From bugzilla at redhat.com Tue Dec 2 17:15:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:15:10 +0000 Subject: [RHSA-2014:1937-01] Important: mariadb-galera security update Message-ID: <201412021715.sB2HFAP0025209@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security update Advisory ID: RHSA-2014:1937-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1937.html Issue date: 2014-12-02 CVE Names: CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb-galera packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4207) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All mariadb-galera users are advised to upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 882608 - CVE-2012-5615 mysql: Remote Preauth User Enumeration flaw 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: mariadb-galera-5.5.40-2.el6ost.src.rpm x86_64: mariadb-galera-common-5.5.40-2.el6ost.x86_64.rpm mariadb-galera-debuginfo-5.5.40-2.el6ost.x86_64.rpm mariadb-galera-server-5.5.40-2.el6ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2012-5615 https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5539-release-notes/ https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5538-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffNgXlSAg2UNWIIRAsTlAJ9lT4VJNFWcj/1Uq363H50t3oZcrQCgkiyw 9LB+ZlxFEBJJ+hmqLFtKgqo= =GCqB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:16:13 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:16:13 +0000 Subject: [RHSA-2014:1938-01] Moderate: openstack-neutron security and bug fix update Message-ID: <201412021716.sB2HGDEe025935@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security and bug fix update Advisory ID: RHSA-2014:1938-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1938.html Issue date: 2014-12-02 CVE Names: CVE-2014-7821 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service. (CVE-2014-7821) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill, and Michael Xin (Rackspace) as the original reporters. This update also fixes the following bug: * The "/var/log/neutron/" directory was world-readable. With this update, world-read permissions have been removed. (BZ#1149688) All openstack-neutron users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1149688 - /var/log/neutron/ and all logs within it are world readable. 1163457 - CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-neutron-2014.1.3-12.el6ost.src.rpm noarch: openstack-neutron-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-bigswitch-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-brocade-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-cisco-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-embrane-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-hyperv-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-ibm-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-mellanox-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-metaplugin-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-metering-agent-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-midonet-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-ml2-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-nec-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-nuage-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-ofagent-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-openvswitch-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-plumgrid-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-ryu-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-vmware-2014.1.3-12.el6ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.3-12.el6ost.noarch.rpm python-neutron-2014.1.3-12.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7821 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffOrXlSAg2UNWIIRAsYDAJ9h8iUbvSCE/xEcHqV4ROtf/fYVOQCgkE/P fcaqwgmwZd/JK46ibcrNRco= =iCxT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:16:45 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:16:45 +0000 Subject: [RHSA-2014:1939-01] Low: openstack-trove security update Message-ID: <201412021716.sB2HGjLV024320@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-trove security update Advisory ID: RHSA-2014:1939-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1939.html Issue date: 2014-12-02 CVE Names: CVE-2014-7230 CVE-2014-7231 ===================================================================== 1. Summary: Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Database (trove) is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords. (CVE-2014-7230, CVE-2014-7231) The openstack-trove packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1149745) All openstack-trove users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1147722 - CVE-2014-7230 CVE-2014-7231 OpenStack Cinder, Nova, Trove: potential leak of passwords into log files 1149745 - Rebase openstack-trove to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-trove-2014.1.3-1.el7ost.src.rpm noarch: openstack-trove-2014.1.3-1.el7ost.noarch.rpm openstack-trove-api-2014.1.3-1.el7ost.noarch.rpm openstack-trove-common-2014.1.3-1.el7ost.noarch.rpm openstack-trove-conductor-2014.1.3-1.el7ost.noarch.rpm openstack-trove-guestagent-2014.1.3-1.el7ost.noarch.rpm openstack-trove-taskmanager-2014.1.3-1.el7ost.noarch.rpm python-trove-2014.1.3-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7230 https://access.redhat.com/security/cve/CVE-2014-7231 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffPnXlSAg2UNWIIRAsz3AKCPIQT54upJK9ug4yfF7W2QS9W9dgCdHBfQ cuJi/eddAQs7ZIQRhuWDADU= =lFU6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:17:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:17:07 +0000 Subject: [RHSA-2014:1940-01] Important: mariadb-galera security update Message-ID: <201412021717.sB2HH7u7007355@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb-galera security update Advisory ID: RHSA-2014:1940-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1940.html Issue date: 2014-12-02 CVE Names: CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb-galera packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4207) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All mariadb-galera users are advised to upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 882608 - CVE-2012-5615 mysql: Remote Preauth User Enumeration flaw 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: mariadb-galera-5.5.40-2.el7ost.src.rpm x86_64: mariadb-galera-common-5.5.40-2.el7ost.x86_64.rpm mariadb-galera-debuginfo-5.5.40-2.el7ost.x86_64.rpm mariadb-galera-server-5.5.40-2.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2012-5615 https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5539-release-notes/ https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5538-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffQGXlSAg2UNWIIRAj6RAJ9xjohv/USGFIt1AnscfUPPIeW8ewCgnroY 8L+N/nDWR9kD7I5Fc7ngU6Q= =l9/0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:17:26 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:17:26 +0000 Subject: [RHSA-2014:1941-01] Low: qemu-kvm-rhev security update Message-ID: <201412021717.sB2HHRPB031631@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: qemu-kvm-rhev security update Advisory ID: RHSA-2014:1941-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1941.html Issue date: 2014-12-02 CVE Names: CVE-2014-3615 ===================================================================== 1. Summary: Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139115 - CVE-2014-3615 Qemu: information leakage when guest sets high resolution 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: qemu-kvm-rhev-1.5.3-60.el7_0.10.src.rpm x86_64: libcacard-devel-rhev-1.5.3-60.el7_0.10.x86_64.rpm libcacard-rhev-1.5.3-60.el7_0.10.x86_64.rpm libcacard-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-img-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-common-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-rhev-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-rhev-debuginfo-1.5.3-60.el7_0.10.x86_64.rpm qemu-kvm-tools-rhev-1.5.3-60.el7_0.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3615 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffQcXlSAg2UNWIIRAq+KAKDDuMxXwv6lr2MCUPGZbWc+Zy630gCfdQcr Bl8lN8D3kVhd0OeuuOLgIAc= =PBha -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:17:56 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:17:56 +0000 Subject: [RHSA-2014:1942-01] Moderate: openstack-neutron security and bug fix update Message-ID: <201412021717.sB2HHu1I025082@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security and bug fix update Advisory ID: RHSA-2014:1942-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1942.html Issue date: 2014-12-02 CVE Names: CVE-2014-7821 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service. (CVE-2014-7821) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill, and Michael Xin (Rackspace) as the original reporters. This update also fixes the following bugs: * Prior to this update, the network name and UUID were not sent to N1KV during the subnet creation process. Consequently, N1KV was unable to properly associate the network and subnet in its local configuration. This update addresses this issue by sending the required network name and UUID during subnet creation, with the result that they are now properly associated on the N1KV. (BZ#1118508) * Previously, a rollback did not result in all entries being cleared from the N1KV-specific database tables, resulting in the presence of stale entries. This update addresses the issue by performing a proper cleanup of all N1KV tables. Consequently, stale entries are no longer left in the N1KV tables. (BZ#1124991) * Previously, the N1KV OpenStack Networking (neutron) plug-in did not sent the subtype for overlay networks during the network segment pool creation process. This update addresses this issue by sending the required details during the creation process. (BZ#1130336) All openstack-neutron users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1124991 - Clear entries in Cisco N1KV specific tables on rollback 1160350 - Neutron refuses to delete instance associated with multiple floating addresses 1162108 - Unable to delete 'active' namespaces via cleanup utility with "force" attribute 1163457 - CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers 1163470 - dhcp assignments aren't updated on neutron-dhcp-agent restart 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-neutron-2014.1.3-11.el7ost.src.rpm noarch: openstack-neutron-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-brocade-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-cisco-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-embrane-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-hyperv-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-ibm-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-mellanox-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-midonet-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-ml2-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-nec-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-nuage-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-ofagent-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-ryu-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-vmware-2014.1.3-11.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.3-11.el7ost.noarch.rpm python-neutron-2014.1.3-11.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7821 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffQ1XlSAg2UNWIIRAuF2AJwO4K7xlgGeiKB8QDUmWMflrsYS2wCgwYw3 /l0j1w4Qu7XFhzGDI1YS4Wo= =cJFf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 17:18:22 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 17:18:22 +0000 Subject: [RHSA-2014:1943-01] Moderate: kernel-rt security, bug fix, and enhancement update Message-ID: <201412021718.sB2HIMCM018648@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security, bug fix, and enhancement update Advisory ID: RHSA-2014:1943-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1943.html Issue date: 2014-12-02 CVE Names: CVE-2014-7283 CVE-2014-7825 CVE-2014-7826 ===================================================================== 1. Summary: Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. (CVE-2014-7283, Moderate) An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate) An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate) Red Hat would like to thank Robert ?wi?cki for reporting CVE-2014-7825 and CVE-2014-7826. The kernel-rt packages have been upgraded to upstream version 3.10.58, which provides a number of bug fixes and enhancements over the previous version. (BZ#1158105) This update also fixes the following bugs: * Automatic NUMA balancing on a low priority thread could cause memory contention with a high priority thread running in the same process. This contention could trigger poor realtime performance on the system. In order to avoid this potential memory contention, the MRG Realtime kernel now disables NUMA_BALANCING_DEFAULT_ENABLED. (BZ#1158940) * When tracing a bug, WARN*() functions could flood the ring buffer making the trace useless or even overflowing the ring buffer. To address this issue, a traceoff_on_warning option was added to the kernel command line and as a sysctl option. This option disables the writing of the warning messages to the ring buffer, which results in a cleaner trace for debugging. (BZ#1155200) In addition, this update adds the following enhancement: * Support for XHCI (USB 3) is now enabled in the MRG Realtime kernel. (BZ#1134095) All kernel-rt users are advised to upgrade to these updated packages, which contain correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1134095 - Enable XHCI (USB 3.0) for MRG 1148777 - CVE-2014-7283 kernel: xfs: directory hash ordering denial of service 1158105 - rebase to latest upstream stable 3.10 kernel 1161565 - CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.58-rt62.58.el6rt.src.rpm noarch: kernel-rt-doc-3.10.58-rt62.58.el6rt.noarch.rpm kernel-rt-firmware-3.10.58-rt62.58.el6rt.noarch.rpm x86_64: kernel-rt-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-debug-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-devel-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-trace-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.58-rt62.58.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.58-rt62.58.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7283 https://access.redhat.com/security/cve/CVE-2014-7825 https://access.redhat.com/security/cve/CVE-2014-7826 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUffRPXlSAg2UNWIIRAqe7AKC9CEAg+zKYnWJcbaFAF3G/O07wtQCffLla kueIEqSB0ILMaDeikkM2dUo= =uxPB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 23:51:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 23:51:17 +0000 Subject: [RHSA-2014:1948-01] Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update Message-ID: <201412022351.sB2NpHia022918@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update Advisory ID: RHSA-2014:1948-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1948.html Issue date: 2014-12-02 ===================================================================== 1. Summary: Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 The nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525) Users of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1158159 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 [rhel-5.11.z] 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 [rhel-6.6.Z] 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 [rhel-7.0.Z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: nss-3.16.2.3-1.el5_11.src.rpm i386: nss-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-tools-3.16.2.3-1.el5_11.i386.rpm x86_64: nss-3.16.2.3-1.el5_11.i386.rpm nss-3.16.2.3-1.el5_11.x86_64.rpm nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.x86_64.rpm nss-tools-3.16.2.3-1.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: nss-3.16.2.3-1.el5_11.src.rpm i386: nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-devel-3.16.2.3-1.el5_11.i386.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm x86_64: nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.x86_64.rpm nss-devel-3.16.2.3-1.el5_11.i386.rpm nss-devel-3.16.2.3-1.el5_11.x86_64.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: nss-3.16.2.3-1.el5_11.src.rpm i386: nss-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-devel-3.16.2.3-1.el5_11.i386.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm nss-tools-3.16.2.3-1.el5_11.i386.rpm ia64: nss-3.16.2.3-1.el5_11.i386.rpm nss-3.16.2.3-1.el5_11.ia64.rpm nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.ia64.rpm nss-devel-3.16.2.3-1.el5_11.ia64.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.ia64.rpm nss-tools-3.16.2.3-1.el5_11.ia64.rpm ppc: nss-3.16.2.3-1.el5_11.ppc.rpm nss-3.16.2.3-1.el5_11.ppc64.rpm nss-debuginfo-3.16.2.3-1.el5_11.ppc.rpm nss-debuginfo-3.16.2.3-1.el5_11.ppc64.rpm nss-devel-3.16.2.3-1.el5_11.ppc.rpm nss-devel-3.16.2.3-1.el5_11.ppc64.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.ppc.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.ppc64.rpm nss-tools-3.16.2.3-1.el5_11.ppc.rpm s390x: nss-3.16.2.3-1.el5_11.s390.rpm nss-3.16.2.3-1.el5_11.s390x.rpm nss-debuginfo-3.16.2.3-1.el5_11.s390.rpm nss-debuginfo-3.16.2.3-1.el5_11.s390x.rpm nss-devel-3.16.2.3-1.el5_11.s390.rpm nss-devel-3.16.2.3-1.el5_11.s390x.