From bugzilla at redhat.com Mon Nov 3 09:02:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:02:08 +0000 Subject: [RHSA-2014:1781-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201411030902.sA391wZU006154@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2014:1781-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1781.html Issue date: 2014-11-03 CVE Names: CVE-2014-3608 CVE-2014-8750 ===================================================================== 1. Summary: Updated openstack-nova packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected. (CVE-2014-8750) CVE-2014-2573, the fix for which was provided with the initial release of Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6, describes a flaw in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. It was found that the fix for CVE-2014-2573 was incomplete. A virtual machine could be forced into the ERROR state from rescue by issuing a suspend command. Virtual machines deleted from the ERROR state would still leave the rescue image behind, allowing a user to exceed their quota. Note that only setups using the nova VMware driver were affected. (CVE-2014-3608) The CVE-2014-3608 issue was discovered by Garth Mollett of Red Hat Product Security. The openstack-nova packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1149749) All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1148253 - CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images 1149749 - Rebase openstack-nova to 2014.1.3 1152346 - CVE-2014-8750 openstack-nova: Nova VMware driver may connect VNC to another tenant's console 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-nova-2014.1.3-4.el6ost.src.rpm noarch: openstack-nova-2014.1.3-4.el6ost.noarch.rpm openstack-nova-api-2014.1.3-4.el6ost.noarch.rpm openstack-nova-cells-2014.1.3-4.el6ost.noarch.rpm openstack-nova-cert-2014.1.3-4.el6ost.noarch.rpm openstack-nova-common-2014.1.3-4.el6ost.noarch.rpm openstack-nova-compute-2014.1.3-4.el6ost.noarch.rpm openstack-nova-conductor-2014.1.3-4.el6ost.noarch.rpm openstack-nova-console-2014.1.3-4.el6ost.noarch.rpm openstack-nova-doc-2014.1.3-4.el6ost.noarch.rpm openstack-nova-network-2014.1.3-4.el6ost.noarch.rpm openstack-nova-novncproxy-2014.1.3-4.el6ost.noarch.rpm openstack-nova-objectstore-2014.1.3-4.el6ost.noarch.rpm openstack-nova-scheduler-2014.1.3-4.el6ost.noarch.rpm python-nova-2014.1.3-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3608 https://access.redhat.com/security/cve/CVE-2014-8750 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0N0XlSAg2UNWIIRAgOwAJwMgAqIYPjYPe7XLeFlBnuqIWF5rgCgnHn8 72l8zlIautcPUYV0Bf/c4DE= =Ylai -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:04:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:04:08 +0000 Subject: [RHSA-2014:1782-01] Important: openstack-nova security, bug fix, and enhancement update Message-ID: <201411030903.sA393whq015476@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security, bug fix, and enhancement update Advisory ID: RHSA-2014:1782-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1782.html Issue date: 2014-11-03 CVE Names: CVE-2014-3608 CVE-2014-8750 ===================================================================== 1. Summary: Updated openstack-nova packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected. (CVE-2014-8750) CVE-2014-2573, the fix for which was provided with the initial release of Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7, describes a flaw in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. It was found that the fix for CVE-2014-2573 was incomplete. A virtual machine could be forced into the ERROR state from rescue by issuing a suspend command. Virtual machines deleted from the ERROR state would still leave the rescue image behind, allowing a user to exceed their quota. Note that only setups using the nova VMware driver were affected. (CVE-2014-3608) The CVE-2014-3608 issue was discovered by Garth Mollett of Red Hat Product Security. The openstack-nova packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1149737) This update also fixes the following bug: * Previously, unhandled database deadlock conditions triggered with some database configuration edge cases. "Deadlock found when trying to get lock; try restarting transaction" messages may have been logged, and database transactions may have been lost. With this update, actions are retried on deadlock conditions, resulting in robust database communication. (BZ#1141972) All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141972 - nova conductor's log is full of deadlock errors 1148253 - CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images 1149737 - Rebase openstack-nova to 2014.1.3 1152346 - CVE-2014-8750 openstack-nova: Nova VMware driver may connect VNC to another tenant's console 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-nova-2014.1.3-4.el7ost.src.rpm noarch: openstack-nova-2014.1.3-4.el7ost.noarch.rpm openstack-nova-api-2014.1.3-4.el7ost.noarch.rpm openstack-nova-cells-2014.1.3-4.el7ost.noarch.rpm openstack-nova-cert-2014.1.3-4.el7ost.noarch.rpm openstack-nova-common-2014.1.3-4.el7ost.noarch.rpm openstack-nova-compute-2014.1.3-4.el7ost.noarch.rpm openstack-nova-conductor-2014.1.3-4.el7ost.noarch.rpm openstack-nova-console-2014.1.3-4.el7ost.noarch.rpm openstack-nova-doc-2014.1.3-4.el7ost.noarch.rpm openstack-nova-network-2014.1.3-4.el7ost.noarch.rpm openstack-nova-novncproxy-2014.1.3-4.el7ost.noarch.rpm openstack-nova-objectstore-2014.1.3-4.el7ost.noarch.rpm openstack-nova-scheduler-2014.1.3-4.el7ost.noarch.rpm python-nova-2014.1.3-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3608 https://access.redhat.com/security/cve/CVE-2014-8750 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0STXlSAg2UNWIIRAiI5AJ0VE+MDBFDHWAuaran/y24cV4pyDACdHYRV uRiLEA1ObCJThGqxBQ144Gk= =9Pby -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:05:42 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:05:42 +0000 Subject: [RHSA-2014:1783-01] Moderate: python-keystoneclient security and bug fix update Message-ID: <201411030905.sA395Xmb021231@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient security and bug fix update Advisory ID: RHSA-2014:1783-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1783.html Issue date: 2014-11-03 CVE Names: CVE-2014-7144 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that Python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. (CVE-2014-7144) Note that when the "insecure" option was not set in paste.ini, it evaluated to false, and verification was performed. This update also fixes the following bug: * Previously, when attempting to enable the use of the s3_token middleware, for use with the Amazon Simple Storage Service (Amazon S3) APIs, a "No module named webob" error was returned. (BZ#1141933) All python-keystoneclient users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141933 - Module webob not found when enabling s3token in Swift 1143808 - CVE-2014-7144 python-keystoneclient: TLS certificate verification disabled 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-keystoneclient-0.9.0-5.el6ost.src.rpm noarch: python-keystoneclient-0.9.0-5.el6ost.noarch.rpm python-keystoneclient-doc-0.9.0-5.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7144 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0UKXlSAg2UNWIIRAm5JAJ4lVw1xC+3ne+RMKfgzy8tEw8kyuQCgqzdL uiRutXDinXiikh+FqJGVVnA= =OaXL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:08:18 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:08:18 +0000 Subject: [RHSA-2014:1784-01] Moderate: python-keystoneclient security and bug fix update Message-ID: <201411030908.sA398892022504@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python-keystoneclient security and bug fix update Advisory ID: RHSA-2014:1784-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1784.html Issue date: 2014-11-03 CVE Names: CVE-2014-7144 ===================================================================== 1. Summary: Updated python-keystoneclient packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that Python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. (CVE-2014-7144) Note that when the "insecure" option was not set in paste.ini, it evaluated to false, and verification was performed. This update also fixes the following bugs: * Previously, when running Python-keystoneclient in the DEBUG log level, sensitive data may have been logged in plain text. Refer to the OSSN-0024 document, linked to in the References, for further information. (BZ#1106328) * Previously, when attempting to enable the use of the s3_token middleware, for use with the Amazon Simple Storage Service (Amazon S3) APIs, a "No module named webob" error was returned. (BZ#1133431) All python-keystoneclient users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1106328 - clear text passwords shown in horizon.log (DEBUG level) 1133431 - Module webob not found when enabling s3token in Swift 1143808 - CVE-2014-7144 python-keystoneclient: TLS certificate verification disabled 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-keystoneclient-0.9.0-5.el7ost.src.rpm noarch: python-keystoneclient-0.9.0-5.el7ost.noarch.rpm python-keystoneclient-doc-0.9.0-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7144 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/OSSN/OSSN-0024 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0VoXlSAg2UNWIIRAuGfAJ9bLvDIVoIdGEC+n4j6TLx2gyJnEgCfZUQV Boa/vRtsHkkeSnIbDTJ0Sio= =+ptp -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:09:53 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:09:53 +0000 Subject: [RHSA-2014:1785-01] Moderate: openstack-neutron security, bug fix, and enhancement update Message-ID: <201411030909.sA399hgV005477@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security, bug fix, and enhancement update Advisory ID: RHSA-2014:1785-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1785.html Issue date: 2014-11-03 CVE Names: CVE-2014-6414 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue, several bugs, and add multiple enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service. (CVE-2014-6414) The openstack-neutron packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1149753) All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1142012 - CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users 1144329 - Remove dnsmasq version warning for dhcp-agent on RHEL 1149753 - Rebase openstack-neutron to 2014.1.3 1151524 - [RFE][neutron]: Config option to control visibility of cisco-policy-profile resources for tenants 1151531 - [RFE][neutron]: Ability to assign cisco nw profile to multi-tenants in single request 1159076 - l3-agent error : Executable not found: conntrack (filter match = conntrack) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-neutron-2014.1.3-8.el6ost.src.rpm python-neutronclient-2.3.4-3.el6ost.src.rpm noarch: openstack-neutron-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-bigswitch-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-brocade-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-cisco-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-embrane-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-hyperv-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-ibm-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-mellanox-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-metaplugin-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-metering-agent-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-midonet-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-ml2-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-nec-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-nuage-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-ofagent-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-openvswitch-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-plumgrid-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-ryu-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-vmware-2014.1.3-8.el6ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.3-8.el6ost.noarch.rpm python-neutron-2014.1.3-8.el6ost.noarch.rpm python-neutronclient-2.3.4-3.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6414 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0YHXlSAg2UNWIIRAiBHAKC4rjKJLprgGjHg08unkpm16G39XgCeOLrq IhRrX+OAqkfCevx9bQpyo64= =riNz -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:11:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:11:36 +0000 Subject: [RHSA-2014:1786-01] Moderate: openstack-neutron security, bug fix, and enhancement update Message-ID: <201411030911.sA39BQvK018711@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-neutron security, bug fix, and enhancement update Advisory ID: RHSA-2014:1786-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1786.html Issue date: 2014-11-03 CVE Names: CVE-2014-6414 ===================================================================== 1. Summary: Updated openstack-neutron packages that fix one security issue, several bugs, and add multiple enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service. (CVE-2014-6414) The openstack-neutron packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#1149742) All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1022725 - neutron-server is dead after enablement of the haproxy service provider in neutron.conf 1085172 - [RFE][neutron]: Add the capability to sync neutron resources to the N1kv VSM 1085633 - [RFE][python-neutronclient]: Add Repeatable add-tenant and remove-tenant option in cli 1106489 - neutron-*-agent child processes can die unnoticed 1110195 - Some plugin ini files are not included in setup.cfg and are not installed via 'setup.py install' 1125207 - neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "ip6tables-restore v1.4.7: ip6tables-restore: unable to initialize table 'filter'\n\nError occurred at line: 2\n 1134545 - Missing quota tables for Cisco N1KV monolithic plugin 1134612 - update vsm credential correctly 1142012 - CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users 1147618 - TTL never set on messages, causes messages to live forever 1148511 - Neutron DHCP Failover behavior 1149742 - Rebase openstack-neutron to 2014.1.3 1150318 - Cisco N1kv: Remove unnecessary REST call to delete VM network on controller 1150413 - Include support for neutron-scale script in neutron package 1151528 - [RFE][neutron]: Config option to control visibility of cisco-policy-profile resources for tenants 1151533 - [RFE][neutron]: Ability to assign cisco nw profile to multi-tenants in single request 1158871 - l3-agent error : Executable not found: conntrack (filter match = conntrack) 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-neutron-2014.1.3-7.el7ost.src.rpm python-neutronclient-2.3.4-3.el7ost.src.rpm noarch: openstack-neutron-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-bigswitch-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-brocade-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-cisco-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-embrane-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-hyperv-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-ibm-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-linuxbridge-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-mellanox-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-metaplugin-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-metering-agent-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-midonet-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-ml2-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-nec-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-nuage-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-ofagent-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-oneconvergence-nvsd-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-openvswitch-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-plumgrid-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-ryu-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-vmware-2014.1.3-7.el7ost.noarch.rpm openstack-neutron-vpn-agent-2014.1.3-7.el7ost.noarch.rpm python-neutron-2014.1.3-7.el7ost.noarch.rpm python-neutronclient-2.3.4-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6414 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0ZmXlSAg2UNWIIRAoUaAKCUnAWNmzBJ6IA0zXm2t9SwkDh2PgCfQHkv YD3pA6UOusvTZsNHOKw4O00= =doTY -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:16:30 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:16:30 +0000 Subject: [RHSA-2014:1787-01] Moderate: openstack-cinder security and bug fix update Message-ID: <201411030916.sA39GKoO013220@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security and bug fix update Advisory ID: RHSA-2014:1787-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1787.html Issue date: 2014-11-03 CVE Names: CVE-2014-3641 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage?s API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header. (CVE-2014-3641) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Duncan Thomas from Hewlett Packard as the original reporter. The openstack-cinder packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes over the previous version. (BZ#1149750) All users of openstack-cinder are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the cinder running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141996 - CVE-2014-3641 openstack-cinder: Cinder-volume host data leak to virtual machine instance 1149750 - Rebase openstack-cinder to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-cinder-2014.1.3-1.el6ost.src.rpm noarch: openstack-cinder-2014.1.3-1.el6ost.noarch.rpm openstack-cinder-doc-2014.1.3-1.el6ost.noarch.rpm python-cinder-2014.1.3-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3641 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0bKXlSAg2UNWIIRAvfJAJ0R1svkHqaHTxpsRN2flkwIEl8F/ACdFzd8 s16+YRk51FyiKFeVYUE99qg= =4h2U -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:17:41 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:17:41 +0000 Subject: [RHSA-2014:1788-01] Moderate: openstack-cinder security and bug fix update Message-ID: <201411030917.sA39HWi9009630@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-cinder security and bug fix update Advisory ID: RHSA-2014:1788-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1788.html Issue date: 2014-11-03 CVE Names: CVE-2014-3641 ===================================================================== 1. Summary: Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage?s API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header. (CVE-2014-3641) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Duncan Thomas from Hewlett Packard as the original reporter. The openstack-cinder packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes over the previous version. (BZ#1149739) All users of openstack-cinder are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the cinder running services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1042801 - [RHS-RHOS] Cinder volume migration fails to migrate from one glusterfs backend to another 1140210 - vmware: Fix problems with VIM API retry logic 1141996 - CVE-2014-3641 openstack-cinder: Cinder-volume host data leak to virtual machine instance 1149739 - Rebase openstack-cinder to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-cinder-2014.1.3-1.el7ost.src.rpm noarch: openstack-cinder-2014.1.3-1.el7ost.noarch.rpm openstack-cinder-doc-2014.1.3-1.el7ost.noarch.rpm python-cinder-2014.1.3-1.