From bugzilla at redhat.com Thu May 1 20:34:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 May 2014 20:34:11 +0000 Subject: [RHSA-2014:0460-01] Important: openshift-origin-broker-util security update Message-ID: <201405012034.s41KYBBF020163@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openshift-origin-broker-util security update Advisory ID: RHSA-2014:0460-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0460.html Issue date: 2014-05-01 CVE Names: CVE-2014-0164 ===================================================================== 1. Summary: An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 2.0 - noarch 3. Description: The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective. (CVE-2014-0164) This issue was discovered by Jeremy Choi of the Red Hat Quality Engineering Group. All openshift-origin-broker-util users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1083847 - CVE-2014-0164 mcollective: world readable client config 6. Package List: RHOSE Infrastructure 2.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-util-1.17.6.6-1.el6op.src.rpm noarch: openshift-origin-broker-util-1.17.6.6-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0164.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYq+UXlSAg2UNWIIRAgMgAJwLX5OqzCfTz3fwp7MCi/fjg208ogCgtRQ2 AhZpSD9TgRE9H93CzwFRZEQ= =eJ6S -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 1 20:34:28 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 May 2014 20:34:28 +0000 Subject: [RHSA-2014:0461-01] Important: openshift-origin-broker-util security update Message-ID: <201405012034.s41KYSaf000525@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openshift-origin-broker-util security update Advisory ID: RHSA-2014:0461-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0461.html Issue date: 2014-05-01 CVE Names: CVE-2014-0164 ===================================================================== 1. Summary: An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 1.2 - noarch 3. Description: The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective. (CVE-2014-0164) This issue was discovered by Jeremy Choi of the Red Hat Quality Engineering Group. All openshift-origin-broker-util users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1083847 - CVE-2014-0164 mcollective: world readable client config 6. Package List: RHOSE Infrastructure 1.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/openshift-origin-broker-util-1.9.16-1.el6op.src.rpm noarch: openshift-origin-broker-util-1.9.16-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0164.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYq/KXlSAg2UNWIIRArYOAJ9L/ZwQV5V7jzcwdJnjlADO07SapwCgrHOC A36uCMdWxHwA2zWgtySYyqo= =7we4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 1 20:35:35 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 May 2014 20:35:35 +0000 Subject: [RHSA-2014:0463-01] Low: Red Hat Enterprise Linux OpenStack Platform 3.0 - 90 Day Retirement Notice Message-ID: <201405012035.s41KZZRw003616@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux OpenStack Platform 3.0 - 90 Day Retirement Notice Advisory ID: RHSA-2014:0463-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0463.html Issue date: 2014-05-01 ===================================================================== 1. Summary: This is the 90 day notification for the retirement of Red Hat Enterprise Linux OpenStack Platform 3.0. 2. Description: In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the one-year life cycle of Production Support for version 3 will end on July 31, 2014. On August 1, 2014, Red Hat Enterprise Linux OpenStack Platform version 3 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 3.0 to the latest version of Red Hat Enterprise Linux OpenStack Platform. To upgrade to Red Hat Enterprise Linux OpenStack Platform version 4, see Chapter "Upgrading" in the Release Notes document linked to in the References section. Full details of the Red Hat Enterprise Linux OpenStack Platform Life Cycle can be found at https://access.redhat.com/site/support/policy/updates/openstack/platform/ 3. Solution: Customers are encouraged to plan their migration from Red Hat Enterprise Linux OpenStack Platform 3.0 to the latest version of Red Hat Enterprise Linux OpenStack Platform. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/openstack/platform/ https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Release_Notes/chap-OpenStackNotes-Upgrading.html 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYrAMXlSAg2UNWIIRAtWPAJwOftWjmtowX5O7bGN8nM5cWBqU7QCfSjqT dVM3pa+cWd6r1N7uROmUnko= =QpZ+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 05:13:03 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2014 05:13:03 +0000 Subject: [RHSA-2014:0474-01] Important: struts security update Message-ID: <201405070513.s475D4v3029447@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: struts security update Advisory ID: RHSA-2014:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html Issue date: 2014-05-07 CVE Names: CVE-2014-0114 ===================================================================== 1. Summary: Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm ia64: struts-1.2.9-4jpp.8.el5_10.ia64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm struts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm ppc: struts-1.2.9-4jpp.8.el5_10.ppc.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm struts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm s390x: struts-1.2.9-4jpp.8.el5_10.s390x.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm struts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR HJqJt2S278nXdfwLyGc7EJQ= =qMuX -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 19:39:27 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2014 19:39:27 +0000 Subject: [RHSA-2014:0475-01] Important: kernel security and bug fix update Message-ID: <201405071939.s47JdRYe003833@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:0475-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0475.html Issue date: 2014-05-07 CVE Names: CVE-2013-6383 CVE-2014-0077 CVE-2014-2523 ===================================================================== 1. Summary: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2523, Important) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0077, Moderate) The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check 1064440 - CVE-2014-0077 kernel: vhost-net: insufficiency in handling of big packets in handle_rx() 1077343 - CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-2.6.32-431.17.1.el6.i686.rpm kernel-debug-2.6.32-431.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm kernel-devel-2.6.32-431.17.1.el6.i686.rpm kernel-headers-2.6.32-431.17.1.el6.i686.rpm perf-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm kernel-doc-2.6.32-431.17.1.el6.noarch.rpm kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm kernel-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm perf-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm kernel-doc-2.6.32-431.17.1.el6.noarch.rpm kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm kernel-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm perf-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-2.6.32-431.17.1.el6.i686.rpm kernel-debug-2.6.32-431.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm kernel-devel-2.6.32-431.17.1.el6.i686.rpm kernel-headers-2.6.32-431.17.1.el6.i686.rpm perf-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm kernel-doc-2.6.32-431.17.1.el6.noarch.rpm kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm ppc64: kernel-2.6.32-431.17.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.17.1.el6.ppc64.rpm kernel-debug-2.6.32-431.17.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.17.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.17.1.el6.ppc64.rpm kernel-devel-2.6.32-431.17.1.el6.ppc64.rpm kernel-headers-2.6.32-431.17.1.el6.ppc64.rpm perf-2.6.32-431.17.1.el6.ppc64.rpm perf-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm s390x: kernel-2.6.32-431.17.1.el6.s390x.rpm kernel-debug-2.6.32-431.17.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.s390x.rpm kernel-debug-devel-2.6.32-431.17.1.el6.s390x.rpm kernel-debuginfo-2.6.32-431.17.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.17.1.el6.s390x.rpm kernel-devel-2.6.32-431.17.1.el6.s390x.rpm kernel-headers-2.6.32-431.17.1.el6.s390x.rpm kernel-kdump-2.6.32-431.17.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.17.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.17.1.el6.s390x.rpm perf-2.6.32-431.17.1.el6.s390x.rpm perf-debuginfo-2.6.32-431.17.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.s390x.rpm x86_64: kernel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm kernel-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm perf-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.17.1.el6.ppc64.rpm perf-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm python-perf-2.6.32-431.17.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.17.1.el6.s390x.rpm kernel-debuginfo-2.6.32-431.17.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.17.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.17.1.el6.s390x.rpm perf-debuginfo-2.6.32-431.17.1.el6.s390x.rpm python-perf-2.6.32-431.17.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-2.6.32-431.17.1.el6.i686.rpm kernel-debug-2.6.32-431.17.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debug-devel-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm kernel-devel-2.6.32-431.17.1.el6.i686.rpm kernel-headers-2.6.32-431.17.1.el6.i686.rpm perf-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm kernel-doc-2.6.32-431.17.1.el6.noarch.rpm kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm x86_64: kernel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm kernel-devel-2.6.32-431.17.1.el6.x86_64.rpm kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm perf-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-431.17.