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.s390.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.s390x.rpm nss-tools-3.16.2.3-1.el5_11.s390x.rpm x86_64: nss-3.16.2.3-1.el5_11.i386.rpm nss-3.16.2.3-1.el5_11.x86_64.rpm nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm nss-debuginfo-3.16.2.3-1.el5_11.x86_64.rpm nss-devel-3.16.2.3-1.el5_11.i386.rpm nss-devel-3.16.2.3-1.el5_11.x86_64.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm nss-pkcs11-devel-3.16.2.3-1.el5_11.x86_64.rpm nss-tools-3.16.2.3-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: nss-3.16.2.3-3.el6_6.src.rpm nss-util-3.16.2.3-2.el6_6.src.rpm i386: nss-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-sysinit-3.16.2.3-3.el6_6.i686.rpm nss-tools-3.16.2.3-3.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm x86_64: nss-3.16.2.3-3.el6_6.i686.rpm nss-3.16.2.3-3.el6_6.x86_64.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm nss-tools-3.16.2.3-3.el6_6.x86_64.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm x86_64: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-3.16.2.3-3.el6_6.src.rpm nss-util-3.16.2.3-2.el6_6.src.rpm x86_64: nss-3.16.2.3-3.el6_6.i686.rpm nss-3.16.2.3-3.el6_6.x86_64.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm nss-tools-3.16.2.3-3.el6_6.x86_64.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-3.16.2.3-3.el6_6.src.rpm nss-util-3.16.2.3-2.el6_6.src.rpm i386: nss-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-sysinit-3.16.2.3-3.el6_6.i686.rpm nss-tools-3.16.2.3-3.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm ppc64: nss-3.16.2.3-3.el6_6.ppc.rpm nss-3.16.2.3-3.el6_6.ppc64.rpm nss-debuginfo-3.16.2.3-3.el6_6.ppc.rpm nss-debuginfo-3.16.2.3-3.el6_6.ppc64.rpm nss-devel-3.16.2.3-3.el6_6.ppc.rpm nss-devel-3.16.2.3-3.el6_6.ppc64.rpm nss-sysinit-3.16.2.3-3.el6_6.ppc64.rpm nss-tools-3.16.2.3-3.el6_6.ppc64.rpm nss-util-3.16.2.3-2.el6_6.ppc.rpm nss-util-3.16.2.3-2.el6_6.ppc64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.ppc.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.ppc64.rpm nss-util-devel-3.16.2.3-2.el6_6.ppc.rpm nss-util-devel-3.16.2.3-2.el6_6.ppc64.rpm s390x: nss-3.16.2.3-3.el6_6.s390.rpm nss-3.16.2.3-3.el6_6.s390x.rpm nss-debuginfo-3.16.2.3-3.el6_6.s390.rpm nss-debuginfo-3.16.2.3-3.el6_6.s390x.rpm nss-devel-3.16.2.3-3.el6_6.s390.rpm nss-devel-3.16.2.3-3.el6_6.s390x.rpm nss-sysinit-3.16.2.3-3.el6_6.s390x.rpm nss-tools-3.16.2.3-3.el6_6.s390x.rpm nss-util-3.16.2.3-2.el6_6.s390.rpm nss-util-3.16.2.3-2.el6_6.s390x.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.s390.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.s390x.rpm nss-util-devel-3.16.2.3-2.el6_6.s390.rpm nss-util-devel-3.16.2.3-2.el6_6.s390x.rpm x86_64: nss-3.16.2.3-3.el6_6.i686.rpm nss-3.16.2.3-3.el6_6.x86_64.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm nss-tools-3.16.2.3-3.el6_6.x86_64.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm ppc64: nss-debuginfo-3.16.2.3-3.el6_6.ppc.rpm nss-debuginfo-3.16.2.3-3.el6_6.ppc64.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.ppc.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.ppc64.rpm s390x: nss-debuginfo-3.16.2.3-3.el6_6.s390.rpm nss-debuginfo-3.16.2.3-3.el6_6.s390x.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.s390.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.s390x.rpm x86_64: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-3.16.2.3-3.el6_6.src.rpm nss-util-3.16.2.3-2.el6_6.src.rpm i386: nss-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-sysinit-3.16.2.3-3.el6_6.i686.rpm nss-tools-3.16.2.3-3.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm x86_64: nss-3.16.2.3-3.el6_6.i686.rpm nss-3.16.2.3-3.el6_6.x86_64.rpm nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-devel-3.16.2.3-3.el6_6.i686.rpm nss-devel-3.16.2.3-3.el6_6.x86_64.rpm nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm nss-tools-3.16.2.3-3.el6_6.x86_64.rpm nss-util-3.16.2.3-2.el6_6.i686.rpm nss-util-3.16.2.3-2.el6_6.x86_64.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm nss-util-devel-3.16.2.3-2.el6_6.i686.rpm nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm x86_64: nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: nss-3.16.2.3-2.el7_0.src.rpm nss-softokn-3.16.2.3-1.el7_0.src.rpm nss-util-3.16.2.3-1.el7_0.src.rpm x86_64: nss-3.16.2.3-2.el7_0.i686.rpm nss-3.16.2.3-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-3.16.2.3-1.el7_0.i686.rpm nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm nss-tools-3.16.2.3-2.el7_0.x86_64.rpm nss-util-3.16.2.3-1.el7_0.i686.rpm nss-util-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-devel-3.16.2.3-2.el7_0.i686.rpm nss-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-util-devel-3.16.2.3-1.el7_0.i686.rpm nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.16.2.3-2.el7_0.src.rpm nss-softokn-3.16.2.3-1.el7_0.src.rpm nss-util-3.16.2.3-1.el7_0.src.rpm x86_64: nss-3.16.2.3-2.el7_0.i686.rpm nss-3.16.2.3-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-3.16.2.3-1.el7_0.i686.rpm nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm nss-tools-3.16.2.3-2.el7_0.x86_64.rpm nss-util-3.16.2.3-1.el7_0.i686.rpm nss-util-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-devel-3.16.2.3-2.el7_0.i686.rpm nss-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-util-devel-3.16.2.3-1.el7_0.i686.rpm nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-3.16.2.3-2.el7_0.src.rpm nss-softokn-3.16.2.3-1.el7_0.src.rpm nss-util-3.16.2.3-1.el7_0.src.rpm ppc64: nss-3.16.2.3-2.el7_0.ppc.rpm nss-3.16.2.3-2.el7_0.ppc64.rpm nss-debuginfo-3.16.2.3-2.el7_0.ppc.rpm nss-debuginfo-3.16.2.3-2.el7_0.ppc64.rpm nss-devel-3.16.2.3-2.el7_0.ppc.rpm nss-devel-3.16.2.3-2.el7_0.ppc64.rpm nss-softokn-3.16.2.3-1.el7_0.ppc.rpm nss-softokn-3.16.2.3-1.el7_0.ppc64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.ppc.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.ppc64.rpm nss-softokn-devel-3.16.2.3-1.el7_0.ppc.rpm nss-softokn-devel-3.16.2.3-1.el7_0.ppc64.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.ppc.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.ppc64.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.ppc.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.ppc64.rpm nss-sysinit-3.16.2.3-2.el7_0.ppc64.rpm nss-tools-3.16.2.3-2.el7_0.ppc64.rpm nss-util-3.16.2.3-1.el7_0.ppc.rpm nss-util-3.16.2.3-1.el7_0.ppc64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.ppc.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.ppc64.rpm nss-util-devel-3.16.2.3-1.el7_0.ppc.rpm nss-util-devel-3.16.2.3-1.el7_0.ppc64.rpm s390x: nss-3.16.2.3-2.el7_0.s390.rpm nss-3.16.2.3-2.el7_0.s390x.rpm nss-debuginfo-3.16.2.3-2.el7_0.s390.rpm nss-debuginfo-3.16.2.3-2.el7_0.s390x.rpm nss-devel-3.16.2.3-2.el7_0.s390.rpm nss-devel-3.16.2.3-2.el7_0.s390x.rpm nss-softokn-3.16.2.3-1.el7_0.s390.rpm nss-softokn-3.16.2.3-1.el7_0.s390x.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.s390.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.s390x.rpm nss-softokn-devel-3.16.2.3-1.el7_0.s390.rpm nss-softokn-devel-3.16.2.3-1.el7_0.s390x.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.s390.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.s390x.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.s390.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.s390x.rpm nss-sysinit-3.16.2.3-2.el7_0.s390x.rpm nss-tools-3.16.2.3-2.el7_0.s390x.rpm nss-util-3.16.2.3-1.el7_0.s390.rpm nss-util-3.16.2.3-1.el7_0.s390x.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.s390.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.s390x.rpm nss-util-devel-3.16.2.3-1.el7_0.s390.rpm nss-util-devel-3.16.2.3-1.el7_0.s390x.rpm x86_64: nss-3.16.2.3-2.el7_0.i686.rpm nss-3.16.2.3-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-devel-3.16.2.3-2.el7_0.i686.rpm nss-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-3.16.2.3-1.el7_0.i686.rpm nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm nss-tools-3.16.2.3-2.el7_0.x86_64.rpm nss-util-3.16.2.3-1.el7_0.i686.rpm nss-util-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-util-devel-3.16.2.3-1.el7_0.i686.rpm nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.16.2.3-2.el7_0.ppc.rpm nss-debuginfo-3.16.2.3-2.el7_0.ppc64.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.ppc.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.ppc64.rpm s390x: nss-debuginfo-3.16.2.3-2.el7_0.s390.rpm nss-debuginfo-3.16.2.3-2.el7_0.s390x.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.s390.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.s390x.rpm x86_64: nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-3.16.2.3-2.el7_0.src.rpm nss-softokn-3.16.2.3-1.el7_0.src.rpm nss-util-3.16.2.3-1.el7_0.src.rpm x86_64: nss-3.16.2.3-2.el7_0.i686.rpm nss-3.16.2.3-2.el7_0.x86_64.rpm nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-devel-3.16.2.3-2.el7_0.i686.rpm nss-devel-3.16.2.3-2.el7_0.x86_64.rpm nss-softokn-3.16.2.3-1.el7_0.i686.rpm nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm nss-tools-3.16.2.3-2.el7_0.x86_64.rpm nss-util-3.16.2.3-1.el7_0.i686.rpm nss-util-3.16.2.3-1.el7_0.x86_64.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm nss-util-devel-3.16.2.3-1.el7_0.i686.rpm nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUflBbXlSAg2UNWIIRAu4/AJ48DOLhhJCOz7bEfb2hnrhxuwF/0ACgnlfi jJ4py+iKMGp8SjSnWwB0rUM= =WVGF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 23:52:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 23:52:11 +0000 Subject: [RHSA-2014:1919-01] Critical: firefox security update Message-ID: <201412022352.sB2NqBHC023117@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2014:1919-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1919.html Issue date: 2014-12-02 CVE Names: CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 ===================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) This update disables SSL 3.0 support by default in Firefox. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1283153 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169201 - CVE-2014-1587 Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83) 1169206 - CVE-2014-1590 Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85) 1169208 - CVE-2014-1592 Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87) 1169209 - CVE-2014-1593 Mozilla: Buffer overflow while parsing media content (MFSA 2014-88) 1169210 - CVE-2014-1594 Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-31.3.0-4.el5_11.src.rpm i386: firefox-31.3.0-4.el5_11.i386.rpm firefox-debuginfo-31.3.0-4.el5_11.i386.rpm x86_64: firefox-31.3.0-4.el5_11.i386.rpm firefox-31.3.0-4.el5_11.x86_64.rpm firefox-debuginfo-31.3.0-4.el5_11.i386.rpm firefox-debuginfo-31.3.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-31.3.0-4.el5_11.src.rpm i386: firefox-31.3.0-4.el5_11.i386.rpm firefox-debuginfo-31.3.0-4.el5_11.i386.rpm ia64: firefox-31.3.0-4.el5_11.ia64.rpm firefox-debuginfo-31.3.0-4.el5_11.ia64.rpm ppc: firefox-31.3.0-4.el5_11.ppc.rpm firefox-debuginfo-31.3.0-4.el5_11.ppc.rpm s390x: firefox-31.3.0-4.el5_11.s390.rpm firefox-31.3.0-4.el5_11.s390x.rpm firefox-debuginfo-31.3.0-4.el5_11.s390.rpm firefox-debuginfo-31.3.0-4.el5_11.s390x.rpm x86_64: firefox-31.3.0-4.el5_11.i386.rpm firefox-31.3.0-4.el5_11.x86_64.rpm firefox-debuginfo-31.3.0-4.el5_11.i386.rpm firefox-debuginfo-31.3.0-4.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-31.3.0-3.el6_6.src.rpm i386: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm x86_64: firefox-31.3.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.3.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-31.3.0-3.el6_6.src.rpm x86_64: firefox-31.3.0-3.el6_6.i686.rpm firefox-31.3.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-31.3.0-3.el6_6.src.rpm i386: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm ppc64: firefox-31.3.0-3.el6_6.ppc64.rpm firefox-debuginfo-31.3.0-3.el6_6.ppc64.rpm s390x: firefox-31.3.0-3.el6_6.s390x.rpm firefox-debuginfo-31.3.0-3.el6_6.s390x.rpm x86_64: firefox-31.3.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.3.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-31.3.0-3.el6_6.ppc.rpm firefox-debuginfo-31.3.0-3.el6_6.ppc.rpm s390x: firefox-31.3.0-3.el6_6.s390.rpm firefox-debuginfo-31.3.0-3.el6_6.s390.rpm x86_64: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-31.3.0-3.el6_6.src.rpm i386: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm x86_64: firefox-31.3.0-3.el6_6.x86_64.rpm firefox-debuginfo-31.3.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-31.3.0-3.el6_6.i686.rpm firefox-debuginfo-31.3.0-3.el6_6.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-31.3.0-3.el7_0.src.rpm x86_64: firefox-31.3.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.3.0-3.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-31.3.0-3.el7_0.i686.rpm firefox-debuginfo-31.3.0-3.el7_0.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-31.3.0-3.el7_0.src.rpm ppc64: firefox-31.3.0-3.el7_0.ppc64.rpm firefox-debuginfo-31.3.0-3.el7_0.ppc64.rpm s390x: firefox-31.3.0-3.el7_0.s390x.rpm firefox-debuginfo-31.3.0-3.el7_0.s390x.rpm x86_64: firefox-31.3.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.3.0-3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-31.3.0-3.el7_0.ppc.rpm firefox-debuginfo-31.3.0-3.el7_0.ppc.rpm s390x: firefox-31.3.0-3.el7_0.s390.rpm firefox-debuginfo-31.3.0-3.el7_0.s390.rpm x86_64: firefox-31.3.0-3.el7_0.i686.rpm firefox-debuginfo-31.3.0-3.el7_0.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-31.3.0-3.el7_0.src.rpm x86_64: firefox-31.3.0-3.el7_0.x86_64.rpm firefox-debuginfo-31.3.0-3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-31.3.0-3.el7_0.i686.rpm firefox-debuginfo-31.3.0-3.el7_0.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-1587 https://access.redhat.com/security/cve/CVE-2014-1590 https://access.redhat.com/security/cve/CVE-2014-1592 https://access.redhat.com/security/cve/CVE-2014-1593 https://access.redhat.com/security/cve/CVE-2014-1594 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.3 https://access.redhat.com/articles/1283153 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUflCcXlSAg2UNWIIRAqa4AKC+/EqDOMjeH/wTELQRhQ908Rx8yQCgmK1H W5zr/j3HtMSQKMgKrTMNtGs= =QD9C -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 2 23:52:45 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 2 Dec 2014 23:52:45 +0000 Subject: [RHSA-2014:1924-01] Important: thunderbird security update Message-ID: <201412022352.sB2Nqkp5011029@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2014:1924-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1924.html Issue date: 2014-12-02 CVE Names: CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 ===================================================================== 1. Summary: An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. This update disables SSL 3.0 support by default in Thunderbird. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1284233 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.3.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1169201 - CVE-2014-1587 Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83) 1169206 - CVE-2014-1590 Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85) 1169208 - CVE-2014-1592 Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87) 1169209 - CVE-2014-1593 Mozilla: Buffer overflow while parsing media content (MFSA 2014-88) 1169210 - CVE-2014-1594 Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: thunderbird-31.3.0-1.el5_11.src.rpm i386: thunderbird-31.3.0-1.el5_11.i386.rpm thunderbird-debuginfo-31.3.0-1.el5_11.i386.rpm x86_64: thunderbird-31.3.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm ppc64: thunderbird-31.3.0-1.el6_6.ppc64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.ppc64.rpm s390x: thunderbird-31.3.0-1.el6_6.s390x.rpm thunderbird-debuginfo-31.3.0-1.el6_6.s390x.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-31.3.0-1.el6_6.src.rpm i386: thunderbird-31.3.0-1.el6_6.i686.rpm thunderbird-debuginfo-31.3.0-1.el6_6.i686.rpm x86_64: thunderbird-31.3.0-1.el6_6.x86_64.rpm thunderbird-debuginfo-31.3.0-1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-1587 https://access.redhat.com/security/cve/CVE-2014-1590 https://access.redhat.com/security/cve/CVE-2014-1592 https://access.redhat.com/security/cve/CVE-2014-1593 https://access.redhat.com/security/cve/CVE-2014-1594 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird31.3 https://access.redhat.com/articles/1284233 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUflC+XlSAg2UNWIIRAgygAJ9g68SydaFxO3AUHc0ewD3lSa5pmwCdH7nm KpRbIUTQbd8DuKShztWmkMg= =AiP9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 3 19:29:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Dec 2014 19:29:36 +0000 Subject: [RHSA-2014:1955-01] Moderate: wget security update Message-ID: <201412031929.sB3JTae0019406@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wget security update Advisory ID: RHSA-2014:1955-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1955.html Issue date: 2014-12-03 CVE Names: CVE-2014-4877 ===================================================================== 1. Summary: An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: wget-1.12-1.12.el6_5.src.rpm x86_64: wget-1.12-1.12.el6_5.x86_64.rpm wget-debuginfo-1.12-1.12.