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-devel-3.16.2-2.el7_0.i686.rpm nss-devel-3.16.2-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2-2.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-devel-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-util-devel-3.16.2-1.el7_0.i686.rpm nss-util-devel-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-3.16.2-2.el7_0.src.rpm nss-softokn-3.16.2-1.el7_0.src.rpm nss-util-3.16.2-1.el7_0.src.rpm ppc64: nss-3.16.2-2.el7_0.ppc.rpm nss-3.16.2-2.el7_0.ppc64.rpm nss-debuginfo-3.16.2-2.el7_0.ppc.rpm nss-debuginfo-3.16.2-2.el7_0.ppc64.rpm nss-devel-3.16.2-2.el7_0.ppc.rpm nss-devel-3.16.2-2.el7_0.ppc64.rpm nss-softokn-3.16.2-1.el7_0.ppc.rpm nss-softokn-3.16.2-1.el7_0.ppc64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.ppc.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.ppc64.rpm nss-softokn-devel-3.16.2-1.el7_0.ppc.rpm nss-softokn-devel-3.16.2-1.el7_0.ppc64.rpm nss-softokn-freebl-3.16.2-1.el7_0.ppc.rpm nss-softokn-freebl-3.16.2-1.el7_0.ppc64.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.ppc.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.ppc64.rpm nss-sysinit-3.16.2-2.el7_0.ppc64.rpm nss-tools-3.16.2-2.el7_0.ppc64.rpm nss-util-3.16.2-1.el7_0.ppc.rpm nss-util-3.16.2-1.el7_0.ppc64.rpm nss-util-debuginfo-3.16.2-1.el7_0.ppc.rpm nss-util-debuginfo-3.16.2-1.el7_0.ppc64.rpm nss-util-devel-3.16.2-1.el7_0.ppc.rpm nss-util-devel-3.16.2-1.el7_0.ppc64.rpm s390x: nss-3.16.2-2.el7_0.s390.rpm nss-3.16.2-2.el7_0.s390x.rpm nss-debuginfo-3.16.2-2.el7_0.s390.rpm nss-debuginfo-3.16.2-2.el7_0.s390x.rpm nss-devel-3.16.2-2.el7_0.s390.rpm nss-devel-3.16.2-2.el7_0.s390x.rpm nss-softokn-3.16.2-1.el7_0.s390.rpm nss-softokn-3.16.2-1.el7_0.s390x.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.s390.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.s390x.rpm nss-softokn-devel-3.16.2-1.el7_0.s390.rpm nss-softokn-devel-3.16.2-1.el7_0.s390x.rpm nss-softokn-freebl-3.16.2-1.el7_0.s390.rpm nss-softokn-freebl-3.16.2-1.el7_0.s390x.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.s390.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.s390x.rpm nss-sysinit-3.16.2-2.el7_0.s390x.rpm nss-tools-3.16.2-2.el7_0.s390x.rpm nss-util-3.16.2-1.el7_0.s390.rpm nss-util-3.16.2-1.el7_0.s390x.rpm nss-util-debuginfo-3.16.2-1.el7_0.s390.rpm nss-util-debuginfo-3.16.2-1.el7_0.s390x.rpm nss-util-devel-3.16.2-1.el7_0.s390.rpm nss-util-devel-3.16.2-1.el7_0.s390x.rpm x86_64: nss-3.16.2-2.el7_0.i686.rpm nss-3.16.2-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-devel-3.16.2-2.el7_0.i686.rpm nss-devel-3.16.2-2.el7_0.x86_64.rpm nss-softokn-3.16.2-1.el7_0.i686.rpm nss-softokn-3.16.2-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-devel-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.x86_64.rpm nss-sysinit-3.16.2-2.el7_0.x86_64.rpm nss-tools-3.16.2-2.el7_0.x86_64.rpm nss-util-3.16.2-1.el7_0.i686.rpm nss-util-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-util-devel-3.16.2-1.el7_0.i686.rpm nss-util-devel-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.16.2-2.el7_0.ppc.rpm nss-debuginfo-3.16.2-2.el7_0.ppc64.rpm nss-pkcs11-devel-3.16.2-2.el7_0.ppc.rpm nss-pkcs11-devel-3.16.2-2.el7_0.ppc64.rpm s390x: nss-debuginfo-3.16.2-2.el7_0.s390.rpm nss-debuginfo-3.16.2-2.el7_0.s390x.rpm nss-pkcs11-devel-3.16.2-2.el7_0.s390.rpm nss-pkcs11-devel-3.16.2-2.el7_0.s390x.rpm x86_64: nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-3.16.2-2.el7_0.src.rpm nss-softokn-3.16.2-1.el7_0.src.rpm nss-util-3.16.2-1.el7_0.src.rpm x86_64: nss-3.16.2-2.el7_0.i686.rpm nss-3.16.2-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-devel-3.16.2-2.el7_0.i686.rpm nss-devel-3.16.2-2.el7_0.x86_64.rpm nss-softokn-3.16.2-1.el7_0.i686.rpm nss-softokn-3.16.2-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-devel-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2-1.el7_0.x86_64.rpm nss-sysinit-3.16.2-2.el7_0.x86_64.rpm nss-tools-3.16.2-2.el7_0.x86_64.rpm nss-util-3.16.2-1.el7_0.i686.rpm nss-util-3.16.2-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2-1.el7_0.x86_64.rpm nss-util-devel-3.16.2-1.el7_0.i686.rpm nss-util-devel-3.16.2-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.16.2-2.el7_0.i686.rpm nss-debuginfo-3.16.2-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2-2.