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-2.6.32-431.17.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.17.1.el6.i686.rpm perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm python-perf-2.6.32-431.17.1.el6.i686.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.17.1.el6.x86_64.rpm perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm python-perf-2.6.32-431.17.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.17.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6383.html https://www.redhat.com/security/data/cve/CVE-2014-0077.html https://www.redhat.com/security/data/cve/CVE-2014-2523.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTaovUXlSAg2UNWIIRAv2DAKClXAIW2BnT99a/HppItGaqExa3uQCfdE9U wSj026CBwR8DdoHBvgfryEA= =VdIQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 19:40:40 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2014 19:40:40 +0000 Subject: [RHSA-2014:0476-01] Important: kernel security and bug fix update Message-ID: <201405071940.s47Jee4f013821@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:0476-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0476.html Issue date: 2014-05-07 CVE Names: CVE-2013-6381 CVE-2013-6383 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) This update also fixes the following bug: * Running a process in the background on a GFS2 file system could sometimes trigger a glock recursion error that resulted in a kernel panic. This happened when a readpage operation attempted to take a glock that had already been held by another function. To prevent this error, GFS2 now verifies whether the glock is already held when performing the readpage operation. (BZ#1077789) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check 1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl 6. Package List: Red Hat Enterprise Linux EUS (v. 5.9 server): Source: kernel-2.6.18-348.25.1.el5.src.rpm i386: kernel-2.6.18-348.25.1.el5.i686.rpm kernel-PAE-2.6.18-348.25.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.25.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.25.1.el5.i686.rpm kernel-debug-2.6.18-348.25.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.25.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.25.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.25.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.25.1.el5.i686.rpm kernel-devel-2.6.18-348.25.1.el5.i686.rpm kernel-headers-2.6.18-348.25.1.el5.i386.rpm kernel-xen-2.6.18-348.25.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.25.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.25.1.el5.i686.rpm ia64: kernel-2.6.18-348.25.1.el5.ia64.rpm kernel-debug-2.6.18-348.25.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-348.25.1.el5.ia64.rpm kernel-debug-devel-2.6.18-348.25.1.el5.ia64.rpm kernel-debuginfo-2.6.18-348.25.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-348.25.1.el5.ia64.rpm kernel-devel-2.6.18-348.25.1.el5.ia64.rpm kernel-headers-2.6.18-348.25.1.el5.ia64.rpm kernel-xen-2.6.18-348.25.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-348.25.1.el5.ia64.rpm kernel-xen-devel-2.6.18-348.25.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-348.25.1.el5.noarch.rpm ppc: kernel-2.6.18-348.25.1.el5.ppc64.rpm kernel-debug-2.6.18-348.25.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-348.25.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-348.25.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-348.25.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-348.25.1.el5.ppc64.rpm kernel-devel-2.6.18-348.25.1.el5.ppc64.rpm kernel-headers-2.6.18-348.25.1.el5.ppc.rpm kernel-headers-2.6.18-348.25.1.el5.ppc64.rpm kernel-kdump-2.6.18-348.25.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-348.25.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-348.25.1.el5.ppc64.rpm s390x: kernel-2.6.18-348.25.1.el5.s390x.rpm kernel-debug-2.6.18-348.25.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-348.25.1.el5.s390x.rpm kernel-debug-devel-2.6.18-348.25.1.el5.s390x.rpm kernel-debuginfo-2.6.18-348.25.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-348.25.1.el5.s390x.rpm kernel-devel-2.6.18-348.25.1.el5.s390x.rpm kernel-headers-2.6.18-348.25.1.el5.s390x.rpm kernel-kdump-2.6.18-348.25.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-348.25.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-348.25.1.el5.s390x.rpm x86_64: kernel-2.6.18-348.25.1.el5.x86_64.rpm kernel-debug-2.6.18-348.25.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.25.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.25.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.25.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.25.1.el5.x86_64.rpm kernel-devel-2.6.18-348.25.1.el5.x86_64.rpm kernel-headers-2.6.18-348.25.1.el5.x86_64.rpm kernel-xen-2.6.18-348.25.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.25.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-348.25.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6381.html https://www.redhat.com/security/data/cve/CVE-2013-6383.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTaowEXlSAg2UNWIIRAiSCAJ9w/euL78uxEURNPXa+/jlf5BuvOACeIe8I 5GtLkSnBKfTMJ5vrKjdszDQ= =8gxQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 7 19:43:48 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 May 2014 19:43:48 +0000 Subject: [RHSA-2014:0477-01] Low: Oracle Java SE - Notification of Removal from Supplementary Channel Message-ID: <201405071943.s47JhmOS002939@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Oracle Java SE - Notification of Removal from Supplementary Channel Advisory ID: RHSA-2014:0477-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0477.html Issue date: 2014-05-07 ===================================================================== 1. Summary: Oracle Java SE packages will be moved from the Red Hat Enterprise Linux 5 and 6 Supplementary Red Hat Network (RHN) channels to the Oracle Java for Red Hat Enterprise Linux 5 and 6 RHN channels. 2. Description: Oracle Java SE development (JDK) and runtime (JRE) software packages will be removed from the Red Hat Enterprise Linux Supplementary media and RHN channels. These packages will be relocated to a new set of channels that are dedicated to delivering Oracle Java software. Customers are advised to reconfigure their systems to use the new channels to ensure that they are receiving the latest updates to Oracle Java software. Oracle Java software packages will be removed from Red Hat Enterprise Linux Supplementary media and RHN channels on May 8, 2014. Oracle Java will be available for online download via the new RHN channels. This change affects the following packages: * Oracle Java SE 5 (java-1.5.0-sun) * Oracle Java SE 6 (java-1.6.0-sun) * Oracle Java SE 7 (java-1.7.0-oracle) Red Hat Enterprise Linux includes OpenJDK as the default Java development and runtime environment. Java development and runtime is also available from IBM via the Supplementary media and RHN channels. Access to OpenJDK and IBM JDK are not affected by this change. 3. Solution: Users are required to enable the new repository on their systems to access Oracle Java software. Refer to Red Hat Customer Portal Knowledgebase Solution 732883, linked to in the References section, for instructions on how to subscribe your systems to the new Oracle Java RHN channels. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/solutions/732883 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTaow+XlSAg2UNWIIRAviRAKCEtjepe2cn2MeQMMdJk6XZ1LlTcQCfcla1 wTwT4xQP+QAua6U/ObXN454= =+87V -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 13 19:49:47 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 May 2014 19:49:47 +0000 Subject: [RHSA-2014:0486-01] Critical: java-1.7.0-ibm security update Message-ID: <201405131949.s4DJnlPR023453@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2014:0486-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0486.html Issue date: 2014-05-13 CVE Names: CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) 1088024 - CVE-2014-0448 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment) 1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm ppc: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://www.redhat.com/security/data/cve/CVE-2013-6954.html https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0448.html https://www.redhat.com/security/data/cve/CVE-2014-0449.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0454.html https://www.redhat.com/security/data/cve/CVE-2014-0455.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0459.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2401.html https://www.redhat.com/security/data/cve/CVE-2014-2402.html https://www.redhat.com/security/data/cve/CVE-2014-2409.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2420.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://www.redhat.com/security/data/cve/CVE-2014-2428.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTcndLXlSAg2UNWIIRAidtAKC2xzybC9AZogqPqbKlnVNtoXAK9gCghl3w 7WuHx5m587mnR/PKDaPZlzw= =q8QV -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 14 18:30:22 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 May 2014 18:30:22 +0000 Subject: [RHSA-2014:0496-01] Critical: flash-plugin security update Message-ID: <201405141830.s4EIUMKf000630@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0496-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0496.html Issue date: 2014-05-14 CVE Names: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0510, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) A flaw in flash-plugin could allow an attacker to bypass the same-origin policy. (CVE-2014-0516) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.359. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1081615 - CVE-2014-0510 flash-plugin: use-after-free flaw leads to arbitrary code execution 1097369 - CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14) 1097372 - CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.359-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.359-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.359-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.359-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0510.html https://www.redhat.com/security/data/cve/CVE-2014-0516.html https://www.redhat.com/security/data/cve/CVE-2014-0517.html https://www.redhat.com/security/data/cve/CVE-2014-0518.html https://www.redhat.com/security/data/cve/CVE-2014-0519.html https://www.redhat.com/security/data/cve/CVE-2014-0520.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-14.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7YiXlSAg2UNWIIRAssWAJ9aF/xWa3i5nn7IJzgoKVfxkA5AUQCgo+In Qm8sAIfnwqTa5TXOxeHxYWY= =F88V -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 15 18:35:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 May 2014 18:35:16 +0000 Subject: [RHSA-2014:0508-01] Critical: java-1.6.0-ibm security update Message-ID: <201405151835.s4FIZH9j029035@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2014:0508-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0508.html Issue date: 2014-05-15 CVE Names: CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.s390.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.i386.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.0-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://www.redhat.com/security/data/cve/CVE-2013-6954.html https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0449.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2401.html https://www.redhat.com/security/data/cve/CVE-2014-2409.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2420.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://www.redhat.com/security/data/cve/CVE-2014-2428.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTdQjTXlSAg2UNWIIRAkpaAKCVExUH+BWppLTMpRxMh4+ziDko2gCghLt2 XD2lNZfK/TnKgKt0LsqJo2E= =we+2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 15 18:35:52 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 May 2014 18:35:52 +0000 Subject: [RHSA-2014:0509-01] Important: java-1.5.0-ibm security update Message-ID: <201405151835.s4FIZreO024710@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2014:0509-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0509.html Issue date: 2014-05-15 CVE Names: CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.s390.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.i386.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el6_5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.6-1jpp.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2401.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTdQj8XlSAg2UNWIIRAghTAKCJhN/pJ35yNcM4MJ+k9F5hv0beYACeOJnx H2XriyY5UPmdo0QYPE1Ux7w= =vRSv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 15 18:36:26 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 May 2014 18:36:26 +0000 Subject: [RHSA-2014:0510-01] Moderate: ruby193-rubygem-actionpack security update Message-ID: <201405151836.s4FIaQF7020976@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-rubygem-actionpack security update Advisory ID: RHSA-2014:0510-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0510.html Issue date: 2014-05-15 CVE Names: CVE-2014-0130 ===================================================================== 1. Summary: Updated ruby193-rubygem-actionpack packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - noarch Red Hat Software Collections for RHEL 6 Workstation - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. (CVE-2014-0130) All ruby193-rubygem-actionpack users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/ruby193-rubygem-actionpack-3.2.8-5.5.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-5.5.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.noarch.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/ruby193-rubygem-actionpack-3.2.8-5.5.el6.src.rpm noarch: ruby193-rubygem-actionpack-3.2.8-5.5.el6.noarch.rpm ruby193-rubygem-actionpack-doc-3.2.8-5.5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0130.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTdQkbXlSAg2UNWIIRAkUfAKCZiQqz2TrOgMWt1d2GfNyuk3xtZgCfd7Fs yGC1bCMdkc+kvO3b9eVEoSY= =LMJ1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 19 11:32:58 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 19 May 2014 11:32:58 +0000 Subject: [RHSA-2014:0512-01] Important: kernel security update Message-ID: <201405191132.s4JBWpUZ021406@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:0512-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0512.html Issue date: 2014-05-19 CVE Names: CVE-2014-0196 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - noarch, x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption 6. Package List: Red Hat Enterprise Linux Compute Node EUS (v. 6.3): Source: kernel-2.6.32-279.43.2.el6.src.rpm noarch: kernel-doc-2.6.32-279.43.2.el6.noarch.rpm kernel-firmware-2.6.32-279.43.2.el6.noarch.rpm x86_64: kernel-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.2.el6.x86_64.rpm kernel-devel-2.6.32-279.43.2.el6.x86_64.rpm kernel-headers-2.6.32-279.43.2.el6.x86_64.rpm perf-2.6.32-279.43.2.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3): Source: kernel-2.6.32-279.43.2.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.2.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm python-perf-2.6.32-279.43.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.3): Source: kernel-2.6.32-279.43.2.el6.src.rpm i386: kernel-2.6.32-279.43.2.el6.i686.rpm kernel-debug-2.6.32-279.43.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.43.2.el6.i686.rpm kernel-debug-devel-2.6.32-279.43.2.el6.i686.rpm kernel-debuginfo-2.6.32-279.43.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.43.2.el6.i686.rpm kernel-devel-2.6.32-279.43.2.el6.i686.rpm kernel-headers-2.6.32-279.43.2.el6.i686.rpm perf-2.6.32-279.43.2.el6.i686.rpm perf-debuginfo-2.6.32-279.43.2.el6.i686.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.i686.rpm noarch: kernel-doc-2.6.32-279.43.2.el6.noarch.rpm kernel-firmware-2.6.32-279.43.2.el6.noarch.rpm ppc64: kernel-2.6.32-279.43.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.43.2.el6.ppc64.rpm kernel-debug-2.6.32-279.43.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.43.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.43.2.el6.ppc64.rpm kernel-devel-2.6.32-279.43.2.el6.ppc64.rpm kernel-headers-2.6.32-279.43.2.el6.ppc64.rpm perf-2.6.32-279.43.2.el6.ppc64.rpm perf-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm s390x: kernel-2.6.32-279.43.2.el6.s390x.rpm kernel-debug-2.6.32-279.43.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.43.2.el6.s390x.rpm kernel-debug-devel-2.6.32-279.43.2.el6.s390x.rpm kernel-debuginfo-2.6.32-279.43.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.43.2.el6.s390x.rpm kernel-devel-2.6.32-279.43.2.el6.s390x.rpm kernel-headers-2.6.32-279.43.2.el6.s390x.rpm kernel-kdump-2.6.32-279.43.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.43.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.43.2.el6.s390x.rpm perf-2.6.32-279.43.2.el6.s390x.rpm perf-debuginfo-2.6.32-279.43.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.s390x.rpm x86_64: kernel-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.2.el6.x86_64.rpm kernel-devel-2.6.32-279.43.2.el6.x86_64.rpm kernel-headers-2.6.32-279.43.2.el6.x86_64.rpm perf-2.6.32-279.43.2.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: kernel-2.6.32-279.43.2.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-279.43.2.el6.i686.rpm kernel-debuginfo-2.6.32-279.43.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.43.2.el6.i686.rpm perf-debuginfo-2.6.32-279.43.2.el6.i686.rpm python-perf-2.6.32-279.43.2.el6.i686.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.43.2.el6.ppc64.rpm perf-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm python-perf-2.6.32-279.43.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-279.43.2.el6.s390x.rpm kernel-debuginfo-2.6.32-279.43.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.43.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.43.2.el6.s390x.rpm perf-debuginfo-2.6.32-279.43.2.el6.s390x.rpm python-perf-2.6.32-279.43.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.2.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm python-perf-2.6.32-279.43.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0196.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTeevHXlSAg2UNWIIRAra4AKCEmAyOKgOMKTcKEcfb2+w6TC/mFwCfWvev EOGe9kl4ZMaNGsVrs9ShD4E= =vPRc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 19 11:33:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 19 May 2014 11:33:57 +0000 Subject: [RHSA-2014:0513-01] Moderate: libxml2 security update Message-ID: <201405191133.s4JBXoAd002965@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2014:0513-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0513.html Issue date: 2014-05-19 CVE Names: CVE-2013-2877 CVE-2014-0191 ===================================================================== 1. Summary: Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 983204 - CVE-2013-2877 libxml2: Out-of-bounds read via a document that ends abruptly 1090976 - CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-python-2.7.6-14.el6_5.1.i686.rpm x86_64: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-2.7.6-14.el6_5.1.x86_64.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-python-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-static-2.7.6-14.el6_5.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.x86_64.rpm libxml2-static-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm x86_64: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-2.7.6-14.el6_5.1.x86_64.