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3641 https://access.redhat.com/security/updates/classification/#moderate https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0fwXlSAg2UNWIIRAnXzAJoC/zsREZdhkZhKLXmLQ6p4m+hIywCgtiVI J/QPFS59m0X7dGlaehDF4pY= =bn59 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:19:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:19:07 +0000 Subject: [RHSA-2014:1789-01] Important: openstack-keystone security and bug fix update Message-ID: <201411030918.sA39IwW6010223@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security and bug fix update Advisory ID: RHSA-2014:1789-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1789.html Issue date: 2014-11-03 CVE Names: CVE-2014-3621 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue. (CVE-2014-3621) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brant Knudson from IBM as the original reporter. The openstack-keystone packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes over the previous version. (BZ#1149748) All openstack-keystone users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139937 - CVE-2014-3621 openstack-keystone: configuration data information leak through Keystone catalog 1149748 - Rebase openstack-keystone to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-keystone-2014.1.3-2.el6ost.src.rpm noarch: openstack-keystone-2014.1.3-2.el6ost.noarch.rpm openstack-keystone-doc-2014.1.3-2.el6ost.noarch.rpm python-keystone-2014.1.3-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3621 https://access.redhat.com/security/updates/classification/#important https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.3 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0g3XlSAg2UNWIIRAobdAKCZWXmBAv/9ECKL9QsHCJzDCcpomACfYr0q 8IGpvSugwvMvU9oxcJNOARs= =ZWPW -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 09:20:24 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 09:20:24 +0000 Subject: [RHSA-2014:1790-01] Important: openstack-keystone security and bug fix update Message-ID: <201411030920.sA39KExg028895@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security and bug fix update Advisory ID: RHSA-2014:1790-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1790.html Issue date: 2014-11-03 CVE Names: CVE-2014-3621 ===================================================================== 1. Summary: Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admin_token. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue. (CVE-2014-3621) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brant Knudson from IBM as the original reporter. The openstack-keystone packages have been upgraded to upstream version 2014.1.3, which provides a number of bug fixes over the previous version. (BZ#1149736) All openstack-keystone users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1113534 - LDAP misconfiguration should be handled better 1116551 - Can't get a token with curl when keystone is running in Apache with LDAP 1139937 - CVE-2014-3621 openstack-keystone: configuration data information leak through Keystone catalog 1140152 - Keystone LDAPS connection using CA certificate 1149425 - Include policy.v3cloudsample.json example 1149736 - Rebase openstack-keystone to 2014.1.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-keystone-2014.1.3-2.el7ost.src.rpm noarch: openstack-keystone-2014.1.3-2.el7ost.noarch.rpm openstack-keystone-doc-2014.1.3-2.el7ost.noarch.rpm python-keystone-2014.1.3-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3621 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV0iNXlSAg2UNWIIRAkxWAJ9TD+0e2rlCB5jt6AfhWPwebCPQSACfQpWR Mcp3TnvbvKD9uGnIMfTduiQ= =kMDc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 19:08:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 19:08:19 +0000 Subject: [RHSA-2014:1795-01] Moderate: cups-filters security update Message-ID: <201411031908.sA3J8Jea006031@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups-filters security update Advisory ID: RHSA-2014:1795-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1795.html Issue date: 2014-11-03 CVE Names: CVE-2014-4337 CVE-2014-4338 ===================================================================== 1. Summary: Updated cups-filters packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cups-browsed daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1091568 - CVE-2014-4338 cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts 1111510 - CVE-2014-4337 cups-filters: cups-browsed DoS via process_browse_data() OOB read 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: cups-filters-1.0.35-15.el7_0.1.src.rpm x86_64: cups-filters-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-libs-1.0.35-15.el7_0.1.i686.rpm cups-filters-libs-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-devel-1.0.35-15.el7_0.1.i686.rpm cups-filters-devel-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-filters-1.0.35-15.el7_0.1.src.rpm x86_64: cups-filters-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-libs-1.0.35-15.el7_0.1.i686.rpm cups-filters-libs-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-devel-1.0.35-15.el7_0.1.i686.rpm cups-filters-devel-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-filters-1.0.35-15.el7_0.1.src.rpm ppc64: cups-filters-1.0.35-15.el7_0.1.ppc64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.ppc.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.ppc64.rpm cups-filters-libs-1.0.35-15.el7_0.1.ppc.rpm cups-filters-libs-1.0.35-15.el7_0.1.ppc64.rpm s390x: cups-filters-1.0.35-15.el7_0.1.s390x.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.s390.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.s390x.rpm cups-filters-libs-1.0.35-15.el7_0.1.s390.rpm cups-filters-libs-1.0.35-15.el7_0.1.s390x.rpm x86_64: cups-filters-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-libs-1.0.35-15.el7_0.1.i686.rpm cups-filters-libs-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-filters-debuginfo-1.0.35-15.el7_0.1.ppc.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.ppc64.rpm cups-filters-devel-1.0.35-15.el7_0.1.ppc.rpm cups-filters-devel-1.0.35-15.el7_0.1.ppc64.rpm s390x: cups-filters-debuginfo-1.0.35-15.el7_0.1.s390.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.s390x.rpm cups-filters-devel-1.0.35-15.el7_0.1.s390.rpm cups-filters-devel-1.0.35-15.el7_0.1.s390x.rpm x86_64: cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-devel-1.0.35-15.el7_0.1.i686.rpm cups-filters-devel-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-filters-1.0.35-15.el7_0.1.src.rpm x86_64: cups-filters-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-libs-1.0.35-15.el7_0.1.i686.rpm cups-filters-libs-1.0.35-15.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-devel-1.0.35-15.el7_0.1.i686.rpm cups-filters-devel-1.0.35-15.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4337 https://access.redhat.com/security/cve/CVE-2014-4338 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV9KJXlSAg2UNWIIRAhQXAJ94v3UQHSMi6d7dWtGZf3S5q8Bi5QCfeYZG 1w6uBfxBBPVS+t0n1zFk1pg= =diOI -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 3 20:15:35 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Nov 2014 20:15:35 +0000 Subject: [RHSA-2014:1796-01] Moderate: Red Hat OpenShift Enterprise 2.2 Release Advisory Message-ID: <201411032015.sA3KFZta011872@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 2.2 Release Advisory Advisory ID: RHSA-2014:1796-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1796.html Issue date: 2014-11-03 CVE Names: CVE-2014-3602 CVE-2014-3674 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise release 2.2, which fixes a security issue, several bugs and includes various enhancements, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOSE Client 2.2 - noarch RHOSE Infrastructure 2.2 - noarch, x86_64 RHOSE JBoss EAP add-on 2.2 - noarch RHOSE Node 2.2 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. It was reported that OpenShift Enterprise 2.2 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. OpenShift Enterprise 2.2 introduces the oo-gear-firewall command which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue. Administrators should run the following on node hosts in existing deployments after upgrading to 2.2 to address this security issue: # oo-gear-firewall -i enable -s enable Please see the man page for the oo-gear-firewall command for more details. (CVE-2014-3674) It was reported that OpenShift Enterprise did not restrict access to the /proc/net/tcp file on gears, which allowed local users to view all listening connections and connected sockets. This could result in remote systems IP or port numbers in use being exposed which may be useful for further targeted attacks. Note that for local listeners, OSE restricts connections to within the gear by default, so even with the knowledge of the local port and IP the attacker is unable to connect. This bug fix updates the SELinux policy on node hosts to prevent this gear information from being accessed by local users. (CVE-2014-3602) The OpenShift Enterprise 2.2 Release Notes provide information about new features and notable technical changes in this release, as well as notes on initial installations. For more information about OpenShift Enterprise, see the documentation available at: https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/ All OpenShift Enterprise users are advised to upgrade to release 2.2. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the latest OpenShift Enterprise Deployment Guide at https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/ for instructions on initial installations and upgrades from previous versions. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1004479 - [RFE] Add the ability to limit a user's access to certain cartridges 1093192 - /etc/openshift-enterprise-release does not update with releases 1100102 - oo-diagnostics tools should check the source of packages that are installed for python-3.3 cartridge. 1121195 - oo-iptables-port-proxy fails unhelpfully if EXTERNAL_ETH_DEV is set incorrectly 1123850 - Openshift overwrites data/postgresql.conf during restart, destroying Locale and Formatting configuration 1130347 - "rhc server list" show that an unexpected server is in use if user change libra_server manually. 1131167 - oo-install proceeds with install when user has requested quit 1131190 - No stop related info shows in $cartridge.log when stop for jboss app 1131680 - CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure 1133075 - OpenShift Enterprise 2.2 Errata Tool Advisory Bug 1134139 - [RFE] Track real person for gear SSH logins 1140289 - Background requests made to the broker are done under a hard-coded timeout. 1144057 - Gear size is still added to a user account if adding to the domain fails 1144940 - Console should show error info when adding invalid SSL certificate file. 1145810 - Scaled application fails when HTTP Basic authentication is used 1145877 - Console should show downloadable cartridge with vendor name to distinguish with original cartridge. 1146224 - Update haproxy15side to 1.5.4 1148170 - CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic 1148192 - Race condition in `oo-httpd-singular graceful` when using apache-vhost 1150971 - Console failed to add restricted gear size cartridge to scalable app with different gear size. 1151244 - Files placed in the .cartridge_repository will break mcollective on a node 1152698 - PostGresSQL Logging datetime 1152699 - Proper SSL setup for custom domain 1152700 - node - skip partial deployments 1153750 - oo-iptables-port-proxy should have "showproxy" instead of "showproxies" in its usage 1154026 - syntax error in /usr/lib/ruby/site_ruby/1.8/ose-upgrade/node/upgrades/4/maintenance_mode/02-poodle-disable-SSLv3 1154471 - OSE install failed due to wrong incompatible rsyslog7-7.4.10-3.el6_6.x86_64 installation 1156200 - oo-admin-ctl-iptables-port-proxy is needlessly slow under DNS failures 1156613 - routing-daemon.conf has NGINX_PLUS settings on by default, they should commented out 6. Package List: RHOSE Client 2.2: Source: rhc-1.31.3.1-1.el6op.src.rpm rubygem-archive-tar-minitar-0.5.2-3.1.el6op.src.rpm rubygem-commander-4.0.3-4.el6op.src.rpm rubygem-highline-1.6.16-1.el6op.src.rpm rubygem-httpclient-2.4.0-3.el6op.src.rpm rubygem-net-scp-1.1.2-2.el6op.src.rpm rubygem-net-ssh-2.7.0-1.el6op.src.rpm rubygem-net-ssh-gateway-1.2.0-1.el6op.src.rpm rubygem-net-ssh-multi-1.2.0-1.el6op.src.rpm rubygem-open4-1.3.0-2.el6op.src.rpm rubygem-parseconfig-0.5.2-5.el6op.src.rpm rubygem-test-unit-2.2.0-3.el6op.src.rpm rubygems-1.8.24-6.el6op.src.rpm noarch: rhc-1.31.3.1-1.el6op.noarch.rpm rubygem-archive-tar-minitar-0.5.2-3.1.el6op.noarch.rpm rubygem-commander-4.0.3-4.el6op.noarch.rpm rubygem-highline-1.6.16-1.el6op.noarch.rpm rubygem-httpclient-2.4.0-3.el6op.noarch.rpm rubygem-net-scp-1.1.2-2.el6op.noarch.rpm rubygem-net-ssh-2.7.0-1.el6op.noarch.rpm rubygem-net-ssh-gateway-1.2.0-1.el6op.noarch.rpm rubygem-net-ssh-multi-1.2.0-1.el6op.noarch.rpm rubygem-open4-1.3.0-2.el6op.noarch.rpm rubygem-parseconfig-0.5.2-5.el6op.noarch.rpm rubygem-test-unit-2.2.0-3.el6op.noarch.rpm rubygems-1.8.24-6.el6op.noarch.rpm rubygems-devel-1.8.24-6.el6op.noarch.rpm RHOSE Infrastructure 2.2: Source: activemq-5.9.0-5.redhat.610328.el6op.src.rpm js-1.70-12.el6op.src.rpm json-c-0.10-3.el6op.src.rpm libestr-0.1.9-2.el6op.src.rpm libev-4.04-4.el6op.src.rpm mongodb-2.4.6-2.el6op.src.rpm openshift-enterprise-upgrade-2.2.0.4-1.el6op.src.rpm openshift-origin-broker-1.16.2.1-1.el6op.src.rpm openshift-origin-broker-util-1.30.4.0-1.el6op.src.rpm openshift-origin-console-1.16.3.0-2.el6op.src.rpm openshift-origin-logshifter-1.8.1.0-1.el6op.src.rpm openshift-origin-msg-common-1.21.1.0-1.el6op.src.rpm openshift-origin-util-scl-1.19.1.0-1.el6op.src.rpm rsyslog7-7.4.10-3.el6op.src.rpm ruby-RMagick-2.13.1-6.el6op.1.src.rpm ruby193-js-1.8.5-10.el6op.src.rpm ruby193-mcollective-2.4.1-6.el6op.src.rpm ruby193-ruby-mysql-2.8.2-8.el6op.src.rpm ruby193-ruby-wrapper-0.0.2-2.el6op.src.rpm ruby193-rubygem-bson-1.8.1-1.el6op.src.rpm ruby193-rubygem-bson_ext-1.8.1-2.el6op.src.rpm ruby193-rubygem-chunky_png-1.2.6-3.el6op.src.rpm ruby193-rubygem-compass-0.12.2-4.el6op.src.rpm ruby193-rubygem-compass-rails-1.0.3-2.el6op.src.rpm ruby193-rubygem-daemon_controller-1.1.0-1.el6op.src.rpm ruby193-rubygem-daemons-1.0.10-4.el6op.src.rpm ruby193-rubygem-dnsruby-1.53-3.el6op.src.rpm ruby193-rubygem-excon-0.32.1-2.el6op.src.rpm ruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm ruby193-rubygem-file-tail-1.0.5-5.el6op.src.rpm ruby193-rubygem-fog-1.21.0-3.el6op.src.rpm ruby193-rubygem-fog-brightbox-0.0.1-2.el6op.src.rpm ruby193-rubygem-fog-core-1.21.1-2.el6op.src.rpm ruby193-rubygem-fog-json-1.0.0-2.el6op.src.rpm ruby193-rubygem-formatador-0.2.1-9.el6op.src.rpm ruby193-rubygem-formtastic-1.2.4-2.el6op.src.rpm ruby193-rubygem-fssm-0.2.8.1-2.el6op.src.rpm ruby193-rubygem-haml-4.0.3-2.el6op.src.rpm ruby193-rubygem-httpclient-2.4.0-1.el6op.src.rpm ruby193-rubygem-jquery-rails-3.1.0-1.el6op.src.rpm ruby193-rubygem-json-1.7.3-5.el6op.src.rpm ruby193-rubygem-json_pure-1.7.3-1.el6.src.rpm ruby193-rubygem-minitest-3.5.0-3.el6op.src.rpm ruby193-rubygem-mongo-1.8.1-1.el6op.src.rpm ruby193-rubygem-mongoid-3.1.4-2.el6op.src.rpm ruby193-rubygem-moped-1.5.0-2.el6op.src.rpm ruby193-rubygem-net-ldap-0.3.1-1.el6op.src.rpm ruby193-rubygem-net-scp-1.1.2-1.el6op.src.rpm ruby193-rubygem-net-ssh-2.7.0-1.el6op.src.rpm ruby193-rubygem-nokogiri-1.5.11-1.el6op.src.rpm ruby193-rubygem-open4-1.3.0-3.el6op.src.rpm ruby193-rubygem-origin-1.0.7-2.el6op.src.rpm ruby193-rubygem-parseconfig-1.0.2-1.el6op.src.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.src.rpm ruby193-rubygem-pg-0.12.2-4.el6op.src.rpm ruby193-rubygem-rdiscount-1.6.8-3.el6op.src.rpm ruby193-rubygem-regin-0.3.7-4.el6op.src.rpm ruby193-rubygem-rest-client-1.6.1-2.el6op.src.rpm ruby193-rubygem-ruby2ruby-1.3.1-2.el6op.src.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm ruby193-rubygem-safe_yaml-0.9.1-1.el6op.src.rpm ruby193-rubygem-sass-twitter-bootstrap-2.0.1-1.el6op.src.rpm ruby193-rubygem-sexp_processor-3.2.0-2.el6op.src.rpm ruby193-rubygem-spruz-0.2.5-5.el6op.src.rpm ruby193-rubygem-state_machine-1.1.2-7.el6op.src.rpm ruby193-rubygem-stomp-1.2.14-1.el6op.src.rpm ruby193-rubygem-syslog-logger-1.6.8-1.el6op.src.rpm ruby193-rubygem-systemu-2.5.2-2.el6op.src.rpm ruby193-rubygem-term-ansicolor-1.0.7-2.el6op.src.rpm ruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm rubygem-ParseTree-3.0.5-2.el6op.src.rpm rubygem-RubyInline-3.8.4-3.el6op.src.rpm rubygem-ZenTest-4.3.3-1.el6op.src.rpm rubygem-archive-tar-minitar-0.5.2-3.1.el6op.src.rpm rubygem-bson-1.8.3-1.el6op.src.rpm rubygem-bson_ext-1.8.3-1.el6op.src.rpm rubygem-bundler-1.0.21-3.el6op.src.rpm rubygem-diff-lcs-1.1.2-5.el6op.src.rpm rubygem-fastthread-1.0.7-4.el6op.src.rpm rubygem-file-tail-1.0.5-4.el6op.src.rpm rubygem-highline-1.6.16-1.el6op.src.rpm rubygem-json-1.7.3-2.el6op.src.rpm rubygem-net-ssh-2.7.0-1.el6op.src.rpm rubygem-openshift-origin-admin-console-1.26.2.0-1.el6op.src.rpm rubygem-openshift-origin-auth-remote-user-1.21.1.0-1.el6op.src.rpm rubygem-openshift-origin-common-1.28.3.0-1.el6op.src.rpm rubygem-openshift-origin-console-1.31.3.1-1.el6op.src.rpm rubygem-openshift-origin-controller-1.31.5.1-1.el6op.src.rpm rubygem-openshift-origin-dns-dynect-1.13.1.0-1.el6op.src.rpm rubygem-openshift-origin-dns-fog-1.0.1.0-1.el6op.src.rpm rubygem-openshift-origin-dns-nsupdate-1.16.3.0-1.el6op.src.rpm rubygem-openshift-origin-gear-placement-0.0.2.0-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.30.2.2-1.el6op.src.rpm rubygem-openshift-origin-routing-activemq-0.6.1.0-1.el6op.src.rpm rubygem-openshift-origin-routing-daemon-0.17.1.4-1.el6op.src.rpm rubygem-parseconfig-0.5.2-5.el6op.src.rpm rubygem-passenger-3.0.21-12.el6op.src.rpm rubygem-rack-1.3.0-4.el6op.src.rpm rubygem-rake-0.8.7-2.1.el6.src.rpm rubygem-regin-0.3.7-4.el6op.src.rpm rubygem-ruby2ruby-1.2.4-3.el6op.src.rpm rubygem-ruby_parser-2.0.4-6.el6op.src.rpm rubygem-sexp_processor-3.0.4-2.el6op.src.rpm rubygem-spruz-0.2.5-4.el6op.src.rpm rubygem-stomp-1.1.8-1.el6op.src.rpm rubygem-systemu-1.2.0-3.el6op.src.rpm rubygem-thor-0.14.6-2.el6op.src.rpm rubygem-thread-dump-0.0.5-93.el6op.src.rpm rubygems-1.8.24-6.el6op.src.rpm v8-3.14.5.10-2.el6op.src.rpm yum-utils-1.1.30-17.el6_5.src.rpm noarch: json-c-doc-0.10-3.el6op.noarch.rpm openshift-enterprise-release-2.2.0.4-1.el6op.noarch.rpm openshift-enterprise-upgrade-broker-2.2.0.4-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.2.0.4-1.el6op.noarch.rpm openshift-origin-broker-1.16.2.1-1.el6op.noarch.rpm openshift-origin-broker-util-1.30.4.0-1.el6op.noarch.rpm openshift-origin-console-1.16.3.0-2.el6op.noarch.rpm openshift-origin-msg-common-1.21.1.0-1.el6op.noarch.rpm openshift-origin-util-scl-1.19.1.0-1.el6op.noarch.rpm ruby193-mcollective-2.4.1-6.el6op.noarch.rpm ruby193-mcollective-client-2.4.1-6.el6op.noarch.rpm ruby193-mcollective-common-2.4.1-6.el6op.noarch.rpm ruby193-ruby-wrapper-0.0.2-2.el6op.noarch.rpm ruby193-rubygem-bson-1.8.1-1.el6op.noarch.rpm ruby193-rubygem-chunky_png-1.2.6-3.el6op.noarch.rpm ruby193-rubygem-compass-0.12.2-4.el6op.noarch.rpm ruby193-rubygem-compass-rails-1.0.3-2.el6op.noarch.rpm ruby193-rubygem-daemon_controller-1.1.0-1.el6op.noarch.rpm ruby193-rubygem-daemons-1.0.10-4.el6op.noarch.rpm ruby193-rubygem-dnsruby-1.53-3.el6op.noarch.rpm ruby193-rubygem-excon-0.32.1-2.el6op.noarch.rpm ruby193-rubygem-excon-doc-0.32.1-2.el6op.noarch.rpm ruby193-rubygem-file-tail-1.0.5-5.el6op.noarch.rpm ruby193-rubygem-fog-1.21.0-3.el6op.noarch.rpm ruby193-rubygem-fog-brightbox-0.0.1-2.el6op.noarch.rpm ruby193-rubygem-fog-core-1.21.1-2.el6op.noarch.rpm ruby193-rubygem-fog-doc-1.21.0-3.el6op.noarch.rpm ruby193-rubygem-fog-json-1.0.0-2.el6op.noarch.rpm ruby193-rubygem-fog-json-doc-1.0.0-2.el6op.noarch.rpm ruby193-rubygem-formatador-0.2.1-9.el6op.noarch.rpm ruby193-rubygem-formatador-doc-0.2.1-9.el6op.noarch.rpm ruby193-rubygem-formtastic-1.2.4-2.el6op.noarch.rpm ruby193-rubygem-fssm-0.2.8.1-2.el6op.noarch.rpm ruby193-rubygem-haml-4.0.3-2.el6op.noarch.rpm ruby193-rubygem-httpclient-2.4.0-1.el6op.noarch.rpm ruby193-rubygem-jquery-rails-3.1.0-1.el6op.noarch.rpm ruby193-rubygem-json_pure-1.7.3-1.el6.noarch.rpm ruby193-rubygem-minitest-3.5.0-3.el6op.noarch.rpm ruby193-rubygem-mongo-1.8.1-1.el6op.noarch.rpm ruby193-rubygem-mongoid-3.1.4-2.el6op.noarch.rpm ruby193-rubygem-moped-1.5.0-2.el6op.noarch.rpm ruby193-rubygem-net-ldap-0.3.1-1.el6op.noarch.rpm ruby193-rubygem-net-scp-1.1.2-1.el6op.noarch.rpm ruby193-rubygem-net-scp-doc-1.1.2-1.el6op.noarch.rpm ruby193-rubygem-net-ssh-2.7.0-1.el6op.noarch.rpm ruby193-rubygem-net-ssh-doc-2.7.0-1.el6op.noarch.rpm ruby193-rubygem-open4-1.3.0-3.el6op.noarch.rpm ruby193-rubygem-origin-1.0.7-2.el6op.noarch.rpm ruby193-rubygem-parseconfig-1.0.2-1.el6op.noarch.rpm ruby193-rubygem-regin-0.3.7-4.el6op.noarch.rpm ruby193-rubygem-rest-client-1.6.1-2.el6op.noarch.rpm ruby193-rubygem-ruby2ruby-1.3.1-2.el6op.noarch.