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-1492.html https://access.redhat.com/security/updates/classification/#low https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT8gSmXlSAg2UNWIIRAjyHAKCteaMEgwe2oxwff2F7Z5sco7r/0ACgkT4V ZTAaYXaeMVYgbvwYwAFL1a0= =B/Ml -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 19 09:29:52 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Aug 2014 09:29:52 +0000 Subject: [RHSA-2014:1075-01] Moderate: qemu-kvm security and bug fix update Message-ID: <201408190922.s7J9M4Gp024252@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm security and bug fix update Advisory ID: RHSA-2014:1075-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1075.html Issue date: 2014-08-19 CVE Names: CVE-2014-0222 CVE-2014-0223 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223) Red Hat would like to thank NSA for reporting these issues. This update also fixes the following bugs: * In certain scenarios, when performing live incremental migration, the disk size could be expanded considerably due to the transfer of unallocated sectors past the end of the base image. With this update, the bdrv_is_allocated() function has been fixed to no longer return "True" for unallocated sectors, and the disk size no longer changes after performing live incremental migration. (BZ#1109715) * This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to process I/O requests outside of the vCPU thread, reducing the latency of submitting requests and improving single task throughput. (BZ#1123271) * Prior to this update, vendor-specific SCSI commands issued from a KVM guest did not reach the target device due to QEMU considering such commands as invalid. This update fixes this bug by properly propagating vendor-specific SCSI commands to the target device. (BZ#1125131) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1097216 - CVE-2014-0222 Qemu: qcow1: validate L2 table size to avoid integer overflows 1097222 - CVE-2014-0223 Qemu: qcow1: validate image size to avoid out-of-bounds memory access 1109715 - live incremental migration of vm with common shared base, size(disk) > size(base) transfers unallocated sectors, explodes disk on dest 1123271 - Enable ioenventfd for virtio-scsi-pci 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: qemu-kvm-0.12.1.2-2.415.el6_5.14.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.14.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: qemu-kvm-0.12.1.2-2.415.el6_5.14.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: qemu-kvm-0.12.1.2-2.415.el6_5.14.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: qemu-kvm-0.12.1.2-2.415.el6_5.14.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.14.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0222.html https://www.redhat.com/security/data/cve/CVE-2014-0223.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT8xcqXlSAg2UNWIIRAlrXAJ4gKIf0cff3woeuDaeVb1fqpLZY/QCgudQb MRqBWSrbGErCBLCXDHsI50g= =5NCi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 20 04:49:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Aug 2014 04:49:07 +0000 Subject: [RHSA-2014:1078-01] Moderate: openstack-neutron security update Message-ID: <201408200449.s7K4n8vo005363@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security update Advisory ID: RHSA-2014:1078-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1078.html Issue date: 2014-08-20 CVE Names: CVE-2014-3555 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Networking (Neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable. (CVE-2014-3555) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Liping Mao from Cisco as the original reporter. All openstack-neutron users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1118833 - CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-neutron-2013.2.3-16.el6ost.src.rpm noarch: openstack-neutron-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-bigswitch-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-brocade-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-cisco-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-hyperv-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-linuxbridge-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-mellanox-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-metaplugin-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-metering-agent-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-midonet-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-ml2-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-nec-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-nicira-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-openvswitch-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-plumgrid-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-ryu-2013.2.3-16.el6ost.noarch.rpm openstack-neutron-vpn-agent-2013.2.3-16.el6ost.noarch.rpm python-neutron-2013.2.3-16.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3555.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT9CiBXlSAg2UNWIIRAuaTAKCgMBg0jxh5FLz+EZjz1jht3s/f1ACaAteP I8JMryOkZqO6sDEnOTTkhCI= =xjlS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 20 11:28:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Aug 2014 11:28:17 +0000 Subject: [RHSA-2014:1082-01] Important: thermostat1-httpcomponents-client security update Message-ID: <201408201120.s7KBKS9V029917@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thermostat1-httpcomponents-client security update Advisory ID: RHSA-2014:1082-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1082.html Issue date: 2014-08-20 CVE Names: CVE-2012-6153 CVE-2014-3577 ===================================================================== 1. Summary: Updated thermostat1-httpcomponents-client packages that fix two security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine (JVM) with support for monitoring multiple JVM instances. The httpcomponents-client package provides an HTTP agent implementation that is used by Thermostat to visualize collected data in an HTTP-aware client application. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153) It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security. For additional information on these flaws, refer to the Knowledgebase article in the References section. All thermostat1-httpcomponents-client users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129074 - CVE-2014-3577 Apache HttpComponents client: Hostname verification susceptible to MITM attack 1129916 - CVE-2012-6153 Apache HttpComponents client: Hostname verification susceptible to MITM attack 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.src.rpm noarch: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.noarch.rpm thermostat1-httpcomponents-client-javadoc-4.2.5-3.4.el6.1.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.src.rpm noarch: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.noarch.rpm thermostat1-httpcomponents-client-javadoc-4.2.5-3.4.el6.1.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.src.rpm noarch: thermostat1-httpcomponents-client-4.2.5-3.4.el6.1.noarch.rpm thermostat1-httpcomponents-client-javadoc-4.2.5-3.4.el6.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6153.html https://www.redhat.com/security/data/cve/CVE-2014-3577.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/solutions/1165533 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT9IRyXlSAg2UNWIIRAqusAJ0aNAWHT6am+LIbC/zOeh20J47BpACgqBHx fPflwl6KyHeJ9lF6O8UZ1cU= =0FXG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 20 11:28:35 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Aug 2014 11:28:35 +0000 Subject: [RHSA-2014:1083-01] Important: kernel-rt security and bug fix update Message-ID: <201408201120.s7KBKkDM032642@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2014:1083-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1083.html Issue date: 2014-08-20 CVE Names: CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. (CVE-2014-4652, Low) This update also fixes the following bug: * Prior to this update, the netconsole module was unavailable on MRG Realtime kernels due to locking issues that disabled it. These locking issues have been corrected, allowing the netconsole module to be re-enabled and functional on Realtime kernels. (BZ#1088923) Users are advised to upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.10.33-rt32.45 and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure 1113409 - CVE-2014-4653 Kernel: ALSA: control: do not access controls outside of protected regions 1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls 1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.33-rt32.45.el6rt.src.rpm noarch: kernel-rt-doc-3.10.33-rt32.45.el6rt.noarch.rpm kernel-rt-firmware-3.10.33-rt32.45.el6rt.noarch.rpm x86_64: kernel-rt-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-debug-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-devel-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-trace-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.33-rt32.45.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.33-rt32.45.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-4652.html https://www.redhat.com/security/data/cve/CVE-2014-4653.html https://www.redhat.com/security/data/cve/CVE-2014-4654.html https://www.redhat.com/security/data/cve/CVE-2014-4655.html https://www.redhat.com/security/data/cve/CVE-2014-4656.html https://www.redhat.com/security/data/cve/CVE-2014-5077.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT9ISHXlSAg2UNWIIRAnhFAJ9WQ1j06qdQP4Idb69OrcSV5eZqVQCdFzSH 86VmT65bjJyMVq+O0OkZyro= =KKrt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 21 00:47:01 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Aug 2014 00:47:01 +0000 Subject: [RHSA-2014:1084-01] Moderate: openstack-nova security, bug fix, and enhancement update Message-ID: <201408210047.s7L0l2s1024417@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2014:1084-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1084.html Issue date: 2014-08-21 CVE Names: CVE-2014-0167 CVE-2014-3517 ===================================================================== 1. Summary: Updated openstack-nova packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 (Amazon Elastic Compute Cloud) API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected. (CVE-2014-0167) A side-channel timing attack flaw was found in nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via neutron. (CVE-2014-3517) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Marc Heckmann of Ubisoft as the original reporter of CVE-2014-0167, and Alex Gaynor from Rackspace as the original reporter of CVE-2014-3517. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1082670 - connection to multiple qpidd instances is broken 1084868 - CVE-2014-0167 openstack-nova: RBAC policy not properly enforced in Nova EC2 API 1085006 - Internal Error from python-qpid can cause qpid connection to never recover 1086814 - VMWARE: datastore selection is incorrect if token is being used 1086815 - VMware: instance names can be edited, breaks nova-driver lookup 1090068 - Backport auto-setting of workers options to # of CPUs 1104082 - Instance doesn't get DHCP offer when using nova network with VLAN manager 1112499 - CVE-2014-3517 openstack-nova: timing attack issue allows access to other instances' configuration information 1114150 - sysfsutils needs to be a dependency of OpenStack nova 1116432 - RHOSP 4 is incompatible with python-qpid >= 0.18-11 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: openstack-nova-2013.2.3-12.el6ost.src.rpm noarch: openstack-nova-2013.2.3-12.el6ost.noarch.rpm openstack-nova-api-2013.2.3-12.el6ost.noarch.rpm openstack-nova-cells-2013.2.3-12.el6ost.noarch.rpm openstack-nova-cert-2013.2.3-12.el6ost.noarch.rpm openstack-nova-common-2013.2.3-12.el6ost.noarch.rpm openstack-nova-compute-2013.2.3-12.el6ost.noarch.rpm openstack-nova-conductor-2013.2.3-12.el6ost.noarch.rpm openstack-nova-console-2013.2.3-12.el6ost.noarch.rpm openstack-nova-doc-2013.2.3-12.el6ost.noarch.rpm openstack-nova-network-2013.2.3-12.el6ost.noarch.rpm openstack-nova-novncproxy-2013.2.3-12.el6ost.noarch.rpm openstack-nova-objectstore-2013.2.3-12.el6ost.noarch.rpm openstack-nova-scheduler-2013.2.3-12.el6ost.noarch.rpm python-nova-2013.2.3-12.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0167.html https://www.redhat.com/security/data/cve/CVE-2014-3517.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT9T/NXlSAg2UNWIIRAhSjAKC+UOG9DYFlKiy0FthPKcl/LZqergCdEWws DAEeeDw/OrtCGvvU1NvkVds= =tugu -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 25 09:10:38 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 25 Aug 2014 09:10:38 +0000 Subject: [RHSA-2014:1091-01] Important: mod_wsgi security update Message-ID: <201408250902.s7P92jbv019861@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mod_wsgi security update Advisory ID: RHSA-2014:1091-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1091.html Issue date: 2014-08-25 CVE Names: CVE-2014-0240 ===================================================================== 1. Summary: An updated mod_wsgi package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. Red Hat would like to thank Graham Dumpleton for reporting this issue. Upstream acknowledges R?bert Kisteleki as the original reporter. All mod_wsgi users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: mod_wsgi-3.4-12.el7_0.src.rpm x86_64: mod_wsgi-3.4-12.el7_0.x86_64.rpm mod_wsgi-debuginfo-3.4-12.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: mod_wsgi-3.4-12.el7_0.src.rpm x86_64: mod_wsgi-3.4-12.el7_0.x86_64.rpm mod_wsgi-debuginfo-3.4-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mod_wsgi-3.4-12.el7_0.src.rpm ppc64: mod_wsgi-3.4-12.el7_0.ppc64.rpm mod_wsgi-debuginfo-3.4-12.el7_0.ppc64.rpm s390x: mod_wsgi-3.4-12.el7_0.s390x.rpm mod_wsgi-debuginfo-3.4-12.el7_0.s390x.rpm x86_64: mod_wsgi-3.4-12.el7_0.x86_64.rpm mod_wsgi-debuginfo-3.4-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mod_wsgi-3.4-12.el7_0.src.rpm x86_64: mod_wsgi-3.4-12.el7_0.x86_64.rpm mod_wsgi-debuginfo-3.4-12.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0240.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT+vujXlSAg2UNWIIRAorQAKC26UmPmmJ5gOM+77Vl4xPlmf7qKQCeJFA+ ffXxKmt2iXk3D8jc+Fhbb10= =6Vww -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 26 16:52:34 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Aug 2014 16:52:34 +0000 Subject: [RHSA-2014:1098-01] Important: devtoolset-2-httpcomponents-client security update Message-ID: <201408261652.s7QGqYxC026827@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: devtoolset-2-httpcomponents-client security update Advisory ID: RHSA-2014:1098-01 Product: Red Hat Developer Toolset Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1098.html Issue date: 2014-08-26 CVE Names: CVE-2012-6153 ===================================================================== 1. Summary: Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Server - noarch Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Workstation - noarch 3. Description: HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153) This issue was discovered by Florian Weimer of Red Hat Product Security. For additional information on this flaw, refer to the Knowledgebase article in the References section. All devtoolset-2-httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129916 - CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 6. Package List: Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Server: Source: devtoolset-2-httpcomponents-client-4.2.1-6.el6.src.rpm noarch: devtoolset-2-httpcomponents-client-4.2.1-6.el6.noarch.rpm devtoolset-2-httpcomponents-client-javadoc-4.2.1-6.el6.noarch.rpm Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Workstation: Source: devtoolset-2-httpcomponents-client-4.2.1-6.el6.src.rpm noarch: devtoolset-2-httpcomponents-client-4.2.1-6.el6.noarch.rpm devtoolset-2-httpcomponents-client-javadoc-4.2.1-6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-6153.