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-python-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm x86_64: libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.x86_64.rpm libxml2-static-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-python-2.7.6-14.el6_5.1.i686.rpm ppc64: libxml2-2.7.6-14.el6_5.1.ppc.rpm libxml2-2.7.6-14.el6_5.1.ppc64.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.ppc.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.ppc64.rpm libxml2-devel-2.7.6-14.el6_5.1.ppc.rpm libxml2-devel-2.7.6-14.el6_5.1.ppc64.rpm libxml2-python-2.7.6-14.el6_5.1.ppc64.rpm s390x: libxml2-2.7.6-14.el6_5.1.s390.rpm libxml2-2.7.6-14.el6_5.1.s390x.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.s390.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.s390x.rpm libxml2-devel-2.7.6-14.el6_5.1.s390.rpm libxml2-devel-2.7.6-14.el6_5.1.s390x.rpm libxml2-python-2.7.6-14.el6_5.1.s390x.rpm x86_64: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-2.7.6-14.el6_5.1.x86_64.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.x86_64.rpm libxml2-python-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-static-2.7.6-14.el6_5.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-14.el6_5.1.ppc64.rpm libxml2-static-2.7.6-14.el6_5.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-14.el6_5.1.s390x.rpm libxml2-static-2.7.6-14.el6_5.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-static-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-python-2.7.6-14.el6_5.1.i686.rpm x86_64: libxml2-2.7.6-14.el6_5.1.i686.rpm libxml2-2.7.6-14.el6_5.1.x86_64.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-devel-2.7.6-14.el6_5.1.i686.rpm libxml2-devel-2.7.6-14.el6_5.1.x86_64.rpm libxml2-python-2.7.6-14.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-14.el6_5.1.src.rpm i386: libxml2-debuginfo-2.7.6-14.el6_5.1.i686.rpm libxml2-static-2.7.6-14.el6_5.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-14.el6_5.1.x86_64.rpm libxml2-static-2.7.6-14.el6_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2877.html https://www.redhat.com/security/data/cve/CVE-2014-0191.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTeewNXlSAg2UNWIIRAnKvAJ9v1I/HHq1CEXndelMXmaap12OQvQCfSykM pOuFVp3rFQsb8Cj8W0vJ1sQ= =TuHQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 20 11:05:47 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 May 2014 11:05:47 +0000 Subject: [RHSA-2014:0520-01] Important: kernel security and bug fix update Message-ID: <201405201105.s4KB5bZH019695@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:0520-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0520.html Issue date: 2014-05-20 CVE Names: CVE-2014-0101 CVE-2014-0196 ===================================================================== 1. Summary: Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important) * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101. This update also fixes the following bug: * Prior to this update, a guest-provided value was used as the head length of the socket buffer allocated on the host. If the host was under heavy memory load and the guest-provided value was too large, the allocation could have failed, resulting in stalls and packet drops in the guest's Tx path. With this update, the guest-provided value has been limited to a reasonable size so that socket buffer allocations on the host succeed regardless of the memory load on the host, and guests can send packets without experiencing packet drops or stalls. (BZ#1092349) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1070705 - CVE-2014-0101 kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk 1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption 6. Package List: Red Hat Enterprise Linux AUS (v. 6.2 server): Source: kernel-2.6.32-220.51.1.el6.src.rpm noarch: kernel-doc-2.6.32-220.51.1.el6.noarch.rpm kernel-firmware-2.6.32-220.51.1.el6.noarch.rpm x86_64: kernel-2.6.32-220.51.1.el6.x86_64.rpm kernel-debug-2.6.32-220.51.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.51.1.el6.x86_64.rpm kernel-devel-2.6.32-220.51.1.el6.x86_64.rpm kernel-headers-2.6.32-220.51.1.el6.x86_64.rpm perf-2.6.32-220.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: kernel-2.6.32-220.51.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-220.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm python-perf-2.6.32-220.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-220.51.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0101.html https://www.redhat.com/security/data/cve/CVE-2014-0196.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTezblXlSAg2UNWIIRAmwqAJ4iqO38Q7yoerug1+H3HoqaDatihQCglxfr WO2lCHAkHLamTSZIOqFVk6Q= =ofqj -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 20 11:17:31 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 May 2014 11:17:31 +0000 Subject: [RHSA-2014:0522-01] Moderate: mariadb55-mariadb security update Message-ID: <201405201117.s4KBHMU6010377@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb55-mariadb security update Advisory ID: RHSA-2014:0522-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0522.html Issue date: 2014-05-20 CVE Names: CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 ===================================================================== 1. Summary: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - x86_64 Red Hat Software Collections for RHEL 6 Workstation - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1088133 - CVE-2014-0384 mysql: unspecified DoS related to XML (CPU April 2014) 1088134 - CVE-2014-2419 mysql: unspecified DoS related to Partition (CPU April 2014) 1088143 - CVE-2014-2430 mysql: unspecified DoS related to Performance Schema (CPU April 2014) 1088146 - CVE-2014-2431 mysql: unspecified DoS related to Options (CPU April 2014) 1088179 - CVE-2014-2432 mysql: unspecified DoS related to Federated (CPU April 2014) 1088190 - CVE-2014-2436 mysql: unspecified vulnerability related to RBR (CPU April 2014) 1088191 - CVE-2014-2438 mysql: unspecified DoS related to Replication (CPU April 2014) 1088197 - CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014) 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/mariadb55-mariadb-5.5.37-1.3.el6.src.rpm x86_64: mariadb55-mariadb-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-server-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-test-5.5.37-1.3.el6.x86_64.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/mariadb55-mariadb-5.5.37-1.3.el6.src.rpm x86_64: mariadb55-mariadb-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-server-5.5.37-1.3.el6.x86_64.rpm mariadb55-mariadb-test-5.5.37-1.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0384.html https://www.redhat.com/security/data/cve/CVE-2014-2419.html https://www.redhat.com/security/data/cve/CVE-2014-2430.html https://www.redhat.com/security/data/cve/CVE-2014-2431.html https://www.redhat.com/security/data/cve/CVE-2014-2432.html https://www.redhat.com/security/data/cve/CVE-2014-2436.html https://www.redhat.com/security/data/cve/CVE-2014-2438.html https://www.redhat.com/security/data/cve/CVE-2014-2440.html https://access.redhat.com/security/updates/classification/#moderate https://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL https://mariadb.com/kb/en/mariadb-5537-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTezmaXlSAg2UNWIIRArdgAKCbgqkdVLGUokOYo3MV9iB8N9QTWQCfaUiv 0Ld6AoJmsi9dGyvQA4wlxs8= =Zdg5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 16:03:22 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 16:03:22 +0000 Subject: [RHSA-2014:0530-01] Important: rubygem-openshift-origin-node security update Message-ID: <201405211603.s4LG3ANQ020069@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rubygem-openshift-origin-node security update Advisory ID: RHSA-2014:0530-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0530.html Issue date: 2014-05-21 CVE Names: CVE-2014-0233 ===================================================================== 1. Summary: An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Node 2.1 - noarch 3. Description: The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. (CVE-2014-0233) This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1096955 - CVE-2014-0233 OpenShift: downloadable cartridge source url file command execution as root 6. Package List: RHOSE Node 2.1: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-node-1.23.9.4-1.el6op.src.rpm noarch: rubygem-openshift-origin-node-1.23.9.4-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0233.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfM4gXlSAg2UNWIIRAsFXAKCYj5U/T+6TaSYFneHpuxoAisSqawCghnt+ 9q/b2kiezsoc6V3fQnDt/QA= =t0Uu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 16:04:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 16:04:10 +0000 Subject: [RHSA-2014:0529-01] Important: rubygem-openshift-origin-node security update Message-ID: <201405211603.s4LG3v7J020307@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rubygem-openshift-origin-node security update Advisory ID: RHSA-2014:0529-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0529.html Issue date: 2014-05-21 CVE Names: CVE-2014-0233 ===================================================================== 1. Summary: An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE Node 2.0 - noarch 3. Description: The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. (CVE-2014-0233) This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1096955 - CVE-2014-0233 OpenShift: downloadable cartridge source url file command execution as root 6. Package List: RHOSE Node 2.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOSE/SRPMS/rubygem-openshift-origin-node-1.17.5.16-1.el6op.src.rpm noarch: rubygem-openshift-origin-node-1.17.5.16-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0233.