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: wget-1.12-1.12.el6_5.src.rpm i386: wget-1.12-1.12.el6_5.i686.rpm wget-debuginfo-1.12-1.12.el6_5.i686.rpm ppc64: wget-1.12-1.12.el6_5.ppc64.rpm wget-debuginfo-1.12-1.12.el6_5.ppc64.rpm s390x: wget-1.12-1.12.el6_5.s390x.rpm wget-debuginfo-1.12-1.12.el6_5.s390x.rpm x86_64: wget-1.12-1.12.el6_5.x86_64.rpm wget-debuginfo-1.12-1.12.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4877 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUf2SHXlSAg2UNWIIRAksGAKCgcxbPFweCqtdBT48JuQ0rcz4GQQCgsCCA ERTvJYUlzaH9ghTT2PXqMJs= =3ppw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 3 19:30:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Dec 2014 19:30:08 +0000 Subject: [RHSA-2014:1956-01] Moderate: wpa_supplicant security update Message-ID: <201412031930.sB3JU9AV002663@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: wpa_supplicant security update Advisory ID: RHSA-2014:1956-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1956.html Issue date: 2014-12-03 CVE Names: CVE-2014-3686 ===================================================================== 1. Summary: An updated wpa_supplicant package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. (CVE-2014-3686) Red Hat would like to thank Jouni Malinen for reporting this issue. All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1151259 - CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: wpa_supplicant-2.0-13.el7_0.src.rpm x86_64: wpa_supplicant-2.0-13.el7_0.x86_64.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: wpa_supplicant-2.0-13.el7_0.src.rpm x86_64: wpa_supplicant-2.0-13.el7_0.x86_64.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: wpa_supplicant-2.0-13.el7_0.src.rpm ppc64: wpa_supplicant-2.0-13.el7_0.ppc64.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.ppc64.rpm s390x: wpa_supplicant-2.0-13.el7_0.s390x.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.s390x.rpm x86_64: wpa_supplicant-2.0-13.el7_0.x86_64.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: wpa_supplicant-2.0-13.el7_0.src.rpm x86_64: wpa_supplicant-2.0-13.el7_0.x86_64.rpm wpa_supplicant-debuginfo-2.0-13.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3686 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUf2SwXlSAg2UNWIIRApUwAJ48U45SYlLj1wa/t3AS5fn7TwMq7QCfY3OR CPExuF9X4TakRzUYDDn2tKM= =5Piw -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 4 17:32:12 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 4 Dec 2014 17:32:12 +0000 Subject: [RHSA-2014:1959-01] Moderate: kernel security and bug fix update Message-ID: <201412041732.sB4HWC7m005876@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2014:1959-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1959.html Issue date: 2014-12-04 CVE Names: CVE-2014-0181 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) Red Hat would like to thank Andy Lutomirski for reporting this issue. This update also fixes the following bugs: * Previously, the kernel did not successfully deliver multicast packets when the multicast querier was disabled. Consequently, the corosync utility terminated unexpectedly and the affected storage node did not join its intended cluster. With this update, multicast packets are delivered properly when the multicast querier is disabled, and corosync handles the node as expected. (BZ#902454) * Previously, the kernel wrote the metadata contained in all system information blocks on a single page of the /proc/sysinfo file. However, when the machine configuration was very extensive and the data did not fit on a single page, the system overwrote random memory regions, which in turn caused data corruption when reading the /proc/sysconf file. With this update, /proc/sysinfo automatically allocates a larger buffer if the data output does not fit the current buffer, which prevents the data corruption. (BZ#1131283) * Prior to this update, the it_real_fn() function did not, in certain cases, successfully acquire the SIGLOCK signal when the do_setitimer() function used the ITIMER_REAL timer. As a consequence, the current process entered an endless loop and became unresponsive. This update fixes the bug and it_real_fn() no longer causes the kernel to become unresponsive. (BZ#1134654) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-400.el5.src.rpm i386: kernel-2.6.18-400.el5.i686.rpm kernel-PAE-2.6.18-400.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-400.el5.i686.rpm kernel-PAE-devel-2.6.18-400.el5.i686.rpm kernel-debug-2.6.18-400.el5.i686.rpm kernel-debug-debuginfo-2.6.18-400.el5.i686.rpm kernel-debug-devel-2.6.18-400.el5.i686.rpm kernel-debuginfo-2.6.18-400.el5.i686.rpm kernel-debuginfo-common-2.6.18-400.el5.i686.rpm kernel-devel-2.6.18-400.el5.i686.rpm kernel-headers-2.6.18-400.el5.i386.rpm kernel-xen-2.6.18-400.el5.i686.rpm kernel-xen-debuginfo-2.6.18-400.el5.i686.rpm kernel-xen-devel-2.6.18-400.el5.i686.rpm noarch: kernel-doc-2.6.18-400.el5.noarch.rpm x86_64: kernel-2.6.18-400.el5.x86_64.rpm kernel-debug-2.6.18-400.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-debug-devel-2.6.18-400.el5.x86_64.rpm kernel-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-400.el5.x86_64.rpm kernel-devel-2.6.18-400.el5.x86_64.rpm kernel-headers-2.6.18-400.el5.x86_64.rpm kernel-xen-2.6.18-400.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-xen-devel-2.6.18-400.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-400.el5.src.rpm i386: kernel-2.6.18-400.el5.i686.rpm kernel-PAE-2.6.18-400.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-400.el5.i686.rpm kernel-PAE-devel-2.6.18-400.el5.i686.rpm kernel-debug-2.6.18-400.el5.i686.rpm kernel-debug-debuginfo-2.6.18-400.el5.i686.rpm kernel-debug-devel-2.6.18-400.el5.i686.rpm kernel-debuginfo-2.6.18-400.el5.i686.rpm kernel-debuginfo-common-2.6.18-400.el5.i686.rpm kernel-devel-2.6.18-400.el5.i686.rpm kernel-headers-2.6.18-400.el5.i386.rpm kernel-xen-2.6.18-400.el5.i686.rpm kernel-xen-debuginfo-2.6.18-400.el5.i686.rpm kernel-xen-devel-2.6.18-400.el5.i686.rpm ia64: kernel-2.6.18-400.el5.ia64.rpm kernel-debug-2.6.18-400.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-400.el5.ia64.rpm kernel-debug-devel-2.6.18-400.el5.ia64.rpm kernel-debuginfo-2.6.18-400.el5.ia64.rpm kernel-debuginfo-common-2.6.18-400.el5.ia64.rpm kernel-devel-2.6.18-400.el5.ia64.rpm kernel-headers-2.6.18-400.el5.ia64.rpm kernel-xen-2.6.18-400.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-400.el5.ia64.rpm kernel-xen-devel-2.6.18-400.el5.ia64.rpm noarch: kernel-doc-2.6.18-400.el5.noarch.rpm ppc: kernel-2.6.18-400.el5.ppc64.rpm kernel-debug-2.6.18-400.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-400.el5.ppc64.rpm kernel-debug-devel-2.6.18-400.el5.ppc64.rpm kernel-debuginfo-2.6.18-400.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-400.el5.ppc64.rpm kernel-devel-2.6.18-400.el5.ppc64.rpm kernel-headers-2.6.18-400.el5.ppc.rpm kernel-headers-2.6.18-400.el5.ppc64.rpm kernel-kdump-2.6.18-400.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-400.el5.ppc64.rpm kernel-kdump-devel-2.6.18-400.el5.ppc64.rpm s390x: kernel-2.6.18-400.el5.s390x.rpm kernel-debug-2.6.18-400.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-400.el5.s390x.rpm kernel-debug-devel-2.6.18-400.el5.s390x.rpm kernel-debuginfo-2.6.18-400.el5.s390x.rpm kernel-debuginfo-common-2.6.18-400.el5.s390x.rpm kernel-devel-2.6.18-400.el5.s390x.rpm kernel-headers-2.6.18-400.el5.s390x.rpm kernel-kdump-2.6.18-400.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-400.el5.s390x.rpm kernel-kdump-devel-2.6.18-400.el5.s390x.rpm x86_64: kernel-2.6.18-400.el5.x86_64.rpm kernel-debug-2.6.18-400.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-debug-devel-2.6.18-400.el5.x86_64.rpm kernel-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-400.el5.x86_64.rpm kernel-devel-2.6.18-400.el5.x86_64.rpm kernel-headers-2.6.18-400.el5.x86_64.rpm kernel-xen-2.6.18-400.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-400.el5.x86_64.rpm kernel-xen-devel-2.6.18-400.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0181 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUgJpjXlSAg2UNWIIRAhyGAKCI8TAZXma9uG+lIS2n276npMOoaACfXN2c A7VHTuVG5mE6iVSEaS2zsrw= =Y/OM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 9 20:53:21 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Dec 2014 20:53:21 +0000 Subject: [RHSA-2014:1971-01] Important: kernel security and bug fix update Message-ID: <201412092053.sB9KrMRo020542@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1971-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1971.html Issue date: 2014-12-09 CVE Names: CVE-2013-2929 CVE-2014-1739 CVE-2014-3181 CVE-2014-3182 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3631 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-4027 CVE-2014-4652 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-5045 CVE-2014-6410 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low) 4. Solution: Red Hat would like to thank Frey Alfredsson for reporting CVE-2014-3631, and Vasily Averin of Parallels for reporting CVE-2014-5045. The CVE-2014-3673 was discovered by Liu Wei of Red Hat. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests 1108744 - CVE-2014-4027 Kernel: target/rd: imformation leakage 1109774 - CVE-2014-1739 Kernel: drivers: media: an information leakage 1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure 1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls 1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid 1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink 1140325 - CVE-2014-3631 kernel: keys: incorrect termination condition in assoc array garbage collection 1141173 - CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver 1141210 - CVE-2014-3182 Kernel: HID: logitech-dj OOB array access 1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines 1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw 1141407 - CVE-2014-3186 Kernel: HID: memory corruption via OOB write 1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs 1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks 1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks 1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.13.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpm perf-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.13.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpm perf-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.13.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpm ppc64: kernel-3.10.0-123.13.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.13.1.el7.ppc64.rpm kernel-debug-3.10.0-123.13.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.13.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.13.1.el7.ppc64.rpm kernel-devel-3.10.0-123.13.1.el7.ppc64.rpm kernel-headers-3.10.0-123.13.1.el7.ppc64.rpm kernel-tools-3.10.0-123.13.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.13.1.el7.ppc64.rpm perf-3.10.0-123.13.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm s390x: kernel-3.10.0-123.13.1.el7.s390x.rpm kernel-debug-3.10.0-123.13.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.s390x.rpm kernel-debug-devel-3.10.0-123.13.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.13.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.13.1.el7.s390x.rpm kernel-devel-3.10.0-123.13.1.el7.s390x.rpm kernel-headers-3.10.0-123.13.1.el7.s390x.rpm kernel-kdump-3.10.0-123.13.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.13.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.13.1.el7.s390x.rpm perf-3.10.0-123.13.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.13.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.s390x.rpm x86_64: kernel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpm perf-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.1.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.13.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.13.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm python-perf-3.10.0-123.13.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.13.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.13.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.13.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.13.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.13.1.el7.s390x.rpm python-perf-3.10.0-123.13.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.13.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpm perf-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm python-perf-3.10.0-123.13.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2929 https://access.redhat.com/security/cve/CVE-2014-1739 https://access.redhat.com/security/cve/CVE-2014-3181 https://access.redhat.com/security/cve/CVE-2014-3182 https://access.redhat.com/security/cve/CVE-2014-3184 https://access.redhat.com/security/cve/CVE-2014-3185 https://access.redhat.com/security/cve/CVE-2014-3186 https://access.redhat.com/security/cve/CVE-2014-3631 https://access.redhat.com/security/cve/CVE-2014-3673 https://access.redhat.com/security/cve/CVE-2014-3687 https://access.redhat.com/security/cve/CVE-2014-3688 https://access.redhat.com/security/cve/CVE-2014-4027 https://access.redhat.com/security/cve/CVE-2014-4652 https://access.redhat.com/security/cve/CVE-2014-4654 https://access.redhat.com/security/cve/CVE-2014-4655 https://access.redhat.com/security/cve/CVE-2014-4656 https://access.redhat.com/security/cve/CVE-2014-5045 https://access.redhat.com/security/cve/CVE-2014-6410 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUh2CJXlSAg2UNWIIRArzSAJ95AhqaUI998VyNBJGQaTXfSHeJuQCdFjTp 6IsJOT0XYi+TiyneMDOm9f4= =a0Ai -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 9 20:55:58 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Dec 2014 20:55:58 +0000 Subject: [RHSA-2014:1972-01] Low: httpd24-httpd security and bug fix update Message-ID: <201412092055.sB9KtwAx003267@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: httpd24-httpd security and bug fix update Advisory ID: RHSA-2014:1972-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1972.html Issue date: 2014-12-09 CVE Names: CVE-2013-5704 CVE-2014-3581 ===================================================================== 1. Summary: Updated httpd24-httpd packages that fix two security issues and one bug are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. (CVE-2014-3581) A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. (CVE-2013-5704) Note: With this update, httpd has been modified to not merge HTTP Trailer headers with other HTTP request headers. A newly introduced configuration directive MergeTrailers can be used to re-enable the old method of processing Trailer headers, which also re-introduces the aforementioned flaw. This update also fixes the following bug: * Prior to this update, the mod_proxy_wstunnel module failed to set up an SSL connection when configured to use a back end server using the "wss:" URL scheme, causing proxied connections to fail. In these updated packages, SSL is used when proxying to "wss:" back end servers. (BZ#1141950) All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1082903 - CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests 1141950 - Request to resolve upstream bug 55320 1149709 - CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.6-22.el6.src.rpm noarch: httpd24-httpd-manual-2.4.6-22.el6.noarch.rpm x86_64: httpd24-httpd-2.4.6-22.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-22.el6.x86_64.rpm httpd24-httpd-devel-2.4.6-22.el6.x86_64.rpm httpd24-httpd-tools-2.4.6-22.el6.x86_64.rpm httpd24-mod_ldap-2.4.6-22.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.6-22.el6.x86_64.rpm httpd24-mod_session-2.4.6-22.el6.x86_64.rpm httpd24-mod_ssl-2.4.6-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: httpd24-httpd-2.4.6-22.el6.src.rpm noarch: httpd24-httpd-manual-2.4.6-22.el6.noarch.rpm x86_64: httpd24-httpd-2.4.6-22.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-22.el6.x86_64.rpm httpd24-httpd-devel-2.4.6-22.el6.x86_64.rpm httpd24-httpd-tools-2.4.6-22.el6.x86_64.rpm httpd24-mod_ldap-2.4.6-22.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.6-22.el6.x86_64.rpm httpd24-mod_session-2.4.6-22.el6.x86_64.rpm httpd24-mod_ssl-2.4.6-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: httpd24-httpd-2.4.6-22.el6.src.rpm noarch: httpd24-httpd-manual-2.4.6-22.el6.noarch.rpm x86_64: httpd24-httpd-2.4.6-22.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-22.el6.x86_64.rpm httpd24-httpd-devel-2.4.6-22.el6.x86_64.rpm httpd24-httpd-tools-2.4.6-22.el6.x86_64.rpm httpd24-mod_ldap-2.4.6-22.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.6-22.el6.x86_64.rpm httpd24-mod_session-2.4.6-22.el6.x86_64.rpm httpd24-mod_ssl-2.4.6-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: httpd24-httpd-2.4.6-22.el6.src.rpm noarch: httpd24-httpd-manual-2.4.6-22.el6.noarch.rpm x86_64: httpd24-httpd-2.4.6-22.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-22.el6.x86_64.rpm httpd24-httpd-devel-2.4.6-22.el6.x86_64.rpm httpd24-httpd-tools-2.4.6-22.el6.x86_64.rpm httpd24-mod_ldap-2.4.6-22.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.6-22.el6.x86_64.rpm httpd24-mod_session-2.4.6-22.el6.x86_64.rpm httpd24-mod_ssl-2.4.6-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.6-22.el6.src.rpm noarch: httpd24-httpd-manual-2.4.6-22.el6.noarch.rpm x86_64: httpd24-httpd-2.4.6-22.