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm ruby193-rubygem-safe_yaml-0.9.1-1.el6op.noarch.rpm ruby193-rubygem-sass-twitter-bootstrap-2.0.1-1.el6op.noarch.rpm ruby193-rubygem-sexp_processor-3.2.0-2.el6op.noarch.rpm ruby193-rubygem-spruz-0.2.5-5.el6op.noarch.rpm ruby193-rubygem-state_machine-1.1.2-7.el6op.noarch.rpm ruby193-rubygem-stomp-1.2.14-1.el6op.noarch.rpm ruby193-rubygem-syslog-logger-1.6.8-1.el6op.noarch.rpm ruby193-rubygem-systemu-2.5.2-2.el6op.noarch.rpm ruby193-rubygem-term-ansicolor-1.0.7-2.el6op.noarch.rpm ruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm rubygem-ParseTree-3.0.5-2.el6op.noarch.rpm rubygem-RubyInline-3.8.4-3.el6op.noarch.rpm rubygem-ZenTest-4.3.3-1.el6op.noarch.rpm rubygem-archive-tar-minitar-0.5.2-3.1.el6op.noarch.rpm rubygem-bson-1.8.3-1.el6op.noarch.rpm rubygem-bundler-1.0.21-3.el6op.noarch.rpm rubygem-diff-lcs-1.1.2-5.el6op.noarch.rpm rubygem-file-tail-1.0.5-4.el6op.noarch.rpm rubygem-highline-1.6.16-1.el6op.noarch.rpm rubygem-net-ssh-2.7.0-1.el6op.noarch.rpm rubygem-openshift-origin-admin-console-1.26.2.0-1.el6op.noarch.rpm rubygem-openshift-origin-auth-remote-user-1.21.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-common-1.28.3.0-1.el6op.noarch.rpm rubygem-openshift-origin-console-1.31.3.1-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.31.5.1-1.el6op.noarch.rpm rubygem-openshift-origin-dns-dynect-1.13.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-dns-fog-1.0.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-dns-nsupdate-1.16.3.0-1.el6op.noarch.rpm rubygem-openshift-origin-gear-placement-0.0.2.0-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.30.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-routing-activemq-0.6.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-routing-daemon-0.17.1.4-1.el6op.noarch.rpm rubygem-parseconfig-0.5.2-5.el6op.noarch.rpm rubygem-rack-1.3.0-4.el6op.noarch.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm rubygem-regin-0.3.7-4.el6op.noarch.rpm rubygem-ruby2ruby-1.2.4-3.el6op.noarch.rpm rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm rubygem-sexp_processor-3.0.4-2.el6op.noarch.rpm rubygem-spruz-0.2.5-4.el6op.noarch.rpm rubygem-stomp-1.1.8-1.el6op.noarch.rpm rubygem-systemu-1.2.0-3.el6op.noarch.rpm rubygem-thor-0.14.6-2.el6op.noarch.rpm rubygems-1.8.24-6.el6op.noarch.rpm rubygems-devel-1.8.24-6.el6op.noarch.rpm yum-plugin-priorities-1.1.30-17.el6_5.noarch.rpm x86_64: activemq-5.9.0-5.redhat.610328.el6op.x86_64.rpm activemq-client-5.9.0-5.redhat.610328.el6op.x86_64.rpm js-1.70-12.el6op.x86_64.rpm js-debuginfo-1.70-12.el6op.x86_64.rpm js-devel-1.70-12.el6op.x86_64.rpm json-c-0.10-3.el6op.x86_64.rpm json-c-debuginfo-0.10-3.el6op.x86_64.rpm json-c-devel-0.10-3.el6op.x86_64.rpm libestr-0.1.9-2.el6op.x86_64.rpm libestr-debuginfo-0.1.9-2.el6op.x86_64.rpm libestr-devel-0.1.9-2.el6op.x86_64.rpm libev-4.04-4.el6op.x86_64.rpm libev-debuginfo-4.04-4.el6op.x86_64.rpm libev-devel-4.04-4.el6op.x86_64.rpm libmongodb-2.4.6-2.el6op.x86_64.rpm mod_passenger-3.0.21-12.el6op.x86_64.rpm mongodb-2.4.6-2.el6op.x86_64.rpm mongodb-debuginfo-2.4.6-2.el6op.x86_64.rpm mongodb-server-2.4.6-2.el6op.x86_64.rpm openshift-origin-logshifter-1.8.1.0-1.el6op.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6op.x86_64.rpm rsyslog7-mmopenshift-7.4.10-3.el6op.x86_64.rpm ruby-RMagick-2.13.1-6.el6op.1.x86_64.rpm ruby-RMagick-debuginfo-2.13.1-6.el6op.1.x86_64.rpm ruby193-js-1.8.5-10.el6op.x86_64.rpm ruby193-js-debuginfo-1.8.5-10.el6op.x86_64.rpm ruby193-js-devel-1.8.5-10.el6op.x86_64.rpm ruby193-mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-ruby-mysql-2.8.2-8.el6op.x86_64.rpm ruby193-ruby-mysql-debuginfo-2.8.2-8.el6op.x86_64.rpm ruby193-rubygem-bson_ext-1.8.1-2.el6op.x86_64.rpm ruby193-rubygem-bson_ext-debuginfo-1.8.1-2.el6op.x86_64.rpm ruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm ruby193-rubygem-fastthread-debuginfo-1.0.7-7.el6op.x86_64.rpm ruby193-rubygem-json-1.7.3-5.el6op.x86_64.rpm ruby193-rubygem-json-debuginfo-1.7.3-5.el6op.x86_64.rpm ruby193-rubygem-nokogiri-1.5.11-1.el6op.x86_64.rpm ruby193-rubygem-nokogiri-debuginfo-1.5.11-1.el6op.x86_64.rpm ruby193-rubygem-nokogiri-doc-1.5.11-1.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-pg-0.12.2-4.el6op.x86_64.rpm ruby193-rubygem-pg-debuginfo-0.12.2-4.el6op.x86_64.rpm ruby193-rubygem-rdiscount-1.6.8-3.el6op.x86_64.rpm ruby193-rubygem-rdiscount-debuginfo-1.6.8-3.el6op.x86_64.rpm rubygem-bson_ext-1.8.3-1.el6op.x86_64.rpm rubygem-bson_ext-debuginfo-1.8.3-1.el6op.x86_64.rpm rubygem-fastthread-1.0.7-4.el6op.x86_64.rpm rubygem-json-1.7.3-2.el6op.x86_64.rpm rubygem-json-debuginfo-1.7.3-2.el6op.x86_64.rpm rubygem-passenger-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-debuginfo-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-devel-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-native-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-native-libs-3.0.21-12.el6op.x86_64.rpm rubygem-thread-dump-0.0.5-93.el6op.x86_64.rpm rubygem-thread-dump-debuginfo-0.0.5-93.el6op.x86_64.rpm v8-3.14.5.10-2.el6op.x86_64.rpm v8-debuginfo-3.14.5.10-2.el6op.x86_64.rpm v8-devel-3.14.5.10-2.el6op.x86_64.rpm RHOSE JBoss EAP add-on 2.2: Source: openshift-origin-cartridge-jbosseap-2.21.1.0-1.el6op.src.rpm noarch: openshift-origin-cartridge-dependencies-optional-jbosseap-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-jbosseap-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-jbosseap-2.21.1.0-1.el6op.noarch.rpm RHOSE Node 2.2: Source: CharLS-1.0-1.el6op.src.rpm ImageMagick-6.5.4.7-7.el6_5.src.rpm activemq-5.9.0-5.redhat.610328.el6op.src.rpm armadillo-3.800.2-1.el6op.src.rpm atlas-3.8.4-2.el6.src.rpm cfitsio-3.240-3.el6op.src.rpm facter-1.6.6-1.el6op.src.rpm freexl-1.0.0d-1.el6op.src.rpm gd-2.0.35-11.el6.src.rpm gdal-1.9.2-8.el6op.src.rpm geos-3.3.2-1.el6op.src.rpm ghostscript-8.70-19.el6.src.rpm gpsbabel-1.4.4-4.el6op.src.rpm haproxy-1.4.22-5.el6op.src.rpm haproxy15side-1.5.4-1.el6op.src.rpm hdf5-1.8.5.patch1-7.el6op.src.rpm icu-4.2.1-9.1.el6_2.src.rpm jasper-1.900.1-15.el6_1.1.src.rpm jboss-eap6-modules-6.0.0.GA-8.el6op.src.rpm jboss-openshift-metrics-module-1.0.2.redhat_1-1.2.el6_5.src.rpm jenkins-1.565.3-1.el6op.src.rpm jenkins-plugin-openshift-0.6.40.1-0.el6op.src.rpm js-1.70-12.el6op.src.rpm json-c-0.10-3.el6op.src.rpm jython-2.2.1-4.8.el6.src.rpm lapack-3.2.1-4.el6.src.rpm lcms-1.19-1.el6.src.rpm libc-client-2007e-11.el6.src.rpm libcgroup-0.40.rc1-15.el6_6.src.rpm libdap-3.11.0-1.el6op.src.rpm libestr-0.1.9-2.el6op.src.rpm libev-4.04-4.el6op.src.rpm libffi-3.0.5-3.2.el6.src.rpm libgeotiff-1.2.5-5.el6op.src.rpm libgta-1.0.2-2.el6op.src.rpm libmcrypt-2.5.8-10.el6op.src.rpm libreadline-java-0.8.0-24.3.el6.src.rpm libspatialite-2.4.0-0.6.RC4.el6op.src.rpm libwebp-0.3.0-2.el6op.src.rpm maven3-3.0.3-4.src.rpm netcdf-4.1.1-3.el6op.3.src.rpm nodejs010-nodejs-bignumber.js-1.1.1-2.el6op.src.rpm nodejs010-nodejs-bson-0.2.2-3.el6op.src.rpm nodejs010-nodejs-buffer-crc32-0.2.1-2.el6op.src.rpm nodejs010-nodejs-bytes-0.2.1-2.el6op.src.rpm nodejs010-nodejs-colors-0.6.2-2.el6op.src.rpm nodejs010-nodejs-commander-1.1.1-3.el6op.src.rpm nodejs010-nodejs-connect-2.7.10-2.el6op.src.rpm nodejs010-nodejs-cookie-0.1.0-2.el6op.src.rpm nodejs010-nodejs-cookie-signature-1.0.1-2.el6op.src.rpm nodejs010-nodejs-debug-0.7.2-1.el6op.src.rpm nodejs010-nodejs-express-3.2.5-2.el6op.src.rpm nodejs010-nodejs-formidable-1.0.14-3.el6op.src.rpm nodejs010-nodejs-fresh-0.2.0-1.el6op.src.rpm nodejs010-nodejs-generic-pool-2.0.3-3.el6op.src.rpm nodejs010-nodejs-keypress-0.2.1-1.el6op.src.rpm nodejs010-nodejs-methods-0.0.1-2.el6op.src.rpm nodejs010-nodejs-mongodb-1.3.17-2.el6op.src.rpm nodejs010-nodejs-mysql-2.0.0-alpha9.1.el6op.src.rpm nodejs010-nodejs-node-static-0.6.9-2.el6op.src.rpm nodejs010-nodejs-optimist-0.4.0-2.el6op.src.rpm nodejs010-nodejs-options-0.0.5-2.el6op.src.rpm nodejs010-nodejs-pause-0.0.1-2.el6op.src.rpm nodejs010-nodejs-pg-0.12.3-3.el6op.src.rpm nodejs010-nodejs-range-parser-0.0.4-2.el6op.src.rpm nodejs010-nodejs-require-all-0.0.8-2.el6op.src.rpm nodejs010-nodejs-send-0.1.4-2.el6op.src.rpm nodejs010-nodejs-supervisor-0.5.2-3.el6op.src.rpm nodejs010-nodejs-tinycolor-0.0.1-5.el6op.src.rpm nodejs010-nodejs-wordwrap-0.0.2-2.el6op.src.rpm nodejs010-nodejs-ws-0.4.25-8.el6op.src.rpm openshift-enterprise-upgrade-2.2.0.4-1.el6op.src.rpm openshift-origin-cartridge-cron-1.23.1.0-1.el6op.src.rpm openshift-origin-cartridge-diy-1.24.1.0-1.el6op.src.rpm openshift-origin-cartridge-haproxy-1.27.2.0-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.29.1.0-1.el6op.src.rpm openshift-origin-cartridge-jenkins-1.25.1.0-1.el6op.src.rpm openshift-origin-cartridge-jenkins-client-1.25.1.0-1.el6op.src.rpm openshift-origin-cartridge-mock-1.21.1.0-1.el6op.src.rpm openshift-origin-cartridge-mock-plugin-1.20.1.0-1.el6op.src.rpm openshift-origin-cartridge-mongodb-1.23.2.0-1.el6op.src.rpm openshift-origin-cartridge-mysql-1.28.1.0-1.el6op.src.rpm openshift-origin-cartridge-nodejs-1.30.1.0-1.el6op.src.rpm openshift-origin-cartridge-perl-1.26.1.0-1.el6op.src.rpm openshift-origin-cartridge-php-1.29.1.0-1.el6op.src.rpm openshift-origin-cartridge-postgresql-1.29.2.0-1.el6op.src.rpm openshift-origin-cartridge-python-1.29.1.0-1.el6op.src.rpm openshift-origin-cartridge-ruby-1.28.1.0-1.el6op.src.rpm openshift-origin-logshifter-1.8.1.0-1.el6op.src.rpm openshift-origin-msg-common-1.21.1.0-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.27.1.1-1.el6op.src.rpm openshift-origin-node-proxy-1.25.1.1-1.el6op.src.rpm openshift-origin-node-util-1.30.3.2-1.el6op.src.rpm openshift-origin-port-proxy-1.9.1.0-1.el6op.src.rpm openshift-origin-util-scl-1.19.1.0-1.el6op.src.rpm pam_openshift-1.12.1.0-1.el6op.src.rpm perl-App-cpanminus-1.4008-1.el6op.src.rpm perl-Class-Accessor-0.31-6.1.el6.src.rpm perl-Class-DBI-3.0.17-5.el6op.src.rpm perl-Class-DBI-Pg-0.09-9.el6op.src.rpm perl-Class-Data-Inheritable-0.08-3.1.el6.src.rpm perl-Class-Factory-Util-1.7-5.el6op.src.rpm perl-Class-Trigger-0.13-2.1.el6.src.rpm perl-Clone-0.31-3.1.el6.src.rpm perl-DBIx-ContextualFetch-1.03-7.el6op.src.rpm perl-DateTime-Format-Builder-0.7901-4.el6op.src.rpm perl-DateTime-Format-Pg-0.16004-3.el6op.src.rpm perl-DateTime-Format-Strptime-1.1000-3.el6op.src.rpm perl-IO-stringy-2.110-10.1.el6.src.rpm perl-Ima-DBI-0.35-7.el6op.src.rpm perl-JSON-2.15-5.el6.src.rpm perl-UNIVERSAL-moniker-0.08-9.el6op.src.rpm perl-YAML-0.70-4.el6.src.rpm php-5.3.3-38.el6.src.rpm php-extras-5.3.3-3.el6op.src.rpm php-pear-MDB2-2.5.0-0.3.b3.el6op.src.rpm php-pear-MDB2-Driver-pgsql-1.5.0-0.1.b3.el6op.src.rpm php-pecl-imagick-3.1.2-1.el6_5.src.rpm php-pecl-mongo-1.4.4-1.el6op.src.rpm php-pecl-xdebug-2.1.4-1.el6op.src.rpm php54-php-pecl-imagick-3.1.2-1.el6op.src.rpm php54-php-pecl-mongo-1.4.5-1.el6op.src.rpm php54-php-pecl-xdebug-2.2.3-3.el6op.src.rpm postgis-1.5.3-1.el6op.src.rpm postgresql-ip4r-1.05-1.el6op.src.rpm postgresql92-pgRouting-2.0.0-2.el6op.src.rpm postgresql92-postgis-2.1.0-0.el6op.src.rpm proj-4.7.0-1.el6op.src.rpm python-pymongo-2.5.2-3.el6op.src.rpm python-virtualenv-1.10.1-1.el6op.src.rpm python27-mod_wsgi-3.4-26.el6op.src.rpm python27-python-pip-1.4-7.el6op.src.rpm python33-mod_wsgi-3.4-26.el6op.src.rpm quartz-2.2.1.redhat_1-1.el6_5.src.rpm quartz-2.2.1.redhat_1-1.src.rpm rsyslog7-7.4.10-3.el6op.src.rpm ruby-RMagick-2.13.1-6.el6op.1.src.rpm ruby-mysql-2.8.2-2.el6op.src.rpm ruby193-facter-1.6.6-3.el6op.src.rpm ruby193-js-1.8.5-10.el6op.src.rpm ruby193-mcollective-2.4.1-6.el6op.src.rpm ruby193-ruby-mysql-2.8.2-8.el6op.src.rpm ruby193-ruby-selinux-2.0.94-3.el6op.src.rpm ruby193-rubygem-bson-1.8.1-1.el6op.src.rpm ruby193-rubygem-bson_ext-1.8.1-2.el6op.src.rpm ruby193-rubygem-commander-4.0.3-5.el6op.src.rpm ruby193-rubygem-daemon_controller-1.1.0-1.el6op.src.rpm ruby193-rubygem-daemons-1.0.10-4.el6op.src.rpm ruby193-rubygem-fastthread-1.0.7-7.el6op.src.rpm ruby193-rubygem-file-tail-1.0.5-5.el6op.src.rpm ruby193-rubygem-fssm-0.2.8.1-2.el6op.src.rpm ruby193-rubygem-highline-1.6.16-1.el6op.src.rpm ruby193-rubygem-json-1.7.3-5.el6op.src.rpm ruby193-rubygem-json_pure-1.7.3-1.el6.src.rpm ruby193-rubygem-minitest-3.5.0-3.el6op.src.rpm ruby193-rubygem-mongo-1.8.1-1.el6op.src.rpm ruby193-rubygem-open4-1.3.0-3.el6op.src.rpm ruby193-rubygem-parallel-0.8.0-1.el6op.src.rpm ruby193-rubygem-parseconfig-1.0.2-1.el6op.src.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.src.rpm ruby193-rubygem-pg-0.12.2-4.el6op.src.rpm ruby193-rubygem-rest-client-1.6.1-2.el6op.src.rpm ruby193-rubygem-ruby2ruby-1.3.1-2.el6op.src.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.src.rpm ruby193-rubygem-safe_yaml-0.9.1-1.el6op.src.rpm ruby193-rubygem-sexp_processor-3.2.0-2.el6op.src.rpm ruby193-rubygem-spruz-0.2.5-5.el6op.src.rpm ruby193-rubygem-stomp-1.2.14-1.el6op.src.rpm ruby193-rubygem-systemu-2.5.2-2.el6op.src.rpm ruby193-rubygem-xml-simple-1.0.12-10.el6op.src.rpm ruby200-rubygem-passenger-4.0.18-17.el6op.src.rpm rubygem-ParseTree-3.0.5-2.el6op.src.rpm rubygem-RubyInline-3.8.4-3.el6op.src.rpm rubygem-ZenTest-4.3.3-1.el6op.src.rpm rubygem-bson-1.8.3-1.el6op.src.rpm rubygem-bson_ext-1.8.3-1.el6op.src.rpm rubygem-bundler-1.0.21-3.el6op.src.rpm rubygem-diff-lcs-1.1.2-5.el6op.src.rpm rubygem-fastthread-1.0.7-4.el6op.src.rpm rubygem-file-tail-1.0.5-4.el6op.src.rpm rubygem-json-1.7.3-2.el6op.src.rpm rubygem-nokogiri-1.4.3.1-1.el6op.src.rpm rubygem-open4-1.3.0-2.el6op.src.rpm rubygem-openshift-origin-common-1.28.3.0-1.el6op.src.rpm rubygem-openshift-origin-container-selinux-0.10.1.0-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.7.1.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-vhost-0.10.1.1-1.el6op.src.rpm rubygem-openshift-origin-frontend-apachedb-0.6.1.0-1.el6op.src.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.4.1.0-1.el6op.src.rpm rubygem-openshift-origin-frontend-nodejs-websocket-0.4.1.0-1.el6op.src.rpm rubygem-openshift-origin-node-1.31.3.5-1.el6op.src.rpm rubygem-parseconfig-0.5.2-5.el6op.src.rpm rubygem-passenger-3.0.21-12.el6op.src.rpm rubygem-rack-1.3.0-4.el6op.src.rpm rubygem-rake-0.8.7-2.1.el6.src.rpm rubygem-ruby2ruby-1.2.4-3.el6op.src.rpm rubygem-ruby_parser-2.0.4-6.el6op.src.rpm rubygem-sexp_processor-3.0.4-2.el6op.src.rpm rubygem-spruz-0.2.5-4.el6op.src.rpm rubygem-sqlite3-1.3.3-4.el6op.src.rpm rubygem-stomp-1.1.8-1.el6op.src.rpm rubygem-systemu-1.2.0-3.el6op.src.rpm rubygem-thor-0.14.6-2.el6op.src.rpm rubygem-thread-dump-0.0.5-93.el6op.src.rpm rubygems-1.8.24-6.el6op.src.rpm shapelib-1.3.0b2-10.2.el6op.src.rpm socat-1.7.2.2-1.el6op.src.rpm ta-lib-0.4.0-1.el6op.src.rpm uuid-1.6.1-10.el6.src.rpm xerces-c-3.0.1-20.el6.src.rpm yum-utils-1.1.30-17.el6_5.src.rpm noarch: cfitsio-docs-3.240-3.el6op.noarch.rpm gdal-doc-1.9.2-8.el6op.noarch.rpm gdal-javadoc-1.9.2-8.el6op.noarch.rpm jboss-eap6-modules-6.0.0.GA-8.el6op.noarch.rpm jboss-openshift-metrics-module-1.0.2.redhat_1-1.2.el6_5.noarch.rpm jenkins-1.565.3-1.el6op.noarch.rpm json-c-doc-0.10-3.el6op.noarch.rpm libgta-doc-1.0.2-2.el6op.noarch.rpm maven3-3.0.3-4.noarch.rpm nodejs010-nodejs-bignumber.js-1.1.1-2.el6op.noarch.rpm nodejs010-nodejs-buffer-crc32-0.2.1-2.el6op.noarch.rpm nodejs010-nodejs-bytes-0.2.1-2.el6op.noarch.rpm nodejs010-nodejs-colors-0.6.2-2.el6op.noarch.rpm nodejs010-nodejs-commander-1.1.1-3.el6op.noarch.rpm nodejs010-nodejs-connect-2.7.10-2.el6op.noarch.rpm nodejs010-nodejs-cookie-0.1.0-2.el6op.noarch.rpm nodejs010-nodejs-cookie-signature-1.0.1-2.el6op.noarch.rpm nodejs010-nodejs-debug-0.7.2-1.el6op.noarch.rpm nodejs010-nodejs-express-3.2.5-2.el6op.noarch.rpm nodejs010-nodejs-formidable-1.0.14-3.el6op.noarch.rpm nodejs010-nodejs-fresh-0.2.0-1.el6op.noarch.rpm nodejs010-nodejs-generic-pool-2.0.3-3.el6op.noarch.rpm nodejs010-nodejs-keypress-0.2.1-1.el6op.noarch.rpm nodejs010-nodejs-methods-0.0.1-2.el6op.noarch.rpm nodejs010-nodejs-mongodb-1.3.17-2.el6op.noarch.rpm nodejs010-nodejs-mysql-2.0.0-alpha9.1.el6op.noarch.rpm nodejs010-nodejs-node-static-0.6.9-2.el6op.noarch.rpm nodejs010-nodejs-optimist-0.4.0-2.el6op.noarch.rpm nodejs010-nodejs-options-0.0.5-2.el6op.noarch.rpm nodejs010-nodejs-pause-0.0.1-2.el6op.noarch.rpm nodejs010-nodejs-range-parser-0.0.4-2.el6op.noarch.rpm nodejs010-nodejs-require-all-0.0.8-2.el6op.noarch.rpm nodejs010-nodejs-send-0.1.4-2.el6op.noarch.rpm nodejs010-nodejs-supervisor-0.5.2-3.el6op.noarch.rpm nodejs010-nodejs-tinycolor-0.0.1-5.el6op.noarch.rpm nodejs010-nodejs-wordwrap-0.0.2-2.el6op.noarch.rpm openshift-enterprise-release-2.2.0.4-1.el6op.noarch.rpm openshift-enterprise-upgrade-node-2.2.0.4-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.2.0.4-1.el6op.noarch.rpm openshift-origin-cartridge-cron-1.23.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-jbossews-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-nodejs-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-perl-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-php-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-python-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-optional-ruby-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-jbossews-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-nodejs-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-perl-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-php-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-python-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-dependencies-recommended-ruby-1.27.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-diy-1.24.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-haproxy-1.27.2.0-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.29.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-1.25.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-jenkins-client-1.25.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-mock-1.21.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-mock-plugin-1.20.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-mongodb-1.23.2.0-1.el6op.noarch.rpm openshift-origin-cartridge-mysql-1.28.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-nodejs-1.30.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-perl-1.26.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-php-1.29.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-postgresql-1.29.2.0-1.el6op.noarch.rpm openshift-origin-cartridge-python-1.29.1.0-1.el6op.noarch.rpm openshift-origin-cartridge-ruby-1.28.1.0-1.el6op.noarch.rpm openshift-origin-msg-common-1.21.1.0-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.27.1.1-1.el6op.noarch.rpm openshift-origin-node-proxy-1.25.1.1-1.el6op.noarch.rpm openshift-origin-node-util-1.30.3.2-1.el6op.noarch.rpm openshift-origin-port-proxy-1.9.1.0-1.el6op.noarch.rpm openshift-origin-util-scl-1.19.1.0-1.el6op.noarch.rpm perl-App-cpanminus-1.4008-1.el6op.noarch.rpm perl-Class-Accessor-0.31-6.1.el6.noarch.rpm perl-Class-DBI-3.0.17-5.el6op.noarch.rpm perl-Class-DBI-Pg-0.09-9.el6op.noarch.rpm perl-Class-Data-Inheritable-0.08-3.1.el6.noarch.rpm perl-Class-Factory-Util-1.7-5.el6op.noarch.rpm perl-Class-Trigger-0.13-2.1.el6.noarch.rpm perl-DBIx-ContextualFetch-1.03-7.el6op.noarch.rpm perl-DateTime-Format-Builder-0.7901-4.el6op.noarch.rpm perl-DateTime-Format-Pg-0.16004-3.el6op.noarch.rpm perl-DateTime-Format-Strptime-1.1000-3.el6op.noarch.rpm perl-IO-stringy-2.110-10.1.el6.noarch.rpm perl-Ima-DBI-0.35-7.el6op.noarch.rpm perl-JSON-2.15-5.el6.noarch.rpm perl-UNIVERSAL-moniker-0.08-9.el6op.noarch.rpm perl-YAML-0.70-4.el6.noarch.rpm php-pear-MDB2-2.5.0-0.3.b3.el6op.noarch.rpm php-pear-MDB2-Driver-pgsql-1.5.0-0.1.b3.el6op.noarch.rpm python-virtualenv-1.10.1-1.el6op.noarch.rpm python27-python-pip-1.4-7.el6op.noarch.rpm python27-python-pip-virtualenv-1.4-7.el6op.noarch.rpm quartz-2.2.1.redhat_1-1.el6_5.noarch.rpm quartz-2.2.1.redhat_1-1.noarch.rpm ruby193-mcollective-2.4.1-6.el6op.noarch.rpm ruby193-mcollective-common-2.4.1-6.el6op.noarch.rpm ruby193-rubygem-bson-1.8.1-1.el6op.noarch.rpm ruby193-rubygem-commander-4.0.3-5.el6op.noarch.rpm ruby193-rubygem-daemon_controller-1.1.0-1.el6op.noarch.rpm ruby193-rubygem-daemons-1.0.10-4.el6op.noarch.rpm ruby193-rubygem-file-tail-1.0.5-5.el6op.noarch.rpm ruby193-rubygem-fssm-0.2.8.1-2.el6op.noarch.rpm ruby193-rubygem-highline-1.6.16-1.el6op.noarch.rpm ruby193-rubygem-json_pure-1.7.3-1.el6.noarch.rpm ruby193-rubygem-minitest-3.5.0-3.el6op.noarch.rpm ruby193-rubygem-mongo-1.8.1-1.el6op.noarch.rpm ruby193-rubygem-open4-1.3.0-3.el6op.noarch.rpm ruby193-rubygem-parallel-0.8.0-1.el6op.noarch.rpm ruby193-rubygem-parseconfig-1.0.2-1.el6op.noarch.rpm ruby193-rubygem-rest-client-1.6.1-2.el6op.noarch.rpm ruby193-rubygem-ruby2ruby-1.3.1-2.el6op.noarch.rpm ruby193-rubygem-ruby_parser-2.3.1-3.el6op.noarch.rpm ruby193-rubygem-safe_yaml-0.9.1-1.el6op.noarch.rpm ruby193-rubygem-sexp_processor-3.2.0-2.el6op.noarch.rpm ruby193-rubygem-spruz-0.2.5-5.el6op.noarch.rpm ruby193-rubygem-stomp-1.2.14-1.el6op.noarch.rpm ruby193-rubygem-systemu-2.5.2-2.el6op.noarch.rpm ruby193-rubygem-xml-simple-1.0.12-10.el6op.noarch.rpm ruby200-rubygem-passenger-doc-4.0.18-17.el6op.noarch.rpm rubygem-ParseTree-3.0.5-2.el6op.noarch.rpm rubygem-RubyInline-3.8.4-3.el6op.noarch.rpm rubygem-ZenTest-4.3.3-1.el6op.noarch.rpm rubygem-bson-1.8.3-1.el6op.noarch.rpm rubygem-bundler-1.0.21-3.el6op.noarch.rpm rubygem-diff-lcs-1.1.2-5.el6op.noarch.rpm rubygem-file-tail-1.0.5-4.el6op.noarch.rpm rubygem-open4-1.3.0-2.el6op.noarch.rpm rubygem-openshift-origin-common-1.28.3.0-1.el6op.noarch.rpm rubygem-openshift-origin-container-selinux-0.10.