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfM5YXlSAg2UNWIIRAkJ5AJ9/QjayCTiTAGZlJi170IkMgZqBzQCgoMyG jdJ906yoHIcmvA8rPIdedro= =B0Uf -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 22 17:22:03 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 May 2014 17:22:03 +0000 Subject: [RHSA-2014:0536-01] Moderate: mysql55-mysql security update Message-ID: <201405221721.s4MHLlB4006091@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql55-mysql security update Advisory ID: RHSA-2014:0536-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0536.html Issue date: 2014-05-22 CVE Names: CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1088133 - CVE-2014-0384 mysql: unspecified DoS related to XML (CPU April 2014) 1088134 - CVE-2014-2419 mysql: unspecified DoS related to Partition (CPU April 2014) 1088143 - CVE-2014-2430 mysql: unspecified DoS related to Performance Schema (CPU April 2014) 1088146 - CVE-2014-2431 mysql: unspecified DoS related to Options (CPU April 2014) 1088179 - CVE-2014-2432 mysql: unspecified DoS related to Federated (CPU April 2014) 1088190 - CVE-2014-2436 mysql: unspecified vulnerability related to RBR (CPU April 2014) 1088191 - CVE-2014-2438 mysql: unspecified DoS related to Replication (CPU April 2014) 1088197 - CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql55-mysql-5.5.37-1.el5.src.rpm i386: mysql55-mysql-5.5.37-1.el5.i386.rpm mysql55-mysql-bench-5.5.37-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm mysql55-mysql-libs-5.5.37-1.el5.i386.rpm mysql55-mysql-server-5.5.37-1.el5.i386.rpm mysql55-mysql-test-5.5.37-1.el5.i386.rpm x86_64: mysql55-mysql-5.5.37-1.el5.x86_64.rpm mysql55-mysql-bench-5.5.37-1.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm mysql55-mysql-libs-5.5.37-1.el5.x86_64.rpm mysql55-mysql-server-5.5.37-1.el5.x86_64.rpm mysql55-mysql-test-5.5.37-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql55-mysql-5.5.37-1.el5.src.rpm i386: mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm mysql55-mysql-devel-5.5.37-1.el5.i386.rpm x86_64: mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm mysql55-mysql-devel-5.5.37-1.el5.i386.rpm mysql55-mysql-devel-5.5.37-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql55-mysql-5.5.37-1.el5.src.rpm i386: mysql55-mysql-5.5.37-1.el5.i386.rpm mysql55-mysql-bench-5.5.37-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm mysql55-mysql-devel-5.5.37-1.el5.i386.rpm mysql55-mysql-libs-5.5.37-1.el5.i386.rpm mysql55-mysql-server-5.5.37-1.el5.i386.rpm mysql55-mysql-test-5.5.37-1.el5.i386.rpm ia64: mysql55-mysql-5.5.37-1.el5.ia64.rpm mysql55-mysql-bench-5.5.37-1.el5.ia64.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.ia64.rpm mysql55-mysql-devel-5.5.37-1.el5.ia64.rpm mysql55-mysql-libs-5.5.37-1.el5.ia64.rpm mysql55-mysql-server-5.5.37-1.el5.ia64.rpm mysql55-mysql-test-5.5.37-1.el5.ia64.rpm ppc: mysql55-mysql-5.5.37-1.el5.ppc.rpm mysql55-mysql-bench-5.5.37-1.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.ppc64.rpm mysql55-mysql-devel-5.5.37-1.el5.ppc.rpm mysql55-mysql-devel-5.5.37-1.el5.ppc64.rpm mysql55-mysql-libs-5.5.37-1.el5.ppc.rpm mysql55-mysql-server-5.5.37-1.el5.ppc.rpm mysql55-mysql-test-5.5.37-1.el5.ppc.rpm s390x: mysql55-mysql-5.5.37-1.el5.s390x.rpm mysql55-mysql-bench-5.5.37-1.el5.s390x.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.s390.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.s390x.rpm mysql55-mysql-devel-5.5.37-1.el5.s390.rpm mysql55-mysql-devel-5.5.37-1.el5.s390x.rpm mysql55-mysql-libs-5.5.37-1.el5.s390x.rpm mysql55-mysql-server-5.5.37-1.el5.s390x.rpm mysql55-mysql-test-5.5.37-1.el5.s390x.rpm x86_64: mysql55-mysql-5.5.37-1.el5.x86_64.rpm mysql55-mysql-bench-5.5.37-1.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm mysql55-mysql-devel-5.5.37-1.el5.i386.rpm mysql55-mysql-devel-5.5.37-1.el5.x86_64.rpm mysql55-mysql-libs-5.5.37-1.el5.x86_64.rpm mysql55-mysql-server-5.5.37-1.el5.x86_64.rpm mysql55-mysql-test-5.5.37-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0384.html https://www.redhat.com/security/data/cve/CVE-2014-2419.html https://www.redhat.com/security/data/cve/CVE-2014-2430.html https://www.redhat.com/security/data/cve/CVE-2014-2431.html https://www.redhat.com/security/data/cve/CVE-2014-2432.html https://www.redhat.com/security/data/cve/CVE-2014-2436.html https://www.redhat.com/security/data/cve/CVE-2014-2438.html https://www.redhat.com/security/data/cve/CVE-2014-2440.html https://access.redhat.com/security/updates/classification/#moderate https://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfjIMXlSAg2UNWIIRApr9AJ9iPG74zTlM7AsDJ3xSPoprADRDaQCeLvq1 +luZizZ8zfIt9QrNKb+150Y= =x6+j -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 22 17:22:55 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 May 2014 17:22:55 +0000 Subject: [RHSA-2014:0537-01] Moderate: mysql55-mysql security update Message-ID: <201405221722.s4MHMeZN015388@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mysql55-mysql security update Advisory ID: RHSA-2014:0537-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0537.html Issue date: 2014-05-22 CVE Names: CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - x86_64 Red Hat Software Collections for RHEL 6 Workstation - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1088133 - CVE-2014-0384 mysql: unspecified DoS related to XML (CPU April 2014) 1088134 - CVE-2014-2419 mysql: unspecified DoS related to Partition (CPU April 2014) 1088143 - CVE-2014-2430 mysql: unspecified DoS related to Performance Schema (CPU April 2014) 1088146 - CVE-2014-2431 mysql: unspecified DoS related to Options (CPU April 2014) 1088179 - CVE-2014-2432 mysql: unspecified DoS related to Federated (CPU April 2014) 1088190 - CVE-2014-2436 mysql: unspecified vulnerability related to RBR (CPU April 2014) 1088191 - CVE-2014-2438 mysql: unspecified DoS related to Replication (CPU April 2014) 1088197 - CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014) 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/mysql55-mysql-5.5.37-1.2.el6.src.rpm x86_64: mysql55-mysql-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-bench-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-devel-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-libs-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-server-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-test-5.5.37-1.2.el6.x86_64.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/mysql55-mysql-5.5.37-1.2.el6.src.rpm x86_64: mysql55-mysql-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-bench-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-devel-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-libs-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-server-5.5.37-1.2.el6.x86_64.rpm mysql55-mysql-test-5.5.37-1.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0384.html https://www.redhat.com/security/data/cve/CVE-2014-2419.html https://www.redhat.com/security/data/cve/CVE-2014-2430.html https://www.redhat.com/security/data/cve/CVE-2014-2431.html https://www.redhat.com/security/data/cve/CVE-2014-2432.html https://www.redhat.com/security/data/cve/CVE-2014-2436.html https://www.redhat.com/security/data/cve/CVE-2014-2438.html https://www.redhat.com/security/data/cve/CVE-2014-2440.html https://access.redhat.com/security/updates/classification/#moderate https://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfjI8XlSAg2UNWIIRAkEUAJoD28RpkhQ08LWXBUA9WaAuCJVltACgvjnk 9c7wU5lZmZTH2VA4E4msICg= =9Fjc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 27 16:35:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 May 2014 16:35:36 +0000 Subject: [RHSA-2014:0557-01] Important: kernel-rt security update Message-ID: <201405271635.s4RGZbL9003107@int-mx12.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2014:0557-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0557.html Issue date: 2014-05-27 CVE Names: CVE-2014-0100 CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3122 ===================================================================== 1. Summary: Updated kernel-rt packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU (Last-Recently Used) list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system. (CVE-2014-0100, Important) * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay Aleksandrov of Red Hat. Users are advised to upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1070618 - CVE-2014-0100 kernel: net: inet frag code race condition leading to user-after-free 1083246 - CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep() 1083274 - CVE-2014-2678 kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check() 1083512 - CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race 1086730 - CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function 1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking 1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption 1094299 - CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.10.33-rt32.34.el6rt.src.rpm noarch: kernel-rt-doc-3.10.33-rt32.34.el6rt.noarch.rpm kernel-rt-firmware-3.10.33-rt32.34.el6rt.noarch.rpm x86_64: kernel-rt-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-debug-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-devel-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-trace-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.33-rt32.34.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0100.html https://www.redhat.com/security/data/cve/CVE-2014-0196.html https://www.redhat.com/security/data/cve/CVE-2014-1737.html https://www.redhat.com/security/data/cve/CVE-2014-1738.html https://www.redhat.com/security/data/cve/CVE-2014-2672.html https://www.redhat.com/security/data/cve/CVE-2014-2678.html https://www.redhat.com/security/data/cve/CVE-2014-2706.html https://www.redhat.com/security/data/cve/CVE-2014-2851.html https://www.redhat.com/security/data/cve/CVE-2014-3122.