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-22.el6.x86_64.rpm httpd24-httpd-devel-2.4.6-22.el6.x86_64.rpm httpd24-httpd-tools-2.4.6-22.el6.x86_64.rpm httpd24-mod_ldap-2.4.6-22.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.6-22.el6.x86_64.rpm httpd24-mod_session-2.4.6-22.el6.x86_64.rpm httpd24-mod_ssl-2.4.6-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.6-25.el7.src.rpm noarch: httpd24-httpd-manual-2.4.6-25.el7.noarch.rpm x86_64: httpd24-httpd-2.4.6-25.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-25.el7.x86_64.rpm httpd24-httpd-devel-2.4.6-25.el7.x86_64.rpm httpd24-httpd-tools-2.4.6-25.el7.x86_64.rpm httpd24-mod_ldap-2.4.6-25.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.6-25.el7.x86_64.rpm httpd24-mod_session-2.4.6-25.el7.x86_64.rpm httpd24-mod_ssl-2.4.6-25.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.6-25.el7.src.rpm noarch: httpd24-httpd-manual-2.4.6-25.el7.noarch.rpm x86_64: httpd24-httpd-2.4.6-25.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.6-25.el7.x86_64.rpm httpd24-httpd-devel-2.4.6-25.el7.x86_64.rpm httpd24-httpd-tools-2.4.6-25.el7.x86_64.rpm httpd24-mod_ldap-2.4.6-25.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.6-25.el7.x86_64.rpm httpd24-mod_session-2.4.6-25.el7.x86_64.rpm httpd24-mod_ssl-2.4.6-25.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-5704 https://access.redhat.com/security/cve/CVE-2014-3581 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFUh2FSXlSAg2UNWIIRAudvAJjX0bNmMy9TpaEFCy15RnFruYumAKC3/408 xi65+FDI/ZqlTVHLwuMWog== =HvGW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 9 21:00:44 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Dec 2014 21:00:44 +0000 Subject: [RHSA-2014:1974-01] Important: rpm security update Message-ID: <201412092100.sB9L0iDv013203@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rpm security update Advisory ID: RHSA-2014:1974-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1974.html Issue date: 2014-12-09 CVE Names: CVE-2013-6435 ===================================================================== 1. Summary: Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) This issue was discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039811 - CVE-2013-6435 rpm: race condition during the installation process 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: rpm-4.4.2.3-36.el5_11.src.rpm i386: popt-1.10.2.3-36.el5_11.i386.rpm rpm-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-libs-4.4.2.3-36.el5_11.i386.rpm rpm-python-4.4.2.3-36.el5_11.i386.rpm x86_64: popt-1.10.2.3-36.el5_11.i386.rpm popt-1.10.2.3-36.el5_11.x86_64.rpm rpm-4.4.2.3-36.el5_11.x86_64.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.x86_64.rpm rpm-libs-4.4.2.3-36.el5_11.i386.rpm rpm-libs-4.4.2.3-36.el5_11.x86_64.rpm rpm-python-4.4.2.3-36.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: rpm-4.4.2.3-36.el5_11.src.rpm i386: rpm-apidocs-4.4.2.3-36.el5_11.i386.rpm rpm-build-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-devel-4.4.2.3-36.el5_11.i386.rpm x86_64: rpm-apidocs-4.4.2.3-36.el5_11.x86_64.rpm rpm-build-4.4.2.3-36.el5_11.x86_64.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.x86_64.rpm rpm-devel-4.4.2.3-36.el5_11.i386.rpm rpm-devel-4.4.2.3-36.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: rpm-4.4.2.3-36.el5_11.src.rpm i386: popt-1.10.2.3-36.el5_11.i386.rpm rpm-4.4.2.3-36.el5_11.i386.rpm rpm-apidocs-4.4.2.3-36.el5_11.i386.rpm rpm-build-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-devel-4.4.2.3-36.el5_11.i386.rpm rpm-libs-4.4.2.3-36.el5_11.i386.rpm rpm-python-4.4.2.3-36.el5_11.i386.rpm ia64: popt-1.10.2.3-36.el5_11.ia64.rpm rpm-4.4.2.3-36.el5_11.ia64.rpm rpm-apidocs-4.4.2.3-36.el5_11.ia64.rpm rpm-build-4.4.2.3-36.el5_11.ia64.rpm rpm-debuginfo-4.4.2.3-36.el5_11.ia64.rpm rpm-devel-4.4.2.3-36.el5_11.ia64.rpm rpm-libs-4.4.2.3-36.el5_11.ia64.rpm rpm-python-4.4.2.3-36.el5_11.ia64.rpm ppc: popt-1.10.2.3-36.el5_11.ppc.rpm popt-1.10.2.3-36.el5_11.ppc64.rpm rpm-4.4.2.3-36.el5_11.ppc.rpm rpm-apidocs-4.4.2.3-36.el5_11.ppc.rpm rpm-build-4.4.2.3-36.el5_11.ppc.rpm rpm-debuginfo-4.4.2.3-36.el5_11.ppc.rpm rpm-debuginfo-4.4.2.3-36.el5_11.ppc64.rpm rpm-devel-4.4.2.3-36.el5_11.ppc.rpm rpm-devel-4.4.2.3-36.el5_11.ppc64.rpm rpm-libs-4.4.2.3-36.el5_11.ppc.rpm rpm-libs-4.4.2.3-36.el5_11.ppc64.rpm rpm-python-4.4.2.3-36.el5_11.ppc.rpm s390x: popt-1.10.2.3-36.el5_11.s390.rpm popt-1.10.2.3-36.el5_11.s390x.rpm rpm-4.4.2.3-36.el5_11.s390x.rpm rpm-apidocs-4.4.2.3-36.el5_11.s390x.rpm rpm-build-4.4.2.3-36.el5_11.s390x.rpm rpm-debuginfo-4.4.2.3-36.el5_11.s390.rpm rpm-debuginfo-4.4.2.3-36.el5_11.s390x.rpm rpm-devel-4.4.2.3-36.el5_11.s390.rpm rpm-devel-4.4.2.3-36.el5_11.s390x.rpm rpm-libs-4.4.2.3-36.el5_11.s390.rpm rpm-libs-4.4.2.3-36.el5_11.s390x.rpm rpm-python-4.4.2.3-36.el5_11.s390x.rpm x86_64: popt-1.10.2.3-36.el5_11.i386.rpm popt-1.10.2.3-36.el5_11.x86_64.rpm rpm-4.4.2.3-36.el5_11.x86_64.rpm rpm-apidocs-4.4.2.3-36.el5_11.x86_64.rpm rpm-build-4.4.2.3-36.el5_11.x86_64.rpm rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm rpm-debuginfo-4.4.2.3-36.el5_11.x86_64.rpm rpm-devel-4.4.2.3-36.el5_11.i386.rpm rpm-devel-4.4.2.3-36.el5_11.x86_64.rpm rpm-libs-4.4.2.3-36.el5_11.i386.rpm rpm-libs-4.4.2.3-36.el5_11.x86_64.rpm rpm-python-4.4.2.3-36.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: rpm-4.8.0-38.el6_6.src.rpm i386: rpm-4.8.0-38.el6_6.i686.rpm rpm-build-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-python-4.8.0-38.el6_6.i686.rpm x86_64: rpm-4.8.0-38.el6_6.x86_64.rpm rpm-build-4.8.0-38.el6_6.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.x86_64.rpm rpm-python-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm noarch: rpm-apidocs-4.8.0-38.el6_6.noarch.rpm rpm-cron-4.8.0-38.el6_6.noarch.rpm x86_64: rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: rpm-4.8.0-38.el6_6.src.rpm x86_64: rpm-4.8.0-38.el6_6.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.x86_64.rpm rpm-python-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: rpm-apidocs-4.8.0-38.el6_6.noarch.rpm rpm-cron-4.8.0-38.el6_6.noarch.rpm x86_64: rpm-build-4.8.0-38.el6_6.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: rpm-4.8.0-38.el6_6.src.rpm i386: rpm-4.8.0-38.el6_6.i686.rpm rpm-build-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-python-4.8.0-38.el6_6.i686.rpm ppc64: rpm-4.8.0-38.el6_6.ppc64.rpm rpm-build-4.8.0-38.el6_6.ppc64.rpm rpm-debuginfo-4.8.0-38.el6_6.ppc.rpm rpm-debuginfo-4.8.0-38.el6_6.ppc64.rpm rpm-devel-4.8.0-38.el6_6.ppc.rpm rpm-devel-4.8.0-38.el6_6.ppc64.rpm rpm-libs-4.8.0-38.el6_6.ppc.rpm rpm-libs-4.8.0-38.el6_6.ppc64.rpm rpm-python-4.8.0-38.el6_6.ppc64.rpm s390x: rpm-4.8.0-38.el6_6.s390x.rpm rpm-build-4.8.0-38.el6_6.s390x.rpm rpm-debuginfo-4.8.0-38.el6_6.s390.rpm rpm-debuginfo-4.8.0-38.el6_6.s390x.rpm rpm-devel-4.8.0-38.el6_6.s390.rpm rpm-devel-4.8.0-38.el6_6.s390x.rpm rpm-libs-4.8.0-38.el6_6.s390.rpm rpm-libs-4.8.0-38.el6_6.s390x.rpm rpm-python-4.8.0-38.el6_6.s390x.rpm x86_64: rpm-4.8.0-38.el6_6.x86_64.rpm rpm-build-4.8.0-38.el6_6.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.x86_64.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.x86_64.rpm rpm-python-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): noarch: rpm-apidocs-4.8.0-38.el6_6.noarch.rpm rpm-cron-4.8.0-38.el6_6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: rpm-4.8.0-38.el6_6.src.rpm i386: rpm-4.8.0-38.el6_6.i686.rpm rpm-build-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-python-4.8.0-38.el6_6.i686.rpm x86_64: rpm-4.8.0-38.el6_6.x86_64.rpm rpm-build-4.8.0-38.el6_6.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_6.i686.rpm rpm-debuginfo-4.8.0-38.el6_6.x86_64.rpm rpm-devel-4.8.0-38.el6_6.i686.rpm rpm-devel-4.8.0-38.el6_6.x86_64.rpm rpm-libs-4.8.0-38.el6_6.i686.rpm rpm-libs-4.8.0-38.el6_6.x86_64.rpm rpm-python-4.8.0-38.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): noarch: rpm-apidocs-4.8.0-38.el6_6.noarch.rpm rpm-cron-4.8.0-38.el6_6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6435 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUh2KCXlSAg2UNWIIRAsSuAKCsaKiG4yUBU6D7/URx/RR2RwgvsQCfVrXu +lAQjyAUFY0TIJSualpMH4I= =vnhz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 9 21:04:14 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Dec 2014 21:04:14 +0000 Subject: [RHSA-2014:1975-01] Important: rpm security update Message-ID: <201412092104.sB9L4EZR007589@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rpm security update Advisory ID: RHSA-2014:1975-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1975.html Issue date: 2014-12-09 CVE Names: CVE-2013-6435 ===================================================================== 1. Summary: Updated rpm packages that fix one security issue are now available Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support, Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - noarch Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - noarch Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - noarch 3. Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) This issue was discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039811 - CVE-2013-6435 rpm: race condition during the installation process 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: rpm-4.4.2.3-24.el5_6.src.rpm i386: popt-1.10.2.3-24.el5_6.i386.rpm rpm-4.4.2.3-24.el5_6.i386.rpm rpm-apidocs-4.4.2.3-24.el5_6.i386.rpm rpm-build-4.4.2.3-24.el5_6.i386.rpm rpm-debuginfo-4.4.2.3-24.el5_6.i386.rpm rpm-devel-4.4.2.3-24.el5_6.i386.rpm rpm-libs-4.4.2.3-24.el5_6.i386.rpm rpm-python-4.4.2.3-24.el5_6.i386.rpm ia64: popt-1.10.2.3-24.el5_6.ia64.rpm rpm-4.4.2.3-24.el5_6.ia64.rpm rpm-apidocs-4.4.2.3-24.el5_6.ia64.rpm rpm-build-4.4.2.3-24.el5_6.ia64.rpm rpm-debuginfo-4.4.2.3-24.el5_6.ia64.rpm rpm-devel-4.4.2.3-24.el5_6.ia64.rpm rpm-libs-4.4.2.3-24.el5_6.ia64.rpm rpm-python-4.4.2.3-24.el5_6.ia64.rpm x86_64: popt-1.10.2.3-24.el5_6.i386.rpm popt-1.10.2.3-24.el5_6.x86_64.rpm rpm-4.4.2.3-24.el5_6.x86_64.rpm rpm-apidocs-4.4.2.3-24.el5_6.x86_64.rpm rpm-build-4.4.2.3-24.el5_6.x86_64.rpm rpm-debuginfo-4.4.2.3-24.el5_6.i386.rpm rpm-debuginfo-4.4.2.3-24.el5_6.x86_64.rpm rpm-devel-4.4.2.3-24.el5_6.i386.rpm rpm-devel-4.4.2.3-24.el5_6.x86_64.rpm rpm-libs-4.4.2.3-24.el5_6.i386.rpm rpm-libs-4.4.2.3-24.el5_6.x86_64.rpm rpm-python-4.4.2.3-24.el5_6.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: rpm-4.4.2.3-34.el5_9.src.rpm i386: popt-1.10.2.3-34.el5_9.i386.rpm rpm-4.4.2.3-34.el5_9.i386.rpm rpm-apidocs-4.4.2.3-34.el5_9.i386.rpm rpm-build-4.4.2.3-34.el5_9.i386.rpm rpm-debuginfo-4.4.2.3-34.el5_9.i386.rpm rpm-devel-4.4.2.3-34.el5_9.i386.rpm rpm-libs-4.4.2.3-34.el5_9.i386.rpm rpm-python-4.4.2.3-34.el5_9.i386.rpm ia64: popt-1.10.2.3-34.el5_9.ia64.rpm rpm-4.4.2.3-34.el5_9.ia64.rpm rpm-apidocs-4.4.2.3-34.el5_9.ia64.rpm rpm-build-4.4.2.3-34.el5_9.ia64.rpm rpm-debuginfo-4.4.2.3-34.el5_9.ia64.rpm rpm-devel-4.4.2.3-34.el5_9.ia64.rpm rpm-libs-4.4.2.3-34.el5_9.ia64.rpm rpm-python-4.4.2.3-34.el5_9.ia64.rpm ppc: popt-1.10.2.3-34.el5_9.ppc.rpm popt-1.10.2.3-34.el5_9.ppc64.rpm rpm-4.4.2.3-34.el5_9.ppc.rpm rpm-apidocs-4.4.2.3-34.el5_9.ppc.rpm rpm-build-4.4.2.3-34.el5_9.ppc.rpm rpm-debuginfo-4.4.2.3-34.el5_9.ppc.rpm rpm-debuginfo-4.4.2.3-34.el5_9.ppc64.rpm rpm-devel-4.4.2.3-34.el5_9.ppc.rpm rpm-devel-4.4.2.3-34.el5_9.ppc64.rpm rpm-libs-4.4.2.3-34.el5_9.ppc.rpm rpm-libs-4.4.2.3-34.el5_9.ppc64.rpm rpm-python-4.4.2.3-34.el5_9.ppc.rpm s390x: popt-1.10.2.3-34.el5_9.s390.rpm popt-1.10.2.3-34.el5_9.s390x.rpm rpm-4.4.2.3-34.el5_9.s390x.rpm rpm-apidocs-4.4.2.3-34.el5_9.s390x.rpm rpm-build-4.4.2.3-34.el5_9.s390x.rpm rpm-debuginfo-4.4.2.3-34.el5_9.s390.rpm rpm-debuginfo-4.4.2.3-34.el5_9.s390x.rpm rpm-devel-4.4.2.3-34.el5_9.s390.rpm rpm-devel-4.4.2.3-34.el5_9.s390x.rpm rpm-libs-4.4.2.3-34.el5_9.s390.rpm rpm-libs-4.4.2.3-34.el5_9.s390x.rpm rpm-python-4.4.2.3-34.el5_9.s390x.rpm x86_64: popt-1.10.2.3-34.el5_9.i386.rpm popt-1.10.2.3-34.el5_9.x86_64.rpm rpm-4.4.2.3-34.el5_9.x86_64.rpm rpm-apidocs-4.4.2.3-34.el5_9.x86_64.rpm rpm-build-4.4.2.3-34.el5_9.x86_64.rpm rpm-debuginfo-4.4.2.3-34.el5_9.i386.rpm rpm-debuginfo-4.4.2.3-34.el5_9.x86_64.rpm rpm-devel-4.4.2.3-34.el5_9.i386.rpm rpm-devel-4.4.2.3-34.el5_9.x86_64.rpm rpm-libs-4.4.2.3-34.el5_9.i386.rpm rpm-libs-4.4.2.3-34.el5_9.x86_64.rpm rpm-python-4.4.2.3-34.el5_9.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: rpm-4.8.0-33.el6_4.src.rpm x86_64: rpm-4.8.0-33.el6_4.x86_64.rpm rpm-debuginfo-4.8.0-33.el6_4.i686.rpm rpm-debuginfo-4.8.0-33.el6_4.x86_64.rpm rpm-libs-4.8.0-33.el6_4.i686.rpm rpm-libs-4.8.0-33.el6_4.x86_64.rpm rpm-python-4.8.0-33.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: rpm-4.8.0-38.el6_5.src.rpm x86_64: rpm-4.8.0-38.el6_5.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_5.i686.rpm rpm-debuginfo-4.8.0-38.el6_5.x86_64.rpm rpm-libs-4.8.0-38.el6_5.i686.rpm rpm-libs-4.8.0-38.el6_5.x86_64.rpm rpm-python-4.8.0-38.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: rpm-4.8.0-33.el6_4.src.rpm noarch: rpm-apidocs-4.8.0-33.el6_4.noarch.rpm rpm-cron-4.8.0-33.el6_4.noarch.rpm x86_64: rpm-build-4.8.0-33.el6_4.x86_64.rpm rpm-debuginfo-4.8.0-33.el6_4.i686.rpm rpm-debuginfo-4.8.0-33.el6_4.x86_64.rpm rpm-devel-4.8.0-33.el6_4.i686.rpm rpm-devel-4.8.0-33.el6_4.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: rpm-4.8.0-38.el6_5.src.rpm noarch: rpm-apidocs-4.8.0-38.el6_5.noarch.rpm rpm-cron-4.8.0-38.el6_5.noarch.rpm x86_64: rpm-build-4.8.0-38.el6_5.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_5.i686.rpm rpm-debuginfo-4.8.0-38.el6_5.x86_64.rpm rpm-devel-4.8.0-38.el6_5.i686.rpm rpm-devel-4.8.0-38.el6_5.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: rpm-4.8.0-20.el6_2.1.src.rpm x86_64: rpm-4.8.0-20.el6_2.1.x86_64.rpm rpm-build-4.8.0-20.el6_2.1.x86_64.rpm rpm-debuginfo-4.8.0-20.el6_2.1.i686.rpm rpm-debuginfo-4.8.0-20.el6_2.1.x86_64.rpm rpm-devel-4.8.0-20.el6_2.1.i686.rpm rpm-devel-4.8.0-20.el6_2.1.x86_64.rpm rpm-libs-4.8.0-20.el6_2.1.i686.rpm rpm-libs-4.8.0-20.el6_2.1.x86_64.rpm rpm-python-4.8.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: rpm-4.8.0-33.el6_4.src.rpm i386: rpm-4.8.0-33.el6_4.i686.rpm rpm-build-4.8.0-33.el6_4.i686.rpm rpm-debuginfo-4.8.0-33.el6_4.i686.rpm rpm-devel-4.8.0-33.el6_4.i686.rpm rpm-libs-4.8.0-33.el6_4.i686.rpm rpm-python-4.8.0-33.el6_4.i686.rpm ppc64: rpm-4.8.0-33.el6_4.ppc64.rpm rpm-build-4.8.0-33.el6_4.ppc64.rpm rpm-debuginfo-4.8.0-33.el6_4.ppc.rpm rpm-debuginfo-4.8.0-33.el6_4.ppc64.rpm rpm-devel-4.8.0-33.el6_4.ppc.rpm rpm-devel-4.8.0-33.el6_4.ppc64.rpm rpm-libs-4.8.0-33.el6_4.ppc.rpm rpm-libs-4.8.0-33.el6_4.ppc64.rpm rpm-python-4.8.0-33.el6_4.ppc64.rpm s390x: rpm-4.8.0-33.el6_4.s390x.rpm rpm-build-4.8.0-33.el6_4.s390x.rpm rpm-debuginfo-4.8.0-33.el6_4.s390.rpm rpm-debuginfo-4.8.0-33.el6_4.s390x.rpm rpm-devel-4.8.0-33.el6_4.s390.rpm rpm-devel-4.8.0-33.el6_4.s390x.rpm rpm-libs-4.8.0-33.el6_4.s390.rpm rpm-libs-4.8.0-33.el6_4.s390x.rpm rpm-python-4.8.0-33.el6_4.s390x.rpm x86_64: rpm-4.8.0-33.el6_4.x86_64.rpm rpm-build-4.8.0-33.el6_4.x86_64.rpm rpm-debuginfo-4.8.0-33.el6_4.i686.rpm rpm-debuginfo-4.8.0-33.el6_4.x86_64.rpm rpm-devel-4.8.0-33.el6_4.i686.rpm rpm-devel-4.8.0-33.el6_4.x86_64.rpm rpm-libs-4.8.0-33.el6_4.i686.rpm rpm-libs-4.8.0-33.el6_4.x86_64.rpm rpm-python-4.8.0-33.el6_4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: rpm-4.8.0-38.el6_5.src.rpm i386: rpm-4.8.0-38.el6_5.i686.rpm rpm-build-4.8.0-38.el6_5.i686.rpm rpm-debuginfo-4.8.0-38.el6_5.i686.rpm rpm-devel-4.8.0-38.el6_5.i686.rpm rpm-libs-4.8.0-38.el6_5.i686.rpm rpm-python-4.8.0-38.el6_5.i686.rpm ppc64: rpm-4.8.0-38.el6_5.ppc64.rpm rpm-build-4.8.0-38.el6_5.ppc64.rpm rpm-debuginfo-4.8.0-38.el6_5.ppc.rpm rpm-debuginfo-4.8.0-38.el6_5.ppc64.rpm rpm-devel-4.8.0-38.el6_5.ppc.rpm rpm-devel-4.8.0-38.el6_5.ppc64.rpm rpm-libs-4.8.0-38.el6_5.ppc.rpm rpm-libs-4.8.0-38.el6_5.ppc64.rpm rpm-python-4.8.0-38.el6_5.ppc64.rpm s390x: rpm-4.8.0-38.el6_5.s390x.rpm rpm-build-4.8.0-38.el6_5.s390x.rpm rpm-debuginfo-4.8.0-38.el6_5.s390.rpm rpm-debuginfo-4.8.0-38.el6_5.s390x.rpm rpm-devel-4.8.0-38.el6_5.s390.rpm rpm-devel-4.8.0-38.el6_5.s390x.rpm rpm-libs-4.8.0-38.el6_5.s390.rpm rpm-libs-4.8.0-38.el6_5.s390x.rpm rpm-python-4.8.0-38.el6_5.s390x.rpm x86_64: rpm-4.8.0-38.el6_5.x86_64.rpm rpm-build-4.8.0-38.el6_5.x86_64.rpm rpm-debuginfo-4.8.0-38.el6_5.i686.rpm rpm-debuginfo-4.8.0-38.el6_5.x86_64.rpm rpm-devel-4.8.0-38.el6_5.i686.rpm rpm-devel-4.8.0-38.el6_5.x86_64.rpm rpm-libs-4.8.0-38.el6_5.i686.rpm rpm-libs-4.8.0-38.el6_5.x86_64.rpm rpm-python-4.8.0-38.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: rpm-4.8.0-20.el6_2.1.src.rpm noarch: rpm-apidocs-4.8.0-20.el6_2.1.noarch.rpm rpm-cron-4.8.0-20.el6_2.1.noarch.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: rpm-4.8.0-33.el6_4.src.rpm noarch: rpm-apidocs-4.8.0-33.el6_4.noarch.rpm rpm-cron-4.8.0-33.el6_4.noarch.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: rpm-4.8.0-38.el6_5.src.rpm noarch: rpm-apidocs-4.8.0-38.el6_5.noarch.rpm rpm-cron-4.8.0-38.