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.7.1.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-vhost-0.10.1.1-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apachedb-0.6.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.4.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-nodejs-websocket-0.4.1.0-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.31.3.5-1.el6op.noarch.rpm rubygem-parseconfig-0.5.2-5.el6op.noarch.rpm rubygem-rack-1.3.0-4.el6op.noarch.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm rubygem-ruby2ruby-1.2.4-3.el6op.noarch.rpm rubygem-ruby_parser-2.0.4-6.el6op.noarch.rpm rubygem-sexp_processor-3.0.4-2.el6op.noarch.rpm rubygem-spruz-0.2.5-4.el6op.noarch.rpm rubygem-stomp-1.1.8-1.el6op.noarch.rpm rubygem-systemu-1.2.0-3.el6op.noarch.rpm rubygem-thor-0.14.6-2.el6op.noarch.rpm rubygems-1.8.24-6.el6op.noarch.rpm rubygems-devel-1.8.24-6.el6op.noarch.rpm xerces-c-doc-3.0.1-20.el6.noarch.rpm yum-plugin-priorities-1.1.30-17.el6_5.noarch.rpm x86_64: CharLS-1.0-1.el6op.x86_64.rpm CharLS-debuginfo-1.0-1.el6op.x86_64.rpm CharLS-devel-1.0-1.el6op.x86_64.rpm ImageMagick-debuginfo-6.5.4.7-7.el6_5.x86_64.rpm ImageMagick-devel-6.5.4.7-7.el6_5.x86_64.rpm ImageMagick-doc-6.5.4.7-7.el6_5.x86_64.rpm ImageMagick-perl-6.5.4.7-7.el6_5.x86_64.rpm activemq-client-5.9.0-5.redhat.610328.el6op.x86_64.rpm armadillo-3.800.2-1.el6op.x86_64.rpm armadillo-debuginfo-3.800.2-1.el6op.x86_64.rpm armadillo-devel-3.800.2-1.el6op.x86_64.rpm atlas-debuginfo-3.8.4-2.el6.x86_64.rpm atlas-devel-3.8.4-2.el6.x86_64.rpm blas-devel-3.2.1-4.el6.x86_64.rpm cfitsio-3.240-3.el6op.x86_64.rpm cfitsio-debuginfo-3.240-3.el6op.x86_64.rpm cfitsio-devel-3.240-3.el6op.x86_64.rpm cfitsio-static-3.240-3.el6op.x86_64.rpm facter-1.6.6-1.el6op.x86_64.rpm freexl-1.0.0d-1.el6op.x86_64.rpm freexl-debuginfo-1.0.0d-1.el6op.x86_64.rpm freexl-devel-1.0.0d-1.el6op.x86_64.rpm gd-debuginfo-2.0.35-11.el6.x86_64.rpm gd-devel-2.0.35-11.el6.x86_64.rpm gdal-1.9.2-8.el6op.x86_64.rpm gdal-debuginfo-1.9.2-8.el6op.x86_64.rpm gdal-devel-1.9.2-8.el6op.x86_64.rpm gdal-java-1.9.2-8.el6op.x86_64.rpm gdal-libs-1.9.2-8.el6op.x86_64.rpm gdal-perl-1.9.2-8.el6op.x86_64.rpm gdal-python-1.9.2-8.el6op.x86_64.rpm gdal-ruby-1.9.2-8.el6op.x86_64.rpm geos-3.3.2-1.el6op.x86_64.rpm geos-debuginfo-3.3.2-1.el6op.x86_64.rpm geos-devel-3.3.2-1.el6op.x86_64.rpm ghostscript-debuginfo-8.70-19.el6.x86_64.rpm ghostscript-devel-8.70-19.el6.x86_64.rpm ghostscript-doc-8.70-19.el6.x86_64.rpm gpsbabel-1.4.4-4.el6op.x86_64.rpm gpsbabel-debuginfo-1.4.4-4.el6op.x86_64.rpm haproxy-1.4.22-5.el6op.x86_64.rpm haproxy-debuginfo-1.4.22-5.el6op.x86_64.rpm haproxy15side-1.5.4-1.el6op.x86_64.rpm haproxy15side-debuginfo-1.5.4-1.el6op.x86_64.rpm hdf5-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-debuginfo-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-devel-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-mpich2-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-mpich2-devel-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-mpich2-static-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-openmpi-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-openmpi-devel-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-openmpi-static-1.8.5.patch1-7.el6op.x86_64.rpm hdf5-static-1.8.5.patch1-7.el6op.x86_64.rpm icu-debuginfo-4.2.1-9.1.el6_2.x86_64.rpm jasper-debuginfo-1.900.1-15.el6_1.1.x86_64.rpm jasper-devel-1.900.1-15.el6_1.1.x86_64.rpm jenkins-plugin-openshift-0.6.40.1-0.el6op.x86_64.rpm js-1.70-12.el6op.x86_64.rpm js-debuginfo-1.70-12.el6op.x86_64.rpm js-devel-1.70-12.el6op.x86_64.rpm json-c-0.10-3.el6op.x86_64.rpm json-c-debuginfo-0.10-3.el6op.x86_64.rpm json-c-devel-0.10-3.el6op.x86_64.rpm jython-2.2.1-4.8.el6.x86_64.rpm jython-debuginfo-2.2.1-4.8.el6.x86_64.rpm jython-demo-2.2.1-4.8.el6.x86_64.rpm jython-javadoc-2.2.1-4.8.el6.x86_64.rpm jython-manual-2.2.1-4.8.el6.x86_64.rpm lapack-debuginfo-3.2.1-4.el6.x86_64.rpm lapack-devel-3.2.1-4.el6.x86_64.rpm lcms-debuginfo-1.19-1.el6.x86_64.rpm lcms-devel-1.19-1.el6.x86_64.rpm libc-client-2007e-11.el6.x86_64.rpm libc-client-debuginfo-2007e-11.el6.x86_64.rpm libc-client-devel-2007e-11.el6.x86_64.rpm libcgroup-debuginfo-0.40.rc1-15.el6_6.x86_64.rpm libcgroup-pam-0.40.rc1-15.el6_6.x86_64.rpm libdap-3.11.0-1.el6op.x86_64.rpm libdap-debuginfo-3.11.0-1.el6op.x86_64.rpm libdap-devel-3.11.0-1.el6op.x86_64.rpm libdap-doc-3.11.0-1.el6op.x86_64.rpm libestr-0.1.9-2.el6op.x86_64.rpm libestr-debuginfo-0.1.9-2.el6op.x86_64.rpm libestr-devel-0.1.9-2.el6op.x86_64.rpm libev-4.04-4.el6op.x86_64.rpm libev-debuginfo-4.04-4.el6op.x86_64.rpm libev-devel-4.04-4.el6op.x86_64.rpm libffi-debuginfo-3.0.5-3.2.el6.x86_64.rpm libffi-devel-3.0.5-3.2.el6.x86_64.rpm libgeotiff-1.2.5-5.el6op.x86_64.rpm libgeotiff-debuginfo-1.2.5-5.el6op.x86_64.rpm libgeotiff-devel-1.2.5-5.el6op.x86_64.rpm libgta-1.0.2-2.el6op.x86_64.rpm libgta-debuginfo-1.0.2-2.el6op.x86_64.rpm libgta-devel-1.0.2-2.el6op.x86_64.rpm libicu-devel-4.2.1-9.1.el6_2.x86_64.rpm libmcrypt-2.5.8-10.el6op.x86_64.rpm libmcrypt-debuginfo-2.5.8-10.el6op.x86_64.rpm libmcrypt-devel-2.5.8-10.el6op.x86_64.rpm libreadline-java-0.8.0-24.3.el6.x86_64.rpm libreadline-java-debuginfo-0.8.0-24.3.el6.x86_64.rpm libreadline-java-javadoc-0.8.0-24.3.el6.x86_64.rpm libspatialite-2.4.0-0.6.RC4.el6op.x86_64.rpm libspatialite-debuginfo-2.4.0-0.6.RC4.el6op.x86_64.rpm libspatialite-devel-2.4.0-0.6.RC4.el6op.x86_64.rpm libwebp-0.3.0-2.el6op.x86_64.rpm libwebp-debuginfo-0.3.0-2.el6op.x86_64.rpm libwebp-devel-0.3.0-2.el6op.x86_64.rpm libwebp-java-0.3.0-2.el6op.x86_64.rpm libwebp-tools-0.3.0-2.el6op.x86_64.rpm mod_passenger-3.0.21-12.el6op.x86_64.rpm netcdf-4.1.1-3.el6op.3.x86_64.rpm netcdf-debuginfo-4.1.1-3.el6op.3.x86_64.rpm netcdf-devel-4.1.1-3.el6op.3.x86_64.rpm netcdf-static-4.1.1-3.el6op.3.x86_64.rpm nodejs010-nodejs-bson-0.2.2-3.el6op.x86_64.rpm nodejs010-nodejs-bson-debuginfo-0.2.2-3.el6op.x86_64.rpm nodejs010-nodejs-pg-0.12.3-3.el6op.x86_64.rpm nodejs010-nodejs-pg-debuginfo-0.12.3-3.el6op.x86_64.rpm nodejs010-nodejs-ws-0.4.25-8.el6op.x86_64.rpm nodejs010-nodejs-ws-debuginfo-0.4.25-8.el6op.x86_64.rpm openshift-origin-logshifter-1.8.1.0-1.el6op.x86_64.rpm pam_openshift-1.12.1.0-1.el6op.x86_64.rpm pam_openshift-debuginfo-1.12.1.0-1.el6op.x86_64.rpm perl-Clone-0.31-3.1.el6.x86_64.rpm perl-Clone-debuginfo-0.31-3.1.el6.x86_64.rpm php-bcmath-5.3.3-38.el6.x86_64.rpm php-debuginfo-5.3.3-38.el6.x86_64.rpm php-devel-5.3.3-38.el6.x86_64.rpm php-extras-debuginfo-5.3.3-3.el6op.x86_64.rpm php-fpm-5.3.3-38.el6.x86_64.rpm php-imap-5.3.3-38.el6.x86_64.rpm php-intl-5.3.3-38.el6.x86_64.rpm php-mbstring-5.3.3-38.el6.x86_64.rpm php-mcrypt-5.3.3-3.el6op.x86_64.rpm php-pecl-imagick-3.1.2-1.el6_5.x86_64.rpm php-pecl-imagick-debuginfo-3.1.2-1.el6_5.x86_64.rpm php-pecl-mongo-1.4.4-1.el6op.x86_64.rpm php-pecl-mongo-debuginfo-1.4.4-1.el6op.x86_64.rpm php-pecl-xdebug-2.1.4-1.el6op.x86_64.rpm php-pecl-xdebug-debuginfo-2.1.4-1.el6op.x86_64.rpm php-process-5.3.3-38.el6.x86_64.rpm php54-php-pecl-imagick-3.1.2-1.el6op.x86_64.rpm php54-php-pecl-imagick-debuginfo-3.1.2-1.el6op.x86_64.rpm php54-php-pecl-mongo-1.4.5-1.el6op.x86_64.rpm php54-php-pecl-mongo-debuginfo-1.4.5-1.el6op.x86_64.rpm php54-php-pecl-xdebug-2.2.3-3.el6op.x86_64.rpm php54-php-pecl-xdebug-debuginfo-2.2.3-3.el6op.x86_64.rpm postgis-1.5.3-1.el6op.x86_64.rpm postgis-debuginfo-1.5.3-1.el6op.x86_64.rpm postgis-docs-1.5.3-1.el6op.x86_64.rpm postgresql-ip4r-1.05-1.el6op.x86_64.rpm postgresql-ip4r-debuginfo-1.05-1.el6op.x86_64.rpm postgresql92-pgRouting-2.0.0-2.el6op.x86_64.rpm postgresql92-pgRouting-debuginfo-2.0.0-2.el6op.x86_64.rpm postgresql92-postgis-2.1.0-0.el6op.x86_64.rpm postgresql92-postgis-debuginfo-2.1.0-0.el6op.x86_64.rpm postgresql92-postgis-docs-2.1.0-0.el6op.x86_64.rpm postgresql92-postgis-utils-2.1.0-0.el6op.x86_64.rpm proj-4.7.0-1.el6op.x86_64.rpm proj-debuginfo-4.7.0-1.el6op.x86_64.rpm proj-devel-4.7.0-1.el6op.x86_64.rpm proj-nad-4.7.0-1.el6op.x86_64.rpm python-bson-2.5.2-3.el6op.x86_64.rpm python-pymongo-2.5.2-3.el6op.x86_64.rpm python-pymongo-debuginfo-2.5.2-3.el6op.x86_64.rpm python-pymongo-gridfs-2.5.2-3.el6op.x86_64.rpm python27-mod_wsgi-3.4-26.el6op.x86_64.rpm python27-mod_wsgi-debuginfo-3.4-26.el6op.x86_64.rpm python33-mod_wsgi-3.4-26.el6op.x86_64.rpm python33-mod_wsgi-debuginfo-3.4-26.el6op.x86_64.rpm rsyslog7-debuginfo-7.4.10-3.el6op.x86_64.rpm rsyslog7-mmopenshift-7.4.10-3.el6op.x86_64.rpm ruby-RMagick-2.13.1-6.el6op.1.x86_64.rpm ruby-RMagick-debuginfo-2.13.1-6.el6op.1.x86_64.rpm ruby-mysql-2.8.2-2.el6op.x86_64.rpm ruby-mysql-debuginfo-2.8.2-2.el6op.x86_64.rpm ruby-nokogiri-1.4.3.1-1.el6op.x86_64.rpm ruby-sqlite3-1.3.3-4.el6op.x86_64.rpm ruby193-facter-1.6.6-3.el6op.x86_64.rpm ruby193-js-1.8.5-10.el6op.x86_64.rpm ruby193-js-debuginfo-1.8.5-10.el6op.x86_64.rpm ruby193-js-devel-1.8.5-10.el6op.x86_64.rpm ruby193-mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-ruby-mysql-2.8.2-8.el6op.x86_64.rpm ruby193-ruby-mysql-debuginfo-2.8.2-8.el6op.x86_64.rpm ruby193-ruby-selinux-2.0.94-3.el6op.x86_64.rpm ruby193-ruby-selinux-debuginfo-2.0.94-3.el6op.x86_64.rpm ruby193-rubygem-bson_ext-1.8.1-2.el6op.x86_64.rpm ruby193-rubygem-bson_ext-debuginfo-1.8.1-2.el6op.x86_64.rpm ruby193-rubygem-fastthread-1.0.7-7.el6op.x86_64.rpm ruby193-rubygem-fastthread-debuginfo-1.0.7-7.el6op.x86_64.rpm ruby193-rubygem-json-1.7.3-5.el6op.x86_64.rpm ruby193-rubygem-json-debuginfo-1.7.3-5.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-pg-0.12.2-4.el6op.x86_64.rpm ruby193-rubygem-pg-debuginfo-0.12.2-4.el6op.x86_64.rpm ruby200-mod_passenger-4.0.18-17.el6op.x86_64.rpm ruby200-rubygem-passenger-4.0.18-17.el6op.x86_64.rpm ruby200-rubygem-passenger-debuginfo-4.0.18-17.el6op.x86_64.rpm ruby200-rubygem-passenger-devel-4.0.18-17.el6op.x86_64.rpm ruby200-rubygem-passenger-native-4.0.18-17.el6op.x86_64.rpm ruby200-rubygem-passenger-native-libs-4.0.18-17.el6op.x86_64.rpm rubygem-bson_ext-1.8.3-1.el6op.x86_64.rpm rubygem-bson_ext-debuginfo-1.8.3-1.el6op.x86_64.rpm rubygem-fastthread-1.0.7-4.el6op.x86_64.rpm rubygem-json-1.7.3-2.el6op.x86_64.rpm rubygem-json-debuginfo-1.7.3-2.el6op.x86_64.rpm rubygem-nokogiri-1.4.3.1-1.el6op.x86_64.rpm rubygem-nokogiri-debuginfo-1.4.3.1-1.el6op.x86_64.rpm rubygem-passenger-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-debuginfo-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-devel-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-native-3.0.21-12.el6op.x86_64.rpm rubygem-passenger-native-libs-3.0.21-12.el6op.x86_64.rpm rubygem-sqlite3-1.3.3-4.el6op.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.3-4.el6op.x86_64.rpm rubygem-thread-dump-0.0.5-93.el6op.x86_64.rpm rubygem-thread-dump-debuginfo-0.0.5-93.el6op.x86_64.rpm shapelib-1.3.0b2-10.2.el6op.x86_64.rpm shapelib-debuginfo-1.3.0b2-10.2.el6op.x86_64.rpm shapelib-devel-1.3.0b2-10.2.el6op.x86_64.rpm socat-1.7.2.2-1.el6op.x86_64.rpm socat-debuginfo-1.7.2.2-1.el6op.x86_64.rpm ta-lib-0.4.0-1.el6op.x86_64.rpm ta-lib-debuginfo-0.4.0-1.el6op.x86_64.rpm ta-lib-devel-0.4.0-1.el6op.x86_64.rpm uuid-debuginfo-1.6.1-10.el6.x86_64.rpm uuid-devel-1.6.1-10.el6.x86_64.rpm uuid-pgsql-1.6.1-10.el6.x86_64.rpm xerces-c-3.0.1-20.el6.x86_64.rpm xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm xerces-c-devel-3.0.1-20.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3602 https://access.redhat.com/security/cve/CVE-2014-3674 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUV+DYXlSAg2UNWIIRAnd/AJ9i3joXDg26kqXzkFH4dvr8wE3H3gCfWPK/ dKNTxnDEgsgWkoMWk8z3VHM= =XGOQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 4 18:26:38 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 4 Nov 2014 18:26:38 +0000 Subject: [RHSA-2014:1801-01] Moderate: shim security update Message-ID: <201411041826.sA4IQcpX002724@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: shim security update Advisory ID: RHSA-2014:1801-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1801.html Issue date: 2014-11-04 CVE Names: CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 ===================================================================== 1. Summary: Updated shim packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. (CVE-2014-3676) An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system. (CVE-2014-3677) An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled. (CVE-2014-3675) Red Hat would like to thank the SUSE Security Team for reporting these issues. All shim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1148230 - CVE-2014-3675 shim: out-of-bounds memory read flaw in DHCPv6 packet processing 1148231 - CVE-2014-3676 shim: heap-based buffer overflow flaw in IPv6 address parsing 1148232 - CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: shim-0.7-8.el7_0.src.rpm shim-signed-0.7-8.el7_0.src.rpm x86_64: mokutil-0.7-8.el7_0.x86_64.rpm shim-0.7-8.el7_0.x86_64.rpm shim-debuginfo-0.7-8.el7_0.x86_64.rpm shim-unsigned-0.7-8.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: shim-0.7-8.el7_0.src.rpm shim-signed-0.7-8.el7_0.src.rpm x86_64: mokutil-0.7-8.el7_0.x86_64.rpm shim-0.7-8.el7_0.x86_64.rpm shim-debuginfo-0.7-8.el7_0.x86_64.rpm shim-unsigned-0.7-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: shim-0.7-8.el7_0.src.rpm shim-signed-0.7-8.el7_0.src.rpm x86_64: mokutil-0.7-8.el7_0.x86_64.rpm shim-0.7-8.el7_0.x86_64.rpm shim-debuginfo-0.7-8.el7_0.x86_64.rpm shim-unsigned-0.7-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: shim-0.7-8.el7_0.src.rpm shim-signed-0.7-8.el7_0.src.rpm x86_64: mokutil-0.7-8.el7_0.x86_64.rpm shim-0.7-8.el7_0.x86_64.rpm shim-debuginfo-0.7-8.el7_0.x86_64.rpm shim-unsigned-0.7-8.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3675 https://access.redhat.com/security/cve/CVE-2014-3676 https://access.redhat.com/security/cve/CVE-2014-3677 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUWRlcXlSAg2UNWIIRAm6GAJ4zpWjcPiY4/+gVv5/Dfn2YW7zGIACfZyRT XKlQtiQps+wiFJrLkaURsEY= =XEoP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 5 10:05:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Nov 2014 10:05:11 +0000 Subject: [RHSA-2014:1803-01] Important: mod_auth_mellon security update Message-ID: <201411050956.sA59uHnJ014085@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mod_auth_mellon security update Advisory ID: RHSA-2014:1803-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1803.html Issue date: 2014-11-05 CVE Names: CVE-2014-8566 CVE-2014-8567 ===================================================================== 1. Summary: An updated mod_auth_mellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566) It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567) Red Hat would like to thank the mod_auth_mellon team for reporting these issues. Upstream acknowledges Matthew Slowe as the original reporter of CVE-2014-8566. All users of mod_auth_mellon are advised to upgrade to this updated package, which contains a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1157281 - CVE-2014-8566 mod_auth_mellon: remote memory disclosure flaw 1157954 - CVE-2014-8567 mod_auth_mellon: logout processing leads to denial of service 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: mod_auth_mellon-0.8.0-3.el6_6.src.rpm i386: mod_auth_mellon-0.8.0-3.el6_6.i686.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.i686.rpm ppc64: mod_auth_mellon-0.8.0-3.el6_6.ppc64.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.ppc64.rpm s390x: mod_auth_mellon-0.8.0-3.el6_6.s390x.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.s390x.rpm x86_64: mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: mod_auth_mellon-0.8.0-3.el6_6.src.rpm i386: mod_auth_mellon-0.8.0-3.el6_6.i686.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.i686.rpm x86_64: mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm mod_auth_mellon-debuginfo-0.8.0-3.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8566 https://access.redhat.com/security/cve/CVE-2014-8567 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUWfPLXlSAg2UNWIIRAuL8AJ9LXkqDLyLX2irBCnYKQR77lJLeiACguom7 KA6rCJiU8E+DiAz2ROKVbNU= =WDV4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 6 17:27:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Nov 2014 17:27:11 +0000 Subject: [RHSA-2014:1824-01] Important: php security update Message-ID: <201411061727.sA6HRBPU029945@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2014:1824-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1824.html Issue date: 2014-11-06 CVE Names: CVE-2014-3669 CVE-2014-3670 CVE-2014-8626 ===================================================================== 1. Summary: Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1155607 - CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: php-5.1.6-45.el5_11.src.rpm i386: php-5.1.6-45.el5_11.i386.rpm php-bcmath-5.1.6-45.el5_11.i386.rpm php-cli-5.1.6-45.el5_11.i386.rpm php-common-5.1.6-45.el5_11.i386.rpm php-dba-5.1.6-45.el5_11.i386.rpm php-debuginfo-5.1.6-45.el5_11.i386.rpm php-devel-5.1.6-45.el5_11.i386.rpm php-gd-5.1.6-45.el5_11.i386.rpm php-imap-5.1.6-45.el5_11.i386.rpm php-ldap-5.1.6-45.el5_11.i386.rpm php-mbstring-5.1.6-45.el5_11.i386.rpm php-mysql-5.1.6-45.el5_11.i386.rpm php-ncurses-5.1.6-45.el5_11.i386.rpm php-odbc-5.1.6-45.el5_11.i386.rpm php-pdo-5.1.6-45.el5_11.i386.rpm php-pgsql-5.1.6-45.el5_11.i386.rpm php-snmp-5.1.6-45.el5_11.i386.rpm php-soap-5.1.6-45.el5_11.i386.rpm php-xml-5.1.6-45.el5_11.i386.rpm php-xmlrpc-5.1.6-45.el5_11.i386.rpm x86_64: php-5.1.6-45.el5_11.x86_64.rpm php-bcmath-5.1.6-45.el5_11.x86_64.rpm php-cli-5.1.6-45.el5_11.x86_64.rpm php-common-5.1.6-45.el5_11.x86_64.rpm php-dba-5.1.6-45.el5_11.x86_64.rpm php-debuginfo-5.1.6-45.el5_11.x86_64.rpm php-devel-5.1.6-45.el5_11.x86_64.rpm php-gd-5.1.6-45.el5_11.x86_64.rpm php-imap-5.1.6-45.el5_11.x86_64.rpm php-ldap-5.1.6-45.el5_11.x86_64.rpm php-mbstring-5.1.6-45.el5_11.x86_64.rpm php-mysql-5.1.6-45.el5_11.x86_64.rpm php-ncurses-5.1.6-45.el5_11.x86_64.rpm php-odbc-5.1.6-45.el5_11.x86_64.rpm php-pdo-5.1.6-45.el5_11.x86_64.rpm php-pgsql-5.1.6-45.el5_11.x86_64.rpm php-snmp-5.1.6-45.el5_11.x86_64.rpm php-soap-5.1.6-45.el5_11.x86_64.rpm php-xml-5.1.6-45.el5_11.x86_64.rpm php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: php-5.1.6-45.el5_11.src.rpm i386: php-5.1.6-45.el5_11.i386.rpm php-bcmath-5.1.6-45.el5_11.i386.rpm php-cli-5.1.6-45.el5_11.i386.rpm php-common-5.1.6-45.el5_11.i386.rpm php-dba-5.1.6-45.el5_11.i386.rpm php-debuginfo-5.1.6-45.el5_11.i386.rpm php-devel-5.1.6-45.el5_11.i386.rpm php-gd-5.1.6-45.el5_11.i386.rpm php-imap-5.1.6-45.el5_11.i386.rpm php-ldap-5.1.6-45.el5_11.i386.rpm php-mbstring-5.1.6-45.el5_11.i386.rpm php-mysql-5.1.6-45.el5_11.i386.rpm php-ncurses-5.1.6-45.el5_11.i386.rpm php-odbc-5.1.6-45.el5_11.i386.rpm php-pdo-5.1.6-45.el5_11.i386.rpm php-pgsql-5.1.6-45.el5_11.i386.rpm php-snmp-5.1.6-45.el5_11.i386.rpm php-soap-5.1.6-45.el5_11.i386.rpm php-xml-5.1.6-45.el5_11.i386.rpm php-xmlrpc-5.1.6-45.el5_11.i386.rpm ia64: php-5.1.6-45.el5_11.ia64.rpm php-bcmath-5.1.6-45.el5_11.ia64.rpm php-cli-5.1.6-45.el5_11.ia64.rpm php-common-5.1.6-45.el5_11.ia64.rpm php-dba-5.1.6-45.el5_11.ia64.rpm php-debuginfo-5.1.6-45.el5_11.ia64.rpm php-devel-5.1.6-45.el5_11.ia64.rpm php-gd-5.1.6-45.el5_11.ia64.rpm php-imap-5.1.6-45.el5_11.ia64.rpm php-ldap-5.1.6-45.el5_11.ia64.rpm php-mbstring-5.1.6-45.el5_11.ia64.rpm php-mysql-5.1.6-45.el5_11.ia64.rpm php-ncurses-5.1.6-45.el5_11.ia64.rpm php-odbc-5.1.6-45.el5_11.ia64.rpm php-pdo-5.1.6-45.el5_11.ia64.rpm php-pgsql-5.1.6-45.el5_11.ia64.rpm php-snmp-5.1.6-45.el5_11.ia64.rpm php-soap-5.1.6-45.el5_11.ia64.rpm php-xml-5.1.6-45.el5_11.ia64.rpm php-xmlrpc-5.1.6-45.el5_11.ia64.rpm ppc: php-5.1.6-45.el5_11.ppc.rpm php-bcmath-5.1.6-45.el5_11.ppc.rpm php-cli-5.1.6-45.el5_11.ppc.rpm php-common-5.1.6-45.el5_11.ppc.rpm php-dba-5.1.6-45.el5_11.ppc.rpm php-debuginfo-5.1.6-45.el5_11.ppc.rpm php-devel-5.1.6-45.el5_11.ppc.rpm