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThL2GXlSAg2UNWIIRAnKNAKC8L7AEZsVfN3SDIRby/ZWJeNGsfACePcvG f8gO1I7yuxLQ1jWWp5abYcQ= =WQJC -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 27 16:38:00 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 May 2014 16:38:00 +0000 Subject: [RHSA-2014:0560-01] Moderate: libvirt security and bug fix update Message-ID: <201405271638.s4RGc0YN016039@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2014:0560-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0560.html Issue date: 2014-05-27 CVE Names: CVE-2014-0179 ===================================================================== 1. Summary: Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system. (CVE-2014-0179) Red Hat would like to thank the upstream Libvirt project for reporting this issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters. This update also fixes the following bugs: * When hot unplugging a virtual CPU (vCPU), libvirt kept a pointer to already freed memory if the vCPU was pinned to a host CPU. Consequently, when reading the CPU pinning information, libvirt terminated unexpectedly due to an attempt to access this memory. This update ensures that libvirt releases the pointer to the previously allocated memory when a vCPU is being hot unplugged, and it no longer crashes in this situation. (BZ#1091206) * Previously, libvirt passed an incorrect argument to the "tc" command when setting quality of service (QoS) on a network interface controller (NIC). As a consequence, QoS was applied only to IP traffic. With this update, libvirt constructs the "tc" command correctly so that QoS is applied to all traffic as expected. (BZ#1096806) * When using the sanlock daemon for managing access to shared storage, libvirt expected all QEMU domains to be registered with sanlock. However, if a QEMU domain was started prior to enabling sanlock, the domain was not registered with sanlock. Consequently, migration of a virtual machine (VM) from such a QEMU domain failed with a libvirt error. With this update, libvirt verifies whether a QEMU domain process is registered with sanlock before it starts working with the domain, ensuring that migration of virtual machines works as expected. (BZ#1097227) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1088290 - CVE-2014-0179 libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read 1091206 - libvirtd crashed after hot-unplug the vcpus which is pinned to host cpus 1096806 - [BUG] Quality of service does just apply to protocol "ip" instead of the device 1097227 - VM migration in RHEV environment failed due to libvirt error "Failed to inquire lock: No such process" 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm i386: libvirt-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-python-0.10.2-29.el6_5.8.i686.rpm x86_64: libvirt-0.10.2-29.el6_5.8.x86_64.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-python-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm i386: libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm x86_64: libvirt-0.10.2-29.el6_5.8.x86_64.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-python-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm i386: libvirt-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-python-0.10.2-29.el6_5.8.i686.rpm ppc64: libvirt-0.10.2-29.el6_5.8.ppc64.rpm libvirt-client-0.10.2-29.el6_5.8.ppc.rpm libvirt-client-0.10.2-29.el6_5.8.ppc64.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.ppc.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.ppc64.rpm libvirt-devel-0.10.2-29.el6_5.8.ppc.rpm libvirt-devel-0.10.2-29.el6_5.8.ppc64.rpm libvirt-python-0.10.2-29.el6_5.8.ppc64.rpm s390x: libvirt-0.10.2-29.el6_5.8.s390x.rpm libvirt-client-0.10.2-29.el6_5.8.s390.rpm libvirt-client-0.10.2-29.el6_5.8.s390x.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.s390.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.s390x.rpm libvirt-devel-0.10.2-29.el6_5.8.s390.rpm libvirt-devel-0.10.2-29.el6_5.8.s390x.rpm libvirt-python-0.10.2-29.el6_5.8.s390x.rpm x86_64: libvirt-0.10.2-29.el6_5.8.x86_64.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.x86_64.rpm libvirt-python-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm i386: libvirt-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-python-0.10.2-29.el6_5.8.i686.rpm x86_64: libvirt-0.10.2-29.el6_5.8.x86_64.rpm libvirt-client-0.10.2-29.el6_5.8.i686.rpm libvirt-client-0.10.2-29.el6_5.8.x86_64.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.i686.rpm libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-devel-0.10.2-29.el6_5.8.i686.rpm libvirt-devel-0.10.2-29.el6_5.8.x86_64.rpm libvirt-python-0.10.2-29.el6_5.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libvirt-0.10.2-29.el6_5.8.src.rpm x86_64: libvirt-debuginfo-0.10.2-29.el6_5.8.x86_64.rpm libvirt-lock-sanlock-0.10.2-29.el6_5.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0179.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThL9VXlSAg2UNWIIRAhMDAKCJzAmos8PKFZCoT8oEXQqqFtMlVgCeMI7u McdhSsbPVddS/kc/Gcg3f2E= =q8wr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 27 16:38:30 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 May 2014 16:38:30 +0000 Subject: [RHSA-2014:0561-01] Moderate: curl security and bug fix update Message-ID: <201405271638.s4RGcUGd013694@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2014:0561-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0561.html Issue date: 2014-05-27 CVE Names: CVE-2014-0015 CVE-2014-0138 ===================================================================== 1. Summary: Updated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138) Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138. This update also fixes the following bugs: * Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479) * Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480) * Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486) * Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1053903 - CVE-2014-0015 curl: re-use of wrong HTTP NTLM connection in libcurl 1079148 - CVE-2014-0138 curl: wrong re-use of connections in libcurl 1092486 - problem with building curl package 1096797 - RHEL-6 libcurl fails when using digest auth and have multiple auth options 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm i386: curl-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm x86_64: curl-7.19.7-37.el6_5.3.x86_64.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm i386: curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm x86_64: curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm x86_64: curl-7.19.7-37.el6_5.3.x86_64.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm x86_64: curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm i386: curl-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm ppc64: curl-7.19.7-37.el6_5.3.ppc64.rpm curl-debuginfo-7.19.7-37.el6_5.3.ppc.rpm curl-debuginfo-7.19.7-37.el6_5.3.ppc64.rpm libcurl-7.19.7-37.el6_5.3.ppc.rpm libcurl-7.19.7-37.el6_5.3.ppc64.rpm libcurl-devel-7.19.7-37.el6_5.3.ppc.rpm libcurl-devel-7.19.7-37.el6_5.3.ppc64.rpm s390x: curl-7.19.7-37.el6_5.3.s390x.rpm curl-debuginfo-7.19.7-37.el6_5.3.s390.rpm curl-debuginfo-7.19.7-37.el6_5.3.s390x.rpm libcurl-7.19.7-37.el6_5.3.s390.rpm libcurl-7.19.7-37.el6_5.3.s390x.rpm libcurl-devel-7.19.7-37.el6_5.3.s390.rpm libcurl-devel-7.19.7-37.el6_5.3.s390x.rpm x86_64: curl-7.19.7-37.el6_5.3.x86_64.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.x86_64.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/curl-7.19.7-37.el6_5.3.src.rpm i386: curl-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm x86_64: curl-7.19.7-37.el6_5.3.x86_64.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.x86_64.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0015.html https://www.redhat.com/security/data/cve/CVE-2014-0138.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThL95XlSAg2UNWIIRAuWXAKCIAvTqKU/9HfU5KeM749ua23zk1gCgw4M9 mEFgBRCmR38pSHAP2z8oGq8= =6/vE -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 19:41:02 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 19:41:02 +0000 Subject: [RHSA-2014:0573-01] Low: Red Hat Enterprise Linux 6.3 Extended Update Support One-Month Notice Message-ID: <201405291941.s4TJf2gL017451@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.3 Extended Update Support One-Month Notice Advisory ID: RHSA-2014:0573-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0573.html Issue date: 2014-05-29 ===================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 6.3 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.3. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.3 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ 4. Solution: This erratum contains an updated redhat-release-server package, that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.3): Source: redhat-release-server-6Server-6.3.0.6.el6_3.src.rpm i386: redhat-release-server-6Server-6.3.0.6.el6_3.i686.rpm ppc64: redhat-release-server-6Server-6.3.0.6.el6_3.ppc64.rpm s390x: redhat-release-server-6Server-6.3.0.6.el6_3.s390x.rpm x86_64: redhat-release-server-6Server-6.3.0.6.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/errata/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh403XlSAg2UNWIIRAnebAJ0VNmattSDkknhLHJu7FBIFfz+tKgCfeFme 0yV+oTbpg2IHC2USOhokNXI= =Ltz6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 19:41:23 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 19:41:23 +0000 Subject: [RHSA-2014:0575-01] Low: Red Hat Enterprise Developer Toolset Version 1 One-month Retirement Notice Message-ID: <201405291941.s4TJfNth026495@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Developer Toolset Version 1 One-month Retirement Notice Advisory ID: RHSA-2014:0575-01 Product: Red Hat Developer Toolset Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0575.html Issue date: 2014-05-29 ===================================================================== 1. Summary: This is the one-month notification for the retirement of Red Hat Developer Toolset Version 1. This notification applies only to those customers with subscriptions for Red Hat Developer Toolset Version 1. 