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6435 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUh2MhXlSAg2UNWIIRAsbbAKCzpqEMio7o5hdJL3Iqxqd/5UYrFgCfWiu6 h9z49k+FM7YALIBBlz45cQ0= =Mvpn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 9 21:05:24 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Dec 2014 21:05:24 +0000 Subject: [RHSA-2014:1976-01] Important: rpm security update Message-ID: <201412092105.sB9L5OOm023553@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rpm security update Advisory ID: RHSA-2014:1976-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1976.html Issue date: 2014-12-09 CVE Names: CVE-2013-6435 CVE-2014-8118 ===================================================================== 1. Summary: Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039811 - CVE-2013-6435 rpm: race condition during the installation process 1168715 - CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: rpm-4.11.1-18.el7_0.src.rpm x86_64: rpm-4.11.1-18.el7_0.x86_64.rpm rpm-build-4.11.1-18.el7_0.x86_64.rpm rpm-build-libs-4.11.1-18.el7_0.i686.rpm rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-libs-4.11.1-18.el7_0.i686.rpm rpm-libs-4.11.1-18.el7_0.x86_64.rpm rpm-python-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: rpm-apidocs-4.11.1-18.el7_0.noarch.rpm rpm-cron-4.11.1-18.el7_0.noarch.rpm x86_64: rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-devel-4.11.1-18.el7_0.i686.rpm rpm-devel-4.11.1-18.el7_0.x86_64.rpm rpm-sign-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: rpm-4.11.1-18.el7_0.src.rpm x86_64: rpm-4.11.1-18.el7_0.x86_64.rpm rpm-build-4.11.1-18.el7_0.x86_64.rpm rpm-build-libs-4.11.1-18.el7_0.i686.rpm rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-libs-4.11.1-18.el7_0.i686.rpm rpm-libs-4.11.1-18.el7_0.x86_64.rpm rpm-python-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: rpm-apidocs-4.11.1-18.el7_0.noarch.rpm rpm-cron-4.11.1-18.el7_0.noarch.rpm x86_64: rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-devel-4.11.1-18.el7_0.i686.rpm rpm-devel-4.11.1-18.el7_0.x86_64.rpm rpm-sign-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: rpm-4.11.1-18.el7_0.src.rpm ppc64: rpm-4.11.1-18.el7_0.ppc64.rpm rpm-build-4.11.1-18.el7_0.ppc64.rpm rpm-build-libs-4.11.1-18.el7_0.ppc.rpm rpm-build-libs-4.11.1-18.el7_0.ppc64.rpm rpm-debuginfo-4.11.1-18.el7_0.ppc.rpm rpm-debuginfo-4.11.1-18.el7_0.ppc64.rpm rpm-devel-4.11.1-18.el7_0.ppc.rpm rpm-devel-4.11.1-18.el7_0.ppc64.rpm rpm-libs-4.11.1-18.el7_0.ppc.rpm rpm-libs-4.11.1-18.el7_0.ppc64.rpm rpm-python-4.11.1-18.el7_0.ppc64.rpm rpm-sign-4.11.1-18.el7_0.ppc64.rpm s390x: rpm-4.11.1-18.el7_0.s390x.rpm rpm-build-4.11.1-18.el7_0.s390x.rpm rpm-build-libs-4.11.1-18.el7_0.s390.rpm rpm-build-libs-4.11.1-18.el7_0.s390x.rpm rpm-debuginfo-4.11.1-18.el7_0.s390.rpm rpm-debuginfo-4.11.1-18.el7_0.s390x.rpm rpm-devel-4.11.1-18.el7_0.s390.rpm rpm-devel-4.11.1-18.el7_0.s390x.rpm rpm-libs-4.11.1-18.el7_0.s390.rpm rpm-libs-4.11.1-18.el7_0.s390x.rpm rpm-python-4.11.1-18.el7_0.s390x.rpm rpm-sign-4.11.1-18.el7_0.s390x.rpm x86_64: rpm-4.11.1-18.el7_0.x86_64.rpm rpm-build-4.11.1-18.el7_0.x86_64.rpm rpm-build-libs-4.11.1-18.el7_0.i686.rpm rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-devel-4.11.1-18.el7_0.i686.rpm rpm-devel-4.11.1-18.el7_0.x86_64.rpm rpm-libs-4.11.1-18.el7_0.i686.rpm rpm-libs-4.11.1-18.el7_0.x86_64.rpm rpm-python-4.11.1-18.el7_0.x86_64.rpm rpm-sign-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: rpm-apidocs-4.11.1-18.el7_0.noarch.rpm rpm-cron-4.11.1-18.el7_0.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: rpm-4.11.1-18.el7_0.src.rpm x86_64: rpm-4.11.1-18.el7_0.x86_64.rpm rpm-build-4.11.1-18.el7_0.x86_64.rpm rpm-build-libs-4.11.1-18.el7_0.i686.rpm rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm rpm-debuginfo-4.11.1-18.el7_0.i686.rpm rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm rpm-devel-4.11.1-18.el7_0.i686.rpm rpm-devel-4.11.1-18.el7_0.x86_64.rpm rpm-libs-4.11.1-18.el7_0.i686.rpm rpm-libs-4.11.1-18.el7_0.x86_64.rpm rpm-python-4.11.1-18.el7_0.x86_64.rpm rpm-sign-4.11.1-18.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: rpm-apidocs-4.11.1-18.el7_0.noarch.rpm rpm-cron-4.11.1-18.el7_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6435 https://access.redhat.com/security/cve/CVE-2014-8118 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUh2PlXlSAg2UNWIIRArlZAJ9t1p6oLzlaLE9M4yGAZfybw6bYsgCeIChl QCBYgolFcq6zT3YwsCG5LB8= =oaZ3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 10 17:54:03 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Dec 2014 17:54:03 +0000 Subject: [RHSA-2014:1981-01] Critical: flash-plugin security update Message-ID: <201412101754.sBAHs3Un001198@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1981-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1981.html Issue date: 2014-12-10 CVE Names: CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-27, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0587, CVE-2014-8443, CVE-2014-9163, CVE-2014-9164) A flaw in flash-plugin could allow an attacker to bypass the same-origin policy. (CVE-2014-0580) This update fixes an information disclosure flaw in flash-plugin. (CVE-2014-9162) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.425. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1172431 - CVE-2014-0587 CVE-2014-9164 CVE-2014-8443 CVE-2014-9163 flash-plugin: Multiple code-execution flaws (APSB14-27) 1172433 - CVE-2014-9162 flash-plugin: Information disclosure vulnerability (APSB14-27) 1172436 - CVE-2014-0580 flash-plugin: Same-Origin-Policy bypass flaw (APSB14-27) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.425-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.425-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.425-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.425-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.425-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.425-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.425-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.425-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.425-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.425-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0580 https://access.redhat.com/security/cve/CVE-2014-0587 https://access.redhat.com/security/cve/CVE-2014-8443 https://access.redhat.com/security/cve/CVE-2014-9162 https://access.redhat.com/security/cve/CVE-2014-9163 https://access.redhat.com/security/cve/CVE-2014-9164 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-27.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUiIc1XlSAg2UNWIIRAsSpAKCmB3XINkM4F8O89luyizR+uMBvSgCgjGgo Jf+NT4gjTiuGxbKjQooiX1A= =wYY1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 11 20:23:39 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Dec 2014 20:23:39 +0000 Subject: [RHSA-2014:1982-01] Important: xorg-x11-server security update Message-ID: <201412112023.sBBKNdim013479@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xorg-x11-server security update Advisory ID: RHSA-2014:1982-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1982.html Issue date: 2014-12-11 CVE Names: CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1168680 - CVE-2014-8091 xorg-x11-server: denial of service due to unchecked malloc in client authentication 1168684 - CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests 1168688 - CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests 1168694 - CVE-2014-8095 xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension 1168700 - CVE-2014-8096 xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension 1168705 - CVE-2014-8097 xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension 1168707 - CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating length or offset values in GLX extension 1168710 - CVE-2014-8099 xorg-x11-server: out of bounds access due to not validating length or offset values in XVideo extension 1168711 - CVE-2014-8100 xorg-x11-server: out of bounds access due to not validating length or offset values in Render extension 1168713 - CVE-2014-8101 xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension 1168714 - CVE-2014-8102 xorg-x11-server: out of bounds access due to not validating length or offset values in XFixes extension 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: xorg-x11-server-1.1.1-48.107.el5_11.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: xorg-x11-server-1.1.1-48.107.el5_11.src.rpm i386: xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.i386.rpm x86_64: xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: xorg-x11-server-1.1.1-48.107.el5_11.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.i386.rpm ia64: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.ia64.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.ia64.rpm ppc: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.ppc.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.ppc.rpm s390x: xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.s390x.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.s390x.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.s390x.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.s390x.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.107.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8091 https://access.redhat.com/security/cve/CVE-2014-8092 https://access.redhat.com/security/cve/CVE-2014-8093 https://access.redhat.com/security/cve/CVE-2014-8095 https://access.redhat.com/security/cve/CVE-2014-8096 https://access.redhat.com/security/cve/CVE-2014-8097 https://access.redhat.com/security/cve/CVE-2014-8098 https://access.redhat.com/security/cve/CVE-2014-8099 https://access.redhat.com/security/cve/CVE-2014-8100 https://access.redhat.com/security/cve/CVE-2014-8101 https://access.redhat.com/security/cve/CVE-2014-8102 https://access.redhat.com/security/updates/classification/#important http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUif0ZXlSAg2UNWIIRAt0eAJ9oT2Qm+Zee6PpZxGjlkY3dAI5DDgCgl9Qf 6wgzS/bwGtsTNe12Nvx4dvU= =cunD -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 11 20:28:58 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 11 Dec 2014 20:28:58 +0000 Subject: [RHSA-2014:1983-01] Important: xorg-x11-server security update Message-ID: <201412112028.sBBKSwKh028712@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xorg-x11-server security update Advisory ID: RHSA-2014:1983-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1983.html Issue date: 2014-12-11 CVE Names: CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. (CVE-2014-8094) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1168680 - CVE-2014-8091 xorg-x11-server: denial of service due to unchecked malloc in client authentication 1168684 - CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests 1168688 - CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests 1168691 - CVE-2014-8094 xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers() 1168694 - CVE-2014-8095 xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension 1168700 - CVE-2014-8096 xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension 1168705 - CVE-2014-8097 xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension 1168707 - CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating length or offset values in GLX extension 1168710 - CVE-2014-8099 xorg-x11-server: out of bounds access due to not validating length or offset values in XVideo extension 1168711 - CVE-2014-8100 xorg-x11-server: out of bounds access due to not validating length or offset values in Render extension 1168713 - CVE-2014-8101 xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension 1168714 - CVE-2014-8102 xorg-x11-server: out of bounds access due to not validating length or offset values in XFixes extension 1168716 - CVE-2014-8103 xorg-x11-server: out of bounds access due to not validating length or offset values in DRI3 & Present extensions 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: xorg-x11-server-1.15.0-25.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.i686.rpm xorg-x11-server-common-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-25.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: xorg-x11-server-1.15.0-25.el6_6.src.rpm noarch: xorg-x11-server-source-1.15.0-25.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xephyr-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: xorg-x11-server-1.15.0-25.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.i686.rpm xorg-x11-server-common-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm ppc64: xorg-x11-server-Xephyr-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-common-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.15.0-25.el6_6.s390x.rpm xorg-x11-server-common-1.15.0-25.el6_6.s390x.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-25.el6_6.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.ppc.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.ppc64.rpm xorg-x11-server-devel-1.15.0-25.el6_6.ppc.rpm xorg-x11-server-devel-1.15.0-25.el6_6.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.15.0-25.el6_6.s390x.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.s390x.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.s390x.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: xorg-x11-server-1.15.0-25.el6_6.src.rpm i386: xorg-x11-server-Xephyr-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.i686.rpm xorg-x11-server-common-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: xorg-x11-server-Xdmx-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm noarch: xorg-x11-server-source-1.15.0-25.el6_6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-25.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-25.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: xorg-x11-server-1.15.0-7.el7_0.3.src.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: xorg-x11-server-1.15.0-7.el7_0.3.src.rpm noarch: xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xorg-x11-server-1.15.0-7.el7_0.3.src.rpm ppc64: xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.s390x.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.s390x.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.ppc.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.ppc64.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.ppc.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.s390x.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.s390x.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.s390x.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: xorg-x11-server-1.15.0-7.el7_0.3.src.rpm x86_64: xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8091 https://access.redhat.com/security/cve/CVE-2014-8092 https://access.redhat.com/security/cve/CVE-2014-8093 https://access.redhat.com/security/cve/CVE-2014-8094 https://access.redhat.com/security/cve/CVE-2014-8095 https://access.redhat.com/security/cve/CVE-2014-8096 https://access.redhat.com/security/cve/CVE-2014-8097 https://access.redhat.com/security/cve/CVE-2014-8098 https://access.redhat.com/security/cve/CVE-2014-8099 https://access.redhat.com/security/cve/CVE-2014-8100 https://access.redhat.com/security/cve/CVE-2014-8101 https://access.redhat.com/security/cve/CVE-2014-8102 https://access.redhat.com/security/cve/CVE-2014-8103 https://access.redhat.com/security/updates/classification/#important http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUif5zXlSAg2UNWIIRAmHmAJ4xkPLhq3H2ZDVxqGOvy7kk/QWS1QCeNYAy LleWEuiY/Sw0QK1y8Sx4vdw= =cvjL -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 12 03:48:59 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Dec 2014 03:48:59 +0000 Subject: [RHSA-2014:1984-01] Important: bind security update Message-ID: <201412120349.sBC3n0aW030270@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2014:1984-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1984.html Issue date: 2014-12-12 CVE Names: CVE-2014-8500 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1171912 - CVE-2014-8500 bind: delegation handling denial of service 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.2.src.rpm i386: bind-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.2.i386.rpm bind-utils-9.3.6-25.P1.el5_11.2.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm bind-libs-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.2.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-devel-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind-9.3.6-25.P1.el5_11.2.src.rpm i386: bind-9.3.6-25.P1.el5_11.2.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.2.i386.rpm bind-utils-9.3.6-25.P1.el5_11.2.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.2.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.2.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.2.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm bind-libs-9.3.6-25.P1.el5_11.2.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.2.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.2.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.2.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.2.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.2.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.2.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.2.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.2.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.2.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.2.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.2.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.2.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.2.s390.rpm bind-devel-9.3.6-25.P1.el5_11.2.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.2.s390.rpm bind-libs-9.3.6-25.P1.el5_11.2.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.2.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.2.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-devel-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm bind-libs-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.2.