php-gd-5.1.6-45.el5_11.ppc.rpm php-imap-5.1.6-45.el5_11.ppc.rpm php-ldap-5.1.6-45.el5_11.ppc.rpm php-mbstring-5.1.6-45.el5_11.ppc.rpm php-mysql-5.1.6-45.el5_11.ppc.rpm php-ncurses-5.1.6-45.el5_11.ppc.rpm php-odbc-5.1.6-45.el5_11.ppc.rpm php-pdo-5.1.6-45.el5_11.ppc.rpm php-pgsql-5.1.6-45.el5_11.ppc.rpm php-snmp-5.1.6-45.el5_11.ppc.rpm php-soap-5.1.6-45.el5_11.ppc.rpm php-xml-5.1.6-45.el5_11.ppc.rpm php-xmlrpc-5.1.6-45.el5_11.ppc.rpm s390x: php-5.1.6-45.el5_11.s390x.rpm php-bcmath-5.1.6-45.el5_11.s390x.rpm php-cli-5.1.6-45.el5_11.s390x.rpm php-common-5.1.6-45.el5_11.s390x.rpm php-dba-5.1.6-45.el5_11.s390x.rpm php-debuginfo-5.1.6-45.el5_11.s390x.rpm php-devel-5.1.6-45.el5_11.s390x.rpm php-gd-5.1.6-45.el5_11.s390x.rpm php-imap-5.1.6-45.el5_11.s390x.rpm php-ldap-5.1.6-45.el5_11.s390x.rpm php-mbstring-5.1.6-45.el5_11.s390x.rpm php-mysql-5.1.6-45.el5_11.s390x.rpm php-ncurses-5.1.6-45.el5_11.s390x.rpm php-odbc-5.1.6-45.el5_11.s390x.rpm php-pdo-5.1.6-45.el5_11.s390x.rpm php-pgsql-5.1.6-45.el5_11.s390x.rpm php-snmp-5.1.6-45.el5_11.s390x.rpm php-soap-5.1.6-45.el5_11.s390x.rpm php-xml-5.1.6-45.el5_11.s390x.rpm php-xmlrpc-5.1.6-45.el5_11.s390x.rpm x86_64: php-5.1.6-45.el5_11.x86_64.rpm php-bcmath-5.1.6-45.el5_11.x86_64.rpm php-cli-5.1.6-45.el5_11.x86_64.rpm php-common-5.1.6-45.el5_11.x86_64.rpm php-dba-5.1.6-45.el5_11.x86_64.rpm php-debuginfo-5.1.6-45.el5_11.x86_64.rpm php-devel-5.1.6-45.el5_11.x86_64.rpm php-gd-5.1.6-45.el5_11.x86_64.rpm php-imap-5.1.6-45.el5_11.x86_64.rpm php-ldap-5.1.6-45.el5_11.x86_64.rpm php-mbstring-5.1.6-45.el5_11.x86_64.rpm php-mysql-5.1.6-45.el5_11.x86_64.rpm php-ncurses-5.1.6-45.el5_11.x86_64.rpm php-odbc-5.1.6-45.el5_11.x86_64.rpm php-pdo-5.1.6-45.el5_11.x86_64.rpm php-pgsql-5.1.6-45.el5_11.x86_64.rpm php-snmp-5.1.6-45.el5_11.x86_64.rpm php-soap-5.1.6-45.el5_11.x86_64.rpm php-xml-5.1.6-45.el5_11.x86_64.rpm php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-8626 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUW69BXlSAg2UNWIIRApE2AJ9YPbx4drW+sJev92Qi3hHcRrehPwCfRmDT nocFezwvXgNrR+GDI9aBi8s= =lIGO -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 6 17:28:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 6 Nov 2014 17:28:07 +0000 Subject: [RHSA-2014:1825-01] Critical: php security update Message-ID: <201411061728.sA6HS7Q4000529@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2014:1825-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1825.html Issue date: 2014-11-06 CVE Names: CVE-2014-8626 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-8626) All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1155607 - CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow 6. Package List: Red Hat Enterprise Linux AS (v. 4 ELS): Source: php-4.3.9-3.38.el4.src.rpm i386: php-4.3.9-3.38.el4.i386.rpm php-debuginfo-4.3.9-3.38.el4.i386.rpm php-devel-4.3.9-3.38.el4.i386.rpm php-domxml-4.3.9-3.38.el4.i386.rpm php-gd-4.3.9-3.38.el4.i386.rpm php-imap-4.3.9-3.38.el4.i386.rpm php-ldap-4.3.9-3.38.el4.i386.rpm php-mbstring-4.3.9-3.38.el4.i386.rpm php-mysql-4.3.9-3.38.el4.i386.rpm php-ncurses-4.3.9-3.38.el4.i386.rpm php-odbc-4.3.9-3.38.el4.i386.rpm php-pear-4.3.9-3.38.el4.i386.rpm php-pgsql-4.3.9-3.38.el4.i386.rpm php-snmp-4.3.9-3.38.el4.i386.rpm php-xmlrpc-4.3.9-3.38.el4.i386.rpm ia64: php-4.3.9-3.38.el4.ia64.rpm php-debuginfo-4.3.9-3.38.el4.ia64.rpm php-devel-4.3.9-3.38.el4.ia64.rpm php-domxml-4.3.9-3.38.el4.ia64.rpm php-gd-4.3.9-3.38.el4.ia64.rpm php-imap-4.3.9-3.38.el4.ia64.rpm php-ldap-4.3.9-3.38.el4.ia64.rpm php-mbstring-4.3.9-3.38.el4.ia64.rpm php-mysql-4.3.9-3.38.el4.ia64.rpm php-ncurses-4.3.9-3.38.el4.ia64.rpm php-odbc-4.3.9-3.38.el4.ia64.rpm php-pear-4.3.9-3.38.el4.ia64.rpm php-pgsql-4.3.9-3.38.el4.ia64.rpm php-snmp-4.3.9-3.38.el4.ia64.rpm php-xmlrpc-4.3.9-3.38.el4.ia64.rpm x86_64: php-4.3.9-3.38.el4.x86_64.rpm php-debuginfo-4.3.9-3.38.el4.x86_64.rpm php-devel-4.3.9-3.38.el4.x86_64.rpm php-domxml-4.3.9-3.38.el4.x86_64.rpm php-gd-4.3.9-3.38.el4.x86_64.rpm php-imap-4.3.9-3.38.el4.x86_64.rpm php-ldap-4.3.9-3.38.el4.x86_64.rpm php-mbstring-4.3.9-3.38.el4.x86_64.rpm php-mysql-4.3.9-3.38.el4.x86_64.rpm php-ncurses-4.3.9-3.38.el4.x86_64.rpm php-odbc-4.3.9-3.38.el4.x86_64.rpm php-pear-4.3.9-3.38.el4.x86_64.rpm php-pgsql-4.3.9-3.38.el4.x86_64.rpm php-snmp-4.3.9-3.38.el4.x86_64.rpm php-xmlrpc-4.3.9-3.38.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: php-4.3.9-3.38.el4.src.rpm i386: php-4.3.9-3.38.el4.i386.rpm php-debuginfo-4.3.9-3.38.el4.i386.rpm php-devel-4.3.9-3.38.el4.i386.rpm php-domxml-4.3.9-3.38.el4.i386.rpm php-gd-4.3.9-3.38.el4.i386.rpm php-imap-4.3.9-3.38.el4.i386.rpm php-ldap-4.3.9-3.38.el4.i386.rpm php-mbstring-4.3.9-3.38.el4.i386.rpm php-mysql-4.3.9-3.38.el4.i386.rpm php-ncurses-4.3.9-3.38.el4.i386.rpm php-odbc-4.3.9-3.38.el4.i386.rpm php-pear-4.3.9-3.38.el4.i386.rpm php-pgsql-4.3.9-3.38.el4.i386.rpm php-snmp-4.3.9-3.38.el4.i386.rpm php-xmlrpc-4.3.9-3.38.el4.i386.rpm x86_64: php-4.3.9-3.38.el4.x86_64.rpm php-debuginfo-4.3.9-3.38.el4.x86_64.rpm php-devel-4.3.9-3.38.el4.x86_64.rpm php-domxml-4.3.9-3.38.el4.x86_64.rpm php-gd-4.3.9-3.38.el4.x86_64.rpm php-imap-4.3.9-3.38.el4.x86_64.rpm php-ldap-4.3.9-3.38.el4.x86_64.rpm php-mbstring-4.3.9-3.38.el4.x86_64.rpm php-mysql-4.3.9-3.38.el4.x86_64.rpm php-ncurses-4.3.9-3.38.el4.x86_64.rpm php-odbc-4.3.9-3.38.el4.x86_64.rpm php-pear-4.3.9-3.38.el4.x86_64.rpm php-pgsql-4.3.9-3.38.el4.x86_64.rpm php-snmp-4.3.9-3.38.el4.x86_64.rpm php-xmlrpc-4.3.9-3.38.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8626 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUW697XlSAg2UNWIIRAuu1AKCAEDKPlsiPg9RWMAq+eU3azqAa5gCguBBi w4PFhxoZN4eOuy9SjlzcjHg= =1OUD -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 11 21:51:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Nov 2014 21:51:19 +0000 Subject: [RHSA-2014:1826-01] Moderate: libvncserver security update Message-ID: <201411112151.sABLpKth018560@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvncserver security update Advisory ID: RHSA-2014:1826-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1826.html Issue date: 2014-11-11 CVE Names: CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 ===================================================================== 1. Summary: Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. (CVE-2014-6052) A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1144287 - CVE-2014-6051 libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling 1144288 - CVE-2014-6052 libvncserver: NULL pointer dereference flaw in framebuffer setup 1144289 - CVE-2014-6053 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling 1144291 - CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling 1144293 - CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_6.1.ppc64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_6.1.s390x.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm ppc64: libvncserver-0.9.7-7.el6_6.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.ppc64.rpm libvncserver-devel-0.9.7-7.el6_6.1.ppc.rpm libvncserver-devel-0.9.7-7.el6_6.1.ppc64.rpm s390x: libvncserver-0.9.7-7.el6_6.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.s390x.rpm libvncserver-devel-0.9.7-7.el6_6.1.s390.rpm libvncserver-devel-0.9.7-7.el6_6.1.s390x.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libvncserver-0.9.7-7.el6_6.1.src.rpm i386: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm x86_64: libvncserver-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.i686.rpm libvncserver-debuginfo-0.9.7-7.el6_6.1.x86_64.rpm libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libvncserver-0.9.9-9.el7_0.1.src.rpm x86_64: libvncserver-0.9.9-9.el7_0.1.i686.rpm libvncserver-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libvncserver-debuginfo-0.9.9-9.el7_0.1.i686.rpm libvncserver-debuginfo-0.9.9-9.el7_0.1.x86_64.rpm libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6051 https://access.redhat.com/security/cve/CVE-2014-6052 https://access.redhat.com/security/cve/CVE-2014-6053 https://access.redhat.com/security/cve/CVE-2014-6054 https://access.redhat.com/security/cve/CVE-2014-6055 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUYoQeXlSAg2UNWIIRAtoBAJ9oayoOvDSkqllckZMjamQQ4BHWYwCePAL9 1ceSRC7U70bU4Zc3860Ktic= =p1ik -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 11 21:57:55 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Nov 2014 21:57:55 +0000 Subject: [RHSA-2014:1827-01] Moderate: kdenetwork security update Message-ID: <201411112157.sABLvtvB023450@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kdenetwork security update Advisory ID: RHSA-2014:1827-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1827.html Issue date: 2014-11-11 CVE Names: CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 ===================================================================== 1. Summary: Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. Note: Prior to this update, the kdenetwork packages used an embedded copy of the LibVNCServer library. With this update, the kdenetwork packages have been modified to use the system LibVNCServer packages. Therefore, the update provided by RHSA-2014:1826 must be installed to fully address the issues in krfb described above. All kdenetwork users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of the krfb server must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1144289 - CVE-2014-6053 libvncserver: server NULL pointer dereference flaw in ClientCutText message handling 1144291 - CVE-2014-6054 libvncserver: server divide-by-zero flaw in scaling factor handling 1144293 - CVE-2014-6055 libvncserver: server stacked-based buffer overflow flaws in file transfer handling 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kdenetwork-4.10.5-8.el7_0.src.rpm noarch: kdenetwork-common-4.10.5-8.el7_0.noarch.rpm x86_64: kdenetwork-debuginfo-4.10.5-8.el7_0.i686.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kdnssd-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kdenetwork-devel-4.10.5-8.el7_0.noarch.rpm x86_64: kdenetwork-4.10.5-8.el7_0.x86_64.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.i686.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-fileshare-samba-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kdenetwork-4.10.5-8.el7_0.src.rpm noarch: kdenetwork-common-4.10.5-8.el7_0.noarch.rpm kdenetwork-devel-4.10.5-8.el7_0.noarch.rpm x86_64: kdenetwork-debuginfo-4.10.5-8.el7_0.i686.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kdnssd-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: kdenetwork-4.10.5-8.el7_0.x86_64.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-fileshare-samba-4.10.5-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kdenetwork-4.10.5-8.el7_0.src.rpm noarch: kdenetwork-common-4.10.5-8.el7_0.noarch.rpm kdenetwork-devel-4.10.5-8.el7_0.noarch.rpm x86_64: kdenetwork-debuginfo-4.10.5-8.el7_0.i686.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kdnssd-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kget-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-devel-4.10.5-8.el7_0.x86_64.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-kopete-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-devel-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krdc-libs-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-4.10.5-8.el7_0.x86_64.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.i686.rpm kdenetwork-krfb-libs-4.10.5-8.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kdenetwork-4.10.5-8.el7_0.x86_64.rpm kdenetwork-debuginfo-4.10.5-8.el7_0.x86_64.rpm kdenetwork-fileshare-samba-4.10.5-8.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-6053 https://access.redhat.com/security/cve/CVE-2014-6054 https://access.redhat.com/security/cve/CVE-2014-6055 https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2014-1826.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUYoTzXlSAg2UNWIIRAjnqAKCqHsimfVovF6mK/2r+Lr/Rpoa5YACgvYLy 7LazKa5gL7gCyG5bdU0G1fg= =2wvT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 11 22:01:26 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Nov 2014 22:01:26 +0000 Subject: [RHSA-2014:1843-01] Important: kernel security and bug fix update Message-ID: <201411112201.sABM1RMc021180@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1843-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1843.html Issue date: 2014-11-11 CVE Names: CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs: * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the "mgr_rxbuf=off" option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw 1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled 1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-504.1.3.el6.src.rpm i386: kernel-2.6.32-504.1.3.el6.i686.rpm kernel-debug-2.6.32-504.1.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm kernel-devel-2.6.32-504.1.3.el6.i686.rpm kernel-headers-2.6.32-504.1.3.el6.i686.rpm perf-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm kernel-doc-2.6.32-504.1.3.el6.noarch.rpm kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm kernel-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-headers-2.6.32-504.1.3.el6.x86_64.rpm perf-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-504.1.3.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm kernel-doc-2.6.32-504.1.3.el6.noarch.rpm kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm kernel-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-headers-2.6.32-504.1.3.el6.x86_64.rpm perf-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-504.1.3.el6.src.rpm i386: kernel-2.6.32-504.1.3.el6.i686.rpm kernel-debug-2.6.32-504.1.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm kernel-devel-2.6.32-504.1.3.el6.i686.rpm kernel-headers-2.6.32-504.1.3.el6.i686.rpm perf-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm kernel-doc-2.6.32-504.1.3.el6.noarch.rpm kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm ppc64: kernel-2.6.32-504.1.3.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.1.3.el6.ppc64.rpm kernel-debug-2.6.32-504.1.3.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.1.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.1.3.el6.ppc64.rpm kernel-devel-2.6.32-504.1.3.el6.ppc64.rpm kernel-headers-2.6.32-504.1.3.el6.ppc64.rpm perf-2.6.32-504.1.3.el6.ppc64.rpm perf-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm s390x: kernel-2.6.32-504.1.3.el6.s390x.rpm kernel-debug-2.6.32-504.1.3.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.s390x.rpm kernel-debug-devel-2.6.32-504.1.3.el6.s390x.rpm kernel-debuginfo-2.6.32-504.1.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.1.3.el6.s390x.rpm kernel-devel-2.6.32-504.1.3.el6.s390x.rpm kernel-headers-2.6.32-504.1.3.el6.s390x.rpm kernel-kdump-2.6.32-504.1.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.1.3.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.1.3.el6.s390x.rpm perf-2.6.32-504.1.3.el6.s390x.rpm perf-debuginfo-2.6.32-504.1.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.s390x.rpm x86_64: kernel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm kernel-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-headers-2.6.32-504.1.3.el6.x86_64.rpm perf-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.1.3.el6.ppc64.rpm perf-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm python-perf-2.6.32-504.1.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.1.3.el6.s390x.rpm kernel-debuginfo-2.6.32-504.1.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.1.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.1.3.el6.s390x.rpm perf-debuginfo-2.6.32-504.1.3.el6.s390x.rpm python-perf-2.6.32-504.1.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-504.1.3.el6.src.rpm i386: kernel-2.6.32-504.1.3.el6.i686.rpm kernel-debug-2.6.32-504.1.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm kernel-devel-2.6.32-504.1.3.el6.i686.rpm kernel-headers-2.6.32-504.1.3.el6.i686.rpm perf-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm kernel-doc-2.6.32-504.1.3.el6.noarch.rpm kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm x86_64: kernel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm kernel-devel-2.6.32-504.1.3.el6.x86_64.rpm kernel-headers-2.6.32-504.1.3.el6.x86_64.rpm perf-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.1.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.1.3.el6.i686.rpm perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm python-perf-2.6.32-504.1.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.1.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm python-perf-2.6.32-504.1.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.1.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3185 https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/cve/CVE-2014-3645 https://access.redhat.com/security/cve/CVE-2014-3646 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUYobtXlSAg2UNWIIRAuggAJ0YZld8inHXnOK1GXYHdfmLEZldOQCfV7Hm oG8xQwp8hxk/PjoaePjjNFE= =a4SM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 12 05:51:44 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Nov 2014 05:51:44 +0000 Subject: [RHSA-2014:1846-01] Moderate: gnutls security update Message-ID: <201411120542.sAC5ggox014541@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security update Advisory ID: RHSA-2014:1846-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1846.html Issue date: 2014-11-12 CVE Names: CVE-2014-8564 ===================================================================== 1. Summary: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1161443 - CVE-2014-8564 gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gnutls-3.1.18-10.el7_0.src.rpm x86_64: gnutls-3.1.18-10.el7_0.i686.rpm gnutls-3.1.18-10.el7_0.x86_64.rpm gnutls-dane-3.1.18-10.el7_0.i686.rpm gnutls-dane-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-utils-3.1.18-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: gnutls-c++-3.1.18-10.el7_0.i686.rpm gnutls-c++-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-devel-3.1.18-10.el7_0.i686.rpm gnutls-devel-3.1.18-10.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gnutls-3.1.18-10.el7_0.src.rpm x86_64: gnutls-3.1.18-10.el7_0.i686.rpm gnutls-3.1.18-10.el7_0.x86_64.rpm gnutls-dane-3.1.18-10.el7_0.i686.rpm gnutls-dane-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-utils-3.1.18-10.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: gnutls-c++-3.1.18-10.el7_0.i686.rpm gnutls-c++-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-devel-3.1.18-10.el7_0.i686.rpm gnutls-devel-3.1.18-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gnutls-3.1.18-10.el7_0.src.rpm ppc64: gnutls-3.1.18-10.el7_0.ppc.rpm gnutls-3.1.18-10.el7_0.ppc64.rpm gnutls-c++-3.1.18-10.el7_0.ppc.rpm gnutls-c++-3.1.18-10.el7_0.ppc64.rpm gnutls-dane-3.1.18-10.el7_0.ppc.rpm gnutls-dane-3.1.18-10.el7_0.ppc64.rpm gnutls-debuginfo-3.1.18-10.el7_0.ppc.rpm gnutls-debuginfo-3.1.18-10.el7_0.ppc64.rpm gnutls-devel-3.1.18-10.el7_0.ppc.rpm gnutls-devel-3.1.18-10.el7_0.ppc64.rpm gnutls-utils-3.1.18-10.el7_0.ppc64.rpm s390x: gnutls-3.1.18-10.el7_0.s390.rpm gnutls-3.1.18-10.el7_0.s390x.rpm gnutls-c++-3.1.18-10.el7_0.s390.rpm gnutls-c++-3.1.18-10.el7_0.s390x.rpm gnutls-dane-3.1.18-10.el7_0.s390.rpm gnutls-dane-3.1.18-10.el7_0.s390x.rpm gnutls-debuginfo-3.1.18-10.el7_0.s390.rpm gnutls-debuginfo-3.1.18-10.el7_0.s390x.rpm gnutls-devel-3.1.18-10.el7_0.s390.rpm gnutls-devel-3.1.18-10.el7_0.s390x.rpm gnutls-utils-3.1.18-10.el7_0.s390x.rpm x86_64: gnutls-3.1.18-10.el7_0.i686.rpm gnutls-3.1.18-10.el7_0.x86_64.rpm gnutls-c++-3.1.18-10.el7_0.i686.rpm gnutls-c++-3.1.18-10.el7_0.x86_64.rpm gnutls-dane-3.1.18-10.el7_0.i686.rpm gnutls-dane-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-devel-3.1.18-10.el7_0.i686.rpm gnutls-devel-3.1.18-10.el7_0.x86_64.rpm gnutls-utils-3.1.18-10.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gnutls-3.1.18-10.el7_0.src.rpm x86_64: gnutls-3.1.18-10.el7_0.i686.rpm gnutls-3.1.18-10.el7_0.x86_64.rpm gnutls-c++-3.1.18-10.el7_0.i686.rpm gnutls-c++-3.1.18-10.el7_0.x86_64.rpm gnutls-dane-3.1.18-10.el7_0.i686.rpm gnutls-dane-3.1.18-10.el7_0.x86_64.rpm gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm gnutls-devel-3.1.18-10.el7_0.i686.rpm gnutls-devel-3.1.18-10.el7_0.x86_64.rpm gnutls-utils-3.1.18-10.