2. Description: In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product. Details of the Red Hat Enterprise Developer Toolset life cycle can be found at https://access.redhat.com/site/support/policy/updates/dts/ 3. Solution: Red Hat Enterprise Developer Toolset Version 1 will be retired on June 30, 2014. Customers are encouraged to migrate to a newer release of Red Hat Enterprise Developer Toolset, and can find additional details on the Red Hat Enterprise Developer Toolset life cycle page at https://access.redhat.com/site/support/policy/updates/dts/ 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/support/policy/updates/dts/ 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh41WXlSAg2UNWIIRAsY9AJ9CW2Mmnb9K7ncAA0vzPNohn6SFpQCfYBmt 1Of7mcC9ET/KkaczoGm088E= =sgHo -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:17:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:17:17 +0000 Subject: [RHSA-2014:0516-01] Moderate: openstack-neutron security, bug fix, and enhancement update Message-ID: <201405292117.s4TLHHkF014323@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security, bug fix, and enhancement update Advisory ID: RHSA-2014:0516-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0516.html Issue date: 2014-05-29 CVE Names: CVE-2013-6433 CVE-2014-0056 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A flaw was found in the way OpenStack Networking performed authorization checks on created ports. An authenticated user could potentially use this flaw to create ports on a router belonging to a different tenant, allowing unauthorized access to the network of other tenants. Note that only OpenStack Networking setups using plug-ins that rely on the l3-agent were affected. (CVE-2014-0056) It was discovered that the default sudo configuration provided in OpenStack Networking, which is specific to the openstack-neutron package shipped by Red Hat, did not correctly specify a configuration file for rootwrap, potentially allowing an unauthenticated user to escalate their privileges. (CVE-2013-6433) Red Hat would like to thank the OpenStack project for reporting CVE-2014-0056. Upstream acknowledges Aaron Rosen from VMware as the original reporter of CVE-2014-0056. The CVE-2013-6433 issue was discovered by Kashyap Chamarthy of Red Hat. This update also fixes several bugs and adds enhancements. Documentation for these changes is available in the Technical Notes document linked to in the References section. All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1036523 - neutron-server connection to multiple qpidd instances is broken 1039812 - CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation 1050962 - neutron should not specify signing_dir in neutron-dist.conf 1051028 - neutron-dhcp-agent doesn't clean after itself when service is shut down 1051036 - neutron-l3-agent doesn't clean after itself when service is shut down 1051444 - [neutron]: neutron-dhcp-agent and neutron-l3-agent won't respawn child processes if something goes wrong 1060709 - neutron-server start should survive lack of db availability 1060711 - neutron qpid reconnection delay must be more accurate 1063141 - CVE-2014-0056 OpenStack Neutron: insufficient authorization checks when creating ports 1071891 - Old path for LB driver is used after upgrade from RHOS 3 1075833 - Reduce debug logging of qpid output 1076994 - Full /var prevents pid file being written, but daemon starts anyway 1077487 - dnsmasq can't handle ipv6 addresses; triggers constant resyncs of dhcp 1080071 - Nexus plugin db migration issues 1081159 - L3 agent restart causes network outage 1084535 - Rebase openstack-neutron to 2013.2.3 1086077 - RPC error in neutron-server leads to cascading failure 1098578 - neutron-vpn-agent does not use the /etc/neutron/fwaas_driver.ini 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-neutron-2013.2.3-7.el6ost.src.rpm noarch: openstack-neutron-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-bigswitch-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-brocade-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-cisco-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-hyperv-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-linuxbridge-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-mellanox-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-metaplugin-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-metering-agent-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-midonet-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-ml2-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-nec-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-nicira-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-openvswitch-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-plumgrid-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-ryu-2013.2.3-7.el6ost.noarch.rpm openstack-neutron-vpn-agent-2013.2.3-7.el6ost.noarch.rpm python-neutron-2013.2.3-7.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6433.html https://www.redhat.com/security/data/cve/CVE-2014-0056.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6OCXlSAg2UNWIIRAvX4AKCRD8mMAL/POfiNUgJHFe/NpViIlQCeJbW+ ku3AbgGuN+LbN0oyd1voe/U= =2SXj -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:18:45 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:18:45 +0000 Subject: [RHSA-2014:0517-01] Moderate: openstack-foreman-installer security, bug fix, and enhancement update Message-ID: <201405292118.s4TLIjmP026500@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-foreman-installer security, bug fix, and enhancement update Advisory ID: RHSA-2014:0517-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0517.html Issue date: 2014-05-29 CVE Names: CVE-2013-6470 ===================================================================== 1. Summary: An updated openstack-foreman-installer package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The openstack-foreman-installer package provides facilities for rapidly deploying Red Hat Enterprise Linux OpenStack Platform 4. It was discovered that the Qpid configuration created by openstack-foreman-installer did not have authentication enabled when run with default settings in standalone mode. An attacker able to establish a TCP connection to Qpid could access any OpenStack back end using Qpid (for example, nova) without any authentication. (CVE-2013-6470) This update also fixes several bugs and adds enhancements. Documentation for these changes is available in the Technical Notes document linked to in the References section. All openstack-foreman-installer users are advised to upgrade to this updated package, which corrects these issues and adds these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033247 - [RFE] Global Parameter Boolean for Specifying Service Deployment 1049122 - Install a Highly Available OpenStack deployment using Foreman (qpid) 1051994 - CVE-2013-6470 openstack foreman-installer: insecure defaults 1053623 - openstack-foreman-installer: openstack-selinux package is not installed on the foreman_clients (it cause: multiple AVCs in messages). 1062699 - [RFE] foreman should allow for cinder share mount options on HA Controller 1064050 - [RFE] foreman should allow the configuraiton of glance using RHS/NFS and direct file access 1064056 - Foreman Heat ports not opened in a foreman based Nova network install 1068885 - Foreman-installer doesn't create keystonerc_admin file on controller 1073087 - [RFE] Use subscription-manager in kickstart template, not rhnreg_ks 1073550 - Change foreman-installer to use openstack-puppet-modules 1077818 - Modify installer to accept environment variable for Foreman provisioning interface 1078279 - Pull latest Cisco Nexus updates 1080638 - openshift-enterprise HA template egress rules block cloud-init metadata 1084534 - Add Nova Service to HA hostgroup 1085547 - Keystone role is created as _member_ instead of Member 1087713 - Add Swift Proxy service to HA hostgroup 1088608 - Add Neutron Service to HA hostgroup 1088611 - Add Heat Service to HA hostgroup 1095853 - [Rubygem-Staypuft]:When attempting to browse : Infrastructure --> Compute Resources' getting "Not Implemented" page (as well to other pages) . 1099661 - OpenStack-Foreman-Installer: Failed to deploy Neutron-Compute using O-F-I due to 'Invalid parameter ceilometer_host'. 1100411 - ceilometer attempts to start before mongo service is ready 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-foreman-installer-1.0.12-1.el6ost.src.rpm noarch: openstack-foreman-installer-1.0.12-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6470.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6P+XlSAg2UNWIIRAgfAAKC1mILeqUQGjQrck82kHLPGuHLExACfTAq/ hNd3D5xiov61/eVUkIfPtag= =YUhM -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:20:50 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:20:50 +0000 Subject: [RHSA-2014:0578-01] Moderate: openstack-nova security, bug fix, and enhancement update Message-ID: <201405292120.s4TLKoDj005106@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2014:0578-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0578.html Issue date: 2014-05-29 CVE Names: CVE-2014-0134 ===================================================================== 1. Summary: Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that overwriting the disk inside of an instance with a malicious image, and then switching the instance to rescue mode, could potentially allow an authenticated user to access arbitrary files on the compute host depending on the file permissions and SELinux constraints of those files. Only setups that used libvirt to spawn instances and which had the use of cow images disabled ("use_cow_images = False" in nova configuration) were affected. (CVE-2014-0134) Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Stanislaw Pitucha from Hewlett Packard as the original reporter. Bug fixes: * The Compute libguestfs did not perform tear down correctly in certain cases, such as when attempting to perform SSH key injection when no SSH keys were specified. As a result, libguestfs qemu