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/solutions/1165533 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT/LsoXlSAg2UNWIIRApN1AJ9tc8nvLkxn0SEciX5J2+ZXDQYjXwCeKWSa EzdFsO90RKKMUrM8lz+8cvc= =6bG/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 27 14:28:46 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Aug 2014 14:28:46 +0000 Subject: [RHSA-2014:1101-01] Important: kernel security and bug fix update Message-ID: <201408271428.s7RESkEI029401@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1101-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1101.html Issue date: 2014-08-27 CVE Names: CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) This update also fixes the following bugs: * The Completely Fair Scheduler (CFS) did not verify whether the CFS period timer is running while throttling tasks on the CFS run queue. Therefore under certain circumstances, the CFS run queue became stuck because the CFS period timer was inactive and could not be restarted. To fix this problem, the CFS now restarts the CFS period timer inside the throttling function if it is inactive. (BZ#1120666) * A previous change to the SCSI code fixed a race condition that could occur when removing a SCSI device. However, that change caused performance degradation because it used a certain function from the block layer code that was returning different values compared with later versions of the kernel. This update alters the SCSI code to properly utilize the values returned by the block layer code. (BZ#1117581) * If a statically defined gateway became unreachable and its corresponding neighbor entry entered a FAILED state, the gateway stayed in the FAILED state even after it became reachable again. This prevented routing of the traffic through that gateway. This update allows probing such a gateway automatically and routing the traffic through the gateway again once it becomes reachable. (BZ#1115262) * A miscalculation in the "radix_tree" swap encoding corrupted swap area indexes bigger than 8 by truncating lower bits of swap entries. Consequently, systems with more than 8 swap areas could trigger a bogus OOM scenario when swapping out to such a swap area. This update fixes this problem by reducing a return value of the SWP_TYPE_SHIFT() function and removing a broken function call from the read_swap_header() function. (BZ#1099727) * The automatic route cache rebuilding feature could incorrectly compute the length of a route hash chain if the cache contained multiple entries with the same key but a different TOS, mark, or OIF bit. Consequently, the feature could reach the rebuild limit and disable the routing cache on the system. This problem is fixed by using a helper function that avoids counting such duplicate routes. (BZ#1113823) * When booting a guest in the Hyper-V environment and enough of Programmable Interval Timer (PIT) interrupts were lost or not injected into the guest on time, the kernel panicked and the guest failed to boot. This problem has been fixed by bypassing the relevant PIT check when the guest is running under the Hyper-V environment. (BZ#1112225) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1079214 - CVE-2013-7339 kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check() 1083246 - CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep() 1083274 - CVE-2014-2678 kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check() 1083512 - CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race 1086730 - CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: kernel-2.6.32-358.48.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.48.1.el6.noarch.rpm kernel-firmware-2.6.32-358.48.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.48.1.el6.x86_64.rpm kernel-devel-2.6.32-358.48.1.el6.x86_64.rpm kernel-headers-2.6.32-358.48.1.el6.x86_64.rpm perf-2.6.32-358.48.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.48.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.48.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm python-perf-2.6.32-358.48.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: kernel-2.6.32-358.48.1.el6.src.rpm i386: kernel-2.6.32-358.48.1.el6.i686.rpm kernel-debug-2.6.32-358.48.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.48.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.48.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.48.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.48.1.el6.i686.rpm kernel-devel-2.6.32-358.48.1.el6.i686.rpm kernel-headers-2.6.32-358.48.1.el6.i686.rpm perf-2.6.32-358.48.1.el6.i686.rpm perf-debuginfo-2.6.32-358.48.