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8564 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUYvNGXlSAg2UNWIIRAmouAJ9e8Sk11cIKk88n31V9keNAa7n3tACffVg/ amEtrgIp2xQ224DCJDZ0zXg= =SCLp -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 13 00:23:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Nov 2014 00:23:17 +0000 Subject: [RHSA-2014:1852-01] Critical: flash-plugin security update Message-ID: <201411130023.sAD0NHgB003808@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. (CVE-2014-8437) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.418. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-24.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE= =L7wt -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 11:18:41 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2014 11:18:41 +0000 Subject: [RHSA-2014:1859-01] Important: mysql55-mysql security update Message-ID: <201411171109.sAHB9Z0G015221@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql55-mysql security update Advisory ID: RHSA-2014:1859-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1859.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: mysql55-mysql-5.5.40-2.el5.src.rpm i386: mysql55-mysql-5.5.40-2.el5.i386.rpm mysql55-mysql-bench-5.5.40-2.el5.i386.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-libs-5.5.40-2.el5.i386.rpm mysql55-mysql-server-5.5.40-2.el5.i386.rpm mysql55-mysql-test-5.5.40-2.el5.i386.rpm x86_64: mysql55-mysql-5.5.40-2.el5.x86_64.rpm mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.x86_64.rpm mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: mysql55-mysql-5.5.40-2.el5.src.rpm i386: mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-devel-5.5.40-2.el5.i386.rpm x86_64: mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.x86_64.rpm mysql55-mysql-devel-5.5.40-2.el5.i386.rpm mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: mysql55-mysql-5.5.40-2.el5.src.rpm i386: mysql55-mysql-5.5.40-2.el5.i386.rpm mysql55-mysql-bench-5.5.40-2.el5.i386.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-devel-5.5.40-2.el5.i386.rpm mysql55-mysql-libs-5.5.40-2.el5.i386.rpm mysql55-mysql-server-5.5.40-2.el5.i386.rpm mysql55-mysql-test-5.5.40-2.el5.i386.rpm ia64: mysql55-mysql-5.5.40-2.el5.ia64.rpm mysql55-mysql-bench-5.5.40-2.el5.ia64.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.ia64.rpm mysql55-mysql-devel-5.5.40-2.el5.ia64.rpm mysql55-mysql-libs-5.5.40-2.el5.ia64.rpm mysql55-mysql-server-5.5.40-2.el5.ia64.rpm mysql55-mysql-test-5.5.40-2.el5.ia64.rpm ppc: mysql55-mysql-5.5.40-2.el5.ppc.rpm mysql55-mysql-bench-5.5.40-2.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.ppc.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.ppc64.rpm mysql55-mysql-devel-5.5.40-2.el5.ppc.rpm mysql55-mysql-devel-5.5.40-2.el5.ppc64.rpm mysql55-mysql-libs-5.5.40-2.el5.ppc.rpm mysql55-mysql-server-5.5.40-2.el5.ppc.rpm mysql55-mysql-test-5.5.40-2.el5.ppc.rpm s390x: mysql55-mysql-5.5.40-2.el5.s390x.rpm mysql55-mysql-bench-5.5.40-2.el5.s390x.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.s390.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.s390x.rpm mysql55-mysql-devel-5.5.40-2.el5.s390.rpm mysql55-mysql-devel-5.5.40-2.el5.s390x.rpm mysql55-mysql-libs-5.5.40-2.el5.s390x.rpm mysql55-mysql-server-5.5.40-2.el5.s390x.rpm mysql55-mysql-test-5.5.40-2.el5.s390x.rpm x86_64: mysql55-mysql-5.5.40-2.el5.x86_64.rpm mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.i386.rpm mysql55-mysql-debuginfo-5.5.40-2.el5.x86_64.rpm mysql55-mysql-devel-5.5.40-2.el5.i386.rpm mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUaddmXlSAg2UNWIIRAjMRAKCvPxLt3qqWtL/5Lsp5TRkKAGbmRgCgnb7R aajH0FZMTPa4807gqScFS9g= =MdNd -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 11:19:21 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2014 11:19:21 +0000 Subject: [RHSA-2014:1860-01] Important: mysql55-mysql security update Message-ID: <201411171110.sAHBAFgR027832@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mysql55-mysql security update Advisory ID: RHSA-2014:1860-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1860.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: mysql55-mysql-5.5.40-1.el6.src.rpm x86_64: mysql55-mysql-5.5.40-1.el6.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el6.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el6.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el6.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el6.x86_64.rpm mysql55-mysql-server-5.5.40-1.el6.x86_64.rpm mysql55-mysql-test-5.5.40-1.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: mysql55-mysql-5.5.40-1.el7.src.rpm x86_64: mysql55-mysql-5.5.40-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el7.x86_64.rpm mysql55-mysql-server-5.5.40-1.el7.x86_64.rpm mysql55-mysql-test-5.5.40-1.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: mysql55-mysql-5.5.40-1.el7.src.rpm x86_64: mysql55-mysql-5.5.40-1.el7.x86_64.rpm mysql55-mysql-bench-5.5.40-1.el7.x86_64.rpm mysql55-mysql-debuginfo-5.5.40-1.el7.x86_64.rpm mysql55-mysql-devel-5.5.40-1.el7.x86_64.rpm mysql55-mysql-libs-5.5.40-1.el7.x86_64.rpm mysql55-mysql-server-5.5.40-1.el7.x86_64.rpm mysql55-mysql-test-5.5.40-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadeJXlSAg2UNWIIRAtmnAJ4x8Y6RRqT5B+l1JR6eVF1D+eT0qgCePEN9 xi3DFCY2l++aBqnqc1ZqUtc= =fyM7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 11:19:53 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2014 11:19:53 +0000 Subject: [RHSA-2014:1861-01] Important: mariadb security update Message-ID: <201411171110.sAHBAliu006905@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb security update Advisory ID: RHSA-2014:1861-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1861.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm ppc64: mariadb-5.5.40-1.el7_0.ppc64.rpm mariadb-bench-5.5.40-1.el7_0.ppc64.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-devel-5.5.40-1.el7_0.ppc.rpm mariadb-devel-5.5.40-1.el7_0.ppc64.rpm mariadb-libs-5.5.40-1.el7_0.ppc.rpm mariadb-libs-5.5.40-1.el7_0.ppc64.rpm mariadb-server-5.5.40-1.el7_0.ppc64.rpm mariadb-test-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-5.5.40-1.el7_0.s390x.rpm mariadb-bench-5.5.40-1.el7_0.s390x.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-devel-5.5.40-1.el7_0.s390.rpm mariadb-devel-5.5.40-1.el7_0.s390x.rpm mariadb-libs-5.5.40-1.el7_0.s390.rpm mariadb-libs-5.5.40-1.el7_0.s390x.rpm mariadb-server-5.5.40-1.el7_0.s390x.rpm mariadb-test-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-5.5.40-1.el7_0.s390.rpm mariadb-embedded-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadeuXlSAg2UNWIIRAq0FAKC2DOhAOg/q+zlOLLV3ztECJ+Gh0gCdEGtr rmT+kQlZKObKWBl1L2CyGEU= =yhRc -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 11:20:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2014 11:20:19 +0000 Subject: [RHSA-2014:1862-01] Important: mariadb55-mariadb security update Message-ID: <201411171111.sAHBBCWm007082@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb55-mariadb security update Advisory ID: RHSA-2014:1862-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1862.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: mariadb55-mariadb-5.5.40-10.el6.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: mariadb55-mariadb-5.5.40-10.el6.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: mariadb55-mariadb-5.5.40-10.el6.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: mariadb55-mariadb-5.5.40-10.el6.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: mariadb55-mariadb-5.5.40-10.el6.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el6.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: mariadb55-mariadb-5.5.40-10.el7.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb55-mariadb-5.5.40-10.el7.src.rpm x86_64: mariadb55-mariadb-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-bench-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-debuginfo-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-devel-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-libs-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-server-5.5.40-10.el7.x86_64.rpm mariadb55-mariadb-test-5.5.40-10.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadfIXlSAg2UNWIIRAqzoAJwI8lIGrqAKeWJ6c6ehDSdB7/CwbwCfdpFv 6bRrwBGT1UAt/NsWwfaeGVw= =zpzi -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 17 18:15:06 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Nov 2014 18:15:06 +0000 Subject: [RHSA-2014:1865-01] Important: bash Shift_JIS security update Message-ID: <201411171815.sAHIF6TH023342@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bash Shift_JIS security update Advisory ID: RHSA-2014:1865-01 Product: RHEL S-JIS Service Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1865.html Issue date: 2014-11-17 CVE Names: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 ===================================================================== 1. Summary: Updated bash Shift_JIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: SJIS (v. 5.9.z Server) - i386, ia64, x86_64 3. Description: The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) Applications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. Note that certain services, screen sessions, and tmux sessions may need to be restarted, and affected interactive users may need to re-login. Installing these updated packages without restarting services will address the vulnerability, but functionality may be impacted until affected services are restarted. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223 Note: Docker users are advised to use "yum update" within their containers, and to commit the resulting changes. For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article. All users who require Shift_JIS encoding support with Bash built-in functions are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271) 6. Package List: SJIS (v. 5.9.z Server): Source: bash-3.2-32.el5_9.3.sjis.1.src.rpm i386: bash-3.2-32.el5_9.3.sjis.1.i386.rpm bash-debuginfo-3.2-32.el5_9.3.sjis.1.i386.rpm ia64: bash-3.2-32.el5_9.3.sjis.1.i386.rpm bash-3.2-32.el5_9.3.sjis.1.ia64.rpm bash-debuginfo-3.2-32.el5_9.3.sjis.1.i386.rpm bash-debuginfo-3.2-32.el5_9.3.sjis.1.ia64.rpm x86_64: bash-3.2-32.el5_9.3.sjis.1.x86_64.rpm bash-debuginfo-3.2-32.el5_9.3.sjis.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7169 https://access.redhat.com/security/cve/CVE-2014-7186 https://access.redhat.com/security/cve/CVE-2014-7187 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1200223 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUajscXlSAg2UNWIIRAlnnAJ46tmMAMI0D6YRHybY5HJ7Mv77fIwCguKAJ ZiE90Rp/vQArh9+LpxnTqGI= =iltu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 18 18:08:40 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Nov 2014 18:08:40 +0000 Subject: [RHSA-2014:1870-01] Important: libXfont security update Message-ID: <201411181759.sAIHxXAD024701@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libXfont security update Advisory ID: RHSA-2014:1870-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1870.html Issue date: 2014-11-18 CVE Names: CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 ===================================================================== 1. Summary: Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing 1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies 1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libXfont-1.4.5-4.el6_6.src.rpm i386: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm x86_64: libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm x86_64: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libXfont-1.4.5-4.el6_6.src.rpm x86_64: libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libXfont-1.4.5-4.el6_6.src.rpm i386: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm ppc64: libXfont-1.4.5-4.el6_6.ppc64.rpm libXfont-debuginfo-1.4.5-4.el6_6.ppc64.rpm s390x: libXfont-1.4.5-4.el6_6.s390x.rpm libXfont-debuginfo-1.4.5-4.el6_6.s390x.rpm x86_64: libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm ppc64: libXfont-1.4.5-4.el6_6.ppc.rpm libXfont-debuginfo-1.4.5-4.el6_6.ppc.rpm libXfont-debuginfo-1.4.5-4.el6_6.ppc64.rpm libXfont-devel-1.4.5-4.el6_6.ppc.rpm libXfont-devel-1.4.5-4.el6_6.ppc64.rpm s390x: libXfont-1.4.5-4.el6_6.s390.rpm libXfont-debuginfo-1.4.5-4.el6_6.s390.rpm libXfont-debuginfo-1.4.5-4.el6_6.s390x.rpm libXfont-devel-1.4.5-4.el6_6.s390.rpm libXfont-devel-1.4.5-4.el6_6.s390x.rpm x86_64: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libXfont-1.4.5-4.el6_6.src.rpm i386: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm x86_64: libXfont-1.4.5-4.el6_6.x86_64.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm x86_64: libXfont-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.i686.rpm libXfont-debuginfo-1.4.5-4.el6_6.x86_64.rpm libXfont-devel-1.4.5-4.el6_6.i686.rpm libXfont-devel-1.4.5-4.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libXfont-1.4.7-2.el7_0.src.rpm x86_64: libXfont-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libXfont-1.4.7-2.el7_0.src.rpm x86_64: libXfont-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libXfont-1.4.7-2.el7_0.src.rpm ppc64: libXfont-1.4.7-2.el7_0.ppc.rpm libXfont-1.4.7-2.el7_0.ppc64.rpm libXfont-debuginfo-1.4.7-2.el7_0.ppc.rpm libXfont-debuginfo-1.4.7-2.el7_0.ppc64.rpm s390x: libXfont-1.4.7-2.el7_0.s390.rpm libXfont-1.4.7-2.el7_0.s390x.rpm libXfont-debuginfo-1.4.7-2.el7_0.s390.rpm libXfont-debuginfo-1.4.7-2.el7_0.s390x.rpm x86_64: libXfont-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libXfont-debuginfo-1.4.7-2.el7_0.ppc.rpm libXfont-debuginfo-1.4.7-2.el7_0.ppc64.rpm libXfont-devel-1.4.7-2.el7_0.ppc.rpm libXfont-devel-1.4.7-2.el7_0.ppc64.rpm s390x: libXfont-debuginfo-1.4.7-2.el7_0.s390.rpm libXfont-debuginfo-1.4.7-2.el7_0.s390x.rpm libXfont-devel-1.4.7-2.el7_0.s390.rpm libXfont-devel-1.4.7-2.el7_0.s390x.rpm x86_64: libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libXfont-1.4.7-2.el7_0.src.rpm x86_64: libXfont-1.4.7-2.el7_0.i686.rpm libXfont-1.4.7-2.el7_0.x86_64.rpm libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libXfont-debuginfo-1.4.7-2.el7_0.i686.rpm libXfont-debuginfo-1.4.7-2.el7_0.x86_64.rpm libXfont-devel-1.4.7-2.el7_0.i686.rpm libXfont-devel-1.4.7-2.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0209 https://access.redhat.com/security/cve/CVE-2014-0210 https://access.redhat.com/security/cve/CVE-2014-0211 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUa4jtXlSAg2UNWIIRAtg6AJwMZLxMK7F3akvVIF9WSaDWfrBJlQCfbgAv quW50QjamJNExQQeN6caCPo= =YrUN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 18 18:43:07 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Nov 2014 18:43:07 +0000 Subject: [RHSA-2014:1872-01] Important: kernel security and bug fix update Message-ID: <201411181843.sAIIh7iD028884@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:1872-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1872.html Issue date: 2014-11-18 CVE Names: CVE-2014-5077 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) This update also fixes the following bug: * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142568) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: kernel-2.6.32-358.51.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.51.1.el6.noarch.rpm kernel-firmware-2.6.32-358.51.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.1.el6.x86_64.rpm kernel-devel-2.6.32-358.51.1.el6.x86_64.rpm kernel-headers-2.6.32-358.51.1.el6.x86_64.rpm perf-2.6.32-358.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.51.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm python-perf-2.6.32-358.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.4): Source: kernel-2.6.32-358.51.1.el6.src.rpm i386: kernel-2.6.32-358.51.1.el6.i686.rpm kernel-debug-2.6.32-358.51.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.51.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.51.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.51.1.el6.i686.rpm kernel-devel-2.6.32-358.51.1.el6.i686.rpm kernel-headers-2.6.32-358.51.1.el6.i686.rpm perf-2.6.32-358.51.1.el6.i686.rpm perf-debuginfo-2.6.32-358.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.51.1.el6.noarch.rpm kernel-firmware-2.6.32-358.51.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.51.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.51.1.el6.ppc64.rpm kernel-debug-2.6.32-358.51.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.51.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.51.1.el6.ppc64.rpm kernel-devel-2.6.32-358.51.1.el6.ppc64.rpm kernel-headers-2.6.32-358.51.1.el6.ppc64.rpm perf-2.6.32-358.51.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.51.1.el6.s390x.rpm kernel-debug-2.6.32-358.51.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.51.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.51.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.51.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.51.1.el6.s390x.rpm kernel-devel-2.6.32-358.51.1.el6.s390x.rpm kernel-headers-2.6.32-358.51.1.el6.s390x.rpm kernel-kdump-2.6.32-358.51.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.51.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.51.1.el6.s390x.rpm perf-2.6.32-358.51.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.51.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.1.el6.x86_64.rpm kernel-devel-2.6.32-358.51.1.el6.x86_64.rpm kernel-headers-2.6.32-358.51.1.el6.x86_64.rpm perf-2.6.32-358.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.51.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.51.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.51.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.51.1.el6.i686.rpm perf-debuginfo-2.6.32-358.51.1.el6.i686.rpm python-perf-2.6.32-358.51.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.51.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm python-perf-2.6.32-358.51.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.51.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.51.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.51.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.51.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.51.1.el6.s390x.rpm python-perf-2.6.32-358.51.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.51.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm python-perf-2.6.32-358.51.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.51.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-5077 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUa5LEXlSAg2UNWIIRAi61AJ9qf5qear1yfXQY2Tf02hhxfWsDCQCdHKI5 kJzx/FvCgdLleBOTEEe+adg= =KB00 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 18 18:44:30 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Nov 2014 18:44:30 +0000 Subject: [RHSA-2014:1873-01] Moderate: libvirt security and bug fix update Message-ID: <201411181844.sAIIiU0b022102@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libvirt security and bug fix update Advisory ID: RHSA-2014:1873-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1873.html Issue date: 2014-11-18 CVE Names: CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 ===================================================================== 1. Summary: Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug: When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1141131 - CVE-2014-3633 libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index 1145667 - CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS 1160817 - CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libvirt-0.10.2-46.el6_6.2.src.rpm i386: libvirt-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-python-0.10.2-46.el6_6.2.i686.rpm x86_64: libvirt-0.10.2-46.el6_6.2.x86_64.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm x86_64: libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libvirt-0.10.2-46.el6_6.2.src.rpm x86_64: libvirt-0.10.2-46.el6_6.2.x86_64.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libvirt-0.10.2-46.el6_6.2.src.rpm i386: libvirt-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-python-0.10.2-46.el6_6.2.i686.rpm ppc64: libvirt-0.10.2-46.el6_6.2.ppc64.rpm libvirt-client-0.10.2-46.el6_6.2.ppc.rpm libvirt-client-0.10.2-46.el6_6.2.ppc64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.ppc.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.ppc64.rpm libvirt-devel-0.10.2-46.el6_6.2.ppc.rpm libvirt-devel-0.10.2-46.el6_6.2.ppc64.rpm libvirt-python-0.10.2-46.el6_6.2.ppc64.rpm s390x: libvirt-0.10.2-46.el6_6.2.s390x.rpm libvirt-client-0.10.2-46.el6_6.2.s390.rpm libvirt-client-0.10.2-46.el6_6.2.s390x.