instances would remain running, even after the Compute instance with which they were associated was destroyed. This has been fixed and now tear down of libguestfs occurs correctly. (BZ#1022627) * Qpid's driver reconnection delay is not configurable. This and the fact that the hard-coded delay was quite high became a blocker issue from an HA perspective. Making this value configurable is not possible for this version, so the hard-coded delay was changed. The new delay cap is 5 seconds. (BZ#1060772) * Nova was creating a temporary VMware snapshot during a nova snapshot, but not deleting it on completion. Thus VMware guests could end up with a large number of unnecessary snapshots. The temporary VMware snapshot is now deleted on completion of the nova snapshot operation. (BZ#1069429) * The Nova vmware driver was not passing the iscsi server location to the instance, hence it was not possible to add a cinder iscsi disk to a VMware instance. The nova vmware driver now correctly passes the iscsi server location to the instance and it is possible to add a cinder iscsi disk to a VMware instance. (BZ#1069432) * The nova VMware driver was assigning VNC ports in a way which could cause collisions between guests. There was a small chance that 2 instances could be created with the same VNC port. If both instances ran on the same ESX host, only one of their consoles would be available. However, that console would be presented when requested for both instances. This has been fixed so that the nova VMware driver now allocates VNC ports which are unique to a vcenter, and a user of one instance will not be presented with the console of another. (BZ#1077017) Enhancement: * When troubleshooting production systems it is desirable to be able to trace all data base queries, web REST calls, messaging service RPC calls, and libvirt API calls associated with invocation of a user command or background job. Hence, the ability has been added to obtain a debug dump of the system state for an OpenStack service based process. For example, upon sending SIGUSR1, a dump of all native threads, green threads, live configuration, and any other relevant info is triggered. (BZ#1071469) All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1022627 - stale qemu processes left running in nova due to incorrect libguestfs cleanup 1060772 - nova qpid reconnection delay must be more accurate 1069429 - VMware: delete vm snapshot after nova snapshot 1069432 - VMware: iscsi target discovery fails while attaching volumes 1071469 - [RFE][nova]: Provide for a live debug dump of system state 1077017 - VMware: fix the VNC port allocation 1078002 - CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode 1081001 - Need to allow disabling of bandwidth polling periodic task 1085005 - openstack-nova: several instances are able to be configure the same bootable volume 1089070 - Depend on sufficiently new version of libvirt 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-nova-2013.2.3-7.el6ost.src.rpm noarch: openstack-nova-2013.2.3-7.el6ost.noarch.rpm openstack-nova-api-2013.2.3-7.el6ost.noarch.rpm openstack-nova-cells-2013.2.3-7.el6ost.noarch.rpm openstack-nova-cert-2013.2.3-7.el6ost.noarch.rpm openstack-nova-common-2013.2.3-7.el6ost.noarch.rpm openstack-nova-compute-2013.2.3-7.el6ost.noarch.rpm openstack-nova-conductor-2013.2.3-7.el6ost.noarch.rpm openstack-nova-console-2013.2.3-7.el6ost.noarch.rpm openstack-nova-doc-2013.2.3-7.el6ost.noarch.rpm openstack-nova-network-2013.2.3-7.el6ost.noarch.rpm openstack-nova-novncproxy-2013.2.3-7.el6ost.noarch.rpm openstack-nova-objectstore-2013.2.3-7.el6ost.noarch.rpm openstack-nova-scheduler-2013.2.3-7.el6ost.noarch.rpm python-nova-2013.2.3-7.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0134.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6RLXlSAg2UNWIIRAm4nAJ9b4HvQQXmtoemEQSSG5fuFdELeJgCeP8es t+L8ZpyOpnqSsAIGpqXpfs4= =nfdv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:21:33 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:21:33 +0000 Subject: [RHSA-2014:0579-01] Low: openstack-heat-templates security update Message-ID: <201405292121.s4TLLY4G008682@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: openstack-heat-templates security update Advisory ID: RHSA-2014:0579-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0579.html Issue date: 2014-05-29 CVE Names: CVE-2014-0040 CVE-2014-0041 CVE-2014-0042 ===================================================================== 1. Summary: An updated openstack-heat-templates package that fixes three security issues is now available Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The openstack-heat-templates package provides heat example templates and image building elements for the openstack-heat package. It was discovered that certain heat templates used HTTP to insecurely download packages and signing keys via Yum. An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system. (CVE-2014-0040) It was found that certain heat templates disabled SSL protection for various Yum repositories (sslverify=false). An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system. (CVE-2014-0041) It was discovered that certain heat templates disabled GPG signature checking of packages via Yum (gpgcheck=0). An attacker could use this flaw to conduct man-in-the-middle attacks to install arbitrary packages on the system. (CVE-2014-0042) These issues were discovered by Grant Murphy of the Red Hat Product Security Team. All openstack-heat-templates users are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1059514 - CVE-2014-0040 OpenStack openstack-heat-templates: use of HTTP to download signing keys/code 1059515 - CVE-2014-0041 OpenStack openstack-heat-templates: use of HTTPS url and sslverify=false 1059520 - CVE-2014-0042 OpenStack openstack-heat-templates: setting gpgcheck=0 for signed packages 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-heat-templates-0-0.3.20140407git.el6ost.src.rpm noarch: openstack-heat-templates-0-0.3.20140407git.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0040.html https://www.redhat.com/security/data/cve/CVE-2014-0041.html https://www.redhat.com/security/data/cve/CVE-2014-0042.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6TEXlSAg2UNWIIRAksGAKC2niKX/sc3il6xbsd7ScbrZpxIrwCgiO0I S+sPQATQbTSS8Gm6jxXH69M= =m1tU -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:22:09 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:22:09 +0000 Subject: [RHSA-2014:0580-01] Moderate: openstack-keystone security and bug fix update Message-ID: <201405292122.s4TLM9sd014443@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-keystone security and bug fix update Advisory ID: RHSA-2014:0580-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0580.html Issue date: 2014-05-29 CVE Names: CVE-2014-2237 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. The openstack-keystone packages have been upgraded to upstream version 2013.2.3, which provides a number of bug fixes over the previous version. The following security issue is also fixed with this release: It was found that the memcached token back end of OpenStack Identity did not correctly invalidate a revoked trust token, allowing users with revoked tokens to retain access to services they should no longer be able to access. Note that only OpenStack Identity setups using the memcached back end for tokens were affected. (CVE-2014-2237) All openstack-keystone users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071434 - CVE-2014-2237 openstack-keystone: trustee token revocation does not work with memcache backend 1083415 - keystone qpid reconnection delay must be more accurate 1085933 - Replace python-oauth2 with oauthlib 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2013.2.3-4.el6ost.src.rpm noarch: openstack-keystone-2013.2.3-4.el6ost.noarch.rpm openstack-keystone-doc-2013.2.3-4.el6ost.noarch.rpm python-keystone-2013.2.3-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-2237.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6TtXlSAg2UNWIIRAsLVAJ4uGgQ4i9mF6Tgm4eZPDwZzdmWcrACfcIgy 8Ux6szjaI5yyuEY0o9Euo7M= =F5Pt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:22:37 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:22:37 +0000 Subject: [RHSA-2014:0581-01] Low: python-django-horizon security update Message-ID: <201405292122.s4TLMbLM014563@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: python-django-horizon security update Advisory ID: RHSA-2014:0581-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0581.html Issue date: 2014-05-29 CVE Names: CVE-2014-0157 ===================================================================== 1. Summary: Updated python-django-horizon packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: OpenStack Dashboard (horizon) provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was discovered in OpenStack Dashboard that could allow a remote attacker to conduct cross-site scripting (XSS) attacks if they were able to trick a horizon user into using a malicious heat template. Note that only setups exposing the orchestration dashboard in OpenStack Dashboard were affected. (CVE-2014-0157) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Cristian Fiorentino from Intel as the original reporter. All python-django-horizon users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1082858 - CVE-2014-0157 OpenStack: XSS in Horizon orchestration dashboard when using a malicious template 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/python-django-horizon-2013.2.3-1.el6ost.src.rpm noarch: openstack-dashboard-2013.2.3-1.el6ost.noarch.rpm openstack-dashboard-theme-2013.2.3-1.el6ost.noarch.rpm python-django-horizon-2013.2.3-1.el6ost.noarch.rpm python-django-horizon-doc-2013.2.3-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0157.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6USXlSAg2UNWIIRAnqnAJwPwpf+CA9raLB/flaaqbHORNKHXgCdGtiL aXwHp13gQdp6/DKLaCyDuQQ= =tm7q -----END PGP SIGNATURE-----