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.48.1.el6.noarch.rpm kernel-firmware-2.6.32-358.48.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.48.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.48.1.el6.ppc64.rpm kernel-debug-2.6.32-358.48.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.48.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.48.1.el6.ppc64.rpm kernel-devel-2.6.32-358.48.1.el6.ppc64.rpm kernel-headers-2.6.32-358.48.1.el6.ppc64.rpm perf-2.6.32-358.48.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.48.1.el6.s390x.rpm kernel-debug-2.6.32-358.48.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.48.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.48.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.48.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.48.1.el6.s390x.rpm kernel-devel-2.6.32-358.48.1.el6.s390x.rpm kernel-headers-2.6.32-358.48.1.el6.s390x.rpm kernel-kdump-2.6.32-358.48.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.48.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.48.1.el6.s390x.rpm perf-2.6.32-358.48.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.48.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.48.1.el6.x86_64.rpm kernel-devel-2.6.32-358.48.1.el6.x86_64.rpm kernel-headers-2.6.32-358.48.1.el6.x86_64.rpm perf-2.6.32-358.48.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.48.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.48.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.48.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.48.1.el6.i686.rpm perf-debuginfo-2.6.32-358.48.1.el6.i686.rpm python-perf-2.6.32-358.48.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.48.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm python-perf-2.6.32-358.48.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.48.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.48.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.48.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.48.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.48.1.el6.s390x.rpm python-perf-2.6.32-358.48.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.48.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm python-perf-2.6.32-358.48.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.48.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-7339.html https://www.redhat.com/security/data/cve/CVE-2014-2672.html https://www.redhat.com/security/data/cve/CVE-2014-2678.html https://www.redhat.com/security/data/cve/CVE-2014-2706.html https://www.redhat.com/security/data/cve/CVE-2014-2851.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT/er5XlSAg2UNWIIRApP0AKCFEM+jjoGj+R5+1DN0JCpGXwAHtQCfWHzv vdwLqG6QQjHXkk+pM2WTjW8= =vd7v -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 27 14:29:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Aug 2014 14:29:16 +0000 Subject: [RHSA-2014:1102-01] Important: ror40-rubygem-activerecord security update Message-ID: <201408271429.s7RETGVt029726@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ror40-rubygem-activerecord security update Advisory ID: RHSA-2014:1102-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1102.html Issue date: 2014-08-27 CVE Names: CVE-2014-3514 ===================================================================== 1. Summary: Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. (CVE-2014-3514) All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1131240 - CVE-2014-3514 rubygem-activerecord: Strong Parameter bypass with create_with 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3514.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT/essXlSAg2UNWIIRAnRtAJwO/bVMwfsjnC4jNqOFw8xgeMP18ACgqeeZ QrU4rqoVm+ElHHGmf8QFOO0= =N8hH -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 28 15:17:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Aug 2014 15:17:57 +0000 Subject: [RHSA-2014:1103-01] Low: Red Hat Enterprise Linux 6.4 Extended Update Support 6-Month Notice Message-ID: <201408281517.s7SFHvIJ014918@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.4 Extended Update Support 6-Month Notice Advisory ID: RHSA-2014:1103-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1103.html Issue date: 2014-08-28 ===================================================================== 1. Summary: This is the 6-Month notification for the retirement of Red Hat Enterprise Linux 6.4 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.4. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support (EUS) for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.4): Source: redhat-release-server-6Server-6.4.0.6.el6_4.src.rpm i386: redhat-release-server-6Server-6.4.0.6.el6_4.i686.rpm ppc64: redhat-release-server-6Server-6.4.0.6.el6_4.ppc64.rpm s390x: redhat-release-server-6Server-6.4.0.6.el6_4.s390x.rpm x86_64: redhat-release-server-6Server-6.4.0.6.