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.s390.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.s390x.rpm libvirt-devel-0.10.2-46.el6_6.2.s390.rpm libvirt-devel-0.10.2-46.el6_6.2.s390x.rpm libvirt-python-0.10.2-46.el6_6.2.s390x.rpm x86_64: libvirt-0.10.2-46.el6_6.2.x86_64.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libvirt-0.10.2-46.el6_6.2.src.rpm i386: libvirt-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-python-0.10.2-46.el6_6.2.i686.rpm x86_64: libvirt-0.10.2-46.el6_6.2.x86_64.rpm libvirt-client-0.10.2-46.el6_6.2.i686.rpm libvirt-client-0.10.2-46.el6_6.2.x86_64.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.i686.rpm libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-devel-0.10.2-46.el6_6.2.i686.rpm libvirt-devel-0.10.2-46.el6_6.2.x86_64.rpm libvirt-python-0.10.2-46.el6_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: libvirt-debuginfo-0.10.2-46.el6_6.2.x86_64.rpm libvirt-lock-sanlock-0.10.2-46.el6_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3633 https://access.redhat.com/security/cve/CVE-2014-3657 https://access.redhat.com/security/cve/CVE-2014-7823 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUa5NcXlSAg2UNWIIRAli7AKCve3oig6e5tb3LFu+lbKPzYlBR4gCgoOZH 88LfENok40vQIz6Ff4zgFrU= =zdI4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 19 18:47:08 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Nov 2014 18:47:08 +0000 Subject: [RHSA-2014:1876-01] Critical: java-1.7.0-ibm security update Message-ID: <201411191847.sAJIl8Br020132@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2014:1876-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1876.html Issue date: 2014-11-19 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6456 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6476 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6527 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbOWGXlSAg2UNWIIRAhPmAJ96YO5JFEg4GS1MkDIeXQkRxbN0hACgoUiY ehbScogUJnSordhBH11LgWQ= =ko7F -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 19 18:48:32 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Nov 2014 18:48:32 +0000 Subject: [RHSA-2014:1877-01] Critical: java-1.6.0-ibm security update Message-ID: <201411191848.sAJImWX7022496@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2014:1877-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1877.html Issue date: 2014-11-19 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.i386.rpm x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.i386.rpm ppc: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.s390.rpm java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.i686.rpm ppc64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.ppc.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.ppc64.rpm s390x: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.s390.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.s390x.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.s390x.rpm x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.i686.rpm x86_64: java-1.6.0-ibm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.i686.rpm java-1.6.0-ibm-devel-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.16.2-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbOXcXlSAg2UNWIIRAjCgAKCn4vdPAvm3m43vrgn34KvXTHb0agCeK2ts NBTsOUThQgT3JYMT5S5ENd4= =ev0h -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 20 16:58:19 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Nov 2014 16:58:19 +0000 Subject: [RHSA-2014:1880-01] Critical: java-1.7.1-ibm security update Message-ID: <201411201658.sAKGwJoV014453@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2014:1880-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1880.html Issue date: 2014-11-20 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6456 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6476 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6527 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbh0WXlSAg2UNWIIRAi2fAKDExQmcZYqy6INJOtUbpQK5QrXWUgCgmnhC K/vkNngAOzoTqWX0yFnSTr0= =nHUV -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 20 17:08:37 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Nov 2014 17:08:37 +0000 Subject: [RHSA-2014:1881-01] Important: java-1.5.0-ibm security update Message-ID: <201411201708.sAKH8bHs022931@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2014:1881-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1881.html Issue date: 2014-11-20 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-6457 CVE-2014-6502 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6531 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457, CVE-2014-6502, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6531, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP8 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbiALXlSAg2UNWIIRAi4MAJ47+M2ZaUi8p/jnl4Cr5ne8EjC9TACdEPM9 BPpbXmyEoM7J1AxRreDL+8k= =uP36 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 20 17:10:01 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Nov 2014 17:10:01 +0000 Subject: [RHSA-2014:1882-01] Critical: java-1.7.0-ibm security update Message-ID: <201411201710.sAKHA2Ud008863@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2014:1882-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1882.html Issue date: 2014-11-20 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. Note: This is the last update for the java-1.7.0-ibm packages distributed via the Red Hat Enterprise Linux 6 Supplementary channels. The RHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux 6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBM Java SE version 7 Release 1, which adds multiple enhancements over the IBM Java SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm users must migrate to java-1.7.1-ibm packages to continue receiving updates for the IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementary channel. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.ppc.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.ppc.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.ppc64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.s390.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.s390x.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.s390x.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.s390.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.s390x.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.i686.rpm java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6456 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6476 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6527 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 https://rhn.redhat.com/errata/RHEA-2014-1619.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbiAzXlSAg2UNWIIRAskgAKCdctRX/Xvxmnghj+SzRz57iKb7eQCfdOy6 H0tSJFWrMDPKLpSoZX1uKyM= =+AHh -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 20 18:56:45 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Nov 2014 18:56:45 +0000 Subject: [RHSA-2014:1885-01] Moderate: libxml2 security update Message-ID: <201411201856.sAKIujnV010404@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2014:1885-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1885.html Issue date: 2014-11-20 CVE Names: CVE-2014-3660 ===================================================================== 1. Summary: Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1149084 - CVE-2014-3660 libxml2: denial of service via recursive entity expansion 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: libxml2-2.6.26-2.1.25.el5_11.src.rpm i386: libxml2-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-python-2.6.26-2.1.25.el5_11.i386.rpm x86_64: libxml2-2.6.26-2.1.25.el5_11.i386.rpm libxml2-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-python-2.6.26-2.1.25.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: libxml2-2.6.26-2.1.25.el5_11.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm libxml2-devel-2.6.26-2.1.25.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: libxml2-2.6.26-2.1.25.el5_11.src.rpm i386: libxml2-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm libxml2-python-2.6.26-2.1.25.el5_11.i386.rpm ia64: libxml2-2.6.26-2.1.25.el5_11.i386.rpm libxml2-2.6.26-2.1.25.el5_11.ia64.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.ia64.rpm libxml2-devel-2.6.26-2.1.25.el5_11.ia64.rpm libxml2-python-2.6.26-2.1.25.el5_11.ia64.rpm ppc: libxml2-2.6.26-2.1.25.el5_11.ppc.rpm libxml2-2.6.26-2.1.25.el5_11.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.ppc.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.ppc64.rpm libxml2-devel-2.6.26-2.1.25.el5_11.ppc.rpm libxml2-devel-2.6.26-2.1.25.el5_11.ppc64.rpm libxml2-python-2.6.26-2.1.25.el5_11.ppc.rpm s390x: libxml2-2.6.26-2.1.25.el5_11.s390.rpm libxml2-2.6.26-2.1.25.el5_11.s390x.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.s390.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.s390x.rpm libxml2-devel-2.6.26-2.1.25.el5_11.s390.rpm libxml2-devel-2.6.26-2.1.25.el5_11.s390x.rpm libxml2-python-2.6.26-2.1.25.el5_11.s390x.rpm x86_64: libxml2-2.6.26-2.1.25.el5_11.i386.rpm libxml2-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.i386.rpm libxml2-debuginfo-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-devel-2.6.26-2.1.25.el5_11.i386.rpm libxml2-devel-2.6.26-2.1.25.el5_11.x86_64.rpm libxml2-python-2.6.26-2.1.25.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3660 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbjlRXlSAg2UNWIIRAlORAKCtS/hHMgc0RD4I1ITuTYeVo6k8aQCfVFx8 TsModV8Ib47fEEpeCSkhPf0= =V9wG -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 24 21:06:30 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Nov 2014 21:06:30 +0000 Subject: [RHSA-2014:1893-01] Important: libXfont security update Message-ID: <201411242106.sAOL6UBZ023361@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libXfont security update Advisory ID: RHSA-2014:1893-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1893.html Issue date: 2014-11-24 CVE Names: CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 ===================================================================== 1. Summary: Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing 1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies 1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: libXfont-1.2.2-1.0.6.el5_11.src.rpm i386: libXfont-1.2.2-1.0.6.el5_11.i386.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm x86_64: libXfont-1.2.2-1.0.6.el5_11.i386.rpm libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: libXfont-1.2.2-1.0.6.el5_11.src.rpm i386: libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm x86_64: libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: libXfont-1.2.2-1.0.6.el5_11.src.rpm i386: libXfont-1.2.2-1.0.6.el5_11.i386.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm ia64: libXfont-1.2.2-1.0.6.el5_11.ia64.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.ia64.rpm libXfont-devel-1.2.2-1.0.6.el5_11.ia64.rpm ppc: libXfont-1.2.2-1.0.6.el5_11.ppc.rpm libXfont-1.2.2-1.0.6.el5_11.ppc64.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.ppc.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.ppc64.rpm libXfont-devel-1.2.2-1.0.6.el5_11.ppc.rpm libXfont-devel-1.2.2-1.0.6.el5_11.ppc64.rpm s390x: libXfont-1.2.2-1.0.6.el5_11.s390.rpm libXfont-1.2.2-1.0.6.el5_11.s390x.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.s390.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.s390x.rpm libXfont-devel-1.2.2-1.0.6.el5_11.s390.rpm libXfont-devel-1.2.2-1.0.6.el5_11.s390x.rpm x86_64: libXfont-1.2.2-1.0.6.el5_11.i386.rpm libXfont-1.2.2-1.0.6.el5_11.x86_64.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.i386.rpm libXfont-debuginfo-1.2.2-1.0.6.el5_11.x86_64.rpm libXfont-devel-1.2.2-1.0.6.el5_11.i386.rpm libXfont-devel-1.2.2-1.0.6.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-0209 https://access.redhat.com/security/cve/CVE-2014-0210 https://access.redhat.com/security/cve/CVE-2014-0211 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUc53PXlSAg2UNWIIRAo+HAJ9OifETV+QYJM6cRhINrlQ5Z8p8ngCgnVRe AIWZBOzzhcWCm/62lw6oDuE= =CqEg -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Nov 24 21:06:49 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 24 Nov 2014 21:06:49 +0000 Subject: [RHSA-2014:1894-01] Important: chromium-browser security update Message-ID: <201411242106.sAOL6npA031092@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2014:1894-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1894.html Issue date: 2014-11-24 CVE Names: CVE-2014-7899 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 ===================================================================== 1. Summary: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, CVE-2014-7908, CVE-2014-7909) A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks. (CVE-2014-7899) All Chromium users should upgrade to these updated packages, which contain Chromium version 39.0.2171.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1165650 - CVE-2014-7899 chromium-browser: Address bar spoofing 1165652 - CVE-2014-7904 chromium-browser: Buffer overflow in Skia 1165655 - CVE-2014-7906 chromium-browser: Use-after-free in pepper plugins 1165656 - CVE-2014-7907 chromium-browser: Use-after-free in blink 1165657 - CVE-2014-7908 chromium-browser: Integer overflow in media 1165660 - CVE-2014-7909 chromium-browser: Uninitialized memory read in Skia 1165662 - CVE-2014-7910 chromium-browser: Unspecified security issues 1165680 - Update chromium-browser to 39.0.2171.65 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): Source: chromium-browser-39.0.2171.65-2.el6_6.src.rpm i386: chromium-browser-39.0.2171.65-2.el6_6.i686.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.i686.rpm x86_64: chromium-browser-39.0.2171.65-2.el6_6.x86_64.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): Source: chromium-browser-39.0.2171.65-2.el6_6.src.rpm x86_64: chromium-browser-39.0.2171.65-2.el6_6.x86_64.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): Source: chromium-browser-39.0.2171.65-2.el6_6.src.rpm i386: chromium-browser-39.0.2171.65-2.el6_6.i686.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.i686.rpm x86_64: chromium-browser-39.0.2171.65-2.el6_6.x86_64.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): Source: chromium-browser-39.0.2171.65-2.el6_6.src.rpm i386: chromium-browser-39.0.2171.65-2.el6_6.i686.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.i686.rpm x86_64: chromium-browser-39.0.2171.65-2.el6_6.x86_64.rpm chromium-browser-debuginfo-39.0.2171.65-2.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7899 https://access.redhat.com/security/cve/CVE-2014-7904 https://access.redhat.com/security/cve/CVE-2014-7906 https://access.redhat.com/security/cve/CVE-2014-7907 https://access.redhat.com/security/cve/CVE-2014-7908 https://access.redhat.com/security/cve/CVE-2014-7909 https://access.redhat.com/security/cve/CVE-2014-7910 https://access.redhat.com/security/updates/classification/#important https://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUc53jXlSAg2UNWIIRAlBoAJ92C1p8x7Pk2KqZlr3nrIdZJtf59QCeM/3k Z19ccHxCR+gH+SZsPrF6SX0= =Yd1+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 18:34:36 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2014 18:34:36 +0000 Subject: [RHSA-2014:1905-01] Low: Red Hat OpenShift Enterprise 1.2 - Final Retirement Notice Message-ID: <201411251834.sAPIYbvj022528@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenShift Enterprise 1.2 - Final Retirement Notice Advisory ID: RHSA-2014:1905-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1905.html Issue date: 2014-11-25 ===================================================================== 1. Summary: This is the final notification for the retirement of Red Hat OpenShift Enterprise 1.2. 2. Description: In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 1.2 to the latest version of Red Hat OpenShift Enterprise. To upgrade to Red Hat OpenShift Enterprise, see Chapter "Upgrading from Previous Versions" in the Deployment Guide document linked to in the References section. Full details of the Red Hat OpenShift Enterprise Life Cycle can be found at https://access.redhat.com/support/policy/updates/openshift 3. Solution: Customers are encouraged to plan their migration from Red Hat OpenShift Enterprise 1.2 to the latest version of Red Hat Enterprise OpenShift. 4. References: https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html/Deployment_Guide/index.html 5. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD4DBQFUdMuZXlSAg2UNWIIRAi+mAJjmVFgarHSYi9qZMj9aPKUfpUEoAJ9mKUky UiHHPBObiAOIlL7KLL5kGg== =n8mW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 25 18:35:23 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 25 Nov 2014 18:35:23 +0000 Subject: [RHSA-2014:1906-01] Moderate: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update Message-ID: <201411251835.sAPIZOt2025919@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update Advisory ID: RHSA-2014:1906-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1906.html Issue date: 2014-11-25 CVE Names: CVE-2014-3602 CVE-2014-3674 ===================================================================== 1. Summary: Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 2.1 - noarch RHOSE JBoss EAP add-on 2.1 - noarch RHOSE Node 2.1 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during new installations of OpenShift Enterprise 2.2 to prevent this security issue. This update backports the command to OpenShift Enterprise 2.1.; administrators should run the following command on node hosts in existing OpenShift Enterprise 2.1 deployments after applying this update to address this security issue: # oo-gear-firewall -i enable -s enable Please see the man page of the oo-gear-firewall command for more details. (CVE-2014-3674) It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks. Note that for local listeners, OpenShift Enterprise restricts connections to within the gear by default, so even with the knowledge of the local port and IP, the attacker is unable to connect. The SELinux policy on node hosts has been updated to prevent this gear information from being accessed by local users. Due to the closing of this access, JBoss-based cartridges that relied on it previously must be upgraded according to the standard procedure. This is a compatible cartridge upgrade and therefore does not require a restart. (CVE-2014-3602) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise Technical Notes linked to in the References section, which will be updated shortly for release 2.1.9, for details about these changes. All OpenShift Enterprise users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 2.1 Release Notes linked to in the References section, which will be updated shortly for release 2.1.9, for important instructions on how to fully apply this asynchronous errata update. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1131680 - CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure 1143991 - [2.1 backport] Expose haproxy-sni-proxy mapped ports as environmental variables 1148170 - CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic 1149837 - [2.1 backport] oo-accept-systems: improve cartridge integrity checks 1153319 - [2.1 backport] Disable SSLv3 to mitigate POODLE CVE- 2014- 3566 1155794 - [2.1 backport] Race condition in `oo-httpd-singular graceful` when using apache-vhost 1163502 - Remove explicit dependency on RHEL 6.6's subscription-manager package 6. Package List: RHOSE Infrastructure 2.1: Source: openshift-enterprise-upgrade-2.1.9-1.el6op.src.rpm openshift-origin-broker-1.16.1.14-1.el6op.src.rpm openshift-origin-broker-util-1.23.8.14-1.el6op.src.rpm rubygem-openshift-origin-controller-1.23.10.15-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.23.3.6-1.el6op.src.rpm noarch: openshift-enterprise-release-2.1.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-broker-2.1.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.1.9-1.el6op.noarch.rpm openshift-origin-broker-1.16.1.14-1.el6op.noarch.rpm openshift-origin-broker-util-1.23.8.14-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.23.10.15-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.23.3.6-1.el6op.noarch.rpm RHOSE JBoss EAP add-on 2.1: Source: openshift-origin-cartridge-jbosseap-2.16.3.7-1.el6op.src.rpm noarch: openshift-origin-cartridge-jbosseap-2.16.3.7-1.el6op.noarch.rpm RHOSE Node 2.1: Source: openshift-enterprise-upgrade-2.1.9-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.22.3.7-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.22.2.3-1.el6op.src.rpm openshift-origin-node-util-1.22.20.5-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.5.2.