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.2.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.30.rc1.el6_6.1.src.rpm i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.i686.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.i686.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.30.rc1.el6_6.1.src.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.30.rc1.el6_6.1.src.rpm i386: bind-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.i686.rpm ppc64: bind-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.ppc.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm s390x: bind-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.s390.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.s390x.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.i686.rpm ppc64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.ppc.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.s390.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.s390x.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.30.rc1.el6_6.1.src.rpm i386: bind-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.i686.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.i686.rpm x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-14.el7_0.1.src.rpm noarch: bind-license-9.9.4-14.el7_0.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-9.9.4-14.el7_0.1.i686.rpm bind-libs-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-lite-9.9.4-14.el7_0.1.i686.rpm bind-libs-lite-9.9.4-14.el7_0.1.x86_64.rpm bind-utils-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-14.el7_0.1.x86_64.rpm bind-chroot-9.9.4-14.el7_0.1.x86_64.rpm bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-devel-9.9.4-14.el7_0.1.i686.rpm bind-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-lite-devel-9.9.4-14.el7_0.1.i686.rpm bind-lite-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-14.el7_0.1.src.rpm noarch: bind-license-9.9.4-14.el7_0.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-9.9.4-14.el7_0.1.i686.rpm bind-libs-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-lite-9.9.4-14.el7_0.1.i686.rpm bind-libs-lite-9.9.4-14.el7_0.1.x86_64.rpm bind-utils-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-14.el7_0.1.x86_64.rpm bind-chroot-9.9.4-14.el7_0.1.x86_64.rpm bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-devel-9.9.4-14.el7_0.1.i686.rpm bind-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-lite-devel-9.9.4-14.el7_0.1.i686.rpm bind-lite-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-14.el7_0.1.src.rpm noarch: bind-license-9.9.4-14.el7_0.1.noarch.rpm ppc64: bind-9.9.4-14.el7_0.1.ppc64.rpm bind-chroot-9.9.4-14.el7_0.1.ppc64.rpm bind-debuginfo-9.9.4-14.el7_0.1.ppc.rpm bind-debuginfo-9.9.4-14.el7_0.1.ppc64.rpm bind-libs-9.9.4-14.el7_0.1.ppc.rpm bind-libs-9.9.4-14.el7_0.1.ppc64.rpm bind-libs-lite-9.9.4-14.el7_0.1.ppc.rpm bind-libs-lite-9.9.4-14.el7_0.1.ppc64.rpm bind-utils-9.9.4-14.el7_0.1.ppc64.rpm s390x: bind-9.9.4-14.el7_0.1.s390x.rpm bind-chroot-9.9.4-14.el7_0.1.s390x.rpm bind-debuginfo-9.9.4-14.el7_0.1.s390.rpm bind-debuginfo-9.9.4-14.el7_0.1.s390x.rpm bind-libs-9.9.4-14.el7_0.1.s390.rpm bind-libs-9.9.4-14.el7_0.1.s390x.rpm bind-libs-lite-9.9.4-14.el7_0.1.s390.rpm bind-libs-lite-9.9.4-14.el7_0.1.s390x.rpm bind-utils-9.9.4-14.el7_0.1.s390x.rpm x86_64: bind-9.9.4-14.el7_0.1.x86_64.rpm bind-chroot-9.9.4-14.el7_0.1.x86_64.rpm bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-9.9.4-14.el7_0.1.i686.rpm bind-libs-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-lite-9.9.4-14.el7_0.1.i686.rpm bind-libs-lite-9.9.4-14.el7_0.1.x86_64.rpm bind-utils-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.9.4-14.el7_0.1.ppc.rpm bind-debuginfo-9.9.4-14.el7_0.1.ppc64.rpm bind-devel-9.9.4-14.el7_0.1.ppc.rpm bind-devel-9.9.4-14.el7_0.1.ppc64.rpm bind-lite-devel-9.9.4-14.el7_0.1.ppc.rpm bind-lite-devel-9.9.4-14.el7_0.1.ppc64.rpm bind-sdb-9.9.4-14.el7_0.1.ppc64.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.ppc64.rpm s390x: bind-debuginfo-9.9.4-14.el7_0.1.s390.rpm bind-debuginfo-9.9.4-14.el7_0.1.s390x.rpm bind-devel-9.9.4-14.el7_0.1.s390.rpm bind-devel-9.9.4-14.el7_0.1.s390x.rpm bind-lite-devel-9.9.4-14.el7_0.1.s390.rpm bind-lite-devel-9.9.4-14.el7_0.1.s390x.rpm bind-sdb-9.9.4-14.el7_0.1.s390x.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.s390x.rpm x86_64: bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-devel-9.9.4-14.el7_0.1.i686.rpm bind-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-lite-devel-9.9.4-14.el7_0.1.i686.rpm bind-lite-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-14.el7_0.1.src.rpm noarch: bind-license-9.9.4-14.el7_0.1.noarch.rpm x86_64: bind-9.9.4-14.el7_0.1.x86_64.rpm bind-chroot-9.9.4-14.el7_0.1.x86_64.rpm bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-9.9.4-14.el7_0.1.i686.rpm bind-libs-9.9.4-14.el7_0.1.x86_64.rpm bind-libs-lite-9.9.4-14.el7_0.1.i686.rpm bind-libs-lite-9.9.4-14.el7_0.1.x86_64.rpm bind-utils-9.9.4-14.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-14.el7_0.1.i686.rpm bind-debuginfo-9.9.4-14.el7_0.1.x86_64.rpm bind-devel-9.9.4-14.el7_0.1.i686.rpm bind-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-lite-devel-9.9.4-14.el7_0.1.i686.rpm bind-lite-devel-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-9.9.4-14.el7_0.1.x86_64.rpm bind-sdb-chroot-9.9.4-14.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8500 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUimVjXlSAg2UNWIIRAmOQAJ0bM+L/z0MeEjlATXI3HyrwocGowgCbBkhA hewZnrQHIyGg/yzxw6+VRno= =AVmY -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Dec 12 03:49:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 12 Dec 2014 03:49:19 +0000 Subject: [RHSA-2014:1985-01] Important: bind97 security update Message-ID: <201412120349.sBC3nJgN030334@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2014:1985-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1985.html Issue date: 2014-12-12 CVE Names: CVE-2014-8500 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1171912 - CVE-2014-8500 bind: delegation handling denial of service 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: bind97-9.7.0-21.P2.el5_11.1.src.rpm i386: bind97-9.7.0-21.P2.el5_11.1.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.1.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.1.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.1.i386.rpm x86_64: bind97-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.1.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.1.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.1.src.rpm i386: bind97-9.7.0-21.P2.el5_11.1.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.1.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.1.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.1.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.1.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.1.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.1.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.1.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.1.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.1.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.1.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.1.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.1.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.1.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.1.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.1.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.1.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.1.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.1.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.1.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.1.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.1.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.1.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8500 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUimW5XlSAg2UNWIIRAqDjAJ9kOvx87T7oa+2zZVBmNEBcyCsyxQCghAfB pWRy8E4HC9JlU9O0iRXnOCQ= =Cquw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 16 20:27:00 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Dec 2014 20:27:00 +0000 Subject: [RHSA-2014:1997-01] Important: kernel security and bug fix update Message-ID: <201412162027.sBGKR1Io010868@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1997-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1997.html Issue date: 2014-12-16 CVE Names: CVE-2012-6657 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes: * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421) 4. Solution: All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1141742 - CVE-2012-6657 Kernel: net: guard tcp_set_keepalive against crash 1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs 1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks 1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks 1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-504.3.3.el6.src.rpm i386: kernel-2.6.32-504.3.3.el6.i686.rpm kernel-debug-2.6.32-504.3.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm kernel-devel-2.6.32-504.3.3.el6.i686.rpm kernel-headers-2.6.32-504.3.3.el6.i686.rpm perf-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm kernel-doc-2.6.32-504.3.3.el6.noarch.rpm kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm kernel-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-headers-2.6.32-504.3.3.el6.x86_64.rpm perf-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-504.3.3.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm kernel-doc-2.6.32-504.3.3.el6.noarch.rpm kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm kernel-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-headers-2.6.32-504.3.3.el6.x86_64.rpm perf-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-504.3.3.el6.src.rpm i386: kernel-2.6.32-504.3.3.el6.i686.rpm kernel-debug-2.6.32-504.3.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm kernel-devel-2.6.32-504.3.3.el6.i686.rpm kernel-headers-2.6.32-504.3.3.el6.i686.rpm perf-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm kernel-doc-2.6.32-504.3.3.el6.noarch.rpm kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm ppc64: kernel-2.6.32-504.3.3.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.3.3.el6.ppc64.rpm kernel-debug-2.6.32-504.3.3.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.3.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.3.3.el6.ppc64.rpm kernel-devel-2.6.32-504.3.3.el6.ppc64.rpm kernel-headers-2.6.32-504.3.3.el6.ppc64.rpm perf-2.6.32-504.3.3.el6.ppc64.rpm perf-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm s390x: kernel-2.6.32-504.3.3.el6.s390x.rpm kernel-debug-2.6.32-504.3.3.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.s390x.rpm kernel-debug-devel-2.6.32-504.3.3.el6.s390x.rpm kernel-debuginfo-2.6.32-504.3.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.3.3.el6.s390x.rpm kernel-devel-2.6.32-504.3.3.el6.s390x.rpm kernel-headers-2.6.32-504.3.3.el6.s390x.rpm kernel-kdump-2.6.32-504.3.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.3.3.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.3.3.el6.s390x.rpm perf-2.6.32-504.3.3.el6.s390x.rpm perf-debuginfo-2.6.32-504.3.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.s390x.rpm x86_64: kernel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm kernel-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-headers-2.6.32-504.3.3.el6.x86_64.rpm perf-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.3.3.el6.ppc64.rpm perf-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm python-perf-2.6.32-504.3.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.3.3.el6.s390x.rpm kernel-debuginfo-2.6.32-504.3.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.3.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.3.3.el6.s390x.rpm perf-debuginfo-2.6.32-504.3.3.el6.s390x.rpm python-perf-2.6.32-504.3.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-504.3.3.el6.src.rpm i386: kernel-2.6.32-504.3.3.el6.i686.rpm kernel-debug-2.6.32-504.3.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm kernel-devel-2.6.32-504.3.3.el6.i686.rpm kernel-headers-2.6.32-504.3.3.el6.i686.rpm perf-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm kernel-doc-2.6.32-504.3.3.el6.noarch.rpm kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm kernel-devel-2.6.32-504.3.3.el6.x86_64.rpm kernel-headers-2.6.32-504.3.3.el6.x86_64.rpm perf-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.3.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.3.3.el6.i686.rpm perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm python-perf-2.6.32-504.3.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.3.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm python-perf-2.6.32-504.3.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.3.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2012-6657 https://access.redhat.com/security/cve/CVE-2014-3673 https://access.redhat.com/security/cve/CVE-2014-3687 https://access.redhat.com/security/cve/CVE-2014-3688 https://access.redhat.com/security/cve/CVE-2014-5471 https://access.redhat.com/security/cve/CVE-2014-5472 https://access.redhat.com/security/cve/CVE-2014-6410 https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkJTmXlSAg2UNWIIRAoBjAJ0fIunXw8Gqmme8IhyfXsX6GAPXuwCeLyVB f8SaYslcit1Z3djjXg8UbCs= =fqKT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 16 20:28:34 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Dec 2014 20:28:34 +0000 Subject: [RHSA-2014:1998-01] Important: kernel-rt security update Message-ID: <201412162028.sBGKSYdC010173@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2014:1998-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1998.html Issue date: 2014-12-16 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel-rt packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. Users are advised to upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.10.58-rt62.60 and correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.58-rt62.60.el6rt.src.rpm noarch: kernel-rt-doc-3.10.58-rt62.60.el6rt.noarch.rpm kernel-rt-firmware-3.10.58-rt62.60.el6rt.noarch.rpm x86_64: kernel-rt-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-debug-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-devel-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-trace-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.58-rt62.60.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.58-rt62.60.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkJWfXlSAg2UNWIIRAqGBAJ4gcYCJe32NFQ6zeFZ0hOR09EUA5wCgrtg1 hI6IE3DvOCTBc5CwgAAqIIQ= =UgWu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 16 20:30:21 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Dec 2014 20:30:21 +0000 Subject: [RHSA-2014:1999-01] Moderate: mailx security update Message-ID: <201412162030.sBGKUMZr020272@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mailx security update Advisory ID: RHSA-2014:1999-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1999.html Issue date: 2014-12-16 CVE Names: CVE-2004-2771 CVE-2014-7844 ===================================================================== 1. Summary: Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162783 - CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: mailx-12.4-8.el6_6.src.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm ppc64: mailx-12.4-8.el6_6.ppc64.rpm mailx-debuginfo-12.4-8.el6_6.ppc64.rpm s390x: mailx-12.4-8.el6_6.s390x.rpm mailx-debuginfo-12.4-8.el6_6.s390x.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mailx-12.5-12.el7_0.src.rpm ppc64: mailx-12.5-12.el7_0.ppc64.rpm mailx-debuginfo-12.5-12.el7_0.ppc64.rpm s390x: mailx-12.5-12.el7_0.s390x.rpm mailx-debuginfo-12.5-12.el7_0.s390x.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2004-2771 https://access.redhat.com/security/cve/CVE-2014-7844 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkJYRXlSAg2UNWIIRAk0bAJoDvlL5ZD0oq+gJIgYsmU9QFvNGIQCgnXUv DXtMMeMpEPGIAEgO56yd46E= =ozlS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 16 22:35:37 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Dec 2014 22:35:37 +0000 Subject: [RHSA-2014:2000-01] Important: thermostat1-thermostat security update Message-ID: <201412162235.sBGMZcuM030181@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: thermostat1-thermostat security update Advisory ID: RHSA-2014:2000-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2000.html Issue date: 2014-12-16 CVE Names: CVE-2014-8120 ===================================================================== 1. Summary: Updated thermostat1-thermostat packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine (JVM) with support for monitoring multiple JVM instances. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-8120) This issue was discovered by Elliott Baron of Red Hat. All thermostat1-thermostat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1168977 - CVE-2014-8120 thermostat: local JMX URL disclosure 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: thermostat1-thermostat-1.0.4-70.6.el7.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-70.6.el7.noarch.rpm thermostat1-thermostat-webapp-1.0.4-70.6.el7.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-70.6.el7.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-70.6.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: thermostat1-thermostat-1.0.4-70.6.el7.