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT/0gAXlSAg2UNWIIRAg+hAKCfSfUDNZcC4vLPLWpiVPIYrc40TgCfa7BQ hjfnuxzWhmlf01GchxDBLnE= =2hiR -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 29 21:44:38 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 29 Aug 2014 21:44:38 +0000 Subject: [RHSA-2014:1110-01] Important: glibc security update Message-ID: <201408292144.s7TLidUp008737@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: glibc security update Advisory ID: RHSA-2014:1110-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1110.html Issue date: 2014-08-29 CVE Names: CVE-2014-0475 CVE-2014-5119 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1102353 - CVE-2014-0475 glibc: directory traversal in LC_* locale handling 1119128 - CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-118.el5_10.3.src.rpm i386: glibc-2.5-118.el5_10.3.i386.rpm glibc-2.5-118.el5_10.3.i686.rpm glibc-common-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-headers-2.5-118.el5_10.3.i386.rpm glibc-utils-2.5-118.el5_10.3.i386.rpm nscd-2.5-118.el5_10.3.i386.rpm x86_64: glibc-2.5-118.el5_10.3.i686.rpm glibc-2.5-118.el5_10.3.x86_64.rpm glibc-common-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.x86_64.rpm glibc-headers-2.5-118.el5_10.3.x86_64.rpm glibc-utils-2.5-118.el5_10.3.x86_64.rpm nscd-2.5-118.el5_10.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: glibc-2.5-118.el5_10.3.src.rpm i386: glibc-2.5-118.el5_10.3.i386.rpm glibc-2.5-118.el5_10.3.i686.rpm glibc-common-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-headers-2.5-118.el5_10.3.i386.rpm glibc-utils-2.5-118.el5_10.3.i386.rpm nscd-2.5-118.el5_10.3.i386.rpm ia64: glibc-2.5-118.el5_10.3.i686.rpm glibc-2.5-118.el5_10.3.ia64.rpm glibc-common-2.5-118.el5_10.3.ia64.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-2.5-118.el5_10.3.ia64.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.ia64.rpm glibc-headers-2.5-118.el5_10.3.ia64.rpm glibc-utils-2.5-118.el5_10.3.ia64.rpm nscd-2.5-118.el5_10.3.ia64.rpm ppc: glibc-2.5-118.el5_10.3.ppc.rpm glibc-2.5-118.el5_10.3.ppc64.rpm glibc-common-2.5-118.el5_10.3.ppc.rpm glibc-debuginfo-2.5-118.el5_10.3.ppc.rpm glibc-debuginfo-2.5-118.el5_10.3.ppc64.rpm glibc-devel-2.5-118.el5_10.3.ppc.rpm glibc-devel-2.5-118.el5_10.3.ppc64.rpm glibc-headers-2.5-118.el5_10.3.ppc.rpm glibc-utils-2.5-118.el5_10.3.ppc.rpm nscd-2.5-118.el5_10.3.ppc.rpm s390x: glibc-2.5-118.el5_10.3.s390.rpm glibc-2.5-118.el5_10.3.s390x.rpm glibc-common-2.5-118.el5_10.3.s390x.rpm glibc-debuginfo-2.5-118.el5_10.3.s390.rpm glibc-debuginfo-2.5-118.el5_10.3.s390x.rpm glibc-devel-2.5-118.el5_10.3.s390.rpm glibc-devel-2.5-118.el5_10.3.s390x.rpm glibc-headers-2.5-118.el5_10.3.s390x.rpm glibc-utils-2.5-118.el5_10.3.s390x.rpm nscd-2.5-118.el5_10.3.s390x.rpm x86_64: glibc-2.5-118.el5_10.3.i686.rpm glibc-2.5-118.el5_10.3.x86_64.rpm glibc-common-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.x86_64.rpm glibc-headers-2.5-118.el5_10.3.x86_64.rpm glibc-utils-2.5-118.el5_10.3.x86_64.rpm nscd-2.5-118.el5_10.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-headers-2.12-1.132.el6_5.4.i686.rpm glibc-utils-2.12-1.132.el6_5.4.i686.rpm nscd-2.12-1.132.el6_5.4.i686.rpm x86_64: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-2.12-1.132.el6_5.4.x86_64.rpm glibc-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm nscd-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm x86_64: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-2.12-1.132.el6_5.4.x86_64.rpm glibc-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm nscd-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-headers-2.12-1.132.el6_5.4.i686.rpm glibc-utils-2.12-1.132.el6_5.4.i686.rpm nscd-2.12-1.132.el6_5.4.i686.rpm ppc64: glibc-2.12-1.132.el6_5.4.ppc.rpm glibc-2.12-1.132.el6_5.4.ppc64.rpm glibc-common-2.12-1.132.el6_5.4.ppc64.rpm glibc-debuginfo-2.12-1.132.el6_5.4.ppc.rpm glibc-debuginfo-2.12-1.132.el6_5.4.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.ppc64.rpm glibc-devel-2.12-1.132.el6_5.4.ppc.rpm glibc-devel-2.12-1.132.el6_5.4.ppc64.rpm glibc-headers-2.12-1.132.el6_5.4.ppc64.rpm glibc-utils-2.12-1.132.el6_5.4.ppc64.rpm nscd-2.12-1.132.el6_5.4.ppc64.rpm s390x: glibc-2.12-1.132.el6_5.4.s390.rpm glibc-2.12-1.132.el6_5.4.s390x.rpm glibc-common-2.12-1.132.el6_5.4.s390x.rpm glibc-debuginfo-2.12-1.132.el6_5.4.s390.rpm glibc-debuginfo-2.12-1.132.el6_5.4.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.s390.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.s390x.rpm glibc-devel-2.12-1.132.el6_5.4.s390.rpm glibc-devel-2.12-1.132.el6_5.4.s390x.rpm glibc-headers-2.12-1.132.el6_5.4.s390x.rpm glibc-utils-2.12-1.132.el6_5.4.s390x.rpm nscd-2.12-1.132.el6_5.4.s390x.rpm x86_64: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-2.12-1.132.el6_5.4.x86_64.rpm glibc-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm nscd-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm ppc64: glibc-debuginfo-2.12-1.132.el6_5.4.ppc.rpm glibc-debuginfo-2.12-1.132.el6_5.4.ppc64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.ppc.