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-vhost-0.5.2.6-1.el6op.src.rpm rubygem-openshift-origin-frontend-apachedb-0.4.1.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.3.2.2-1.el6op.src.rpm rubygem-openshift-origin-node-1.23.9.26-1.el6op.src.rpm noarch: openshift-enterprise-release-2.1.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-node-2.1.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.1.9-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.22.3.7-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.22.2.3-1.el6op.noarch.rpm openshift-origin-node-util-1.22.20.5-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.5.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-vhost-0.5.2.6-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apachedb-0.4.1.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.3.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.23.9.26-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3602 https://access.redhat.com/security/cve/CVE-2014-3674 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.1_Release_Notes/index.html#chap-Asynchronous_Errata_Updates 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdMvPXlSAg2UNWIIRAl3BAJ9rQqkEpZf4eADw2UlOjewslifYTACcD1EL /UsGQ44U3ghdvF3PGBBRVOM= =Cp0R -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 26 22:40:57 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Nov 2014 22:40:57 +0000 Subject: [RHSA-2014:1911-01] Moderate: ruby security update Message-ID: <201411262240.sAQMevwk012294@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2014:1911-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1911.html Issue date: 2014-11-26 CVE Names: CVE-2014-8080 CVE-2014-8090 ===================================================================== 1. Summary: Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion 1159927 - CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ruby-1.8.7.374-3.el6_6.src.rpm i386: ruby-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-irb-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-rdoc-1.8.7.374-3.el6_6.i686.rpm x86_64: ruby-1.8.7.374-3.el6_6.x86_64.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-docs-1.8.7.374-3.el6_6.i686.rpm ruby-ri-1.8.7.374-3.el6_6.i686.rpm ruby-static-1.8.7.374-3.el6_6.i686.rpm ruby-tcltk-1.8.7.374-3.el6_6.i686.rpm x86_64: ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm ruby-static-1.8.7.374-3.el6_6.x86_64.rpm ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ruby-1.8.7.374-3.el6_6.src.rpm x86_64: ruby-1.8.7.374-3.el6_6.x86_64.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm ruby-static-1.8.7.374-3.el6_6.x86_64.rpm ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ruby-1.8.7.374-3.el6_6.src.rpm i386: ruby-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-irb-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-rdoc-1.8.7.374-3.el6_6.i686.rpm ppc64: ruby-1.8.7.374-3.el6_6.ppc64.rpm ruby-debuginfo-1.8.7.374-3.el6_6.ppc.rpm ruby-debuginfo-1.8.7.374-3.el6_6.ppc64.rpm ruby-devel-1.8.7.374-3.el6_6.ppc.rpm ruby-devel-1.8.7.374-3.el6_6.ppc64.rpm ruby-irb-1.8.7.374-3.el6_6.ppc64.rpm ruby-libs-1.8.7.374-3.el6_6.ppc.rpm ruby-libs-1.8.7.374-3.el6_6.ppc64.rpm ruby-rdoc-1.8.7.374-3.el6_6.ppc64.rpm s390x: ruby-1.8.7.374-3.el6_6.s390x.rpm ruby-debuginfo-1.8.7.374-3.el6_6.s390.rpm ruby-debuginfo-1.8.7.374-3.el6_6.s390x.rpm ruby-devel-1.8.7.374-3.el6_6.s390.rpm ruby-devel-1.8.7.374-3.el6_6.s390x.rpm ruby-irb-1.8.7.374-3.el6_6.s390x.rpm ruby-libs-1.8.7.374-3.el6_6.s390.rpm ruby-libs-1.8.7.374-3.el6_6.s390x.rpm ruby-rdoc-1.8.7.374-3.el6_6.s390x.rpm x86_64: ruby-1.8.7.374-3.el6_6.x86_64.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-docs-1.8.7.374-3.el6_6.i686.rpm ruby-ri-1.8.7.374-3.el6_6.i686.rpm ruby-static-1.8.7.374-3.el6_6.i686.rpm ruby-tcltk-1.8.7.374-3.el6_6.i686.rpm ppc64: ruby-debuginfo-1.8.7.374-3.el6_6.ppc64.rpm ruby-docs-1.8.7.374-3.el6_6.ppc64.rpm ruby-ri-1.8.7.374-3.el6_6.ppc64.rpm ruby-static-1.8.7.374-3.el6_6.ppc64.rpm ruby-tcltk-1.8.7.374-3.el6_6.ppc64.rpm s390x: ruby-debuginfo-1.8.7.374-3.el6_6.s390x.rpm ruby-docs-1.8.7.374-3.el6_6.s390x.rpm ruby-ri-1.8.7.374-3.el6_6.s390x.rpm ruby-static-1.8.7.374-3.el6_6.s390x.rpm ruby-tcltk-1.8.7.374-3.el6_6.s390x.rpm x86_64: ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm ruby-static-1.8.7.374-3.el6_6.x86_64.rpm ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ruby-1.8.7.374-3.el6_6.src.rpm i386: ruby-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-irb-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-rdoc-1.8.7.374-3.el6_6.i686.rpm x86_64: ruby-1.8.7.374-3.el6_6.x86_64.rpm ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-devel-1.8.7.374-3.el6_6.i686.rpm ruby-devel-1.8.7.374-3.el6_6.x86_64.rpm ruby-irb-1.8.7.374-3.el6_6.x86_64.rpm ruby-libs-1.8.7.374-3.el6_6.i686.rpm ruby-libs-1.8.7.374-3.el6_6.x86_64.rpm ruby-rdoc-1.8.7.374-3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ruby-debuginfo-1.8.7.374-3.el6_6.i686.rpm ruby-docs-1.8.7.374-3.el6_6.i686.rpm ruby-ri-1.8.7.374-3.el6_6.i686.rpm ruby-static-1.8.7.374-3.el6_6.i686.rpm ruby-tcltk-1.8.7.374-3.el6_6.i686.rpm x86_64: ruby-debuginfo-1.8.7.374-3.el6_6.x86_64.rpm ruby-docs-1.8.7.374-3.el6_6.x86_64.rpm ruby-ri-1.8.7.374-3.el6_6.x86_64.rpm ruby-static-1.8.7.374-3.el6_6.x86_64.rpm ruby-tcltk-1.8.7.374-3.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8080 https://access.redhat.com/security/cve/CVE-2014-8090 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdlbpXlSAg2UNWIIRAiVWAJ9GXjceYpHZ5O5ZUHyxZI/F4zCMvwCgh5TG AuRrvICA4Al1QtYN4qznXE4= =o/M1 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 26 22:41:33 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Nov 2014 22:41:33 +0000 Subject: [RHSA-2014:1912-01] Moderate: ruby security update Message-ID: <201411262241.sAQMfXCm018601@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2014:1912-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1912.html Issue date: 2014-11-26 CVE Names: CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 ===================================================================== 1. Summary: Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1118158 - CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function 1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion 1159927 - CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ruby-2.0.0.353-22.el7_0.src.rpm noarch: ruby-irb-2.0.0.353-22.el7_0.noarch.rpm rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm rubygems-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-2.0.0.353-22.el7_0.x86_64.rpm ruby-debuginfo-2.0.0.353-22.el7_0.i686.rpm ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-libs-2.0.0.353-22.el7_0.i686.rpm ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm rubygem-json-1.7.7-22.el7_0.x86_64.rpm rubygem-psych-2.0.0-22.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ruby-doc-2.0.0.353-22.el7_0.noarch.rpm rubygem-minitest-4.3.2-22.el7_0.noarch.rpm rubygem-rake-0.9.6-22.el7_0.noarch.rpm rubygems-devel-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ruby-2.0.0.353-22.el7_0.src.rpm noarch: ruby-irb-2.0.0.353-22.el7_0.noarch.rpm rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm rubygems-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-2.0.0.353-22.el7_0.x86_64.rpm ruby-debuginfo-2.0.0.353-22.el7_0.i686.rpm ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-libs-2.0.0.353-22.el7_0.i686.rpm ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm rubygem-json-1.7.7-22.el7_0.x86_64.rpm rubygem-psych-2.0.0-22.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ruby-doc-2.0.0.353-22.el7_0.noarch.rpm rubygem-minitest-4.3.2-22.el7_0.noarch.rpm rubygem-rake-0.9.6-22.el7_0.noarch.rpm rubygems-devel-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ruby-2.0.0.353-22.el7_0.src.rpm noarch: ruby-irb-2.0.0.353-22.el7_0.noarch.rpm rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm rubygems-2.0.14-22.el7_0.noarch.rpm ppc64: ruby-2.0.0.353-22.el7_0.ppc64.rpm ruby-debuginfo-2.0.0.353-22.el7_0.ppc.rpm ruby-debuginfo-2.0.0.353-22.el7_0.ppc64.rpm ruby-libs-2.0.0.353-22.el7_0.ppc.rpm ruby-libs-2.0.0.353-22.el7_0.ppc64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.ppc64.rpm rubygem-io-console-0.4.2-22.el7_0.ppc64.rpm rubygem-json-1.7.7-22.el7_0.ppc64.rpm rubygem-psych-2.0.0-22.el7_0.ppc64.rpm s390x: ruby-2.0.0.353-22.el7_0.s390x.rpm ruby-debuginfo-2.0.0.353-22.el7_0.s390.rpm ruby-debuginfo-2.0.0.353-22.el7_0.s390x.rpm ruby-libs-2.0.0.353-22.el7_0.s390.rpm ruby-libs-2.0.0.353-22.el7_0.s390x.rpm rubygem-bigdecimal-1.2.0-22.el7_0.s390x.rpm rubygem-io-console-0.4.2-22.el7_0.s390x.rpm rubygem-json-1.7.7-22.el7_0.s390x.rpm rubygem-psych-2.0.0-22.el7_0.s390x.rpm x86_64: ruby-2.0.0.353-22.el7_0.x86_64.rpm ruby-debuginfo-2.0.0.353-22.el7_0.i686.rpm ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-libs-2.0.0.353-22.el7_0.i686.rpm ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm rubygem-json-1.7.7-22.el7_0.x86_64.rpm rubygem-psych-2.0.0-22.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ruby-doc-2.0.0.353-22.el7_0.noarch.rpm rubygem-minitest-4.3.2-22.el7_0.noarch.rpm rubygem-rake-0.9.6-22.el7_0.noarch.rpm rubygems-devel-2.0.14-22.el7_0.noarch.rpm ppc64: ruby-debuginfo-2.0.0.353-22.el7_0.ppc64.rpm ruby-devel-2.0.0.353-22.el7_0.ppc64.rpm ruby-tcltk-2.0.0.353-22.el7_0.ppc64.rpm s390x: ruby-debuginfo-2.0.0.353-22.el7_0.s390x.rpm ruby-devel-2.0.0.353-22.el7_0.s390x.rpm ruby-tcltk-2.0.0.353-22.el7_0.s390x.rpm x86_64: ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ruby-2.0.0.353-22.el7_0.src.rpm noarch: ruby-irb-2.0.0.353-22.el7_0.noarch.rpm rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm rubygems-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-2.0.0.353-22.el7_0.x86_64.rpm ruby-debuginfo-2.0.0.353-22.el7_0.i686.rpm ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-libs-2.0.0.353-22.el7_0.i686.rpm ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm rubygem-json-1.7.7-22.el7_0.x86_64.rpm rubygem-psych-2.0.0-22.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ruby-doc-2.0.0.353-22.el7_0.noarch.rpm rubygem-minitest-4.3.2-22.el7_0.noarch.rpm rubygem-rake-0.9.6-22.el7_0.noarch.rpm rubygems-devel-2.0.14-22.el7_0.noarch.rpm x86_64: ruby-debuginfo-2.0.0.353-22.el7_0.x86_64.rpm ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4975 https://access.redhat.com/security/cve/CVE-2014-8080 https://access.redhat.com/security/cve/CVE-2014-8090 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdlcMXlSAg2UNWIIRAkbIAJ9ABYZL5uyApNkK/O9VWNekAOTB5ACeMLzu wvp8dOND+q5C8W4McsgO6Og= =+H98 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 26 22:42:09 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Nov 2014 22:42:09 +0000 Subject: [RHSA-2014:1913-01] Moderate: ruby193-ruby security update Message-ID: <201411262242.sAQMg9dg018766@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby193-ruby security update Advisory ID: RHSA-2014:1913-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1913.html Issue date: 2014-11-26 CVE Names: CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 ===================================================================== 1. Summary: Updated ruby193-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby193-ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1118158 - CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function 1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion 1159927 - CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ruby193-ruby-1.9.3.484-50.el6.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm ruby193-rubygems-1.8.23-50.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ruby193-ruby-1.9.3.484-50.el6.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm ruby193-rubygems-1.8.23-50.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ruby193-ruby-1.9.3.484-50.el6.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm ruby193-rubygems-1.8.23-50.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ruby193-ruby-1.9.3.484-50.el6.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm ruby193-rubygems-1.8.23-50.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby193-ruby-1.9.3.484-50.el6.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el6.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el6.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el6.noarch.rpm ruby193-rubygems-1.8.23-50.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el6.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el6.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el6.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ruby193-ruby-1.9.3.484-50.el7.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el7.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el7.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el7.noarch.rpm ruby193-rubygems-1.8.23-50.el7.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el7.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el7.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el7.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el7.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el7.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: ruby193-ruby-1.9.3.484-50.el7.src.rpm noarch: ruby193-ruby-irb-1.9.3.484-50.el7.noarch.rpm ruby193-rubygem-minitest-2.5.1-50.el7.noarch.rpm ruby193-rubygem-rake-0.9.2.2-50.el7.noarch.rpm ruby193-rubygems-1.8.23-50.el7.noarch.rpm ruby193-rubygems-devel-1.8.23-50.el7.noarch.rpm x86_64: ruby193-ruby-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-devel-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-doc-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-libs-1.9.3.484-50.el7.x86_64.rpm ruby193-ruby-tcltk-1.9.3.484-50.el7.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-50.el7.x86_64.rpm ruby193-rubygem-io-console-0.3-50.el7.x86_64.rpm ruby193-rubygem-json-1.5.5-50.el7.x86_64.rpm ruby193-rubygem-rdoc-3.9.5-50.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4975 https://access.redhat.com/security/cve/CVE-2014-8080 https://access.redhat.com/security/cve/CVE-2014-8090 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdlcsXlSAg2UNWIIRAr/lAJ0ZJEv5KNB63p/M8u1m4PGZLhS0sQCfVY+X tDUlX3dvigw73zeVshx3i3g= =jvfG -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 26 22:42:48 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Nov 2014 22:42:48 +0000 Subject: [RHSA-2014:1914-01] Moderate: ruby200-ruby security update Message-ID: <201411262242.sAQMgmIS020790@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby200-ruby security update Advisory ID: RHSA-2014:1914-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1914.html Issue date: 2014-11-26 CVE Names: CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 ===================================================================== 1. Summary: Updated ruby200-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby200-ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1118158 - CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function 1157709 - CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion 1159927 - CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ruby200-ruby-2.0.0.353-24.el6.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm ruby200-rubygems-2.0.14-24.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ruby200-ruby-2.0.0.353-24.el6.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm ruby200-rubygems-2.0.14-24.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ruby200-ruby-2.0.0.353-24.el6.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm ruby200-rubygems-2.0.14-24.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: ruby200-ruby-2.0.0.353-24.el6.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm ruby200-rubygems-2.0.14-24.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ruby200-ruby-2.0.0.353-24.el6.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el6.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el6.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el6.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el6.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el6.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el6.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el6.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el6.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el6.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el6.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el6.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el6.x86_64.rpm ruby200-rubygems-2.0.14-24.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ruby200-ruby-2.0.0.353-24.el7.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el7.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el7.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el7.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el7.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el7.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el7.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el7.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el7.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el7.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el7.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el7.x86_64.rpm ruby200-rubygems-2.0.14-24.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: ruby200-ruby-2.0.0.353-24.el7.src.rpm noarch: ruby200-ruby-doc-2.0.0.353-24.el7.noarch.rpm ruby200-ruby-irb-2.0.0.353-24.el7.noarch.rpm ruby200-rubygem-minitest-4.3.2-24.el7.noarch.rpm ruby200-rubygem-rake-0.9.6-24.el7.noarch.rpm ruby200-rubygem-rdoc-4.0.0-24.el7.noarch.rpm ruby200-rubygems-devel-2.0.14-24.el7.noarch.rpm x86_64: ruby200-ruby-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-debuginfo-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-devel-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-libs-2.0.0.353-24.el7.x86_64.rpm ruby200-ruby-tcltk-2.0.0.353-24.el7.x86_64.rpm ruby200-rubygem-bigdecimal-1.2.0-24.el7.x86_64.rpm ruby200-rubygem-io-console-0.4.2-24.el7.x86_64.rpm ruby200-rubygem-json-1.7.7-24.el7.x86_64.rpm ruby200-rubygem-psych-2.0.0-24.el7.x86_64.rpm ruby200-rubygems-2.0.14-24.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4975 https://access.redhat.com/security/cve/CVE-2014-8080 https://access.redhat.com/security/cve/CVE-2014-8090 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdldSXlSAg2UNWIIRAncDAKCvnOdzWmyiFqk1xc4KSTPl26GBpACeNPRg xOS8TRWUT/gCl71j9DLqPtE= =Opbl -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 26 22:43:26 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Nov 2014 22:43:26 +0000 Subject: [RHSA-2014:1915-01] Critical: flash-plugin security update Message-ID: <201411262243.sAQMhQ3g019470@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1915-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1915.html Issue date: 2014-11-26 CVE Names: CVE-2014-8439 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-8439) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.424. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1168057 - CVE-2014-8439 flash-plugin: hardening against a code execution flaw (APSB14-26) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.424-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.424-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.424-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.424-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.424-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.424-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.424-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.424-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.424-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.424-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.424-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8439 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-26.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdld3XlSAg2UNWIIRAqaYAJ9Pw2ogH9XjMz78Zpl0Q3KHq3BQigCcCi5L DKON6+n03TO5RiQOFOb77Pk= =IMNz -----END PGP SIGNATURE-----