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-70.6.el7.noarch.rpm thermostat1-thermostat-webapp-1.0.4-70.6.el7.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-70.6.el7.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-70.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8120 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkLOwXlSAg2UNWIIRAi+sAKCLIiWGrBxQMR3Z9oaEYnxrvCXSLgCfao3E PhRWHjJDSeO6B7wWKIUogME= =ZKMp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 17 19:00:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Dec 2014 19:00:10 +0000 Subject: [RHSA-2014:2008-01] Important: kernel security update Message-ID: <201412171900.sBHJ0ATh019320@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2008-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2008.html Issue date: 2014-12-17 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: kernel-2.6.18-400.1.1.el5.src.rpm i386: kernel-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-400.1.1.el5.i686.rpm kernel-debug-2.6.18-400.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-400.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.i686.rpm kernel-devel-2.6.18-400.1.1.el5.i686.rpm kernel-headers-2.6.18-400.1.1.el5.i386.rpm kernel-xen-2.6.18-400.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-400.1.1.el5.i686.rpm noarch: kernel-doc-2.6.18-400.1.1.el5.noarch.rpm x86_64: kernel-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-400.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.x86_64.rpm kernel-devel-2.6.18-400.1.1.el5.x86_64.rpm kernel-headers-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-400.1.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: kernel-2.6.18-400.1.1.el5.src.rpm i386: kernel-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-PAE-devel-2.6.18-400.1.1.el5.i686.rpm kernel-debug-2.6.18-400.1.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-debug-devel-2.6.18-400.1.1.el5.i686.rpm kernel-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.i686.rpm kernel-devel-2.6.18-400.1.1.el5.i686.rpm kernel-headers-2.6.18-400.1.1.el5.i386.rpm kernel-xen-2.6.18-400.1.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-400.1.1.el5.i686.rpm kernel-xen-devel-2.6.18-400.1.1.el5.i686.rpm ia64: kernel-2.6.18-400.1.1.el5.ia64.rpm kernel-debug-2.6.18-400.1.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.ia64.rpm kernel-debug-devel-2.6.18-400.1.1.el5.ia64.rpm kernel-debuginfo-2.6.18-400.1.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.ia64.rpm kernel-devel-2.6.18-400.1.1.el5.ia64.rpm kernel-headers-2.6.18-400.1.1.el5.ia64.rpm kernel-xen-2.6.18-400.1.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-400.1.1.el5.ia64.rpm kernel-xen-devel-2.6.18-400.1.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-400.1.1.el5.noarch.rpm ppc: kernel-2.6.18-400.1.1.el5.ppc64.rpm kernel-debug-2.6.18-400.1.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-400.1.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-400.1.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.ppc64.rpm kernel-devel-2.6.18-400.1.1.el5.ppc64.rpm kernel-headers-2.6.18-400.1.1.el5.ppc.rpm kernel-headers-2.6.18-400.1.1.el5.ppc64.rpm kernel-kdump-2.6.18-400.1.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-400.1.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-400.1.1.el5.ppc64.rpm s390x: kernel-2.6.18-400.1.1.el5.s390x.rpm kernel-debug-2.6.18-400.1.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.s390x.rpm kernel-debug-devel-2.6.18-400.1.1.el5.s390x.rpm kernel-debuginfo-2.6.18-400.1.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.s390x.rpm kernel-devel-2.6.18-400.1.1.el5.s390x.rpm kernel-headers-2.6.18-400.1.1.el5.s390x.rpm kernel-kdump-2.6.18-400.1.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-400.1.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-400.1.1.el5.s390x.rpm x86_64: kernel-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-400.1.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-400.1.1.el5.x86_64.rpm kernel-devel-2.6.18-400.1.1.el5.x86_64.rpm kernel-headers-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-400.1.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-400.1.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFUkdKhXlSAg2UNWIIRApiIAKC5JAWD808fd8yZBLtBQbDMf412/gCYgIrh Jm2lsAKZguXuFgcrK8tkWQ== =jPCi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 17 19:01:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Dec 2014 19:01:16 +0000 Subject: [RHSA-2014:2009-01] Important: kernel security update Message-ID: <201412171901.sBHJ1HQf019872@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2009-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2009.html Issue date: 2014-12-17 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: kernel-2.6.32-431.40.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.40.2.el6.noarch.rpm kernel-doc-2.6.32-431.40.2.el6.noarch.rpm kernel-firmware-2.6.32-431.40.2.el6.noarch.rpm x86_64: kernel-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.40.2.el6.x86_64.rpm kernel-devel-2.6.32-431.40.2.el6.x86_64.rpm kernel-headers-2.6.32-431.40.2.el6.x86_64.rpm perf-2.6.32-431.40.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: kernel-2.6.32-431.40.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.40.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm python-perf-2.6.32-431.40.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: kernel-2.6.32-431.40.2.el6.src.rpm i386: kernel-2.6.32-431.40.2.el6.i686.rpm kernel-debug-2.6.32-431.40.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.40.2.el6.i686.rpm kernel-debug-devel-2.6.32-431.40.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.40.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.40.2.el6.i686.rpm kernel-devel-2.6.32-431.40.2.el6.i686.rpm kernel-headers-2.6.32-431.40.2.el6.i686.rpm perf-2.6.32-431.40.2.el6.i686.rpm perf-debuginfo-2.6.32-431.40.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.40.2.el6.noarch.rpm kernel-doc-2.6.32-431.40.2.el6.noarch.rpm kernel-firmware-2.6.32-431.40.2.el6.noarch.rpm ppc64: kernel-2.6.32-431.40.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.40.2.el6.ppc64.rpm kernel-debug-2.6.32-431.40.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.40.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.40.2.el6.ppc64.rpm kernel-devel-2.6.32-431.40.2.el6.ppc64.rpm kernel-headers-2.6.32-431.40.2.el6.ppc64.rpm perf-2.6.32-431.40.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm s390x: kernel-2.6.32-431.40.2.el6.s390x.rpm kernel-debug-2.6.32-431.40.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.40.2.el6.s390x.rpm kernel-debug-devel-2.6.32-431.40.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.40.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.40.2.el6.s390x.rpm kernel-devel-2.6.32-431.40.2.el6.s390x.rpm kernel-headers-2.6.32-431.40.2.el6.s390x.rpm kernel-kdump-2.6.32-431.40.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.40.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.40.2.el6.s390x.rpm perf-2.6.32-431.40.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.40.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.s390x.rpm x86_64: kernel-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.40.2.el6.x86_64.rpm kernel-devel-2.6.32-431.40.2.el6.x86_64.rpm kernel-headers-2.6.32-431.40.2.el6.x86_64.rpm perf-2.6.32-431.40.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: kernel-2.6.32-431.40.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.40.2.el6.i686.rpm kernel-debuginfo-2.6.32-431.40.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.40.2.el6.i686.rpm perf-debuginfo-2.6.32-431.40.2.el6.i686.rpm python-perf-2.6.32-431.40.2.el6.i686.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.40.2.el6.ppc64.rpm perf-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm python-perf-2.6.32-431.40.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.40.2.el6.s390x.rpm kernel-debuginfo-2.6.32-431.40.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.40.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.40.2.el6.s390x.rpm perf-debuginfo-2.6.32-431.40.2.el6.s390x.rpm python-perf-2.6.32-431.40.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.40.2.el6.x86_64.rpm perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm python-perf-2.6.32-431.40.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.40.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkdLtXlSAg2UNWIIRAsS5AJ9TiKg1hfb5Njpqg9VpPuzAzzIxkQCgunnv ZXLJsMXw2+lvy3vDCSnJpbQ= =kJMz -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 18 08:38:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Dec 2014 08:38:17 +0000 Subject: [RHSA-2014:2010-01] Important: kernel security update Message-ID: <201412180828.sBI8SirU024995@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2010-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2010.html Issue date: 2014-12-18 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.13.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-headers-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.2.el7.x86_64.rpm perf-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.13.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-headers-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.2.el7.x86_64.rpm perf-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.13.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.2.el7.noarch.rpm ppc64: kernel-3.10.0-123.13.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.13.2.el7.ppc64.rpm kernel-debug-3.10.0-123.13.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.13.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.13.2.el7.ppc64.rpm kernel-devel-3.10.0-123.13.2.el7.ppc64.rpm kernel-headers-3.10.0-123.13.2.el7.ppc64.rpm kernel-tools-3.10.0-123.13.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.13.2.el7.ppc64.rpm perf-3.10.0-123.13.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm s390x: kernel-3.10.0-123.13.2.el7.s390x.rpm kernel-debug-3.10.0-123.13.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.s390x.rpm kernel-debug-devel-3.10.0-123.13.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.13.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.13.2.el7.s390x.rpm kernel-devel-3.10.0-123.13.2.el7.s390x.rpm kernel-headers-3.10.0-123.13.2.el7.s390x.rpm kernel-kdump-3.10.0-123.13.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.13.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.13.2.el7.s390x.rpm perf-3.10.0-123.13.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.13.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.s390x.rpm x86_64: kernel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-headers-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.2.el7.x86_64.rpm perf-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.2.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.13.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.13.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm python-perf-3.10.0-123.13.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.13.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.13.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.13.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.13.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.13.2.el7.s390x.rpm python-perf-3.10.0-123.13.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.13.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-devel-3.10.0-123.13.2.el7.x86_64.rpm kernel-headers-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.13.2.el7.x86_64.rpm perf-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.13.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.13.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm python-perf-3.10.0-123.13.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.13.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkpAqXlSAg2UNWIIRAkbiAJ0QQdBy3Vx8SuCWHkXFYISmEwgDpgCfXoRQ kMUQukqr9mZimlZjA5fYaFM= =B/n5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 18 18:50:09 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Dec 2014 18:50:09 +0000 Subject: [RHSA-2014:2021-01] Important: jasper security update Message-ID: <201412181850.sBIIoAW8027052@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: jasper security update Advisory ID: RHSA-2014:2021-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2021.html Issue date: 2014-12-18 CVE Names: CVE-2014-8137 CVE-2014-8138 CVE-2014-9029 ===================================================================== 1. Summary: Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) 1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) 1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: jasper-1.900.1-16.el6_6.2.src.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm ppc64: jasper-1.900.1-16.el6_6.2.ppc64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc64.rpm jasper-libs-1.900.1-16.el6_6.2.ppc.rpm jasper-libs-1.900.1-16.el6_6.2.ppc64.rpm s390x: jasper-1.900.1-16.el6_6.2.s390x.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390x.rpm jasper-libs-1.900.1-16.el6_6.2.s390.rpm jasper-libs-1.900.1-16.el6_6.2.s390x.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm ppc64: jasper-debuginfo-1.900.1-16.el6_6.2.ppc.rpm jasper-debuginfo-1.900.1-16.el6_6.2.ppc64.rpm jasper-devel-1.900.1-16.el6_6.2.ppc.rpm jasper-devel-1.900.1-16.el6_6.2.ppc64.rpm jasper-utils-1.900.1-16.el6_6.2.ppc64.rpm s390x: jasper-debuginfo-1.900.1-16.el6_6.2.s390.rpm jasper-debuginfo-1.900.1-16.el6_6.2.s390x.rpm jasper-devel-1.900.1-16.el6_6.2.s390.rpm jasper-devel-1.900.1-16.el6_6.2.s390x.rpm jasper-utils-1.900.1-16.el6_6.2.s390x.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: jasper-1.900.1-16.el6_6.2.src.rpm i386: jasper-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-1.900.1-16.el6_6.2.x86_64.rpm jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-libs-1.900.1-16.el6_6.2.i686.rpm jasper-libs-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-utils-1.900.1-16.el6_6.2.i686.rpm x86_64: jasper-debuginfo-1.900.1-16.el6_6.2.i686.rpm jasper-debuginfo-1.900.1-16.el6_6.2.x86_64.rpm jasper-devel-1.900.1-16.el6_6.2.i686.rpm jasper-devel-1.900.1-16.el6_6.2.x86_64.rpm jasper-utils-1.900.1-16.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm ppc64: jasper-debuginfo-1.900.1-26.el7_0.2.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc64.rpm jasper-libs-1.900.1-26.el7_0.2.ppc.rpm jasper-libs-1.900.1-26.el7_0.2.ppc64.rpm s390x: jasper-debuginfo-1.900.1-26.el7_0.2.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390x.rpm jasper-libs-1.900.1-26.el7_0.2.s390.rpm jasper-libs-1.900.1-26.el7_0.2.s390x.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: jasper-1.900.1-26.el7_0.2.ppc64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc.rpm jasper-debuginfo-1.900.1-26.el7_0.2.ppc64.rpm jasper-devel-1.900.1-26.el7_0.2.ppc.rpm jasper-devel-1.900.1-26.el7_0.2.ppc64.rpm jasper-utils-1.900.1-26.el7_0.2.ppc64.rpm s390x: jasper-1.900.1-26.el7_0.2.s390x.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390.rpm jasper-debuginfo-1.900.1-26.el7_0.2.s390x.rpm jasper-devel-1.900.1-26.el7_0.2.s390.rpm jasper-devel-1.900.1-26.el7_0.2.s390x.rpm jasper-utils-1.900.1-26.el7_0.2.s390x.rpm x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: jasper-1.900.1-26.el7_0.2.src.rpm x86_64: jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-libs-1.900.1-26.el7_0.2.i686.rpm jasper-libs-1.900.1-26.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: jasper-1.900.1-26.el7_0.2.x86_64.rpm jasper-debuginfo-1.900.1-26.el7_0.2.i686.rpm jasper-debuginfo-1.900.1-26.el7_0.2.x86_64.rpm jasper-devel-1.900.1-26.el7_0.2.i686.rpm jasper-devel-1.900.1-26.el7_0.2.x86_64.rpm jasper-utils-1.900.1-26.el7_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8137 https://access.redhat.com/security/cve/CVE-2014-8138 https://access.redhat.com/security/cve/CVE-2014-9029 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkyHIXlSAg2UNWIIRAoobAKCsxKtKzqLHJaYmB8IYMD3Zk1lm5QCeK0hr GoVie2/qPWgMSRKDjAdryvQ= =x5ZP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 18 20:33:15 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 18 Dec 2014 20:33:15 +0000 Subject: [RHSA-2014:2023-01] Moderate: glibc security and bug fix update Message-ID: <201412182033.sBIKXGnR004020@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2014:2023-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2023.html Issue date: 2014-12-18 CVE Names: CVE-2014-7817 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) This issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bug: * Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur. (BZ#1170187) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1157689 - CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified 1170187 - Problems when using ftruncate on files opened in append mode 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-55.el7_0.3.src.rpm x86_64: glibc-2.17-55.el7_0.3.i686.rpm glibc-2.17-55.el7_0.3.x86_64.rpm glibc-common-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-devel-2.17-55.el7_0.3.i686.rpm glibc-devel-2.17-55.el7_0.3.x86_64.rpm glibc-headers-2.17-55.el7_0.3.x86_64.rpm glibc-utils-2.17-55.el7_0.3.x86_64.rpm nscd-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-static-2.17-55.el7_0.3.i686.rpm glibc-static-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-55.el7_0.3.src.rpm x86_64: glibc-2.17-55.el7_0.3.i686.rpm glibc-2.17-55.el7_0.3.x86_64.rpm glibc-common-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-devel-2.17-55.el7_0.3.i686.rpm glibc-devel-2.17-55.el7_0.3.x86_64.rpm glibc-headers-2.17-55.el7_0.3.x86_64.rpm glibc-utils-2.17-55.el7_0.3.x86_64.rpm nscd-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-static-2.17-55.el7_0.3.i686.rpm glibc-static-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-55.el7_0.3.src.rpm ppc64: glibc-2.17-55.el7_0.3.ppc.rpm glibc-2.17-55.el7_0.3.ppc64.rpm glibc-common-2.17-55.el7_0.3.