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.ppc64.rpm glibc-static-2.12-1.132.el6_5.4.ppc.rpm glibc-static-2.12-1.132.el6_5.4.ppc64.rpm s390x: glibc-debuginfo-2.12-1.132.el6_5.4.s390.rpm glibc-debuginfo-2.12-1.132.el6_5.4.s390x.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.s390.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.s390x.rpm glibc-static-2.12-1.132.el6_5.4.s390.rpm glibc-static-2.12-1.132.el6_5.4.s390x.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-headers-2.12-1.132.el6_5.4.i686.rpm glibc-utils-2.12-1.132.el6_5.4.i686.rpm nscd-2.12-1.132.el6_5.4.i686.rpm x86_64: glibc-2.12-1.132.el6_5.4.i686.rpm glibc-2.12-1.132.el6_5.4.x86_64.rpm glibc-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-devel-2.12-1.132.el6_5.4.i686.rpm glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm nscd-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: glibc-2.12-1.132.el6_5.4.src.rpm i386: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm glibc-static-2.12-1.132.el6_5.4.i686.rpm glibc-static-2.12-1.132.el6_5.4.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-55.el7_0.1.src.rpm x86_64: glibc-2.17-55.el7_0.1.i686.rpm glibc-2.17-55.el7_0.1.x86_64.rpm glibc-common-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-devel-2.17-55.el7_0.1.i686.rpm glibc-devel-2.17-55.el7_0.1.x86_64.rpm glibc-headers-2.17-55.el7_0.1.x86_64.rpm glibc-utils-2.17-55.el7_0.1.x86_64.rpm nscd-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-static-2.17-55.el7_0.1.i686.rpm glibc-static-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-55.el7_0.1.src.rpm x86_64: glibc-2.17-55.el7_0.1.i686.rpm glibc-2.17-55.el7_0.1.x86_64.rpm glibc-common-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-devel-2.17-55.el7_0.1.i686.rpm glibc-devel-2.17-55.el7_0.1.x86_64.rpm glibc-headers-2.17-55.el7_0.1.x86_64.rpm glibc-utils-2.17-55.el7_0.1.x86_64.rpm nscd-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-static-2.17-55.el7_0.1.i686.rpm glibc-static-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-55.el7_0.1.src.rpm ppc64: glibc-2.17-55.el7_0.1.ppc.rpm glibc-2.17-55.el7_0.1.ppc64.rpm glibc-common-2.17-55.el7_0.1.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.1.ppc.rpm glibc-debuginfo-2.17-55.el7_0.1.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.1.ppc64.rpm glibc-devel-2.17-55.el7_0.1.ppc.rpm glibc-devel-2.17-55.el7_0.1.ppc64.rpm glibc-headers-2.17-55.el7_0.1.ppc64.rpm glibc-utils-2.17-55.el7_0.1.ppc64.rpm nscd-2.17-55.el7_0.1.ppc64.rpm s390x: glibc-2.17-55.el7_0.1.s390.rpm glibc-2.17-55.el7_0.1.s390x.rpm glibc-common-2.17-55.el7_0.1.s390x.rpm glibc-debuginfo-2.17-55.el7_0.1.s390.rpm glibc-debuginfo-2.17-55.el7_0.1.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.1.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.1.s390x.rpm glibc-devel-2.17-55.el7_0.1.s390.rpm glibc-devel-2.17-55.el7_0.1.s390x.rpm glibc-headers-2.17-55.el7_0.1.s390x.rpm glibc-utils-2.17-55.el7_0.1.s390x.rpm nscd-2.17-55.el7_0.1.s390x.rpm x86_64: glibc-2.17-55.el7_0.1.i686.rpm glibc-2.17-55.el7_0.1.x86_64.rpm glibc-common-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-devel-2.17-55.el7_0.1.i686.rpm glibc-devel-2.17-55.el7_0.1.x86_64.rpm glibc-headers-2.17-55.el7_0.1.x86_64.rpm glibc-utils-2.17-55.el7_0.1.x86_64.rpm nscd-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-55.el7_0.1.ppc.rpm glibc-debuginfo-2.17-55.el7_0.1.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.1.ppc64.rpm glibc-static-2.17-55.el7_0.1.ppc.rpm glibc-static-2.17-55.el7_0.1.ppc64.rpm s390x: glibc-debuginfo-2.17-55.el7_0.1.s390.rpm glibc-debuginfo-2.17-55.el7_0.1.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.1.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.1.s390x.rpm glibc-static-2.17-55.el7_0.1.s390.rpm glibc-static-2.17-55.el7_0.1.s390x.rpm x86_64: glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-static-2.17-55.el7_0.1.i686.rpm glibc-static-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-55.el7_0.1.src.rpm x86_64: glibc-2.17-55.el7_0.1.i686.rpm glibc-2.17-55.el7_0.1.x86_64.rpm glibc-common-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-devel-2.17-55.el7_0.1.i686.rpm glibc-devel-2.17-55.el7_0.1.x86_64.rpm glibc-headers-2.17-55.el7_0.1.x86_64.rpm glibc-utils-2.17-55.el7_0.1.x86_64.rpm nscd-2.17-55.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-2.17-55.el7_0.1.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.1.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.1.x86_64.rpm glibc-static-2.17-55.el7_0.1.i686.rpm glibc-static-2.17-55.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0475.html https://www.redhat.com/security/data/cve/CVE-2014-5119.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/solutions/1176253 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUAPQ0XlSAg2UNWIIRAqvrAJ9SpWMaa/RpcK4k28lWWgBkXT3WgwCfdREK R2D/f2zxMQ/T5+qB8wjvIRc= =8ELy -----END PGP SIGNATURE-----