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.3.ppc.rpm glibc-debuginfo-2.17-55.el7_0.3.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.3.ppc64.rpm glibc-devel-2.17-55.el7_0.3.ppc.rpm glibc-devel-2.17-55.el7_0.3.ppc64.rpm glibc-headers-2.17-55.el7_0.3.ppc64.rpm glibc-utils-2.17-55.el7_0.3.ppc64.rpm nscd-2.17-55.el7_0.3.ppc64.rpm s390x: glibc-2.17-55.el7_0.3.s390.rpm glibc-2.17-55.el7_0.3.s390x.rpm glibc-common-2.17-55.el7_0.3.s390x.rpm glibc-debuginfo-2.17-55.el7_0.3.s390.rpm glibc-debuginfo-2.17-55.el7_0.3.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.3.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.3.s390x.rpm glibc-devel-2.17-55.el7_0.3.s390.rpm glibc-devel-2.17-55.el7_0.3.s390x.rpm glibc-headers-2.17-55.el7_0.3.s390x.rpm glibc-utils-2.17-55.el7_0.3.s390x.rpm nscd-2.17-55.el7_0.3.s390x.rpm x86_64: glibc-2.17-55.el7_0.3.i686.rpm glibc-2.17-55.el7_0.3.x86_64.rpm glibc-common-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-devel-2.17-55.el7_0.3.i686.rpm glibc-devel-2.17-55.el7_0.3.x86_64.rpm glibc-headers-2.17-55.el7_0.3.x86_64.rpm glibc-utils-2.17-55.el7_0.3.x86_64.rpm nscd-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-55.el7_0.3.ppc.rpm glibc-debuginfo-2.17-55.el7_0.3.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.3.ppc64.rpm glibc-static-2.17-55.el7_0.3.ppc.rpm glibc-static-2.17-55.el7_0.3.ppc64.rpm s390x: glibc-debuginfo-2.17-55.el7_0.3.s390.rpm glibc-debuginfo-2.17-55.el7_0.3.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.3.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.3.s390x.rpm glibc-static-2.17-55.el7_0.3.s390.rpm glibc-static-2.17-55.el7_0.3.s390x.rpm x86_64: glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-static-2.17-55.el7_0.3.i686.rpm glibc-static-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-55.el7_0.3.src.rpm x86_64: glibc-2.17-55.el7_0.3.i686.rpm glibc-2.17-55.el7_0.3.x86_64.rpm glibc-common-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-devel-2.17-55.el7_0.3.i686.rpm glibc-devel-2.17-55.el7_0.3.x86_64.rpm glibc-headers-2.17-55.el7_0.3.x86_64.rpm glibc-utils-2.17-55.el7_0.3.x86_64.rpm nscd-2.17-55.el7_0.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-2.17-55.el7_0.3.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.3.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.3.x86_64.rpm glibc-static-2.17-55.el7_0.3.i686.rpm glibc-static-2.17-55.el7_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7817 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUkznzXlSAg2UNWIIRAlVGAKCur2sagpyDtmtF7hG77CNsIEofkwCgtYJi AqP8rukGmHmeK9XtLqZahx4= =RU5+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Dec 20 02:45:01 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 20 Dec 2014 02:45:01 +0000 Subject: [RHSA-2014:2024-01] Important: ntp security update Message-ID: <201412200245.sBK2j1CS006555@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2024-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2024.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm ppc64: ntp-4.2.6p5-2.el6_6.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntpdate-4.2.6p5-2.el6_6.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_6.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntpdate-4.2.6p5-2.el6_6.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntp-perl-4.2.6p5-2.el6_6.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntp-perl-4.2.6p5-2.el6_6.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm ppc64: ntp-4.2.6p5-19.el7_0.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm ntpdate-4.2.6p5-19.el7_0.ppc64.rpm s390x: ntp-4.2.6p5-19.el7_0.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm ntpdate-4.2.6p5-19.el7_0.s390x.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm sntp-4.2.6p5-19.el7_0.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm sntp-4.2.6p5-19.el7_0.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc EvBImTd+Vq7//UExow1FP4U= =m/Eb -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Dec 20 02:45:31 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 20 Dec 2014 02:45:31 +0000 Subject: [RHSA-2014:2025-01] Important: ntp security update Message-ID: <201412200245.sBK2jW9u022173@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2025-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2025.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ntp-4.2.2p1-18.el5_11.src.rpm i386: ntp-4.2.2p1-18.el5_11.i386.rpm ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm x86_64: ntp-4.2.2p1-18.el5_11.x86_64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ntp-4.2.2p1-18.el5_11.src.rpm i386: ntp-4.2.2p1-18.el5_11.i386.rpm ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm ia64: ntp-4.2.2p1-18.el5_11.ia64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.ia64.rpm ppc: ntp-4.2.2p1-18.el5_11.ppc.rpm ntp-debuginfo-4.2.2p1-18.el5_11.ppc.rpm s390x: ntp-4.2.2p1-18.el5_11.s390x.rpm ntp-debuginfo-4.2.2p1-18.el5_11.s390x.rpm x86_64: ntp-4.2.2p1-18.el5_11.x86_64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUlOK5XlSAg2UNWIIRAjqWAKCSca9s0BI59EvKuZnchQpcOfrj7wCgrae3 UA8SnygB/UEFPTKirinHijI= =kt9k -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 22 19:38:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Dec 2014 19:38:36 +0000 Subject: [RHSA-2014:2028-01] Important: kernel security update Message-ID: <201412221938.sBMJcavf008003@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2028-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2028.html Issue date: 2014-12-22 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux AUS (v. 6.2 server): Source: kernel-2.6.32-220.57.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.57.1.el6.noarch.rpm kernel-firmware-2.6.32-220.57.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.57.1.el6.x86_64.rpm kernel-debug-2.6.32-220.57.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.57.1.el6.x86_64.rpm kernel-devel-2.6.32-220.57.1.el6.x86_64.rpm kernel-headers-2.6.32-220.57.1.el6.x86_64.rpm perf-2.6.32-220.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.57.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.57.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm python-perf-2.6.32-220.57.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.57.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUmHL6XlSAg2UNWIIRAgM8AJsGDi0gGOib1XnzUW4QVWrxZS6lHgCdHvhs Fx8iYlSesGGjlYB0RFE2DRw= =CcA5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 22 19:39:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Dec 2014 19:39:17 +0000 Subject: [RHSA-2014:2029-01] Important: kernel security update Message-ID: <201412221939.sBMJdHqD008302@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2029-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2029.html Issue date: 2014-12-22 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux EUS (v. 5.9 server): Source: kernel-2.6.18-348.29.1.el5.src.rpm i386: kernel-2.6.18-348.29.1.el5.i686.rpm kernel-PAE-2.6.18-348.29.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.29.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.29.1.el5.i686.rpm kernel-debug-2.6.18-348.29.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.29.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.29.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.29.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.29.1.el5.i686.rpm kernel-devel-2.6.18-348.29.1.el5.i686.rpm kernel-headers-2.6.18-348.29.1.el5.i386.rpm kernel-xen-2.6.18-348.29.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.29.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.29.1.el5.i686.rpm ia64: kernel-2.6.18-348.29.1.el5.ia64.rpm kernel-debug-2.6.18-348.29.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.29.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.29.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.29.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.29.1.el5.ia64.rpm kernel-devel-2.6.18-348.29.1.el5.ia64.rpm kernel-headers-2.6.18-348.29.1.el5.ia64.rpm kernel-xen-2.6.18-348.29.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.29.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.29.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.29.1.el5.noarch.rpm ppc: kernel-2.6.18-348.29.1.el5.ppc64.rpm kernel-debug-2.6.18-348.29.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.29.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.29.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.29.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.29.1.el5.ppc64.rpm kernel-devel-2.6.18-348.29.1.el5.ppc64.rpm kernel-headers-2.6.18-348.29.1.el5.ppc.rpm kernel-headers-2.6.18-348.29.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.29.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.29.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.29.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.29.1.el5.s390x.rpm kernel-debug-2.6.18-348.29.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.29.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.29.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.29.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.29.1.el5.s390x.rpm kernel-devel-2.6.18-348.29.1.el5.s390x.rpm kernel-headers-2.6.18-348.29.1.el5.s390x.rpm kernel-kdump-2.6.18-348.29.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.29.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.29.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.29.1.el5.x86_64.rpm kernel-debug-2.6.18-348.29.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.29.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.29.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.29.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.29.1.el5.x86_64.rpm kernel-devel-2.6.18-348.29.1.el5.x86_64.rpm kernel-headers-2.6.18-348.29.1.el5.x86_64.rpm kernel-xen-2.6.18-348.29.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.29.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.29.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUmHNZXlSAg2UNWIIRAuRXAJ4nZYqWCEx9iYL9pvr7hNbyWcsTNACgqkpE gvrjY1IeUy4HAhHjnIaZHGY= =6x57 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 22 19:40:56 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Dec 2014 19:40:56 +0000 Subject: [RHSA-2014:2030-01] Important: kernel security update Message-ID: <201412221940.sBMJeuRb008047@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2030-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2030.html Issue date: 2014-12-22 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: kernel-2.6.32-358.51.2.el6.src.rpm noarch: kernel-doc-2.6.32-358.51.2.el6.noarch.rpm kernel-firmware-2.6.32-358.51.2.el6.noarch.rpm x86_64: kernel-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.2.el6.x86_64.rpm kernel-devel-2.6.32-358.51.2.el6.x86_64.rpm kernel-headers-2.6.32-358.51.2.el6.x86_64.rpm perf-2.6.32-358.51.2.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.51.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.2.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm python-perf-2.6.32-358.51.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: kernel-2.6.32-358.51.2.el6.src.rpm i386: kernel-2.6.32-358.51.2.el6.i686.rpm kernel-debug-2.6.32-358.51.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.51.2.el6.i686.rpm kernel-debug-devel-2.6.32-358.51.2.el6.i686.rpm kernel-debuginfo-2.6.32-358.51.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.51.2.el6.i686.rpm kernel-devel-2.6.32-358.51.2.el6.i686.rpm kernel-headers-2.6.32-358.51.2.el6.i686.rpm perf-2.6.32-358.51.2.el6.i686.rpm perf-debuginfo-2.6.32-358.51.2.el6.i686.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.i686.rpm noarch: kernel-doc-2.6.32-358.51.2.el6.noarch.rpm kernel-firmware-2.6.32-358.51.2.el6.noarch.rpm ppc64: kernel-2.6.32-358.51.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.51.2.el6.ppc64.rpm kernel-debug-2.6.32-358.51.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.51.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.51.2.el6.ppc64.rpm kernel-devel-2.6.32-358.51.2.el6.ppc64.rpm kernel-headers-2.6.32-358.51.2.el6.ppc64.rpm perf-2.6.32-358.51.2.el6.ppc64.rpm perf-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm s390x: kernel-2.6.32-358.51.2.el6.s390x.rpm kernel-debug-2.6.32-358.51.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.51.2.el6.s390x.rpm kernel-debug-devel-2.6.32-358.51.2.el6.s390x.rpm kernel-debuginfo-2.6.32-358.51.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.51.2.el6.s390x.rpm kernel-devel-2.6.32-358.51.2.el6.s390x.rpm kernel-headers-2.6.32-358.51.2.el6.s390x.rpm kernel-kdump-2.6.32-358.51.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.51.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.51.2.el6.s390x.rpm perf-2.6.32-358.51.2.el6.s390x.rpm perf-debuginfo-2.6.32-358.51.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.s390x.rpm x86_64: kernel-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.2.el6.x86_64.rpm kernel-devel-2.6.32-358.51.2.el6.x86_64.rpm kernel-headers-2.6.32-358.51.2.el6.x86_64.rpm perf-2.6.32-358.51.2.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.51.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.51.2.el6.i686.rpm kernel-debuginfo-2.6.32-358.51.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.51.2.el6.i686.rpm perf-debuginfo-2.6.32-358.51.2.el6.i686.rpm python-perf-2.6.32-358.51.2.el6.i686.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.51.2.el6.ppc64.rpm perf-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm python-perf-2.6.32-358.51.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.51.2.el6.s390x.rpm kernel-debuginfo-2.6.32-358.51.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.51.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.51.2.el6.s390x.rpm perf-debuginfo-2.6.32-358.51.2.el6.s390x.rpm python-perf-2.6.32-358.51.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.2.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm python-perf-2.6.32-358.51.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUmHOUXlSAg2UNWIIRAueYAKCtCS5fVPGNbMTPzV8MvFnMijHIQACfSnI7 /r3w7J+KROV3FAHood5SwEs= =D6nw -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 22 19:41:43 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Dec 2014 19:41:43 +0000 Subject: [RHSA-2014:2031-01] Important: kernel security update Message-ID: <201412221941.sBMJfh2s015795@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:2031-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2031.html Issue date: 2014-12-22 CVE Names: CVE-2014-9322 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1172806 - CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility 6. Package List: Red Hat Enterprise Linux LL (v. 5.6 server): Source: kernel-2.6.18-238.54.1.el5.src.rpm i386: kernel-2.6.18-238.54.1.el5.i686.rpm kernel-PAE-2.6.18-238.54.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.54.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.54.1.el5.i686.rpm kernel-debug-2.6.18-238.54.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.54.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.54.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.54.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.54.1.el5.i686.rpm kernel-devel-2.6.18-238.54.1.el5.i686.rpm kernel-headers-2.6.18-238.54.1.el5.i386.rpm kernel-xen-2.6.18-238.54.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.54.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.54.1.el5.i686.rpm ia64: kernel-2.6.18-238.54.1.el5.ia64.rpm kernel-debug-2.6.18-238.54.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.54.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.54.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.54.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.54.1.el5.ia64.rpm kernel-devel-2.6.18-238.54.1.el5.ia64.rpm kernel-headers-2.6.18-238.54.1.el5.ia64.rpm kernel-xen-2.6.18-238.54.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.54.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.54.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.54.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.54.1.el5.x86_64.rpm kernel-debug-2.6.18-238.54.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.54.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.54.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.54.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.54.1.el5.x86_64.rpm kernel-devel-2.6.18-238.54.1.el5.x86_64.rpm kernel-headers-2.6.18-238.54.1.el5.x86_64.rpm kernel-xen-2.6.18-238.54.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.54.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.54.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9322 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUmHPwXlSAg2UNWIIRApKEAKCW4FJmD81KS7yuYaEdbk9EPP82rQCeL1Sa ARr7tSsYgVFhwhe0jqtpUmI= =Hgmm -----END PGP SIGNATURE-----